Best guides for getting set up with Qubes/Whonis for the first time?

[Dadeboy]

I've made the decision to finally make the switch from tails to a Qubes/whonix setup (yes im paranoid). I've installed Qubes/Whonix, but after a quick glance into the completed installation, I am a bit intimidated. I'm quite tech savy and knowledgable, but when it comes to sacrificing my freedom by accidentally misconfiguring something, I am a bit nervous. If I was doing a clearweb legal project, I wouldn't be so scared about misconfiguring some settings or not knowing what everything does in qubes, because my fuckup would barely have consequences. But I am vending on the dark net, and that does have consequences. So can anyone provide some solid advice, tutorials, or links, to getting started (and migrating from Tails) with a Qubes/Whonix setup as a vendor and not fucking up as if I were using Tails? Thanks for any tips.

 

[jacktheripper]

There's not much to it. At the time of installation, it will prompt you whether you want to install Whonix or not. After that, it doesn't need any kind of tweaking. Don't forget to use as many disposable VMs as possible.

 

[Cloakedup71]

During install, it'll prompt you to install Whonix. Assuming you've said yes to this. Now you need to setup updates to go over Tor, make sure this happens. It's slower, but worth it for the added layer of security. From there, do normal browser configuration, turn Javascript off. Set to safest ect ect. You're pretty well good to go on the initial setup and access piece. Whonix itself doesn't really need too much configuration out of the box. So it becomes hardening the rest of the system.

You should use a disposable network. If you're on Wifi, it'll prompt you to enter password each time, you have a Lan connection it'll just connect as normal. Given that you're now running an entire domain from a laptop, assume that there is the potential for other Qubes to get compromised if you use them and to break out of the virtualization environment (Yes I know it's difficult to do so with the compartmentalization Qubes has setup, but it's still possible.)

Because of that I suggest swapping your network and primary other Qubes to Debian. Qubes has some torified repos for their own updates. But Fedora and Debian are still going to reach out and hit an exit node. So transform Debian into Kicksecure, and then add in Debians .onion based repos. (I do not have them on hand so feel free to search around)

This'll make your entire Qubes a bit more secure. If something doesn't need internet access, make sure it doesn't have it. Disconnect it from the network Qube and Whonix gateway. If you need to utilize something on the clearnet, shutdown Whonix, disconnect the appVM from the Whonix gateway. Shut down the Whonix gateway. Boot everything back up when you need. Check out the Qubes forums, they might have some additional firewall hardening.

Remember that anything within an appVM outside your home directory won't be saved. So if you install XMPP to talk to someone you'll need to install it within your template VM to maintain persistence. Otherwise you'll wipe out your configs and software at each shut down. If you choose to go the less persistent route based on your threat model, feel free to do so.

It'll all depend on your entire threat model and what else you're doing with your Qubes. If you're accessing personal emails from another VM, then it's going to increase your threat model, if you uninstall all the templates and leave just Whonix and Firewall OS templates, that'll cut down some risks of exposure. But still we have to treat this as if it was another operating system that could be compromised.

Make sure you have Sys-USB setup as well, depending on your laptop or device, it may have been skipped. There is ways to install it after initial setup. This could help mitigate any mouse jigglers or USB devices slapped into your machine should you be apprehended. Use disposables as much as possible. However understand that disposables do not completely live in RAM, and there is still traces of them on your machine for awhile until the drive space is overwritten with new data, even then, assume it's possible to collect some form of information.

I'm not an expert by any manner, someone will probably correct something or give better advice. But this is what I'm aware of and I hope it helps. Good luck.