This link was really helpful and thorough:
Link to ParrotSec OS website.
Qubes and Whonix are fundamentally different. They attempt to solve two different issues.
Whonix solves privacy via obfuscation, Qubes solves security through virtualization / compartmentalization and specifically does not believe in security by obfuscation. You do not have to choose between the two if you run Whonix inside of Qubes, but I have a feeling most users who think they want privacy really want security, and it would be a hassle to constantly use Whonix.
I highly recommend Qubes, if you aren't already using it. It isn't for the faint of heart, however, and there are a long list of bugs to squash and features to add. Things are coming along nicely though, and this year they plan to test-drive corporate support for Qubes OS as a business platform, which if successful should give them quite a bit of capital for expansion and auditing of essential code.
Qubes comes with Whonix gateway and workstation templates preloaded. How is that not "using Whonix"?
In software, when you say something "uses" something, you are implying it uses it as a backend or API. But Qubes does not communicate with nor expose any information to Whonix, and especially does not utilize it for any sort of functionality.
I use Qubes and do not use Whonix, and most users don't either. Qubes is security-focused, offering increased privacy in the process, but Whonix is for the privacy-focused and has separate use-cases. I'm not a journalist in some 3rd world dictatorship so using Whonix would just degrade my user experience.
But that's the thing. As users, we can use a piece of software, but our operating system is not using anything. And it is erroneous and misguiding to say that Qubes OS "uses" Whonix, because again, that implies special meaning, such as using it as a backend for main internet access. This isn't some trivial distinction. It is a very basic, important distinction when you are talking about software.
This whole thing devolved from me just trying to make a distinction for other HN users so that they wouldn't get the wrong idea and not try out Qubes because they might think the systems are coupled and are worried of, say, being hacked by the FBI and put on more lists for using Tor.
Sorry to nitpick, but I believe you meant to say something along the lines of "Whonix runs on top of Qubes as a VM (virtual machine), just like any other typical OS does in Qubes."
For example, see the screenshot on https://github.com/kbrn/qubes-app-print-vm-status. VMs can access the 'net through "sys-firewall" (i.e. in the clear); or through "[redacted]-vpn", which has firewall rules enforced by "sys-firewall" that reject any traffic not to the designated VPN endpoint; or through "sys-whonix", which obviously routes all traffic over Tor.
Another great feature afforded by combining Qubes and Whonix is that it's trivial to use Whonix as a disposable VM, so you can really be sure one browser instance (say, for porn) can never affect another browser instance (say, for Facebook, or for leaking the next tranche of NSA docs).
Is this a crazy question?
Are there trusted resources that spell out how to do it?
Would you trust the answers with your life?
How does this compare to an existing secure Linux distro with Tor support like Tails (https://tails.boum.org/)?
Such an attack was used by the FBI to de-anonymize users of Freedom Hosting, a few years back. https://en.wikipedia.org/wiki/Operation_Torpedo
The biggest difference is that Tails is designed to be entirely amnesiac, and leave no forensic trace. Whonix is a persistent system.
The added risk to Whonix is that if your host system is sufficiently compromised, there's no real guarantee of anonymity. A lot of people end up running Tails in a VM, though, and someone has to be pretty serious about wanting to see what you're doing for that to be a real issue.
Does Tails drop privileges to the extent that root can't mount the hard drive and modify it?
For others reading, a new OS for anonymity would be something like removing identifiers from and integrating Tor with seL4 (or Fiasco.OC), Genode, EROS, ExpressOS, or Redox. Key components of these don't make up a whole OS but could be with specific tech and a UI.
the workstation vm is the linux box with the GUI and connects to the gateway vm.
so you do all your work and browsing in a guest machine where everything is routed through TOR.
regarding encryption, thats a loaded statement. read up on what specifically you want and see if it has it.
As an example; when I log in to my bank account this should be using a secure connection, but if I'm doing this from an internet cafe connecting to an untrusted wifi network I could be at risk that someone is ARP spoofing + SSL stripping. To not put myself at risk I would use a VPN with end to end encryption. This is privacy; I want to protect my banking data, but it does not provide anonymity; I do not care that anyone knows I'm checking my bank account so long as they can't steal my login/password.
Using something like Whalebrew? https://github.com/bfirsh/whalebrew
When talking about "trusting X", one always has to answer the question "trust X to do what, exactly, under what circumstances?" I don't yet trust Docker to be secure enough for production, internet-exposed business use. I know other people disagree; YMMV.
Opened hoping for something microkernel-based... bummer.