I’m curious if whonix actually provides any value rather than just running tor locally?
Like has there ever been a case when because tor was run locally on someones computer over using whonix for tor that they were compromised?
I’m curious if whonix actually provides any value rather than just running tor locally?
Like has there ever been a case when because tor was run locally on someones computer over using whonix for tor that they were compromised?
Qubes is good for security between computing contexts on the machine itself (though, not perfect as you mentioned), but by itself isn’t meant to anonymize you on the internet.
Is Linux not designed for security? I’d have assumed it’s one of the more mature kernels security wise due to its prevalence in servers.
Either way, I guess you can use BSD in the containers if that’s a real concern. Though, this is why I wish there was a viable desktop microkernel OS. Such an OS might even be able to replace the need for a hypervisor like in Qubes, if it has built-in compartmentalization for userspace programs.
Yeah I think that BSD is the most secure operating system to-date and these are the guys that created ssh, the service that is used by most people in the world for connecting to theirs servers. So the folks that develop BSD really know what they are doing when it comes to security.
I’ve not actually tried openBSD myself, but I can already tell you that having that setup correctly so that you have containers that use openBSD instead of linux will be a pain in the ass for compatibility and is likely going to be extremely difficult to setup correctly on qubes. But in my view is likely the most secure you can get with Qubes OS.
For people who don’t want to or aren’t knowledgeable enough to go through all that trouble, what would you think about just having multiple bootable partitions (presumably with BSD ideally), each independently encrypted with a different password? That way in theory if a single OS instance is compromised, it can’t access the information on any of the other instances since ideally only the currently booted partition is decrypted. You can probably pull it off with some GRUB fu.