By default, even though launching from this VM is disabled on install, it is set to dvm-fedora. Might it not be better that it be (none) or perhaps a whonix-ws dvm?
I believe that even if the user enabled the capability, under the OOTB configuration, this change probably doesn't provide any additional security as root on sys-whonix can bypass onion routing. However, I believe some users tunnel TOR via VPNs and if there were perhaps an attack on the tor networking or other components in sys-whonix, AND the user turned on the capability, a default value of (none) or whonix-ws might be safer. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4894ddbf-b928-4711-8cc5-5dcc2abab073%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.