Hello
I would have Windows as OS at the end, now my question is about these setup (I know the problem of firgerprint, but I want an answer about the most secure)
1)whonix gateway—>workstation—>rdp with windows
or
2)whonix gateway—>vm with windows
I guess not running Windows on your local machine which is a whole lot of closed source code, and not having Windows able to create connections from somewhere on your local computer is something worthwhile. Depending on how secure the rdp client is against exploitation, the game changes.
My main OS is debian with full encryption
With rdp in workstation I can use ssh access, tools like fail2ban, change port, disable root access but I don’t have the full control of the vps
About the tracking on VM I can always delete and reinstall right?
Actually no, at least not when talking about the VPS. Like I said before, as you don’t have control over what happens on a server hosted by a third party, you can never tell whether or not anything you do on there is tracked/saved and kept even after deleting. That’s why I’d vouch for keeping full control over what you use.
On your own Windows based Workstation, this obviously is possible
With the use of Windows workstation do I have to change my MAC address? (windows vm can see my mac or see just gateway mac?)
Can I connect gateway with more windows vm?
If windows vm is infected, is my debian OS doomed too?
you have a reliable, secure, pseudonymous method for acquisition & maintenance and
you need a persistent net presence (for example, hosting servers) or
(3.?) you need a clearnet presence
(but the assumption should always be that it is compromised to some degree)