Thank you for your involvement!
> It's possible to use a debian/fedora based appVM with firefox, connected > to sys-whonix, and all connections will go through tor. > > But whonix recommends to use a whonix-ws based appVM with tor browser > instead to reduce fingerprintability. Most tor users are using tor > browser, so if you're using tor with firefox and not tor browser it's > easier to fingerprint you. Whonix recommends this, but nothing to tell about Qubes Whonix. Qubes contains the basis of Whonix Workstation logic in all OS. When we use Whonix-Gateway we have one TOR connection (3 onion connections), but when we use TOR browser (in any OS) we have second TOR connection (which means that now we have already 6 onions). And in some reason it is not a safe way. This is what I found: "Please note that a Tor-over-Tor connection will always, without exception, be less safe than a normal Tor connection. There is always a possibility that your Tor connection would use the initial Tor connections guard as an exit, introduction point, rendezvous point, or in some other way interact with your own guard in such a way that it would be using a single relay for ingress and egress. Never, ever use Tor-over-Tor. It is always less safe." *** https://tor.stackexchange.com/questions/10071/running-tor-over-tor On official site of Tor project I found a mention only in this way: "* Simplified custom user installation of TorChat, thanks to dummytor. (Protecting from Tor over Tor.)" *** https://lists.torproject.org/pipermail/tor-talk/2014-February/032227.html >From which one can draw a conclusion that official position on this issue that >Tor over Tor is not safe. As I understand Whonix-Workstation is on a completely isolated network, it means that only connections through Tor are possible. But for Qubes users it does not make any sense because any OS (isolated) could work through TOR connection with Whonix-Gateway without Whonix-Workstation. Actually you can download and install TOR browser but disconnect it from TOR network in Firefox options. It means that you will use Tor Browser with the same security level, but without direct TOR connection from Firefox. Of course it would be better only if you use this browser through Whonix-Gateway. > I don't know if there are any other reasons why you would need to use > whonix-ws instead of debian/fedora or if there's any reason not to use > tor browser in a debian/fedora VM. But i like to use whonix-ws as a > template for any VM that's going to connect to tor, and debian for other > VMs. That's why I am interested in this question. Maybe somebody use Whonix-Workstation for other reasons? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b68a1e15-4368-4bd6-b5ec-bc1e77152994%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
