I've read that comparison and I've ploughed through lots of the whonix
documentation. What i haven't seen is a design document or specification
for the whonix gateway.
On the points you mention, the torvm provides stream isolation, and the
setup of TBB is pretty trivial and (now) well documented. I thought that
it was the whonix ws which provided protection against fingerprinting -
is this a function performed by the gateway too?
As for the testing, do you mean that there's some packet inspection in
the gateway to guard against metadata leakage or something like that? Or
do you mean that whonix-qubes is tested in some way that qubes isn't? If it's
the latter then we can pretty easily fix that.
There's a comment in the documentation that the whonix templates may
provide a more usable and robust solution for torifying traffic. As I
don't encounter any problems with the torvm, and haven't seen many
reported in the lists, I don't know what to make of this.
What I was looking for was some detail on what the whonix gateway
provides that the torvm/torfw combo doesn't. The reason why I think it's
important is that if there are features then I think they should be
ported to the torvm so that users who don't want to use
whonix will still benefit from them.
Also the advantage of a simpler system, only one code base to maintain
etc etc. And if there were a unified tor gateway solution the devs could
focus on the whonix workstation template, which is, I think, where most
of the anonymising configuration in the apps takes place.
Anyone help me out?
unman