> The "listening" services are less of a concern, since the firewall
> wouldn't permit any incoming connections to be passed through to start
> with.  It's the "phone home" style services, like time sync, Samba name
> lookups on microsoft servers, and such, that are more concerning, and
> privacy-busting.

The paranoid part of me (which is about 95% of me) half-suspects that NTP
is actively monitored by the powers that be, to keep tabs on us
security-minded Linux geeks.

There's been enough major security bugs in NTP, that one must wonder if
they're akin to the heartbleed/rng/SSL/etc. compromises that don't
necessarily look like innocent mistakes.

Qubes is good at trying to get dom0 to push the time to the VM's by its
own means.  And if you set the ClockVM to sys-whonix, say, you remove, or
at least greatly reduce, the ability of TPTB to track your setting your
clock.  :)

However, as mentioned, the default of using NTP time syncing is enabled by
default in the Debian-8 template, which defeats that protection for Debian
Appvms, unless you disable it in the template.  Just an oversight, I'm
sure.  (No sarcasm, for once.)

My PC's RT clock might drift by a few seconds each week, if that; I'm not
sure why time synchronization has to be so damn frequent and aggressive. 
A red flag for the paranoid.  :)

I have a RS232 GPS dongle that spits out the time with 1-second accuracy
(or atomic-clock level accuracy, if you use the 1-second clock-tick signal
available on one of the chips, which I have done, lol).

I plan on hooking that up to my Qubes setup in the near future, and
disabling network-based clock sync all together.

(Until Qubes 4.0 comes out, forces me to upgrade to a newer motherboard
with no RS232 support. :) )

Might be a good open-sourced hardware project.  I think I've seen some out
there already, although not necessarily integrated smoothly into Qubes.

Just one more hole to make sure we plug.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to