I’m curious if whonix actually provides any value rather than just running tor locally?

Like has there ever been a case when because tor was run locally on someones computer over using whonix for tor that they were compromised?

  • AgreeableLandscape@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    3 years ago

    Qubes is good for security between computing contexts on the machine itself (though, not perfect as you mentioned), but by itself isn’t meant to anonymize you on the internet.

    Daniel the guy that does GrapheneOS basically says that its compartmentalizing garbage because linux isn’t built with security in mind.

    You can use BSD if that’s a real concern. Though, this is why I wish there was a viable desktop microkernel OS. Such an OS might even be able to replace the need for a hypervisor like in Qubes, if it has built-in compartmentalization for userspace programs.

    • redbook@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      Yeah I think that BSD is the most secure operating system to-date and these are the guys that created ssh, the service that is used by most people in the world for connecting to theirs servers. So the folks that develop BSD really know what they are doing when it comes to security.

      I’ve not actually tried openBSD myself, but I can already tell you that having that setup correctly so that you have containers that use openBSD instead of linux will be a pain in the ass for compatibility and is likely going to be extremely difficult to setup correctly on qubes. But in my view is likely the most secure you can get with Qubes OS.

      • AgreeableLandscape@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 years ago

        For people who don’t want to or aren’t knowledgeable enough to go through all that trouble, what would you think about just having multiple bootable partitions (presumably with BSD ideally), each independently encrypted with a different password? That way in theory if a single OS instance is compromised, it can’t access the information on any of the other instances since ideally only the currently booted partition is decrypted. You can probably pull it off with some GRUB fu.