Using Email on Tor and multiple AppVMs etc

mT8RQf · 2017-06-26 18:38:47 UTC

Would using Gmail by itself in a separate AppVM running concurrently with another AppVM for webbrowsing add anything to one’s anonymity - security ?

I’m thinking it may not matter how the email gets to and from Gmail, over HTTPS?

And the occasional “check mail” from Thunderbird (for gmail) if anything could allow the two AppVMs to be correlated in a worse case scenario.

not that “I have anything to hide” just curious on the mechanics of best practice

Maybe the same goes for using any email while on TBB , Tor , e.g say I logged on to a hidden protonmail service in the SAME AppVM as I do my web browsing, would it be better to do the logging on to protonmail in a stand alone AppVM …or is this just pretty pointless if one doesn’t have any big ‘adversary’ that they know of ?

0brand · 2017-06-26 22:02:23 UTC

Using Tor will not help with anonymity if you log into a Gmail account that is associated with your actual identity. Security wise, it would be beneficial to use an appVM for untrusted activities like web browsing and a separate appVM for applications like thunderbird/Gmail. This way if your browser appVM is compromised your other appVMs would not be affected.

Whonix uses stream isolation to protect against identity correlation.
However, if you are checking your personal Gmail account (they obviously know its you) with one appVM and using another to log into a site that is associated with you could be used for correlation.

I think using a separate appVM for web browsing and for checking email would suffice. The following page may answer some of your questions

Patrick · 2017-06-27 13:32:02 UTC

https://www.whonix.org/wiki/DoNot#Do_not_Use_Different_Online_Identities_at_the_Same_Time