Some thoughts/questions after reading the docs


I just read through the docs (gonna read it at least one more time, because there are very much information to think about (in a positive way, this is by way the best docu in general about privacy, security & anonymity. great work!) & I have a few questions / thoughts that need clarifications.

(ps: i use qubes)

So from my understanding: Stream isolation aims that e.g. the Tor Browser has another Entry Guard (or overall circuit) than e.g. when I am updating my system with apt?
If yes, what kind of applications / group of applications get their own circuit?
If my thoughts are right then I would be able to login to my normal accounts via one qube because my whonix-workstations have different ip’s, right?

Now a question about cold boot attacks. These are only important to me if I have a thread model where the government could come and take my stuff but manages that my computer is still running when they take it? But as long as my computer is shut down & I have luks with a good password then everything is fine?

“Using a VPN or SSH does not provide a strong guarantee of hiding Tor use from the ISP either. [3] VPNs and SSHs are vulnerable to an attack called website traffic fingerprinting. [4]”
Could somebody explain to me why tor over vpn doesn’t hide the usage from the isp? (I guess that explanation will suit to both vpn’s and obfs4?)

In the section Epheral Wohnix Gateway ProxyVMs it says that entry guards are rotated every few months. But how often? When does this really happen? What’s the trigger for that? http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Disposables#Warnings

This section tells about IDN Homographs attacks: Social Engineering and (Spear) Phishing. I tried it myself and it seems like idn homograph attacks aren’t possible anymore. Should I propose an edit or did I miss something?

“Default to Debian’s official package manager apt for installing software, and avoid third party package managers”. So I shouldn’t use snapd / flathub? Isn’t snapd / flathub the best option if the application isn’t in the standard repo of a distribution? http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/System_Hardening_Checklist#Disabling_and_Minimizing_Hardware_Risks


Circuit. Not entry guard.

Unspecific to Whonix.

Different circuit, yes.

Different circuits. Not different IPs. Related:

Best avoided anyhow of other reasons:
Only Use One Online Pseudonym at the Same Time

Unspecific to Whonix.

Same as Tor.

Not happening in Tor Browser (now shows a warning) but in other browsers. Since it is the Kicksecure wiki, it cannot just be entirely deleted as if this issue was generally fixed. SInce this is getting too complex, wiki changes are best discussed in a more appropriate place rather than mixed with lots of other user support questions.

This sentence in the wiki needs some rewriting. This topic is covered in more detail here: