I often use Qubes when I need the highest levels of security or anonymity. I usually do not use Qubes when I don’t need that and in part this is to look more normal when I do normal activity.
I increasingly am concerned with network fingerprinting where a combination of MTU and latency and packet loss and TTL are being used to guess who I am. I dont think these things are always protected by a VPN and ask if the Tor network even fully protects against someone coming into the Tor network with a more unique network fingerprint.
I am considering moving to Qubes for all of my activities. I have concerns about doing this. I do not want any big tech, banks, Amazon, Facebook, Telegram, Google, X, Duckduckgo (Microsoft Bing) and even a VPN to know I use Qubes. I do not want this because it put me into a narrow pool of users. Many big tech players own part of the infrastructure (AWS… Azure) and it makes it harder to avoid network fingerprints.
I know that having multiple Qubes prior to using something like a browser in Debian is going to increase my TTL. I am not sure if it also increases my packet loss or does other unusual things. I usually alter my MTU slightly as it is for my network setup and worry that it makes me stand out but I get incredibly slow speeds if I don’t lower MTU. I am worried that it may still alter my network characteristics in ways I cant predict.
I also am concerned about the detection of the screen using javascript. Normally when I am on a webpage it run code locally using javascript and it is sensing my screen width and height etc. In Qubes the browser is contained in a small window. Does this stand out?
Is dom0 still using X11? I dont know if malicious Apps can see everything through X11 within the same Qube. I am not sure if I can use Wayland within a Qube if dom0 uses x11.
Is it pointless to believe that Qubes usage can be hidden from advanced adversaries?