Hello.I’m newbie here.I’ve some questions for using Whonix 18.How can I use it for clearnet(for ex.,opening not onion websites,register there with some disposable data etc) and for deepweb(tor,onion websites etc) but always remain anonymous,so that I can’t be de-anonymized.I wanna use Whonix like my multy-functional desktop for every tasks.Is it possible?Not every website can work via Tor,so maybe to have another browser for clearnet here, but how to do it so not to be de-anonymized.I have VPN on my host machine,maybe it’s a good idea to use vpn+whonix+vpn for some clearnet websites,idk.Waiting for your advices!Thanks!
1 Like
You should not open websites over clearnet in Whonix, and by design it is impossible to do so even on purpose without breaking the firewall. If you could contact clearnet websites from within Whonix-Workstation, those websites would potentially be able to correlate your identity with your activity done over Tor and thus deanonymize you.
Instead, you should consider using multiple virtual machines for your workflow. Kicksecure (on which Whonix is based) would be good for doing clearnet browsing in, it has the security features of Whonix but without the privacy features and without an enforced Tor tunnel. See:
3 Likes
You mean, I should use both Whonix(for deepweb work) and Kicksecure(for clearnet work)? I thought that in order to remain protected and anonymous, my traffic should only go through the TOR or is this not so?
1 Like
2 Likes
I think there might be some confusion here (at least on my part). By “How can I use it for clearnet” do you mean, for example, visiting https://www.whonix.org/ within tor browser? Arraybolt might have thought that you meant visiting for example https://www.whonix.org/ without the tor network.
so that I can’t be de-anonymized
It is very hard or impossible to obtain complete anonymity and requires great opsec. Please read literally everything at http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Documentation. You can also try the Hitchhiker’s Guide to Online Anonymity at GitHub - Anon-Planet/thgtoa: The comprehensive guide for online anonymity and OpSec. and ./ - Hitchhiker's Guide.
Not every website can work via Tor,so maybe to have another browser for clearnet here
This is not recommended. You can install another browser, but all your traffic will be routed through the whonix-gateway and therefore through the tor network. Also, you might mess up your system by doing this. For example, installing Brave browser might mess up your system configuration, and it would be hard to undo the damage.
I have VPN on my host machine,maybe it’s a good idea to use vpn+whonix+vpn for some clearnet websites
This might be possible, but it is not recommended by the tor project, and it is not recommended by whonix either, for various reasons. If you want to try this anyways, the Hitchhiker’s Guide to Online Anonymity mentioned previously may be helpful.
One issue with a you → VPN → website setup is that even if you pay in cash or privacycoin, the VPN can still figure out your identity through the ip address assigned to you by your ISP (and you have to trust them to not log it, or the VPN’s data center they are in logging it, or no espionage agencies monitoring the server, etc.). You can counter this threat through a you → tor → VPN combination. So that is a possible advantage of that setup.
But even if you do that, for example because you want to use Discord (which afaik does not allow tor but does allow VPNs), you still have to contend with all the browser fingerprinting and javascript fingerprinting that goes on in order to identify you, independent of your ip address. For example, through javascript, you can be identified through your specific typing style. So you might want to use Kloak and/or type out your messages in a text file, then copy+paste them into chat messages. And that is just one out of many fingerprinting attack vectors. The aforementioned documentation at http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Documentation will help teach you about that.
In my opinion, you should block javascript entirely on any website that allows you to block javascript. And you should consider not using websites that require javascript if you do not have to use them. Unfortunately, these whonix forums require javascript in order to function, so we do not really have a choice if we want to use these forums…
3 Likes
Thanks for your reply! I meant use my workstation like my host desktop, browse the Net, using clearnet websites and register there (I think, there’re should be captcha), etc. For example, I wanna use Facebook here(ofc with fake data, not my real one), Telegram Web(or application), Reddit and other clearnet websites. I won’t register there by my real accounts, but I wanna use it here too. What will be better, to have other workstation for these websites/apps, to install Kicksecure and use Whonix+Kicksecure. Or install OpenVPN and use this Chain “Host VPN+Whonix+OpenVPN(inside whonix)”? I’ve read a lot of information, and now I’m not sure what will be better for me.
1 Like
Relevant documentation if you intend on combining Tor and VPNs:
2 Likes
Unfortunately, I have no advice beyond what I have already said. I do not use those websites, so I cannot really help you. There are privacy frontends for some of those websites if you just want to read them. But if you log in, that allows them to correlate your individual browsing sessions together. I would suggest that you do not log into those websites and avoid using anything by Facebook/Meta.
If you want to use them anyways, I suggest that you figure out which of these are feasibly accessible via the tor network and which of these are not feasibly accessible via the tor network. Start with the ones that are feasibly accessible via the tor network. For the ones that are not feasibly accessible via the tor network, you can think about choosing between a “you → vpn → website” setup and a “you → tor → vpn (paid with a privacycoin like monero) → website” setup.
No guarantees of successfully retaining your anonymity from espionage agencies in the long-term whatsoever.
1 Like