Benefits to browser-only use of Whonix-Workstation?


I am making some updates to my system configuration and it is not clear to me if there are benefits to using Whonix Workstation in QubesOS if the browser is the only application in use. As I understand it, based on the wiki page about the workstation (wiki page title: “What is Whonix-Workstation?”), there are 2 main benefits to the workstation:

  1. All traffic will be routed through TOR
  2. Some applications are hardened with stream isolation (wiki page title: “Stream Isolation”)

Benefit 1 should be realized by using whonix-gateway as a NetVM, because this forces all traffic to go through TOR. Benefit 2 is not relevant if TOR Browser is the only application that accesses the network.

Are there any other benefits to using whonix-workstation? Particularly for a multi-workstation environment? There is a section about dangers with a multi-workstation setup (wiki page title: “Multiple Whonix-Workstation”, section: “Cross-VM Attack Vectors”), and there are some notes about the differences between a Qubes and non-Qubes setup, but it’s not clear if there are differences between a Fedora and Whonix Workstation setup when both are running in QubesOS (for example, I wouldn’t expect that the unique artifacts referred to in the section on “VM Fingerprinting” are unique to Whonix).

Check these links.

1 Like


Anonymize Other Operating Systems chapter Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation in Whonix wiki


Thanks, I didn’t see that page before. It looks like there are some notable benefits even if TOR Browser is the only thing that the user explicitly opens. Most notably:

  • NTP will probably run automatically, so having that torrified is good
  • TOR over TOR prevention is good for the network and reduces (theoretical?) privacy risks
  • The link to misc benefits includes things like kernel, login, and keystroke hardening which potentially are relevant to different stages of an attack that starts from a browser
1 Like