Please note my use-case is completely different from every Whonix + VPN question I have seen. Most seem to incorrectly believe a VPN would be useful.
Question: Is it possible to configure Whonix so that TOR is switched off / able to be switched off, but the internet still accessible via Mullvad VPN + Mullvad Browser?
Use-case: Livestreaming video, discussing controversial political topics, where due to new free speech restrictions, I could be jailed in my country if identified.
The issue is that Tor is too slow for livestreaming video. A VPN would not be. I intend to run Whonix within Virtualbox, and want the Gateway to use Mullvad VPN, not Tor, for certain websites where I will be doing the livestreaming. For everything else, Tor is obviously much better.
Won’t I reveal my identity anyway through livestreaming? No. Long story short, with software + a bag of tricks, I am even able to fully avoid facial + voice recognition where necessary.
I am aware that not using Tor will substantially reduce my protection, and that Whonix is designed to go with Tor. I have been reading up on this as if I was reading for a PHD. The next best thing I have found is Mullvad Browser + Mullvad VPN. And without those, I won’t be able to speak up at all through video, which is by far and away the most effective method for speaking up (another long story short).
Why do I need Whonix? Because it does so much, even putting Tor aside. Without Whonix, I can’t see that I stand a chance, even with a fully dedicated computer that does nothing but the livestreaming video function.
Is anyone able to shed any light on this please? Is it just impossible? Remember that my alternative would be Qubes + a Linux distro + Mullvad Broswer & VPN. Which seems way below Whonix (even altered) in terms of privacy.
Dang. Thank you for your helpful clarification Patrick. I know this is slightly off-topic, but do you have any idea what the next best thing might be? Though obviously anything other than Whonix sounds like a major downgrade, but I have to just do the best that I can. Although Nani’s suggestion is clearly not as good as Whonix, would it nevertheless be about the next best thing?
Use-case: Livestreaming video, discussing controversial political topics
Given the use case, creating a hardened Debian Live ISO with some of those features, which are mostly available in packages, might be what he’s looking for.
I’ve built a couple of those, actually. If OP is interested I can make a repo with my live-build config.
And thank you Patrick for clarfying what I would need.
I think maybe the biggest thing is Anti-Tracking Protection, particularly with tracking that websites do by default. I think I would need to be “unique” first to the website in order to be later identified in relation to things I have said.
That is where the real risk is for me: fingerprinting etc. or the injection of tracking spyware that these websites habitually do. If I can avoid that, I will very likely be able to avoid the rest.
I had been thinking of Kicksecure Live + Mullvad Browser + Mullvad VPN + Opensnitch (to the extent that it works with Kicksecure), run in a virtual machine of some kind perhaps (so that only that gets fingerprinted),
all sitting on a dedicated hard drive that I do nothing else on. Best I could think of, the closest I could get to Whonix Live. But I was also considering Qubes instead of Kicksecure.
What are the main ways in which a hardened Debian Live ISO would be better than Kicksecure Live? Now that I have done a better job of describing my use case, does that change your anaylsis at all? Thank you so much for your help.
I may also find that Mullvad VPN is too slow in my country for streaming, and I may have to use something like Proton VPN instead.
I am basically just trying to do as much as I can at the front end here to mitigate risk, so I can hopefully avoid ending up in jail due to recent law changes in my country around free speech.
I totally missed that there is a Kicksecure ISO now. In that case there is no difference, apart from the fact that with Debian Live you’ll have to first explore and then implement various hardening methods yourself. It’s basically a custom iso build from scratch. Not an expert on Kicksecure, but I’m assuming it pretty much incorporates most of the things you’d expect with hardened Debian, kernel etc.
You can boot ISOs directly with grub. toram and a couple other boot parameters will allow a complete live boot environment with tmpfs, where the squash.fs (root filesystem) is extracted and mounted in ram while you do r/w in an overlay fs.
I use something like that for browsing and youtube. You can setup your vpn, add a couple packages, configs and other custom behavior that you need. Build the ISO and there you go.
But since Kicksecure is available in ISO format, I’d recommend you try derivative-maker to produce personalized hardened builds.
It’s all automated. The package is called live-build. All you need to supply is a lb config and customize the build as needed with hooks (executed at various build stages), files to be included etc.
It’s extremely intuitive and in my opinion one of the most versatile packages currently available. derivative-maker is basically the same thing on steroids.
Kicksecure is already hardened. It incorporates a bunch of stuff, just check out the webpage. Looking through this I am actually surprised myself by the sheer volume. You probably won’t be able to replicate this through other means, without investing unreasonable amounts of time.
However, personalizing a Kicksecure build using derivative-maker would require modification of the source code. If you’re not comfortable doing that, then you’ll probably have an easier time with live-build. Adding a hardened kernel, firewall config and other minor stuff is fine (for most), but of course you won’t have any level of support or development behind it. Best advice is probably to read the manual. (Generally the best advice)
Mind you, if we’re just talking about custom packages or a different background then you’re fine either way, though.
