@rustybird
Yes and even with all that disabled (history, etc) that particular website will let me login without 2fa (sms) after a couple of logins over a time span of several days. I never get a message your logging in from a new device. I only got that AFTER changing my hostname.
I sent you a pm with the website name as it I prefer not to have it listed in a public post - sorry
But in any case anyone can check this in the Vivaldi browser too (i used a platpak) just create an account and you can see your appvm name - or at least I can.
Correct: in the website content in the Vivaldi browser.
In the Qubes native Firefox browser my appvm got registered as a new device after changing my hostname but I could not see the hostname in the browser content - but I believe that website can read it.
Hi everyone, Vivaldi only shows the appvm name in the UI which seems to be safe. I didnāt know that was safe. As for the other website I retested it by changing my AppVM name and it didnāt tell me I was logging in from a new machine. So I donāt know what caused it. But Itās not the appvm name.
So classic mistake here of not enough knowledge and not double checking. My fault.
In any case, if for some reason you donāt want your browser to know your AppVM name and use a different name on the inside your qube, you can follow the mini hostnamectl tutorial above and check out @parulin and @rzg posted links
Thank you for all your responses and help and especially thanks to @rustybird for helping me to figure out what was going on.
If all your appvmās use uniform identifiable names like Qube-1A, Qube-1B, Qube-2A, Qube-2B
it becomes a pattern. And since there is AI, everywhere these patterns can become recognizable - even if your in a different AppVM. Just providing another clue to your identity. So the goal here is security trough obscurity. All the small things you can do help in the end of the day, even if it doesnāt seem like a big deal. Of course it depends on your threat model if this is useful for you or not.
Did you try to check your audio and mouse fingerprinting across your qubes: Firefox, tor, Vivaldi, etcā¦?
Oh, and its āsecurity through compartmentalizationā. This topic looks like itās about anonymity, to be honest, and it might lead less experienced users to a false sense of security, if Iām asked. And it would be good to emphasize the fact in the OP.
Even Qubes Os advertises itself on the very front page as āReasonably secure OSā. Itās not shaming, itās the fact of lifeā¦
Thanks for your input! You raise some solid points, especially regarding the distinction between security through obscurity and compartmentalization ā thatās definitely crucial to consider. But canāt they work together and compliment each other?
What I aimed to emphasize is understanding what websites can see about your system. A part of newcomers to Qubes, like myself, come from tough situations and have perhaps dealt with cybercrime. Suddenly, you find yourself in a completely new environment, where you become aware of an invisible worldālike what can be seen at the other end of the connection. Not knowing whatās visible can create a lot of anxiety and stress.
So, for me personally this isnāt just about anonymity; itās about grasping what can be seen and how that visibility might impact your threat model.
I hope that clarifies my perspective a bit better. Iām open to renaming the post to highlight these nuancesāany suggestions would be great!
