Need advice by expert about anonymous in Whonix

  1. I use Whonix and go to the website and it identifies Whonix OS as Windows 10. Windows 10 is my host OS. Why doesn’t it identify my OS at least as Linux/Whonix? What does it mean? Does he see my real OS?
  2. Does it make sense to install the addon “Canvas” browser in Tor for greater anonymity? If so, which addon is better: Canvas Defender or CanvasBlocker? Or can both be installed?
  3. I would be very grateful if you would advise some anonymous mailboxes, even on the blockchain. The main thing: anonymity. ProtonMail, Mailvelope, Mailfence, Cryptext and Tutanota are not anonymous, they are based in Europe/the USA, and ProtonMail showed itself from the most disgusting side when, at the first request of the American special services, it gave out all the logs of the Russian hacker Sergey Pavlovich. Advise a really anonymous mailbox, and not commercial cop dumps


Non-default Add-ons

From centralized e-mail services the most you can get is privacy by policy. How to review the trustworthiness of such services is really complex and ultimately a user cannot really look into what they are doing. Always some degree of trust needed. What you need is privacy by design and I don’t think that’s possible for e-mail.

See also:


Not familiar with that case but will respond with general thoughts towards operational-security of e-mail usage.

Personal modus-operandi for public e-mail providers is to assume any metadata provided to them such as recovery or verification information during sign-up, IP addresses, sender/receiver and time-stamps (of account access and messages) can be discovered by the provider and third-parties and to act accordingly. Trust no one.

As for for message-content that is a more complicated issue. Several e-mail providers provide their own implementations of end-to-end-encryption that should not be relied on because in most cases it is interfaced through a web-application that often requires trusting the e-mail provider to not been compromised or actively sabotage the security. I hope people remember what happened to Hushmail well over 10 years ago. Safest bet is to handle encryption using PGP externally from the e-mail provider so its merely a conduit of ciphertext. Best practices for handling PGP are outside the scope of this post.

Thank you

1 Like

Maybe mentioned in General Advice, maybe not… However, asking for expert advice might result in leading to fewer replies. Even if someone is an expert on the topic, they might shy away from saying something due to the perceived burden of having to say something worthy of an expert. I also witness that many actual experts, don’t refer to themselves as experts. Maybe because if they did that, they could later be criticized or trolled for being an expert and having said something which was wrong or outdated in the future.