Re: [qubes-users] Your Battery is syping on you...
Hello Rudd-O, many times technology can be used in both sides good and e* My first concern with this internet and lack of IT-security is, that in some main-stream browsers you have enough backdoors to book in the second you type in your credit-card information in parallel for you on another place with a another delivering-address of course... In my eyes a hard browser focused to the financial goals of the owner will be quite helpful in this crazy internet game. Tor, I'm afraid will be also a perfect tool to deliver a hidden command and control structure (e.g. my QR31 was not updating anything any more...). "Of the top twenty most popular Tor addresses, eleven are command and control centres for botnets, including all of the top five." https://www.technologyreview.com/s/519186/security-flaw-shows-tor-anonymity-network-dominated-by-botnet-command-and-control/ So Tor will be useful on a live-QubesOS DVD in a dual mode, if you need Whonix browser + Tor Features, e.g. for security-research without the tracing features of the network. It's so hard to get an coherent picture about the good and robust internet infrastructure. Perhaps a new kind of network will get this straight out of the box one day in the far far future... A how to do banking, shopping ans surfing-guide will be quite helpful to get a solid baseline towards a better safe internet-experience. Thanks and Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3f8700ad-f2c2-49f5-9fe2-8f8fba1e2c61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
On 11/04/2016 08:32 PM, 198730178489710317470139 wrote: > Hello, > > good to know that Firefox and other mainstream-browser's spy-features don't > work inside the Q-VMs. > > But here are many ways to find out, who is sitting in front of the screen, > without get logged in, e.g. also keyboard-typing-patterns and mouse > movements... > > So for ebanking and free of digital dicriminating shopping I should use > Whonix? For ebanking you want to use a normal AppVM that does not have the Whonix stuff. They will fingerprint you. For shopping you want to use a separate normal AppVM that does not have the Whonix stuff. They will fingerprint you. BUT Those fingerprints will be different and so sites you visit on your shopping VM will not know about your banking habits in any way, and vice versa. For regular browsing you want to have a separate VM that has hardened settings and uses stuff like User Agent Spoofer with all the Firefox fingerprinting settings disabled (battery, gamepad, audio, WebGL, et cetera), as well as uMatrix to disable HTTP requests that you have not authorized. This VM can totally be a Whonix browser + Tor combo. I think I will post a guide for that soon enough. Just remember: Don't bank where you surf, don't shop where you bank, don't surf where you shop. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/639a26e7-f6a1-5b07-2fa7-9f97f24068bb%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
On 11/02/2016 09:49 PM, '109384'019834'09128'340932189 wrote: > Hello, > > in Q the Firefox battery fingerprinting is enabled. > > https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > > Manual you might disable it: > > 1. start Firefox > 2. open the URL about:config > 3. scroll down to dom.battery.enabled and disable this feature > > It would be nice if the DispVM has running a Firefox, which don't support the > fingerprinting (or even better, a real secure-browser...) Battery access to the system battery is disallowed because the DispVM / AppVM does not have access to the hardware. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dddc3ce5-3b7b-c038-23ad-ba9e34fbeb4d%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-02 15:46, Marek Marczykowski-Górecki wrote: > On Wed, Nov 02, 2016 at 02:49:23PM -0700, '109384'019834'09128'340932189 > wrote: >> Hello, > >> in Q the Firefox battery fingerprinting is enabled. > >> https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > >> Manual you might disable it: > >> 1. start Firefox >> 2. open the URL about:config >> 3. scroll down to dom.battery.enabled and disable this feature > >> It would be nice if the DispVM has running a Firefox, which don't support >> the fingerprinting (or even better, a real secure-browser...) > > Whatever Firefox provides there, it has no access to actual (hardware) > battery information. > Furthermore, you should *not* expect privacy when using vanilla Firefox, even in a DispVM. For that, you should use Whonix. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYGsLrAAoJENtN07w5UDAw2t0QAMBA3lgsCzRlMaCjXIE2b6wN kVG5ILojLp82bRMTf54PL5608CutuZ09EWkZJRx2H74Q46xj3U2SaOK3DXPqVH1w YYBdkw7pE9wvzi8ixONO3iS44IX/MR6s8e9IQZ7YvQHNXz+KSHgt4QqUVzpy9Mj5 P7Lqkk1tk020DGFee/rwZHxUQFbMmlWh2QvwOTdKdDHjBxe4MQRC42RGj2FuF1u+ V9kKE2Tt61/roCNbRJVQigb1/wW8fl5DXr12MPZb5ov3i1HG6AMXGOh7GaXWmb/J 5BmiWmjsY0ysq2+1hVeKXN5OWrrHCOCF5fxjBsuiSbQNLJBc2vuEj+L/b3FkZYm2 6uWe8WXZ14PzqygfiOS2p+REhx9KT6YT2fbME09P7PWuWaxZfxLeU+iEi3/N3tnc RlyEoOfogP/bOQGYTnK/+MAvuNbqbRUd23lrGiVtNE1oHiVddj+BrT1NRl2JVWEs icJorJjMCVkeKnIyaA1SJ2o636Mvxo9bqBTsgUvXRMLfRQH2MgWo/ebnLX7EVLvV /9JsHuM/pdj3XLR6zew3AZbq85r0S8ICwwgLAok8zFMbT9+eT2vAHmQUDRwkyjCP KzWLSN/VZ4g5Yo+1iJMupfX0Qnydc1CR25nRqEv229JBEO/EOTqWcZVemnfsuNRw In2pOaLu1M7M7u62n0P3 =LPBb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7aab3e6e-516f-bf54-97f0-298cf894e7e7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 02, 2016 at 02:49:23PM -0700, '109384'019834'09128'340932189 wrote: > Hello, > > in Q the Firefox battery fingerprinting is enabled. > > https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > > Manual you might disable it: > > 1. start Firefox > 2. open the URL about:config > 3. scroll down to dom.battery.enabled and disable this feature > > It would be nice if the DispVM has running a Firefox, which don't support the > fingerprinting (or even better, a real secure-browser...) Whatever Firefox provides there, it has no access to actual (hardware) battery information. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYGmzEAAoJENuP0xzK19csDN4H+QG4jQFTZ5wYQR1o0Cx3mQOl ffntx7o5ak4to29M476mLz3OxK8cNmtb9S9ZjfPN8lQ8XY5f5wILdFXkTCmoyJND hPAjCLhARdCHtJ4Q5a0ulSkzZ1k0X/89Mmbk8YgVl11PDod/Q3D0whDu2Mqlofgj ++m40KV+ju2E+LmHkwtR4abC5G9kPq8+8nvnxCsD0PdPhTdBCeb0cpRNZCg9LYCR FTLIAeZYZhBrlmuk7DKK9TbMeaZEBUmbJlBg87EHSFlkd7G+LhXoBxBruRHeMaVI Og9ecbny7w8nkZBfgI7qY+mbZlrjEaUols7/xyvm+XIB1LBEiEyi7Bvp7FJXQnw= =MfmD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161102224625.GT7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Your Battery is syping on you...
Hello, in Q the Firefox battery fingerprinting is enabled. https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ Manual you might disable it: 1. start Firefox 2. open the URL about:config 3. scroll down to dom.battery.enabled and disable this feature It would be nice if the DispVM has running a Firefox, which don't support the fingerprinting (or even better, a real secure-browser...) Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3fd3757b-10bc-4d50-aa83-eedf1f95c2ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
