why Whonix and not Tails or the anon-vm?

[josefh...@hushmail.com]

Hello Forum

why was Whonix and not Tails selected for thes anon-vm of QubesOS?

Thank's for your feedback!

Joe

[awokd]

Don't know the exact discussion that led up to it, but I imagine it's due
to the flexibility Whonix-Gateway provides by permitting anything attached
to it to get routed through Tor. It is still possible to run Tails under
Qubes, see https://www.qubes-os.org/doc/tails/.

[john]

On 05/17/18 06:25, awokd wrote:

> On Thu, May 17, 2018 3:46 pm, josefh.maier-revL73yDgGBWk0Htik3J/w...@public.gmane.org wrote:
>> Hello Forum
>>
>> why was Whonix and not Tails selected for thes anon-vm of QubesOS?
>> Thank's for your feedback!
>
> Don't know the exact discussion that led up to it, but I imagine it's due
> to the flexibility Whonix-Gateway provides by permitting anything attached
> to it to get routed through Tor. It is still possible to run Tails under
> Qubes, see https://www.qubes-os.org/doc/tails/.
>
>

technically this is a whonix question, I would suggest posting there :

https://forums.whonix.org/

or read their docs a bit 1st, then patrick and crew respond to most
posts .....

[qubenix]

john:

I believe it started here:
https://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html.

--
qubenix
GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

[awokd]

I don't agree- the OP was asking why Qubes chose Whonix over Tails, so
this (or qubes-devel) would be the right place to ask!
:)

[john]

ya, your right, but how about this , try and fail like I did to get
tails in a VM ......maybe it will be more obvious, here's another one
what is the difference between a whonix-dvm and tails ?

[awokd]

On Sat, May 19, 2018 7:52 am, john wrote:

> ya, your right, but how about this , try and fail like I did to get
> tails in a VM ......maybe it will be more obvious,

I had Tails running in a VM on R3.2, but haven't tried with 4. It was a
bit of a hassle, IIRC.

> here's another one
> what is the difference between a whonix-dvm and tails ?

From a Qubes perspective, whonix-dvm depends on sys-whonix to act as a
gateway, whereas tails is self-contained. Apologies if I'm missing your
point...

[qube...@tutanota.com]

I would say that the main point here is the core, basic difference between Tails and Whonix itself, from the OpSec point of view.
Tails is amnesic, and is for use in an environment where there is a danger of physical attack against the possessor of the media (Tails should run on the removable media only, like SD, USB, CD, otherwise it has loosing its main strength), to be forced to handle it to an adversary. The machine, which run the Tails media doesnt remember the Tails was run on it, and the only trace is the media itself, which can be destroyed in case of danger, and therefore the physical attack on the victim, to handle over the keys to the Tails Persistent volume to adversary, loses its meaning (there is nothing to unlock). It can be used by activists, normal people in oppressive regimes, or it can be used by businesses, handling valuable data in an environment, where there is a danger to be physically forced from an adversary, to give him the key to the valuables. To be safe from the above mentioned threads.
Qubes is not amnesic, and therefore not suitable for running amnesic Tails. Therefore the decission for non- amnesic Whonix, running itself by default, in a virtual environment loved by Qubes.
Whonix and Tails answering completely different Thread models. But Qubes and Whonix have quite common understanding of the threads, as I see it.
It is my guess ;)

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

19. May 2018 14:02 by aw...@elude.in:

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f454fe0cd8260ed003764db9ef773e02%40elude.in.
For more options, visit https://groups.google.com/d/optout.

[awokd]

On Sat, May 19, 2018 12:45 pm, qube...@tutanota.com wrote:

> Qubes is not amnesic, and therefore not suitable for running amnesic
> Tails. Therefore the decission for non- amnesic Whonix, running itself by
> default, in a virtual environment loved by Qubes.

Disposable VMs (including whonix-ws-dvm) are at least partly amnesic. Once
you shut it down, you aren't going to recover the contents easily. Tails
running directly on hardware is more amnesic. Tails running in an HVM is
somewhere in between. See
https://github.com/QubesOS/qubes-issues/issues/2024 and links in there.

[Name]

well, it's not really my question, but I did notice that in these
semi-permanent fedora-27-dvm and whonix-dvm that if I make bookmarks
in firefox they persist which surprises me, as I thought the whole point
was that with dvm's nothing persisted, I'm not sure I really
understand why I even have these domains listed fedora-27-dvm etc,
IIRC, in Q3.2 when you went to make a DVM it started and initially
took a while, and then told you next time it would be faster, but when
you closed whatever was using the DVM no domain persisted in the qvm-ls
/ VM manager, etc ; much less things like browser bookmarks ...

I expect with whonix-appqubes that bookmarks would persist, but not
whonix-dvm's

[john]

* actually they persist in fedora-dvm but not in whonix-dvm fwiw :)

[cooloutac]

I've been wondering why my whonixdvm for me right now keeps asking me to update. even though i'm updating the template.

[cooloutac]

the torbrowser I meant.

[js...@bitmessage.ch]

Name:

> well, it's not really my question, but I did notice that in these
> semi-permanent  fedora-27-dvm  and whonix-dvm  that if I make bookmarks
> in firefox they persist which surprises me, as I thought the whole point
> was that with dvm's  nothing persisted,  I'm not sure I really
> understand why I even have these  domains listed  fedora-27-dvm  etc,
> IIRC, in Q3.2   when you went to make a DVM it started and initially
> took a while, and then told you next time it would be faster, but when
> you closed whatever was using the DVM  no domain persisted in the qvm-ls
>  / VM manager, etc  ; much less things like browser bookmarks ...
>
> I expect with whonix-appqubes  that bookmarks would persist, but not
> whonix-dvm's

Hmm are you setting the bookmarks in an actual dispVM or in the dvm
template vm (like whonix-ws-dvm)? My understanding is that when you
create a dispVM qubes makes a temporary copy of the dvm template, so
changes made to the dvm template itself would persist. At least that's
the way it works for me in 3.2. I made certain changes in whonix-ws-dvm
like making sure settings are the way i want them, so they'll persist in
dispVMs.

https://www.qubes-os.org/doc/dispvm-customization/

--
Jackie

[john]

ya, same here , persistent green arrow ,