[OPSEC/Computer] whonix vs tails please advise

i originally posted this in the darknetmarketnoobs sub but nobody there was able to offer any insight. hoping i have more luck here.

okay so ive been running tails for about 6 months and as everyone who uses it knows its pretty much impossible to fuck up. if your just an average consumer its essentially all the security you need as long as you set it up properly.

lately ive been treading more treacherous waters possibly getting into vending and i think its time to step up my game. i am by no means a noob to using tails, tor, jabber, or the marketplaces. but i am not really the most computer savvy person. ive used windows and mac OS my whole life TAILS was the first time i experienced linux. i want to learn how to properly use whonix and then start using tor chained to a VPN but i really dont know where to start digging for information.

ive been trying to learn all i can from whonix.org and the few youtube videos ive been able to find but some of the info on whonix.org is just a little above my head and im not really interested in understanding EXACTLY how all of it works. i know the basics of what needs to be done for my safety i just dont know how to go about setting it up the right way

i just want to be confident that everything im doing is hidden from my ISP and that my macadress and the serial number on my hard drive are never leaked. i know whonix will protect those things. i know i can probably do that on tails too but i dont want to have to reinstall my VPN software everytime i log on. id rather make a bootable USB with a linux based os to host whonix on and save the VPN and any other software i need to that. the problem being is once i have that done i am not sure whether or not ill be able to navigate it properly.

so i guess im looking for anyone that knows where i can find information on whonix for complete noobs who are trying to understand it, OR if there is a simpler way to chain tor to a VPN on tails that would not require me to have to install software constantly.

thanks


Comments


[11 Points] DNMThrower:

Personally, I think one of the most secure setups for these kind of shenanigans is a dedicated laptop.

If you ever use TAILS, as a VM, on your regular OS - the number one risk is an installed program on your regular OS keylogging/spying on you, and either stealing your BTC, or PGP/encryption keys.

Dedicated, fresh install of your favorite flavor of linux. Truecrypt/yourflavor of full disk encryption.

Install only the following things:


VM client + TAILS ISO

Configure your VPN.

Configure your encrypted container setup (Again, truecrypt or your flavor).


Try to setup your VPN client to shut down your internet connection if the VPN client ever drops.

Make an encrypted file container (1-5MB): Store whatever you want here, such as keys, logins, cold storage BTC address etc. I highly advise as much as possible to be memorized but this is clearly not feasible for everything.

ONLY FUCKING MOUNT THAT WHEN YOU NEED TO. Don't keep it up all of the time. Get the info, DISMOUNT.

This should be a memorized password, that you ONLY TYPE INTO THIS WHEN YOU KNOW IT'S SECURE TO DO SO. Don't you dare type that password where it could be keylogged. I use a 40 character password.

Back that container up to a flashdrive and other places so you don't lose it. If you trust yourself enough you should hardly worry about where you put it if you have proper password security.


Standard logon procedure will go like this:

Boot laptop

Enter FDE password

Ensure VPN is working correctly

Start TAILS in your VM

Ensure TOR is working correctly

Import your private keys from your encrypted container. (You can also just secure the PGP key itself with a very strong at rest password, and import it to tails from your flash drive or VM-sharing.)

Go to login to your favorite market


This gives you the protection that both your ISP never sees TOR traffic, and if for some reason your IP shows, it leaks your VPN address not your real one.

I highly advise you to either shut this laptop down ENTIRELY when not using it and to harden it versus cold boot attacks, depending on how paranoid / big you get.


Sorry for the long post, I also realized it got a little rambley but I've got to run so I can't fix it. :P


[2 Points] None:

either you learn exactly how it works or stick to tails. if you don't know whats going on with your operating system you can introduce vulns and attack surfaces. that being said I played around with whonix a while ago and it didnt seem that complicated... what problems with understanding were you having?


[1 Points] None:

i just want to be confident that everything im doing is hidden from my ISP and that my macadress and the serial number on my hard drive are never leaked

tails spoofs your mac address and runs off a USB stick (not your hard drive) tor of course hides everything you're doing from your ISP


[1 Points] barcodegen:

IMHO Qubes OS FDE + anti evil made setup with Whonix setup as VM's is the best. There are even better options but no need unless your someone like DPR lol.


[1 Points] None:

[removed]


[1 Points] epotn:

Good OPSEC is key. Compartmentalize!