I get a permission denied error when I try to save files downloaded over Tor into a Veracrypt container. Is there some way to allow this?
Is it also true that any files saved to the Whonix filesystem can be retrieved with a data recovery utility such as testdisk? This is why I think it would be preferable to save directly to an encrypted container
See: Saving Files in Shared Folder
Same as for any persistent operating system. This is unspecific to Whonix.
Consider using non-persistence, also known as live mode.
See also:
Only useful if combined with live mode.
A better way might be to use FDE on the host operating system. See:
This worked, only I changed sf_shared to veracrypt1. Thanks
Are you sure? Because if an adversary were to gain access to the system, all sensitive files would presumably be in the veracrypt file, which is stored on Whonix. They would need the password to see what’s inside, unless they brute force it, which is impossible with SHA-256 and a strong password.
You’re assuming browsers, operating systems cleanly write only cleanly only write to the folder told to? Risky assumption. Likely false.