I’m working with Qubes-OS and Whonix for quite some time now and I have a question:
Normally it is not recommended to set a static exit node under “Tor User Config”. However, in my opinion there are cases where it might be necessary for certain purposes. For example, someone might not want to give his true IP address to a certain institution, but still want to be sure that the exit node is trustworthy (e.g. when requesting information from institutions, offices or authorities).
To test this, I have done the following:
I cloned the VM “sys-whonix” and gave it a different name (I call it “Sys-Whonix-Test” here). Then I defined a special exit node in this new clone in the corresponding “Tor-User-Config” (StrictNodes 1 ExitNode xxx.xxx.xxx.xxx) and saved this.
Then I cloned the VM “Anon-Whonix” as well, gave it a different name (I call it “Anon-Whonix-Test” here) and routed it to the cloned “Sys-Whonix-Test”.
After that I shut down the VM “Sys-Whonix”, then “Sys-Whonix-Test” and also “Anon-Whonix-Test”, but only restarted the last two. Then I started the Tor browser in “Anon-Whonix-Test” to check the IP.
It works - the Tor Browser in the VM “Anon-Whonix-Test” runs with the corresponding IP.
BUT: If you start the Tor Browser in “Anon-Whonix-Test”, the actual, unmodified “Sys-Whonix” VM starts at the same time!
I have repeated the process a few times and it is always the same phenomenon. After the (unintentional and automatic) start of Sys-Whonix, a corresponding second Tor control monitor is also displayed in the upper right corner in addition to the Sys-Whonix test monitor, with non-preconfigured exit nodes in the “Onion Circuits” section. I then checked in the “Tor Control Panels” under “Utilities” and then under “Onion Circuits” to see if the circuits match the changes.
Result: If you start “Sys-Whonix-Test” and check the circuits, under “Onion Circuits” as exit not (!) the selected exit node appears. Only when you start the corresponding Tor Browser in “Anon-Whonix-Test” and obviously the “normal” VM “Sys-Whonix”, the circuits need a few passes to make sure that only circuits with the selected exit appear in “Sys-Whonix-Test”.
Thereupon I switched off the actual “Sys-Whonix” again. The two test systems “Sys-Whonix-Test” and “Anon-Whonix-Test” were fully functional - in the Tor-Control-Panel the exit node remained stable.
BUT: If I shut down the Tor Browser in “Anon-Whonix-Test” afterwards, the unmodified “normal” “Sys-Whonix” will be turned on again! This makes no sense in my opinion.
Hence my questions about it:
Is this experiment safe? Do I have a thinking error in the configuration? If so, where is it located? Or is it system-dependent in Qubes-OS that when activating a Tor browser via a modified “Sys-Whonix-Test”, the unmodified (“normal”) Sys-Whonix will start as well? Does this have to be the case or does my configuration pose a security risk that could possibly lead to loss of anonymity or detection possibilities for attackers?
Thanks for opinions!