Hi Simon, > several AppVMs, each one dedicated to a different activity, or as I > prefer to refer it myself: to different sensitivity levels.
See my reply to Alex, maybe that explains why this is exactly what I was talking about ;). > - You may have a dedicated Firefox instance still having the infamous > Flash plugin installed when you need to access some websites requiring Yes but this could and would be all included in this dom0 browser interface. > - Use (X)KeePass in a separated, isolated and dedicated AppVM. I suggest > you to create a "Web" or "Firefox" group, and then create a different I am using UNIX pass, but it has the same flaw. If you copy passwords this way they won't automatically get purged from the AppVM, which under the assumption that any AppVM is completely compromised at all times, is not much of a big deal, but still it would be nicer if the password was cleared or even better never copied to the clipboard... Which is why my idea would be to host Mozilla Sync Service in each AppVM and the let the dom0 browser fill this Sync Server with the passwords belonging to the corresponding identity... > website: you will *not* open this link in the same AppVM but instead > copy/paste it in your "Random surf" AppVM. Would this site be malicious Yes but people WILL click the link. It's not a sane assumption to make. Besides it is incredibly annoying to operate this way. I am not some prime target of the NSA ^^, and I doubt many of the people using qubes will be... So you want to be safe, but you still want the convenience... The right way is to block the link, unless it refers to a white-listed domain for this identity. Or even better, pipe it back to dom0 and open it in a new tab & AppVM under the right identity... (this kind of integration is what I am proposing) > password database is to first hack the forum, and use it as a pivot to > then be able to hack your computer and get access to your file system. How he does it is basically immaterial to me as I assume that all AppVMs are evil all the time. The point is to separate them properly so only one identity gets compromised. I want to add that it is generally unlikely that a disposable AppVM with the right configuration will actually be compromised, but it helps to assume them to be to get a better picture of the impact it would have and to minimize that impact. > (https://addons.mozilla.org/en-US/firefox/addon/secure-login/) so > Firefox does not dumbly automatically fill any password field without Yes this looks good. > like uMatrix or NoScript which allow to better control third-party Thanks for uMatrix, I didn't know that one. But yes this is pretty much what I imagined also to happen, just in dom0 (which is more trustworthy to me), not in an AppVM. > It *may* be possible to implement a way to handle different AppVM in > different tabs instead of different windows, but I'm not sure to see any > real advantage of this. The advantage is the same as going back to IE6 times when each tab was its own window and having windows with several tabs in addition to this madness. I don't see how you can not see the advantage of having all browser tabs over all AppVMs organized in a dom0 browser interface as tabs in comparison to having tons of floating windows with sub-tabs each ;). > instance, personally I set it to not display reduced windows in the > Alt-Tab menu, so I can focus on the window I am currently working with. I don't think any of those suggestions really helps with the problem. All in all I think Qubes OS in general lacks a good UI for what it is doing, but I also understand that you have to start somewhere. But in the end the way Qubes does AppVM and identity management at the moment is truly terrible, but it works. All I want to do is to come up with a plan to improve it ^^. > be useful to have them volatile on a day-to-day basis, and turn them > non-volatile only to update Firefox's modules or save a change in its I think the Mozilla Sync Server could be of help here... > To be honest I did never investigated this, I'm not sure what the > concrete threats there are. Are you so sure that your AppVM doesn't have an unique fingerprint that potentially could be exposed via a malicious website, browser extension or the browser? In that case, even using the same base template for disposable VMs could be a privacy disaster (I am not sure Qubes OS has taken any steps, like maybe "Tails", to actually mitigate fingerprinting in disposable VMs) On top of that have you ever tried to use Panopticlick? Even tails gets more or less uniquely fingerprinted primarily via the non-standard browser window size when it is maximized and also because it seems to apply some uncommon browser settings that maybe only tail users have... > UUID you really should just use the same UUID as a lot of other people That requires you to know the UUID, also UUID was more a token for "fingerprintable data", not to be taken literally. > by using Qubes' bundled Whonix support: this will keep you blended in > the crowd. Yes but also dead slow :P. I was more thinking of using separate VPN services for each identity, or maybe even my own VPN server (NSA will likely still be able to cross reference, but at least not my ISP). I don't care much about NSA, since as I said before I am no target for them and the steps I take already make me pretty much invisible in the huge noise (besides mentioning them quite often :D). But I want to basically go "dark" when it comes to normal services and companies. > Talking about missing features for web-browsing, I would love to see a > plugin or a solution allowing to open a link in another designated AppVM > (the "Random surf" VM or a disposable one) with just a right-click That should be the simplest part of my proposal :D. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/061a784e-7605-4158-b03b-719987805769%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.