For new users running Whonix for the very first time may feel intimidating, because there is so much documentation and warnings all over the place. Then it just says run this command to start. At this point the user may ask: did I do everything right, was that it, what should I better do next, am I anonymous and safe already, how do I check?
It would be great for new users if in the documentation in the right place there was something short like: you are now ready to safely run Whonix, you can check if it’s working this way, you maintain the system that way. It would help break the ice and get people to run Whonix with more peace of mind.
There was a short installation guide for Whonix that I think never got published which is really what you are looking for.
Effectively, a run of the mill user should just install the VM images (after verification), update/upgrade the (Template)VM images and keep them updated, and change passwords in non-Qubes-Whonix (along with maintaining clean snapshots) and be fairly confident in their installation.
After that point, it is all about how far users want to go to increase security e.g. sandboxing, dispVMs, AppArmor etc. All of this is just security in depth i.e. we know modern software is inadequate and full of numerous holes, so for example, if Tor Browser is exploited, what are the possible fallbacks to stymie attacker efforts to maintain a foothold.
e.g. DispVM + Sandboxed Tor Browser + AppArmor + Sandboxed Tor process = better than Tor Browser in standard Whonix-WS configuration alone. But also probably overkill.
If I understand correctly, part of what you are trying to convey is that users may be unsure if its safe to actually start the VMs because they don’t see (using your KVM_link for example)
Instead of using:
Start
If you know Virtual Machine Manager, there is nothing special about starting Whonix VMs compared to starting other VMs. First start Whonix-Gateway, then start Whonix-Workstation
Use something like this:
Start
After you have finished all steps including cleanup of the archives (libvirt.xz files), it is now safe to start up your Whonix VMs …
To clarify, meaning not necessarily safe to surf the web, just safe to start VM.
The explanation you both have given here would be great. There should be a clear statement if running the VM or a service is a safe thing to do at/after some point, noting that is the case only if previous steps have been followed. It doesn’t have to be long, just a sentence or two. Otherwise the user can really only say “I guess I can do this now”, “I guess I’ve found all relevant information” and can then try. A reassurance would only be necessary for basics like running the VMs for the first time, connecting to the web for the first time, etc. From then on it should be clear if it works or not.
Do you mind me asking where this guide is now? Will it be published? Like I said before, just a few reasurring comments would be enough and would make a world of a difference to new users.
Things like the KVM qxl package or pulseaudio should be most clearly emphasized, because without these steps the whole system will be nearly useless to many. Basically the documentation needs a first run section, with the few essential steps outlined.
The guide for Virtualbox is short and basic so it wouldn’t make a lot of sense adding select details.
But you shouldn’t assume KVM users don’t need any help, some are just getting started. Given the pages and pages and pages and pages and pages of security warnings in addition to the warnings in Whonix, some reassurance would be welcome, in the sense of: Having followed these steps your configuration provides the basic security Whonix can afford you. You are now ready to run Whonix for the first time. For important and recommended additional security measures see list of links.
The warnings are great and provide excellent information, but can be overwhelming for a new user who just won’t know when they’ve taken everything necessary to start using Whonix into account.
