Thanks a lot entr0py, good information!
I'm sending this message from the Tor Browser 6.5.a5-hardened in a disposable VM. Two thumbs up.
LOL @ running torbrowser in the terminal. I imagined something complex i.e. terminal wizardy.
For login credentials stored in an off-line VM (like vault), do you store them with a password manager and then use secure cut and paste into Tor Browser? This does indeed seem much safer than typing passwords into Tor Browser because it avoids potential keylogging from an exploited session.
For the interest of other Qubes 3.2 users, I realized I could not get not get qvm-create-default-dvm to work off an existing whonix-ws appVM (normally labelled anon-whonix in the default arrangement, unless you've changed it manually).
dom0 keeps reporting "anon-whonix is not a directory".
Since it works for entr0py in Qubes 3.1, maybe there has been some change? A little strange.
It was in fact very annoying, because using the normal whonix-ws TemplateVM always meant that the dispVM provided an outdated Tor Browser i.e. because it is the Tor Browser instance in whonix-ws AppVMs that are constantly updated by users (with internal updaters), and not the whonix-ws-templateVM version.
If you experience this same problem, the workaround is to:
- run the Tor Browser updater in your whonix-ws-templateVM
- download the latest Tor Browser with critical fixes from the last day or two
- download version 6.0.7 if you want the stable version or 6.5.a5-hardened if you want the beast version
- check the fingerprint matches Tor signing keys on torproject.org
- then run in dom0: qvm-create-default-dvm whonix-ws
This will create a dispVM called whonix-ws-dvm (you can see it by selecting 'Show/Hide internal vms' under the Qubes VM manager View menu). Doublecheck the network VM is set to sys-whonix.
The problem with this method is that you will have to repeat this process every time a new TBB release comes out. Further, no bookmarks or other minor changes will be maintained e.g. add-on/search preferences.
I haven't yet worked out the XFCE menus and how to add the Tor Browser entry (next project!), so in the meantime follow entropy's advice above to run Tor Browser in a dispVM. That is:
- Run 'xterm' from the disposableVM menu under the Qubes VM Manager menu
- Then simply run the command: torbrowser