Whonix and Tails Discussion


Of course many things can be vulnerable, and if one system eliminates the need in some components, and the second doesn’t, then… see if you can figure it out by yourself… still no? when a comparison is made, the lack of potential vulnerabilities in those components (due to lack of those component altogether) is very relevant to the comparison.
But of course, you can just choose to make comparisons that assume Tails is also vulnerable to hypervisor or host issues. One of its advantages is that it’s a standalone, but that’s too complicated to take into consideration I guess.

I would assume people who care about their security would be very interested to find faults so those could be solved and improved, rather than to do everything to assure themselves everything is fine. The latter is a recipe for disaster.


We are talking about security risks in different systems. I don’t see anyone pointing out a vulnerability that can be exploited today in Tails. If anyone could name those, then Whonix or Tails would be broken today, not just in risk of becoming broken.
That’s why audits are necessary, to find everything’s possible before a malicious attacker does. Without such, the whole system is based on a lot of hope.


you simply aren’t going to find an unexploitable operating system or vm set up. the software can be hardened to a degree. if exploitation is of greater concern, you need to take physical mitigation steps as well. For a basic paranoid set up:

  1. cash bought laptop that never connects from home. always one way isolated from home computers.
  2. cash bought disposible wifi nic that never connects from home. ideally aircrack-ng compatible with long range capabilities.
  3. access network in distance of a metropolitan area with 1,000,000+ residents. ideally accessing public free wifi that is used by many. ideally in high location where line of sight works for both signal and view of potential incoming physical attackers.
  4. be constantly mobile and erratic. randomize your movements.

software alone is not enough if you truly have a reason to be concerned about exploits. you need to take physical measures to ensure that such exploits still can’t identify you. this is a problem that whonix, qubes, tails, etc. cannot solve, and thus relatively pointless in regards to discussions of software hardening. ideally, you should be able to leave your machine at the scene and not have it tie back to you if the situation calls for it. no operating system alone can achieve that for you.


That’s clear, however the comparison between the software is also interesting by itself. One has to choose something. People reading this thread may think I am all for Tails and against Whonix. Not at all, I didn’t make up my mind yet which is more suitable for me. I am however against exaggerated or non-relevant claims made by some.

Most attacks are on the browser? yes, if looking at the overall population. But if you use Tor Broswer, with the highest security level set, no Javascript, no plugins, no flash, no extensions, and exercising great care when downloading everything whatsoever, then in my opinion you have minimized the browser originated risks to a large extent and you can move to look at other risks.


well, you brought up the whonix gateway getting slipped a problematic package. the same applies to tails or anything else. if it is a matter of life or death, or incarceration, if your identity is exposed, no software alone will be enough. and if you are relying on just the software in such a situation, the lessons are already there. whonix and tails provide a very good means of privacy and anonymity for many. but if you are in a situation where you can’t afford any risk, no software alone will work for you. and this will never change.


I think a directional antenna is important. But it makes it very obvious to any casual visitor I have something going on. On the surface at least, things should look standard. A technician can comment to his friends etc. How to achieve that?

I also thought of utilizing a satellite dish for really long range wifi (I saw some instructions online). Again it may look very strange when the dish isn’t pointed at the sky…


regardless, issues that are beyond software. and all doable.



[Closing my ill-conceived thread as overly broad. We want to keep topics narrowly focused and productive going forward. Feel free to create new threads to discuss specific issues. If you have an assertion to make, provide proper sources, tests, evidence.]