Threat model: assumed high level pursuit.
Requirements: Access public ethernet/wifi anonymously/securely, safe from attackers on network and skynet.
People don’t generally talk about QubesOS → Travel Router → Public Wifi. I don’t think I’ve ever seen it mentioned, despite several threads in several forums about public wifi use. So- does it not add anything useful, or are people just not sharing their tricks?
Travel routers are usually for several devices. For simplicity, lets assume the use-case for the travel router here is exclusively with one QubesOS device. We can expand later.
QubesOS distrusts the infrastructure. Assumes network is compromised, etc. Now we have disp-sys-net, we get a blank slate with each connection. We can randomise MAC address in qubes, though it’s not immediately accessible/achievable for everyone.
Presumed benefits of incorporating travel router into your setup:
Mac address randomization baked into certain travel routers. Users can forgo figuring out how to do it in qubes. But is that a less safe practice? If so, why?
Physical airgapping of device possible, similar to kill-switches, but less convenient. Removal of wifi/bt cards keeps you safe when offline, but still allows you to connect to travel router by physical tethering. (employ generic safety procedures for internet safety as required: vpn/tor/others/combinations thereof whilst accessing networks). But people report difficulties in those combinations with qubes 4.1 at present. So…
Travel router could also increase ease of use. People are reporting difficulties with tor THROUGH vpn (i can’t usually tell what something over something specifically means, I think this is more robust in description), so if a router between Qubes machine and outer world has VPN onboard, you can overcome network/router/isp/regional difficulties with tor by pumping it via VPN enabled router, and bypass the current qubes 4.1 problems with Tor through/inside/hidden by VPN.
A travel router could also allow you to route via cellular networks. (privacy issues not withstanding, at least it probably won’t have a GPS onboard for immediate and specific geolocation in the event of certain attacks).
Non-qubes side question: can a device with a sim antenna but no simcard onboard still be identified and geolocated by advanced attacks?
Varying risks with router in different modes:
By using qubes with a travel router in various modes your risks/benefits shift slightly.
If travel router is connected to on-site static router/modem via ethernet, then presumably you’re invisible to anyone on the network, either by also tethering to your travel router so there are no wireless transmissions involved, or by connecting to your tethered-to-modem-router via your own personal SSID. The latter requires that you have your own network card or adapter attached to your device, and so are not truly airgapped when offline.
When your own SSID exists, hidden or otherwise, it can possibly be added to freely available SSID maps worldwide, similarly your MAC address can be logged and tracked. You can mitigate this by changing your SSID, MAC address, and possibly other credentials with each new connection in each new location. High effort.
Are there other fingerprints to mitigate? Discuss
Alternative pathway through travel router, you connect to your router over wifi, which is bound to static router/modem physically. Same issues with SSID as above.
Possible drawbacks of travel router with qubes
We distrust the infrasatructure. So we distrust all that happens outside of qubes. If your router gets hacked, you’re carrying it with you, and putting further reliance on qubes to protect you. Unless your travel router OS is also somehow disposable and firmware secured, how much security does it really promise?
How do you safely reflash your routerOS and firmware from a compromised qubes machine? If Qubes is compromised via your router, does re-flashing from your compromised Qubes do anything meaningful? Or are you then just swallowing your own tail?
If that’s a risk, might it not be safer to forgo the router?
Does anyone who is permanently on the move have a solution for safe re-flashing of devices? Maybe a DMZ created with an intermediary device? Please comment if so.
Other drawbacks: weight/bulk.
Non-typical travel router solutions: tethering via phone (either via wifi or cell, see associated risks above). Further dangers of phones include increased attack surface (bluetooth, NFC, GPS, that secret NSA chip you haven’t noticed).
What are your solutions for travel with qubes? How do you stay safe and anonymous on the move?