Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Daniil .Travnikov: > Could anybody help me to understand what is the difference between Whonix > Workstation and Debian/Fedora? (I mean Templates VM in Qubes). > > When I want to use one of my Debian VM through TOR, I am turn on > Whonix-Gateway. > > And I am asking beacuse I don't understand for what I must use > Whonix-Workstation? > See discussion here: https://forums.whonix.org/t/qubes-whonix-and-stream-isolation-understanding-for-non-default-applications/4676/3 For additional questions, please search: https://forums.whonix.org https://www.whonix.org/wiki/Documentation -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac2f6759-a4ea-f592-d21f-ff183f4453f5%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
> For maximum privacy, I would use the whonix-ws tor browser with the whonix-gw > for tor browsing. After this discussion, I absolutely agree with both of you! :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e949fdfe-3ef9-41bf-af5f-1fb0bad69cce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
On Thu, 3 May 2018 05:51:01 -0700 (PDT) "Daniil .Travnikov" wrote: >Thank you very much for your clarify about Whonix-Workstation. Now I >understand how it is working much better. > > >> 3. Use regular firefox in a debian/fedora based appVM connected to >> sys-whonix (no tor over tor, and all traffic from the VM is routed >> through tor, but it would be easier for adversaries to fingerprint you >> because most tor users use tor browser, not firefox, so you're more >> unique this way) > >Totally agree with all ways, but it has 1 more way about which I know: >https://trac.torproject.org/projects/tor/ticket/15800 > >When you change on 'false' in network.proxy.socks_remote_dns TorBrowser >setting. > >And this type of browsing you could use in a debian/fedora based appVM >connected to sys-whonix. And it will be the same like in your 1 way (tor >browser in a whonix-ws) without any fingerprint, because it is the same Tor >Browser. > The tor browser as a lot of other defaults as well, such as not running scripts...https everywhere etc... The pair of whonix-ws and whonix-gw have been developed together (even for use with other virtualization platforms) to minimize exposure to fingerprint detection. For maximum privacy, I would use the whonix-ws tor browser with the whonix-gw for tor browsing. Stuart -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180503100503.0d9427f7%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Thank you very much for your clarify about Whonix-Workstation. Now I understand how it is working much better. > 3. Use regular firefox in a debian/fedora based appVM connected to > sys-whonix (no tor over tor, and all traffic from the VM is routed > through tor, but it would be easier for adversaries to fingerprint you > because most tor users use tor browser, not firefox, so you're more > unique this way) Totally agree with all ways, but it has 1 more way about which I know: https://trac.torproject.org/projects/tor/ticket/15800 When you change on 'false' in network.proxy.socks_remote_dns TorBrowser setting. And this type of browsing you could use in a debian/fedora based appVM connected to sys-whonix. And it will be the same like in your 1 way (tor browser in a whonix-ws) without any fingerprint, because it is the same Tor Browser. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03d56bf0-e982-4241-8790-57e2531f2856%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Daniil .Travnikov: >> It's possible to use a debian/fedora based appVM with firefox, connected >> to sys-whonix, and all connections will go through tor. >> >> But whonix recommends to use a whonix-ws based appVM with tor browser >> instead to reduce fingerprintability. Most tor users are using tor >> browser, so if you're using tor with firefox and not tor browser it's >> easier to fingerprint you. > > > Whonix recommends this, but nothing to tell about Qubes Whonix. Qubes > contains the basis of Whonix Workstation logic in all OS. I'm not sure what you mean here? > When we use Whonix-Gateway we have one TOR connection (3 onion connections), > but when we use TOR browser (in any OS) we have second TOR connection (which > means that now we have already 6 onions). And in some reason it is not a safe > way. Whonix already prevents tor over tor connections. When you use tor browser in a whonix-ws based VM connected to sys-whonix it won't be tor over tor (there will only be 3 relays not 6). At least when you use tor browser in a whonix-ws based vm anyways. From looking at the whonix documentation it looks like if you download tor browser in a regular debian/fedora based vm and connect to sys-whonix that would result in tor over tor. Whonix modifies tor browser in whonix-ws so it works with whonix-gw/sys-whonix to prevent tor over tor. http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tor_Browser#Whonix_Tor_Browser_Differences https://www.whonix.org/wiki/Tor_Browser#Whonix_Tor_Browser_Differences But anyways, using tor browser in whonix-ws based appVM connected to sys-whonix doesn't result in tor over tor. So it looks like there are basically 4 ways to browse the internet using tor with qubes: 1. Use tor browser in a whonix-ws based appVM connected to sys-whonix (this is recommended, whonix prevents tor over tor scenarios, and all other traffic from the vm outside of tor browser is