Hi 
Today I discovered that my AppVM name can be seen by my browser, which shook me up a bit.
I had previously believed Qubes masked this information, and I have a vague memory of the command line interface showing user@user. However, this might have been a different system. My commandline now shows user@appvm-name
I would like to confirm if this visibility is standard in Qubes or maybe I messed something up in my system?
This is standard.
Standard if you have not taken steps to protect yourself - turning off
JavaScript is a good start.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
This is not a honeypot for those who are certified to operate aircraft carriers and jets (at the same time).
Thanks
I do in some qubes but can’t do that for every qube. I found a workaround by editing the hostnamectl and putting that in the rw/config/rc.local file. It worked 
. This was the first time for me I managed to fix something in qubes by combining linux cli commands with the qubes documentation.
It is not always that easy but Salt could help you:
@shantyspruce:
thanks 
@unman:
I do in some qubes but can’t do that for every qube. I found a workaround by editing the hostnamectl and putting that in the rw/config/rc.local file. It worked . This was the first time for me I managed to fix something in qubes by combining linux cli commands with the qubes documentation.
@rzg
Learning new things every day and loving Qubes 
Hope I posted this correct, I don’t have much forum posting experience.
@parulin learning salt is on my very very long wishlist. 
I will at some point.
Hi. How did you discover it? Was it through some service that scans browser fingerprints? Please send the link
The information is available to the browser, or any other application running in the qube, it’s not included in every http request you make by default.
The appVM name is the hostname of the VM.
Extensions, addons, etc, might be able to extract the information from the browser, javascript might also be able to do things like look up the client hostname.
This is just how browsers work, they are not designed with anonymity in mind.
As problematic as JavaScript is for fingerprinting in general, I don’t think it can do that.
I also didn’t think it was possible, but it seems like there historically has been some ways to look up the hostname, but either using an extension like ActiveX or browser specific features.
No I didn’t discover it like that. I discovered it in a browser application that could see my AppVM name.
After figuring out how to fix it I changed my hostname in several AppVM’s. When I logged into a website inside another AppVM I received a message from that website that I was logging in from a new device and had to do an extra verification. So now I’m sure I’m being fingerprinted by my AppVM name too.
What I think is problematic about this is that some users may use particular names like qube-1 qube-2 qube-3. I assume this makes your VM’s more identifiable.
The good news is, I found a fix and when I have time I will create a more noob friendly tutorial for this. But this is what I have for now:
Hostname Configuration Method for App VM
To modify the hostname in an application virtual machine (appvm), you can use the following approach:
Open the /rw/config/rc.local configuration file
Add the command: hostnamectl hostname [new-hostname]
Example: hostnamectl hostname mystery-machine
To check the result restart the AppVM and run hostnamectl in the commandline.
Additional configuration options include:
Changing the icon name
Changing the chassis type
Modifying deployment settings
Updating location information
Run hostnamectl --help to see the above options.
When you change this name this is the name that will be seen internally. On the outside e.g. your Qubes menu, your AppVM will still have the name you first gave it.
Please correct me if I did something wrong. I’m still learning.
I take some notes about mimicking normal environment that could be useful
@renehoj I wonder if there is a security benefit of changing the appvm hostname? Since the outside hostname, the name you originally gave the qube still remains but the inner system hostname is now different.
@rzg I will definitely read those. Thanks! 
Nah, changing your browser is more than enough for a website to perceive it as a “new device”. Or other ordinary actions, like clearing cookies. A website having access to your VM name / hostname would be sensational.
Then how is it possible I registered as being a new device after changing my AppVM name? I didn’t change the browser and I don’t use history, webrtc is off and I run ublock origin.
Ah, I see why your misunderstanding, my explanation was incorrect. I logged into a browser in another AppVM. The browser in that particular appvm was the same as always. But after changing my AppVM hostname it registered my AppVM as a new device - due to the changed hostname. I will correct my post hereafter.
In any case if you don’t believe me you can try it yourself. I also run that particular website in a secluded AppVM because I know it likes to track extensively.
If you’re saying that you’re throwing away local state like cookies on browser shutdown, then that alone would make it a “new device” each time you log in after (re)starting the browser. Although depending on the website they might only say so if combined with some other signal (e.g. an IP address from a different country compared to the last and very recent login). It’s hard to say what exactly a login system takes into account, but it’s not the hostname.
I might. What’s the website, and what TemplateVM and browser did you use?