Using two separate identities

Support
1

On the Whonix site it says not to use the same Workstation for two identities. But what about this scenario:

Scenario 1 (in the following order):

1 - [Whonix-Workstation #1] turned on
2 - Within [Whonix-Workstation #1], a person uses [identity #1] on a Tor Browser.
3 - Data files relating to [identity #1] are saved within the “dolphin” file manager of [Whonix-Workstation #1]
4 - [Whonix-Workstation #1] is turned off.
5 - [Whonix-Workstation #1] is turned back on.
6 - Within [Whonix-Workstation #1], a person uses [identity #2] (instead of identity #1) for a different activity, using the same Tor Browser used for [identity #1] (but not the same Tor Browser session).

If a workstation is shut down and then turned on again, does this create a new internal LAN IP address and new MAC address? And does it matter if [identity #1] and [identity #2] use the same workstation when files relating to [identity #1] are saved to its “dolphin” file manager? Note that in the above scenario the two identities are never used simultaneously, but they do use the same workstation (just at different times) – is this likely compromise the separate-ness of the two identities?

Also, what is meant by “clean Whonix-workstation”? Does this mean downloading the workstation two separate times from scratch? (I.e. Download Whonix-gateway, then download Whonix-workstation, then download Whonix-workstation a 2nd time)

There is also this possibility in a 2nd scenario:

Scenario 2 (in the following order):

1 - [Whonix-workstation #1] is turned on
2 - Within [Whonixworkstation #1], a person uses [identity #1] on a Tor Browser
3 - [Whonix-workstation #1] is turned off
4 - [Whonix-workstation #2] is turned on
5 - Within [Whonix-workstation #2], a person uses [identity #2] on a Tor Browser
6 - [Whonix-workstation #2] is turned off

Both of the scenarios above (#1 and #2) involve using a single Whonix-gateway for both identities. If two separate workstations rely on the same Whonix-gateway, then won’t the identities be mixed together anyway?

Additionally, is it advisable to use the same workstation for two separate identities over and over again, but deliberately alter the interal LAN IP address and MAC address each time the workstation is turned on? This would mean not having to download a separate workstation, but I don’t know whether it would count as a “clean” workstation.

2
Scenario 1 (in the following order):
1) Bad in case of VM compromise by malware or otherwise messing up.
If a workstation is shut down and then turned on again, does this create a new internal LAN IP address and new MAC address?
No.
And does it matter if [identity #1] and [identity #2] use the same workstation when files relating to [identity #1] are saved to its "dolphin" file manager?
See 1).
Also, what is meant by "clean Whonix-workstation"? Does this mean downloading the workstation two separate times from scratch? (I.e. Download Whonix-gateway, then download Whonix-workstation, then download Whonix-workstation a 2nd time)
It means to setup a new one. Re-download is not required if you still have the image / template stored on the disk.
Scenario 2 (in the following order):
Both of the scenarios above (#1 and #2) involve using a single Whonix-gateway for both identities. If two separate workstations rely on the same Whonix-gateway, then won't the identities be mixed together anyway?
Case not compromised: No. (Stream Isolation) Case compromised 1 VM on non-Qubes-Whonix: Yes. (See https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation.) Case compromised 1 VM on Qubes-Whonix: No. (Stream isolation and VMs behind the same ProxyVM cannot connect to each other. Solves issues explained at the above link.)
Additionally, is it advisable to use the same workstation for two separate identities over and over again, but deliberately alter the interal LAN IP address and MAC address each time the workstation is turned on? This would mean not having to download a separate workstation, but I don't know whether it would count as a "clean" workstation.
Discouraged. Changing internal LAN IP / MAC address has very minor effect. Data leftovers from previous use (https://www.whonix.org/wiki/Warning#Whonix_is_not_amnesic) or compromised VMs speak against this kind of use.
3

Case not compromised: No. (Stream Isolation)
Case compromised 1 VM on non-Qubes-Whonix: Yes. (See https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation.)
Case compromised 1 VM on Qubes-Whonix: No. (Stream isolation and VMs behind the same ProxyVM cannot connect to each other. Solves issues explained at the above link.)[/quote]

If one is using a non-Qubes Whonix (for example, a Whonix that uses VirtualBox using Windows or Mac), then what is the best thing to do? Should there be two clean Whonix-gateways, each corresponding to a different identity/workstation? Is one Whonix-gateway good enough to handle everything (in an identity-sensitive way) in a Whonix using VirtualBox on a Windows/Mac host?

Assuming that two separate workstations have been installed, is there a way to check the MAC address & LAN IP address of the 1st workstation and compare it to the addresses of the 2nd workstation to see if they are the same/different?

4
If one is using a non-Qubes Whonix (for example, a Whonix that uses VirtualBox using Windows or Mac), then what is the best thing to do? Should there be two clean Whonix-gateways, each corresponding to a different identity/workstation? Is one Whonix-gateway good enough to handle everything (in an identity-sensitive way) in a Whonix using VirtualBox on a Windows/Mac host?
https://www.whonix.org/wiki/Multiple_Whonix-Workstations#Multiple_Whonix-Gateways
Assuming that two separate workstations have been installed, is there a way to check the MAC address & LAN IP address of the 1st workstation and compare it to the addresses of the 2nd workstation to see if they are the same/different?
As per https://www.whonix.org/wiki/About#Based_on_Debian.
5

[quote=“Patrick, post:4, topic:1350”][quote]
If one is using a non-Qubes Whonix (for example, a Whonix that uses VirtualBox using Windows or Mac), then what is the best thing to do? Should there be two clean Whonix-gateways, each corresponding to a different identity/workstation? Is one Whonix-gateway good enough to handle everything (in an identity-sensitive way) in a Whonix using VirtualBox on a Windows/Mac host?
[/quote]

As per Whonix - Overview

In your opinion, which is better – using one Whonix-gateway, or using two Whonix-gateways? (in terms of separating two identities). I’ve decided to use just one Whonix-gateway for BOTH of the two separate workstations, and am wondering if this is a mistake (or insecure).

6

That’s up to you to decide after reading Multiple Whonix-Workstation ™.

7

I guess the question is, how important are TOR entry guards?

Based on this sentence:

“Using multiple Whonix-Gateways is more simple and more secure, when you are not using them at the same time”

it sounds like using two gateways would be better. Thus so long as I used “Gateway #1” only with “Workstation #1” and used “Gateway #2” only with “Workstation #2”, there wouldn’t be any problems.

However, considering that there doesn’t seem to be much of a difference between using one gatway for two workstations vs. using two gateways for two workstations, maybe I should just flip a coin.

8

I advise you to set up malware mitigation, in this way you can magically clean the VM :smiley: .

9

From that document, for the step described:
"On the host. Clone a clean Whonix-Workstation. This will assign a new MAC address to the newly created Whonix-Workstation. "

Is this as simple as for example, within Virt-manager using the menu option “Clone VM” to make a copy of the main Whonix Workstation? There is no need to do anything else manually like copy the QCOW2 image with some special esoteric terminal command that does something mystical?

10

For virt-manager, ask in the Whonix KVM sub forum.