Using Whonix via "untrusted" or via anon-whonix direct?

So you mean that point here: “Corporate desktop machines which are clones of one another.”?

@qun:

but do I also must clone the whonix-gw for the sys-whonix?

No you do not. Each qube attached to sys-whonix will have it’s own circuit. There are two ways for you to confirm this:

  1. look at the circuit tab in the tor control center (right click the sys-whonix icon in the task bar)

  2. in your respective qubes you can use check.torproject.org to see your IP address

About stream isolation:

  • the whonix workstation comes specially prepared to further isolate applications inside a qube on different circuits
  • if using a “vanilla” qube (fedora, debian, etc.) with sys-whonix that entire qube will have a dedicated circuit, but all applications within the qube will share it

See also:

1 Like

hmm… but what did @Sergij mean with untrusted-gw and untrusted-ws?
Does it make no sense for you, or didn’t I understand him?

He referred to this page as basis for his reasoning.

To protect against state created by you by accident, you should use disposable whonix workstation qubes. If you want to protect against potential bugs in the gateway qube that would reveal state, you could have multiple gateways. BUT DO NOT make these disposable as that would have the opposite effect (make you more identifiable, because you’d always start from the state).

Qubes OS is about security. Privacy is a related but somewhat separate topic and you will find what the Whonix forums are a better place for these discussions.