also routed through tor) 2. Use tor browser in a regular debian/fedora based appVM connected to sys-firewall (just like using tor browser outside of whonix, you'd miss out on any other whonix features, and other traffic from that vm outside of tor browser would not be routed through tor) 3. Use regular firefox in a debian/fedora based appVM connected to sys-whonix (no tor over tor, and all traffic from the VM is routed through tor, but it would be easier for adversaries to fingerprint you because most tor users use tor browser, not firefox, so you're more unique this way) 4. Use tor browser in a regular debian/fedora based appVM connected to sys-whonix (this would result in tor over tor, which is bad) At least this is my understanding based in what i've read in the whonix docs, but someone may know better than me! -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee03caeb-fb5f-3b3e-44d5-63bd3c360271%40bitmessage.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Thank you for your involvement! > It's possible to use a debian/fedora based appVM with firefox, connected > to sys-whonix, and all connections will go through tor. > > But whonix recommends to use a whonix-ws based appVM with tor browser > instead to reduce fingerprintability. Most tor users are using tor > browser, so if you're using tor with firefox and not tor browser it's > easier to fingerprint you. Whonix recommends this, but nothing to tell about Qubes Whonix. Qubes contains the basis of Whonix Workstation logic in all OS. When we use Whonix-Gateway we have one TOR connection (3 onion connections), but when we use TOR browser (in any OS) we have second TOR connection (which means that now we have already 6 onions). And in some reason it is not a safe way. This is what I found: "Please note that a Tor-over-Tor connection will always, without exception, be less safe than a normal Tor connection. There is always a possibility that your Tor connection would use the initial Tor connections guard as an exit, introduction point, rendezvous point, or in some other way interact with your own guard in such a way that it would be using a single relay for ingress and egress. Never, ever use Tor-over-Tor. It is always less safe." *** https://tor.stackexchange.com/questions/10071/running-tor-over-tor On official site of Tor project I found a mention only in this way: "* Simplified custom user installation of TorChat, thanks to dummytor. (Protecting from Tor over Tor.)" *** https://lists.torproject.org/pipermail/tor-talk/2014-February/032227.html >From which one can draw a conclusion that official position on this issue that >Tor over Tor is not safe. As I understand Whonix-Workstation is on a completely isolated network, it means that only connections through Tor are possible. But for Qubes users it does not make any sense because any OS (isolated) could work through TOR connection with Whonix-Gateway without Whonix-Workstation. Actually you can download and install TOR browser but disconnect it from TOR network in Firefox options. It means that you will use Tor Browser with the same security level, but without direct TOR connection from Firefox. Of course it would be better only if you use this browser through Whonix-Gateway. > I don't know if there are any other reasons why you would need to use > whonix-ws instead of debian/fedora or if there's any reason not to use > tor browser in a debian/fedora VM. But i like to use whonix-ws as a > template for any VM that's going to connect to tor, and debian for other > VMs. That's why I am interested in this question. Maybe somebody use Whonix-Workstation for other reasons? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b68a1e15-4368-4bd6-b5ec-bc1e77152994%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Daniil .Travnikov: > Could anybody help me to understand what is the difference between Whonix > Workstation and Debian/Fedora? (I mean Templates VM in Qubes). > > When I want to use one of my Debian VM through TOR, I am turn on > Whonix-Gateway. > > And I am asking beacuse I don't understand for what I must use > Whonix-Workstation? Hi, It's possible to use a debian/fedora based appVM with firefox, connected to sys-whonix, and all connections will go through tor. But whonix recommends to use a whonix-ws based appVM with tor browser instead to reduce fingerprintability. Most tor users are using tor browser, so if you're using tor with firefox and not tor browser it's easier to fingerprint you. I don't know if there are any other reasons why you would need to use whonix-ws instead of debian/fedora or if there's any reason not to use tor browser in a debian/fedora VM. But i like to use whonix-ws as a template for any VM that's going to connect to tor, and debian for other VMs. -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3a7a870-dfec-d66f-8b2e-259a67e544f0%40bitmessage.ch. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Difference between Whonix Workstation and Debian/Fedora?
Could anybody help me to understand what is the difference between Whonix Workstation and Debian/Fedora? (I mean Templates VM in Qubes). When I want to use one of my Debian VM through TOR, I am turn on Whonix-Gateway. And I am asking beacuse I don't understand for what I must use Whonix-Workstation? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bf9492d-c21b-495a-b2ef-7a2386ff7cea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.