Hi everyone, I've been thinking about ways i can increase security when using tor in a whonix vm, and i had a few questions about the security risks of browsing/downloading files over http.
I've looked up some info about it and i know it presents a security risk, but i don't really know what i'm talking about so i thought i'd ask you guys. Please let me know if i'm wrong about anything here (which is likely!) Sorry this is so long! Anyways, let's say i want to use a site that doesn't use https (http only) that i can do 3 things on: 1. general browsing/reading content 2. download small files 3. log into an account, which is required to download large files I'm browsing the site in a relatively unsecure vm that i don't necessarily care much about, but i'll probably want to move some of the files to another vm to use elsewhere, or to a usb stick to transfer to another machine. If i use the site over tor, the exit node operator can read all the unencrypted traffic, and possibly maliciously modify files downloaded, which is why it's recommended to always use https when possible over tor. Qubes helps with this since i can do all my browsing on the site in a separate vm, but there's still a security risk especially if i transfer files elsewhere. It seems to me that i basically have 4 options: 1. Do everything over tor, including downloading files and logging into the account. This is bad because the exit node operator can see my username/password, and i don't think there's any way of really reducing the risk from this. 2. Browse the site and download small files (without logging in) over tor, but use a non-tor VM to log into the account to download larger files. This is better than option 1 because exit node operators never see me log into the account, but still presents a security risk because they can maliciously modify files i download. It seems to me that exit node operators doing something like this (modifying files downloaded over http to compromise my vm) is something that would have to be done manually, in real time, but please let me know if i'm wrong about that! I also don't know how likely this is to actually happen. But it seems to me that a way to reduce the risk here is to use the "get a new tor circuit" option right before downloading the file. That way the new exit node operator would have not much warning/time to do something bad before i download the file. Would that help? 3. Do general browsing in tor, but download all files outside of tor. This is better than option 2 from a security standpoint because i'm not downloading files in a risky way over tor that will then be transfered elsewhere, and if the vm i'm browsing the site in using tor gets compromised, i don't really care. But it's a pain to have to switch to a non-tor vm every time to download a file (and i know it's recommended not to have tor and non-tor connections to the same site at the same time). 4. Do everything on the site outside of tor because the site doesn't support https. This is best from a security perspective, but worst from a privacy/anonymity perspective because i can't use tor to browse the site. If i really wanted to only use https over tor, i could enable the "block http connections" option in https everywhere, but couldn't this increase fingerprintability of browser since most tor users don't block http connections? The same reason it's recommended not to use additional browser plugins in tor browser. What do you guys think is the best way to go about it? Am i wrong about anything here or missing something? I know this may be too long to read, sorry! -Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d12c7d6-4b38-4356-9f80-fa749db2280b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
