These two images of Dolphin perfectly illustrate the three most glaring shortcomings of the Whonix Workstation.
The two images may take a bit of time to load from the external host, so relax.
First, let’s look at Dolphin running under Debian Jessie as a KVM Guest:
In this image, we can see that:
Dolphin, running under Debian Jessie, displays a clean, unobstructed view of my system and the devices I have mounted. This is also the default, correct, system view Dolphin displays when using Fedora and Gentoo Hardened, among other operating systems.
My Debian Jessie KVM Guest has been encrypted with LUKS, protecting both root and swap. Of course, I encrypted Debian Jessie when I installed it.
Debian Jessie correctly mounts any USB device I attach to my KVM host. The Gentoo Linux device shown mounted happens to be a USB stick, but Debian Jessie correctly mounts SD cards, USB HDDs, USB sticks, and assorted USB peripherals. Debian Jessie also correctly mounts USB devices when it is run as a Guest under VBox 5.
Now, let’s compare Dolphin from within the Whonix Workstation as a KVM Guest:
Dolphin’s default display inside the Workstation has been tweaked, and certainly not for the better. IMO, this Workstation system view is a visual, and navigational, disaster. Furthermore, instead of adding value, it detracts from it. Also, note that the ‘Devices’ section is completely missing.
The Workstation is not encrypted by default, nor are encryption options offered. In fact, the Gateway and Workstation are the only two unencrypted OSes I have under VBox or KVM. Continuing in this exposed, unencrypted mode is not acceptable. This is a security oriented distribution, correct? Need I say more?
With the same USB drive attached to my KVM Host, the Workstation does not recognize it. As far as I know there is no way to mount it, or any other USB device within the Workstation. This USB recognition and mounting failure also occurs when using the Workstation as a VBox Guest. Obviously, given the first image in this post, USB device support is not a Debian Jessie, a KVM, nor a VBox issue. This is clearly a Workstation issue (only), and a represents a HUGE, near-fatal, unacceptable, miss.
All three of these shortcomings can, and should be, fixed. Until these three issues are resolved, I am left to conclude that the Workstation is not a particularly useful, or secure, place to conduct: Work.