Benefits/drawbacks of a travel router alongside QubesOS for those on the move

Threat model: assumed high level pursuit.
Requirements: Access public ethernet/wifi anonymously/securely, safe from attackers on network and skynet.

People don’t generally talk about QubesOS → Travel Router → Public Wifi. I don’t think I’ve ever seen it mentioned, despite several threads in several forums about public wifi use. So- does it not add anything useful, or are people just not sharing their tricks?

Travel routers are usually for several devices. For simplicity, lets assume the use-case for the travel router here is exclusively with one QubesOS device. We can expand later.

QubesOS distrusts the infrastructure. Assumes network is compromised, etc. Now we have disp-sys-net, we get a blank slate with each connection. We can randomise MAC address in qubes, though it’s not immediately accessible/achievable for everyone.

Presumed benefits of incorporating travel router into your setup:

Mac address randomization baked into certain travel routers. Users can forgo figuring out how to do it in qubes. But is that a less safe practice? If so, why?

Physical airgapping of device possible, similar to kill-switches, but less convenient. Removal of wifi/bt cards keeps you safe when offline, but still allows you to connect to travel router by physical tethering. (employ generic safety procedures for internet safety as required: vpn/tor/others/combinations thereof whilst accessing networks). But people report difficulties in those combinations with qubes 4.1 at present. So…

Travel router could also increase ease of use. People are reporting difficulties with tor THROUGH vpn (i can’t usually tell what something over something specifically means, I think this is more robust in description), so if a router between Qubes machine and outer world has VPN onboard, you can overcome network/router/isp/regional difficulties with tor by pumping it via VPN enabled router, and bypass the current qubes 4.1 problems with Tor through/inside/hidden by VPN.

A travel router could also allow you to route via cellular networks. (privacy issues not withstanding, at least it probably won’t have a GPS onboard for immediate and specific geolocation in the event of certain attacks).

Non-qubes side question: can a device with a sim antenna but no simcard onboard still be identified and geolocated by advanced attacks?

Varying risks with router in different modes:

By using qubes with a travel router in various modes your risks/benefits shift slightly.

If travel router is connected to on-site static router/modem via ethernet, then presumably you’re invisible to anyone on the network, either by also tethering to your travel router so there are no wireless transmissions involved, or by connecting to your tethered-to-modem-router via your own personal SSID. The latter requires that you have your own network card or adapter attached to your device, and so are not truly airgapped when offline.

When your own SSID exists, hidden or otherwise, it can possibly be added to freely available SSID maps worldwide, similarly your MAC address can be logged and tracked. You can mitigate this by changing your SSID, MAC address, and possibly other credentials with each new connection in each new location. High effort.

Are there other fingerprints to mitigate? Discuss

Alternative pathway through travel router, you connect to your router over wifi, which is bound to static router/modem physically. Same issues with SSID as above.

Possible drawbacks of travel router with qubes

We distrust the infrasatructure. So we distrust all that happens outside of qubes. If your router gets hacked, you’re carrying it with you, and putting further reliance on qubes to protect you. Unless your travel router OS is also somehow disposable and firmware secured, how much security does it really promise?

How do you safely reflash your routerOS and firmware from a compromised qubes machine? If Qubes is compromised via your router, does re-flashing from your compromised Qubes do anything meaningful? Or are you then just swallowing your own tail?

If that’s a risk, might it not be safer to forgo the router?

Does anyone who is permanently on the move have a solution for safe re-flashing of devices? Maybe a DMZ created with an intermediary device? Please comment if so.

Other drawbacks: weight/bulk.

Non-typical travel router solutions: tethering via phone (either via wifi or cell, see associated risks above). Further dangers of phones include increased attack surface (bluetooth, NFC, GPS, that secret NSA chip you haven’t noticed).

What are your solutions for travel with qubes? How do you stay safe and anonymous on the move?

1 Like

Bit fuzzy, but i think i get our point.

After a quick search i found that those travel routers are hardware tings one can buy.

By using them i see some problems:

  • Your trust the vendor to not cooperate with your adversary
  • You trust the vendor to not fuck shit up.

As i already pretty much have to trust at least one OS, i really would try to minimize the things i have to trust, especially closed source stuff.

But say i trust that the vendor will not cooperate with my adversary. Maybe the vendor fucked up and stuff is identifiable.

From my point of view, your sys-net is your travel router, that handles your devices (Qubes).

Every function such a travel router could offer your Qubes system, can be done there. If you have more devices: Create an AP if you want, or connect them to your ethernet port. Everything is possible.

Don’t use Tor with a VPN unless you know what you are doing and have a very valid reason to do so.

Yes.

If your router does NAT and obfuscates the devices behind him, the outer network only knows that there is your router in the network. This obfuscates a bit how many devices you operate, but they are not invisible.

Yes. Your hardware is inperfect. It can be fingerprinted by a skilled adversary with 20 dollar equipment. Here is a paper.

Usually MAC and hostname randomization is well enough for the utmost reasonable threat models.

Please note, that most ppl overestimate their adversary in threat modelling. This can be a fun thing to think and talk about, but is of only scientific interest.

Oh btw i created a post thing about wifi stuffs, maybe you are interested:

3 Likes