I know ws is stand for workstation and gw is stand for gateway, but I can’t understand what’s their difference.
The gateway runs TOR and provides access to the work station, in which you will run the browser:
On Qubes default instalation, whonix-gw serves as the template for sys-whonix. whonix-ws is the template for anon-whonix. sys-whonix provides network for anon-whonix.
You should use the TOR browser on anon-whonix or some other appvm based on whonix-ws
Thx, now I can understand better. So when we want to install app, we should install it on whonix-ws. right?
What will happen technically if we install app on whonix-gw ?
Also, I installed telegram desktop on whonix-ws, but any time that I want to open it I have to open file manager and then click on telegram icon. Is there any option that I can add it to list of applications? ( Qube setting > application )
To use the app in anon-whonix, you have to install it in whonix-ws, yes.
How did you install telegram? Did you just download an appimage?
If you follow the guide from the whonix wiki, it should be available in the application list (maybe after a refresh)
Here is the entry in the wiki: Send Telegram Messages over Tor with Whonix ™
I downloaded the linux file from telegram website & then extract the file by file manager and just click on telegram icon. ( Like how you open a portable app )
I checked the link you gave me, it says due to security it’s better not to use backports repository.(can be installed from Debian backports. This is non-ideal)
So I wanted to setup through flatpak. When I opened xfce-terminal from template: whonix ws 16 and I enter this command:
apt install flatpak
I get this error:
E: unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
To install packages via the package manager, you have to execute the command with elevated rights.
Try “sudo apt install flatpak”.
But if you install packages via flatpak, you have to remember to update them manually.
A general solution for this is to create a .desktop file on /usr/share/applications/ on the template:
You are missing
So what’s the best & secured option for installing apps like telegram? I don’t have enough knowledge & memory to update it regularly.
I heard if I install app through package manager when I update qubes they get updated as well. So is there any solution?
I wouldn’t rule out backports completely, even if the version is a bit behind most of the time. You get automatic updates, so the convenience is there. It should be the easiest way by far.
Another option might be using snap in another template or a StandaloneVM, which uses sys-whonix as the network. Snap should update automatically, but i don’t use it myself. I don’t know how reliable this works, maybe someone else here tried it before.
In the end, it depends on your personal threat level and needs.
If you need the privacy and can live with an older Telegram version, i would use backports. If you always want the latest version, you might want to use snap or flatpak with reminders in your calendar/todo list for the manual updates.