Good day,
first of all, Qubes is actually, at least for me, more efficient than VirtualBox, since its virtualisation standard “builds” more directly on the hardware you have. Secondly, like I’ve said before, the changes to the torrc need to be made inside the Gateway. The workstation actually can’t connect to anything by itself. That is the very concept of Whonix since, to put it very simply, malware only can get on your workstation, however only the gateway knows your IP, thus your location. Furthermore again, please use the preconfigured whonix-workstation and not ubuntu. Ubuntu actually is rather bloated with software which may or may not be what you want on there, when really trying to stay anonymous. Also, even if you still decide against Qubes, Windows really isn’t the best host regardless, especially if you use your windows installation for anything else. So, if Qubes really is something you don’t want to get into, consider a normal, encrypted Debian or Fedora as a host. Now, since you seem to still be rather confused when it comes to how Whonix really works, I recommend you may read the following wiki entry’s:
https://www.whonix.org/wiki/About
https://www.whonix.org/wiki/Warning
https://www.whonix.org/wiki/DoNot
https://www.whonix.org/wiki/Fingerprint
https://www.whonix.org/wiki/Download#First_time_user.3F
https://www.whonix.org/wiki/Download#Verify_the_Whonix_images
https://www.whonix.org/wiki/Post_Install_Advice
https://www.whonix.org/wiki/Advanced_Security_Guide
https://www.whonix.org/wiki/Logging_in_to_captive_portals
https://www.whonix.org/wiki/Tor_Browser
https://www.whonix.org/wiki/Chat
https://www.whonix.org/wiki/Hosting_Location_Hidden_Services
https://www.whonix.org/wiki/Metadata
https://www.whonix.org/wiki/Software#Encrypt.2C_decrypt.2C_sign.2C_and_verify_text_using_OpenPGP.3B_GnuPG_frontend
https://www.whonix.org/wiki/Features#VPN_.2F_Tunnel_support
Please read all of these from start to finish. Otherwise making a mistake is very easy. And please always keep in mind, even if you do all of the things mentioned on the wiki as they are stated, this still can’t grantee absolute security. There are a million factors which may lead to deanonymisation. From using the wrong browser, to sharing a file which still contains some meta data. Even the best of the best occasionally make a mistake and then they get a nice knock on the door. If all of that wasn’t enough, TOR, Whonix, your encryption, your hostsytem, your hardware, all of these things can have a fault you’re unaware of until it’s to late.
Now, as far as I can tell, you don’t believe in the technical capabilities of your goverment. However, being to cautious has never harmed anyone, the opposite however has. And, just as an other important factor to consider, sometimes agencys which seem like they do nothing actually do a lot.
Please keep all of this in mind and have a nice day,
Ego