GrapheneOS has previously expressed the opinion that a Fedora based Whonix would make the current Whonix obselete (IMHO they could stand to be a bit less dogma-tic). However, could one currently set up secureblue to already be somewhat of a Whonix alternative? I believe I may have thought of a possible way, feel free to let me know what you think!
In QubesOS, one can set up a ProxyVM with Anonymous Mode Nym, and link it to a secureblue qube. In that last qube, one can browse with Mullvad Browser or non-Flatpak Tor Browser, and force them to use Wayland. When logged in to websites, there’s no need to have those fingerprinting protections, so one might as well use Trivalent with uBO Lite.
The most striking flaws I currently see with this setup are that with Mullvad Browser, websites can see the user has a Nym IP, which has a significantly lower userbase compared to Tor. If one alternatively uses Tor Browser to show websites a Tor IP, their speed will be agonizingly slow.
I guess this setup will still have to wait until Nym develops a larger userbase, and/or until Nym is able to resolve onion addresses.
Lastly, what do you think this setup should be called? Anonix, secureWho, secureQube, FedorAnon or something else?
The only widely used chromium browser which connects to tor is brave. However, even this is not recommended since it doesn’t let you blend in with as many users.
I guess I haven’t heard of any real world cases where Whonix using Debian caused a problem, but I feel like an improvement’s an improvement!
For high risk individuals, why not settle for the best?
Yeah, in the future, hopefully Tor or Nym could consider integrations with Ladybird or Servo to avoid Firefox’s security shortcomings. As of right now, IMHO, no browser exactly has both ideal security and ideal privacy. (I’m not saying there aren’t any usable browsers, just no perfect ones for my taste)
I’m not against developers making improved products. I’m just very much against “security researchers” making users think that existing products are completely unsafe for them to use in the meantime. Big difference.
I do agree it would be cool — just not immediately necessary — to see more of this sort of thing based on atomic Fedora distros instead of Debian
You can already do this yourself with relative ease. Just connect a Secureblue VM to Whonix Gateway.
Just be aware you would have to take steps to enable stream isolation for Tor browser, and it would be wise to import Whonix-Workstation’s firewall. Its also important to set up some version of grub-live, to prevent malware persistence on your workstation. For the sheer purpose of not standing out from other users, I would personally recommend the Tor browser (firefox-based) instead of Chromium. Whonix-workstation also has other features that improve user anonymity, that you may have to configure yourself on your “secureWho” box.
So, what do you gain from this? Arguably it might be more difficult for an adversary, which has exploited your browser, to gain root privileges thanks to the hardened malloc, which is typically required for dreaded (but rare) VM-escape exploits that threaten Whonix’s protections.
In my personal opinion - a Whonix user shouldn’t try to relay on secureblue’s flatpaks within a single VM for isolation, as it would be easier and more secure to instead just run multiple whonix-workstations/disposable qubes, in live mode and with a read-only disk, for different activities.
I would also argue that if you’re seriously concerned about the kind of adversary that would have and be willing to use privilege escalation and VM-escape 0-days, I would assume that it is quite likely you’re dealing with a nation-state that would have exploits for Flatpak, any browser you can think of, and a hardened malloc may not stop them.
On the other hand, its not a bad idea to try to be as secure as possible.
You can already do this yourself with relative ease. Just connect a Secureblue VM to Whonix Gateway.
Wow, I did not know you could do that! I guess it would be pretty feasible to configure secureblue just like Whonix!
If I may add to your advice for someone with a threat model in need of Whonix/secureWho, maybe one could consider Veracrypt’s Hidden Operating System, using Mullvad Leta instead of DuckDuckGo or Brave because it doesn’t proxy Bing like the former or sends data to AI like the latter, or using Dell Latitude with vPro enterprise.
