Daniil .Travnikov: >> It's possible to use a debian/fedora based appVM with firefox, connected >> to sys-whonix, and all connections will go through tor. >> >> But whonix recommends to use a whonix-ws based appVM with tor browser >> instead to reduce fingerprintability. Most tor users are using tor >> browser, so if you're using tor with firefox and not tor browser it's >> easier to fingerprint you. > > > Whonix recommends this, but nothing to tell about Qubes Whonix. Qubes > contains the basis of Whonix Workstation logic in all OS.
I'm not sure what you mean here? > When we use Whonix-Gateway we have one TOR connection (3 onion connections), > but when we use TOR browser (in any OS) we have second TOR connection (which > means that now we have already 6 onions). And in some reason it is not a safe > way. Whonix already prevents tor over tor connections. When you use tor browser in a whonix-ws based VM connected to sys-whonix it won't be tor over tor (there will only be 3 relays not 6). At least when you use tor browser in a whonix-ws based vm anyways. From looking at the whonix documentation it looks like if you download tor browser in a regular debian/fedora based vm and connect to sys-whonix that would result in tor over tor. Whonix modifies tor browser in whonix-ws so it works with whonix-gw/sys-whonix to prevent tor over tor. http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tor_Browser#Whonix_Tor_Browser_Differences https://www.whonix.org/wiki/Tor_Browser#Whonix_Tor_Browser_Differences But anyways, using tor browser in whonix-ws based appVM connected to sys-whonix doesn't result in tor over tor. So it looks like there are basically 4 ways to browse the internet using tor with qubes: 1. Use tor browser in a whonix-ws based appVM connected to sys-whonix (this is recommended, whonix prevents tor over tor scenarios, and all other traffic from the vm outside of tor browser is also routed through tor) 2. Use tor browser in a regular debian/fedora based appVM connected to sys-firewall (just like using tor browser outside of whonix, you'd miss out on any other whonix features, and other traffic from that vm outside of tor browser would not be routed through tor) 3. Use regular firefox in a debian/fedora based appVM connected to sys-whonix (no tor over tor, and all traffic from the VM is routed through tor, but it would be easier for adversaries to fingerprint you because most tor users use tor browser, not firefox, so you're more unique this way) 4. Use tor browser in a regular debian/fedora based appVM connected to sys-whonix (this would result in tor over tor, which is bad) At least this is my understanding based in what i've read in the whonix docs, but someone may know better than me! -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee03caeb-fb5f-3b3e-44d5-63bd3c360271%40bitmessage.ch. For more options, visit https://groups.google.com/d/optout.
