Using Whonix-Workstation as a DisposableVM (DispVM)

Qubes-Whonix
21

There are multiple layers of confusion here. It’s a mess from a users point of view.

  • Tor Browser updating / tb-updater is confusing (Tor Browser ought to be installed as a deb, then all confusion would vanish)
  • tb-updater interaction with Qubes TemplateVM vs AppVM is confusing - Tor Browser Essentials
  • Qubes “double layered” DispVM implementation is confusing

EDIT, added these two points:

And when you mix all of that together, we have the ultimate usability mess.

In Qubes 4.0 hopefully DispVM implementation will get a lot simpler. Then one can have multiple DispVMs easily. No more double layered template. No more savefile. For a TemplateBased AppVM then hopefully “persistent /home” will just be an enabled / disabled checkbox. At least that is what we agreed upon at 32c3 meeting.

https://forums.whonix.org/t/qubes-dispvm-technical-discussion

1 Like
22

You might be interested in this related tb-updater thread:

https://forums.whonix.org/t/tb-updater-experimental-alpha-beta-rc-hardened-options

23

See my comments and suggested wiki entries on Patrick’s thread above.

1 Like
24

For all of you who thought I would never write a page, wiki is hereby pending update: Qubes Disposables

#notvaporwiki

1 Like
25

'fraid to say this probably won’t happen anytime soon… KeePassX doesn’t expose any API that split-browser-login could use:

There is however a fork called KeePassXC that does:

But that would only be the interface between KeePassX(C) and split-browser-login, whereas split-browser-login would still communicate with the DisposableVM’s browser via fake keypresses.

2 Likes