On Thu, Aug 25, 2016 at 02:15:54PM -0700, nishiwak...@gmail.com wrote:
> Hello everyone,
> I was just wondering if you can apply this documentation 
> https://www.qubes-os.org/doc/anonymizing-your-mac-address/ to your disposable 
> VM (like if you like to browse the internet being safe, not saving any data 
> but also preserving your anonymity, in a way like Tails do).
> I tried to apply this on the AppVM-dvm, stopped it, then entered 
> "qvm-create-default-dvm nameoftheTemplateVM-on-which-is-based-the-AppVM" in 
> dom0, so eventually it would save the configuration on the img on which is 
> based the new Disposable VM, but it don't seem to work, my interface ID don't 
> change when I type "/sbin/ifconfig" into the new DispVM.
> I guess the problem comes from the fact the TemplateVM creates a symlink to 
> /etc/systemd/ to load the service, but as you don't have persistence in 
> dispVM, the process fails, but I'm not sure.
> If you have an idea on one could eventually do this, I think it would be a 
> great feature (even if it is already really nice to be able to do so on 
> standard VMs, problem is when you're paranoid you have to trade off in a way 
> between a non anonymous but full secured non persistent model for a more 
> anonymous but less secured one, lol)

In theory it can be probably applied there (apply the instruction in the
template - the same way as for sys-net). But in practice it doesn't give
you much more anonymity. First of all, MAC address of the VM network
interface have no relation to your real hardware. It is always
00:16:3e:5e:6c:XX, where XX is ID of the VM. So it gives information
that you use Qubes OS. And if one can read that MAC address, can also
read a dozen other indicators that you use Qubes OS - like running on
Xen, or /var/lib/qubes directory presence, or simply a hostname

