onionshare, ricochet and unMessage will make it a lot easier to use Tor hidden services once Whonix 14 is out. No more torrc edits required. Easier backups of hidden service private keys. The disadvantage of ricochet and unMessage however is, that the hidden service key ends up in Whonix-Workstation. Otherwise the same onion address could not be restored on subsequent use.
This was better in “the age of TorChat” where the Tor hidden service private key never reached Whonix-Workstation and stayed only on Whonix-Gateway.
I wonder if we could suggest a feature to The Tor Project, where the to be restored hidden service private key gets only referenced by its domain name that is stored on the workstation while the real hidden service key stays stored in /var/lib/tor on Whonix-Gateway. This however would making backups of these keys harder - one would not just have to backup its application user data folder on the workstation but also the Tor hidden service keys on the gateway.
If this is worth it depends on how much damage an attacker inside a compromised workstation can do when having access to the Tor hidden service private key vs not having access to it. Obviously the ability to steal the identity vs not having that ability. But does it open up to other anonymity related attacks?