Roger that, thank you Leo so it sounds as though Qubes ought to be up to snuff 
for all contemporary ad instustry practices that Google, Facebook, Doubleclick 
etc are liable to try but that Qubes + anonymizing browser is a better bet 
against more sophisticated tracking in case that were a concern.

Great news. :)

On Monday, September 18, 2017 at 2:39:34 PM UTC-7, Leo Gaspard wrote:
> On 09/18/2017 09:27 PM, wrote:
> > Thank you Micah and Michał, but I am not actually asking about a standard 
> > as strong as 100% bulletproof anonymity or anything. I really am just 
> > concerned about whether any of the methods on that list that I linked to 
> > would be enough to leak cookie-like reference data between two separate 
> > Qubes security domains.
> Cookie-like reference data between two separate Qubes security domains
> cannot happen. This would mean one VM is able to influence the hard disk
> of another, which would be a vulnerability in Qubes.
> > Being tracked as I browse around *in* a given security domain is entirely 
> > my problem of course, and I understand that. My only concern is working to 
> > ensure that to an outside observer such as webservers and ad networks 
> > nothing short of the shared IP address (and via Tor or VPN or different IPs 
> > honestly allocated to different domains perhaps not even that) can act as a 
> > reliable indicator that web browsing activity in one Qubes security domain 
> > is "linked" to activity from another security domain via any secretly 
> > stored cookie-like reference identifiers that get somehow leaked across 
> > domains.
> What can however happen is things like hardware fingerprinting through
> the browser, like CPU frequency measurements.
> Also, Qubes doesn't guarantee two VMs can't talk together, so if you
> have at the same time a browser in two VMs in two websites they may be
> able to talk together using such side channels (timing the cache,
> ultra-low-level stuff like that).
> So even though supercookies and the like aren't shared in Qubes, if you
> use an insufficiently anonymising web browser, a web site may be able to
> fingerprint your hardware through the browser (Qubes/Xen does nothing to
> prevent that for performance reasons), and then to link your hardware to
> different identities you used to browse different pages in different VMs.
> I don't know of any website that would try to talk to others through
> side-channels, but I seem to remember articles on hardware
> fingerprinting (esp. the cpu frequency and drift, iirc) through JS from
> a few years back, so I guess against state-of-the-art tracking systems
> Qubes will not be enough.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to