I see.
I was contemplating that.
This goes back to the question: what would users expect from a Whonix-Host? Does something called Whonix-Host generate the impression, that all VMs and all applications running on such a host are torified by default? I guess Should Whonix-Host have any features besides hosting Whonix VMs in a secure way? will tell.
In that case users might shoot their own feet with a Kicksecure VM?
This is specifically bad since SecBrowser in Kicksecure is still branded as “Tor Browser” (as rebranding seems not possible in an easy, reliable way without recompilation which would be too much effort).
This would lead to confusion for sure if not gotten right. Tails renamed their captive portal solution Unsafe Browser to make that clear and then users still use it for all sorts of stuff.
- Tails - Signing in to a network using a captive portal
- detect_captive_portals · Wiki · tails / blueprints · GitLab
- Rename the Unsafe Web Browser to express its supported usecase more clearly (#7774) · Issues · tails / tails · GitLab
- Tails - Unsafe Browser
Also not sure yet how that would influence Whonix-Host firewall. Some VMs no connectivity (Whonix-Workstation), some VMs Tor-only connectivity (Whonix-Gateway), some VMs clearnet connectivity (Kicksecure). Related:
That was always possible. Calling it Kicksecure or not. In that case,
- there wouldn’t be any need to have a website (or wiki page) Kicksecure - Secure by Default Operating System.
- there wouldn’t have been any need to call it Kicksecure / renamed/restructure packages.
If Kicksecure doesn’t become an end-product for users then there’s little need for it. Was the idea behind Kicksecure. Debian based security (invented as “by-product” of Whonix development) but without focus on anonymity/privacy.