The Whonix Website recommends 1 guard per application for better security.
My interpretation of it is this:
- Import fresh untouched whonix-gw and whonix-ws template
- Make a backup template clone of original and never touch these backup
- Import fresh untouched sys-whonix
- Make backup clone of sys-whonix and never touch this backup
- Rename untouched whonix-gw to a particular application (whonix-gw-email)
- Rename untouched whonix-ws to particular application (whonix-ws-email)
- Rename untouched sys-whonix to a particular applicatoin (sys-whonix-email)
- Start sys-whonix-email which uses whonix-gw-email as template
- Setup Tor and connect
- Open whonix-ws-dvm that uses whonix-ws-email as template
- Only use whonix-e-mail setup in a single fixed geographical location (e.g. home)
Am I understanding this right? I’m still kind of confused.
Lastly, Is this the correct way of obtaining fresh untouched whonix-ws, whonix-gw, and sys-whonix?
- Delete existing whonix-ws and whonix-gw templates
- Delete sys-whonix and anon-whonix
- type “sudo qubesctl state.sls qvm.anon-whonix” in dom0