On Wednesday, September 20, 2017 at 12:50:46 PM UTC, Dominique St-Pierre Boucher wrote: > On Wednesday, September 20, 2017 at 8:27:40 AM UTC-4, cooloutac wrote: > > On Monday, September 18, 2017 at 11:02:50 PM UTC-4, Person wrote: > > > Let's say you have an online identity that you want to keep separate from > > > your personal information. On Qubes, is it possible to keep i information > > > completely separate without physical separation? I have considered using > > > a separate OS virtualized in Qubes, but it may possibly leak the same > > > device data. Multibooting with Qubes is also not the safest idea. > > > > > > What is the best way to keep online information from being traced back to > > > you on Qubes? > > > > Not really sure what you are asking, or what information specifically. > > Keeping information separate is the general purpose of Qubes. One vm > > doesn't know what data is on the other one. > > > > If you are talking about keeping your identity hidden from the internet. > > Just don't let the vm connect to the internet? > > > > As far as information like device id's, that would depend on the program > > you are connecting to the internet and if it gathers such information. I > > really don't know if what core linux processes do this. Browsers prolly do > > yes? > > > > In general, hiding your identity is not really something thats Qubes > > specific. Use multiple whonix qubes with tor browser? Don't log in the > > same online identities on the same vm? > > If you are talking about the first the identity of your computer, that will > always be the same hostname, mac address if you connect both vm through the > same network card. If you have 2 network card (and different sys-net), you > can maybe have the traffic through one card for one ID and the other ID > through the other card but if you are using it at home on the same lan, I > don't see the point. But doing it on a public wifi and using 2 differents > network card (and different sys-net vm) you can have 2 different session on > the same website and I don't see a way from the server side to figure out > that you are doing it from the same computer. > > Hope I make sense!!! > > Dominique
I second Dominique here, this is what I would do too if I wanted to maximize anonymity. However be mindful that it's still risky if its a matter of life and death, or anything other really serious/important. There is always a remote chance that something can be used to track back to you, be it something brand new, zero-day exploits, or what else hidden tricks is out there. Although these is mostly only used against high-profile targets, and typically, or most likely not,on your everyday internet users. For example virtualization isn't perfect. To my knowledge, this is one of the reasons Qubes is switching from PV to HVM. And even then, HVM seems to only be a temporay solution, as while it's better than the current PV, it isn't perfect either. Generally, you're in deep trouble if someone is hunting you as a high-profile, but if its the average joe-hacker? Probably not. From what I can gather, Qubes attacks are difficult to pull off, so much that it hasn't been observed in the wild. However one of Qubes's weakpoints is the lack of reward pools for white-hat hackers who hunt for bugs and weakenesses, although it may be solved soon through donations I think? Anyway, just be careful, don't do anything that you can't pay for afterwards, be it your life, prison, or what else may be hunting you. Also to do Qubes justice, it's still pretty darn secure. It requires exotic and probably difficult hacks to get through, such as hacking one DomU and mess up your memory in other to break into another DOmU, and thereby indirectly get access to Dom0, or something like that. Presumably the Qubes 4 system is much better protected against this kind of difficult but theoretical possible attack, than Qubes 3.2 is. Then again, I'm no security expert, take my words with some salt. But definitely don't believe Qubes has perfect isolation, it doesn't, not with modern technology anyway. However it's a massive leap in the right direction for better security. Furthermore, be extremely mindful of user-habits and which websites you visit within the same Tor sessions. If someone is specifically targeting you, they might be able to do simple detective work to figure out who you are. Be sure to make a new session before you do anything that can tie your identity to anything which must be anonymous in the future. It can even be the combination of websites you visit, fingerprints in the Tor browser (they are hard to get rid off, even for Tor/Whonix). Never turn on Javascript when browsing websites that must be anonymouse (fingerprinting is heavily increased with javascript enabled), and never move the Tor window from its default launch location, never resize it, never zoom or scale, never install addons, never change anything which affects your browsers fingerprint. Basically, anyone can be tracked on Tor, if enough resources and skilled people are being thrown at you, and they have an anchor point of which they can see you return, to keep watch, until you make a mistake to give further clues, which eventually will make the puzzle click and identity you. Although you may know some of this already, I took the liberty to write some warnings. Always be ready and cabable to pay the risk if you get found out, if not, then is the gamble worth it? Tor for casual browsing to avoid businesses and macro-surveillance is pretty harmless even with more loose habits. Though, be warned, it isn't all sunshine either. Mega servers complexes making use of Economics of Scale to build cheap Cloud storages etc. are already showing up around the world, with the single purpose, to collect encrypted or non-encrypted data, which will never be deleted, forever. This is legal too, since there are plenty of loopholes in law, for example it isn't illegal for the USA to collect data of anyone non-US citezen outside of USA, and then trade such information with allies who keep track of USA citizens. Nothing gets deleted in these massive server/cloud infrastructures. With the now very recent news of quantum computers making big breakthroughs, and already emerging A.I.'s that can automatically search and find anything among massive amounts of data... well.... Huge data collection of encrypted data + Quantum computing breaking encryption + Advanced emerging A.I. to sort through all the data automatically = essentially the same as reading the internet in clear-text non-encrypted. Basically, anything encrypted today, may not remain encrypted in say 3-7 years. Many don't worry about the future though, but the issue is many things are collected and kept for safe keeping, until the day this vast amount of data can be effortlessly opened and sorted. Worth the risk? If anything big is on the line, then probably not. If you just want to protect your liberty, freedom of speech, democracy itself, and businesses marketers profiling you, then its worth keep using it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63f80023-3895-4d42-8202-92df8906bc5f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
