Qubes-Whonix DisposableVM documentation created

Before we had just a stub. Now Qubes-Whonix DisposableVMs are fully documented thanks to contributions by the community. (wiki history)

What are DisposableVMs?

Under the Qubes TemplateVM model, any changes made to a TemplateBasedVM’s root filesystem are lost upon reboot. This is advantageous for several reasons: it allows centralized (and therefore faster) updates for all applications (most) inside the root filesystem, saves time and disk space.

However, certain directories are designed to persist between reboots in order to store files and settings. These directories are stored in /rw/ and include /home/user as well as additional directories defined by “bind directory” settings.

To ensure that all changes to the filesystem are discarded after a session, Qubes offers DisposableVMs. When a DisposableVM is shutdown, the VM is removed from Qubes and all related VM images are deleted from the host filesystem.

What is a Whonix-Workstation DisposableVM?

As the name suggests, this is a Qubes DisposableVM template based on the Whonix-Workstation. This allows Qubes-Whonix users to create throw-away instances of their Whonix-Workstation.

Why Should I Consider Using a Whonix-Workstation DisposableVM?

Whonix-Workstation DisposableVMs:

  • Are quickly generated;
  • Are disposed of (deleted) when the user has finished browsing and other activities in a single session; and
  • Will not remember any of the user’s activities across DisposableVM sessions, unless customized.

The major benefit of this approach is that the Whonix-Workstation DisposableVM can be created in order to host a single application – usually the Tor Browser – mitigating the risk that a compromise of the browser will affect any of your other VMs.

Critically, a Tor Browser exploit will not affect (poison) later instances of the Tor Browser running in a subsequent DisposableVM session, because the DisposableVM is always started in its original state.

Can I Customize Whonix-Workstation DisposableVMs?

Yes. For advanced users, the instructions include steps to create a customized savefile that will remember specific changes, such as personalized Tor Browser settings. Due to concerns over possible fingerprinting issues, users should carefully read the wiki warnings before proceeding on this course of action.

Can I Easily Add DisposableVM Entries to the Qubes Menu?

Not yet for Qubes R3.2 XFCE 4, but you can edit existing DispVM start menu entries and desktop shortcuts can be created.

What Else Should I Know?

Due to a few usability issues affecting anonymity, do not use Whonix-Workstation DisposableVMs until:

  • You understand Whonix-WS DispoableVMs are NOT yet amnesic; and
  • Have carefully read and understood the available Qubes-Whonix DisposableVM documentation.

Alternatively, you may wish to wait for Qubes 4.0 before you start using Qubes DisposableVMs, due to significant enhancements planned for the later release.

Credits:
This blog post was written by torjunkie.

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Posted in Qubes-Whonix News, Whonix Wiki Updates

Notable Replies

  1. "Whonix-WS DispoableVMs are NOT yet amnesic" only in the sense that no Qubes DispVM is, right?

  2. ubestemt:

    "Whonix-WS DispoableVMs are NOT yet amnesic" only in the sense that no Qubes DispVM is, right?

    Right.

  3. http://kkkkkkkkkk63ava6.onion/wiki/Qubes/DisposableVM#Warning:_DisposableVMs_are_not_Amnesic

    All changes to a DisposableVM's file system are discarded upon shutdown. However, DisposableVMs are similar to snapshots insofar as they can leave traces of their activity on storage and in memory. These traces may be later recoverable through data forensics.

    This is further justification for using full disk encryption on the Qubes host and completely shutting down the system when it is not in use. Laptop users may wish to remove batteries to ensure that power to the RAM is indeed disconnected.

Continue the discussion forums.whonix.org

Participants