I really don’t understand the need to defend something so sensitive being so far from the clear sight.
It would never occurred to me something like this might happen which is documented only if you point mouse over some icon in some gui part of Qubes. Because I don’t know so many other things, beside other measures, only dispVM can get netVM, manually set upon it’s start in my model before I even installed Qubes for the first time. No other VM has netVM set, or set to autostart. Now when I think seeing this, I’ll even set sys-firewall’s and sys-whonix’s netVMs to none, although they’re not set to autostart as mentioned above.
For me, more dangerous than this describing none-to-internet leakage tip is the case you’d want something over tor, only to jump in to clear net this way.
I agree. For several weeks after I started, these yellow triangles would show up in settings, sometimes, and I couldn’t do anything with them…clicking on them, for example, didn’t work. (Yet another reason I hate controls that don’t look like controls, which is this jackass gui design trend in the last few years…that trains you to click on things you aren’t supposed to click on, on the off chance they might be controls).
I found out quite by accident that you have to hover over these triangles…and under all this obfuscation is a VERY IMPORTANT warning if you want to isolate qubes from the internet.
It looks like this was part of the resolution for QSB-47:
[…]
Add a warning message in the Qube Settings GUI when the NetVM of a
qube in the “Basic” tab is set to a different value than the NetVM of
the default DVM Template set in the “Advanced” tab.
Now when I think seeing this, I’ll even set sys-firewall’s and sys-whonix’s netVMs to none, although they’re not set to autostart as mentioned above.
I have my global default_dispvm set to a minimal DVM template with netvm=none. As an additional measure, I also edited manually the firewall of that same DVM:
It looks like that issue is about something different than what’s being discussed here.
Why would you think that? I was simply pointing out that:
Each participant in this discussion should feel free to open an issue for this.
The historical source of this goes back to QSB-47, which explains the original problem that led to this measure being implemented. Understanding the historical context can be very useful, because it allows one to understand which problems are already known, which matters have already been discussed and considered, the outcomes of decisions, and the rationales and motivations behind subsequent actions. It’s also good to have QSB-47 mentioned in this thread for future reference, in case a related problem arises in the future.
My post was actually a reply to @DVM (note the upper-right corner). Why would I repeat what he said in a reply to him? That woudn’t make sense. Clearly, I must have been aware of his post, or else I could not have replied to it. Besides, you can simply compare the content of his message and the content of my message and see that they are different.
Anyway, since no one else wanted to open an issue for this, I’ve done so: