Do you guys think that if i can’t run QubesOS (for example i need windows in my main OS), would running Whonix inside Tails be a good option? I would have advantage of VM’s and Live Os at once. Could it be even Whonix live mode in Tails in USB stick (optionally with write-protect feature). What do you guys think, is it overthinking or actually good solution? (considering i have enough RAM and CPU Cores).
Its something like HiddenVm project, but i seen its discontinued, however i couldn’t just do it somehow manually?
What are you even trying to accomplish here? You need to explain your want or need for it for us to answer
2 Likes
As JG said, it’s hard to comment without any further elaboration on what you need. I’ll assume since you compared Tails to QubesOS you’re looking for a relatively private and secure host OS, in which case Tails probably isn’t the best option unless you need to benefit from it’s counter-forensic features. (Not to mention that Tails tends to have some quirks so I wonder if there’d be any issues with running a Whonix VM in the first place.)
Kicksecure is a hardened Linux distribution and it’s recommended by Whonix as a host OS, it’d probably be one of the easiest (hardened) options to pick. But as PrivacyGuides notes, it being Debian-based is a downside so you might consider Secureblue instead if you don’t mind dealing with the quirks of atomic desktops.
Your line of thinking is correct: for sensitive activities, ideally you want both the leak-resistance and security that VMs offer, but you also want the anti-forensic properties and deniability of live operating system. Thankfully, you can do this yourself using Kicksecure as a host OS, because it has a live mode. You can put Whonix inside of a veracrypt, plain-dm crypt, or headerless LUKS encrypted volume and only access it while using Live Mode. (This is a better option than using Tails.)
Nihilist’s OPSEC Bible has a good guide to set up what you’re thinking of.
1 Like
I want to us Tails to have a forensic and anonymity features, but it would be nice also to somehow gain advantage of whonix which are vm’s (gateway and workstation) which could help with some kinds of attacks and malicious software (IP leaks/rootkits/hardware info). That’s why I wonder if somehow I could prevent from that. Don’t want to install new software, unless I can run it from USB like tails, not sure about using just whonix for ex for downloading files, because I would need to run it from windows which is big disadvantage and it could leak to host os.