[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Separate workstations vs separate snapshots

For better security and anonymity Whonix documentation suggests using separate workstations. Why are snapshots not mentioned at all? You could have different and fully separate snapshots of the same VM and you could maintain them separately for the duration of their lifespan. Would that be any worse than using whole separate workstations? Would it make a difference if the snapshots were created i.e. separated when Whonix ran for the first time or when the Workstation VM would have already been in use for a while and would not be in the same state as in the beginning?

Snapshots could be simpler and take up less disk space

Yes it would make a difference, if for example your Workstation VM gets somehow compromised/leaks (by a User Error/a 0Day/a Malicious File/etc) before you create the Snapshot then you end up with two bad Workstations.

It’s not worth it to sacrifice security (even if its only a small decrease) for disk space IMHO

Perhaps not on this page but I remember writing this advice elsewhere.

Only downside is you won’t be able to multi-task activities with different sec levels.

Yes because you can’t guarantee that no identifiers or malware is present after use. My advice is to take a snapshot after updating and customizing the software selection locally before doing anything.

Same as above.

https://whonix.org/wiki/Security_Guide#VM_Snapshots

BTW, if you see something missing, and would like to add content to the wiki - edit away!

If you have questions don’t be shy about asking. i.e wiki editing

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]