Thank you Micah and Michał, but I am not actually asking about a standard as 
strong as 100% bulletproof anonymity or anything. I really am just concerned 
about whether any of the methods on that list that I linked to would be enough 
to leak cookie-like reference data between two separate Qubes security domains.

Being tracked as I browse around *in* a given security domain is entirely my 
problem of course, and I understand that. My only concern is working to ensure 
that to an outside observer such as webservers and ad networks nothing short of 
the shared IP address (and via Tor or VPN or different IPs honestly allocated 
to different domains perhaps not even that) can act as a reliable indicator 
that web browsing activity in one Qubes security domain is "linked" to activity 
from another security domain via any secretly stored cookie-like reference 
identifiers that get somehow leaked across domains.

For example: if I browse to a Flash or Silverlight website using Browser X in 
my [untrusted] domain, would those plugins be able to store any kinds of LSOs 
or HTML5 local storage or cached E-tags or anything else deep enough into the 
system backend that they could pull them back out again in my [work] domain 
when I browse back to that same site again?

>From a differential diagnostic perspective, I know that running two COMPLETELY 
>separate VMs via XenServer et al with completely separate OSen and completely 
>separate installs of the same browser and Flash plugin — where they don't even 
>view a single shred of the same filesystem — should be safe from any industry 
>standard client tracking data (EG, short of malware like Bluepill or direct 
>exploits against the incumbent hypervisor) leaking between said domains.

However two different browsers on the same computer/OS combo, such as Firefox 
and Opera, might get Flash installed via the same process which gives the Flash 
plugin on both browsers access to the same LSO store squirreled away somewhere.

So I'm just trying to confirm how close to case 1 Qubes security domains rate, 
even when you are still only installing the OS, the browser, and the Flash 
plugin once for use by both light VMs.

I hope this helps to clarify my inquiry, thank you!

- - Jesse

On Monday, September 18, 2017 at 11:02:31 AM UTC-7, rysiek wrote:
> Dnia Monday, September 18, 2017 10:56:33 AM CEST Micah Lee pisze:
> > Qubes security domains don't necessarily help solve this problem because
> > really the problem is how your web browsers are configured.
> > 
> > So a tracking company can't link your browsing activity between Qubes
> > domains -- your "personal" traffic and "work" traffic might look like
> > two separate people -- but within one of those domains, they can still
> > track you, and do all of those tricks.
> > 
> > If you want web privacy, you'll have to configure your browser within
> > Qubes the same way you have to outside of Qubes. Or, you can do all of
> > your browser in DisposableVMs. Or use Tor Browser, which has taken many
> > steps to prevent browser tracker as a design goal.
> Damn, beat me to it!
> -- 
> Pozdrawiam,
> Michał "rysiek" Woźniak
> Zmieniam klucz GPG ::
> GPG Key Transition ::

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to