i have been looking into fingerprinting as a potential risk of using qubes i will admit i dont have much experience or understanding of how fingerprinting works so correct me if im wrong but dont websites track what operating system you use if so wouldn’t using qubes make your fingerprint far more distinctive on a similar note not that it has anything to do with qubes but if website also track your computers hardware is there anything you can do to to change the appearance of your hardware to websites?
I was looking for the same and managed to fix it like this:
Hostname Configuration Method for App VM
To modify the hostname in an application virtual machine (appvm), you can use the following approach:
Open the /rw/config/rc.local configuration file
Add the command: hostnamectl hostname [new-hostname]
Example: hostnamectl hostname mystery-machine
To check the result restart the AppVM and run hostnamectl in the commandline.
Additional configuration options include:
Changing the icon name
Changing the chassis type
Modifying deployment settings
Updating location information
Run hostnamectl --help to see the above options.
1 Like
One aspect of fingerprinting that I did not understand before looking into this a couple of years back is that the first time you run firefox (and quite likely other browsers as well) it generates a random ID and uses that particular ID every time thereafter. That ID alone is enough to fingerprint you; and the only way to get rid of it is to reinstall firefox.
If you can set firefox up to run in a disposable, and NEVER run it in the disposable template, then every time you fire it up it’s as if it is a clean install and you get a different random number ID. The problem then is that it’s going to be completely uncustomized. With firefox, however, you can “arkenfox” it…and that involves a lot of pre-configuring; you can set all sorts of things (right down to getting rid of the obnoxious search-from-the-address-bar which in addition to being annoying since it searches for sites instead of taking you to them, is just a way for google to spy on you) before you open the browser for the first time. [Guide] Automatically install extensions and configure new (dispvm) hardened Firefox profiles with arkenfox user.js and policies
1 Like
There’s also the dltoken which will be shared between users of the
template.
Your advice about running only in disposables where this is an issue is
well placed.
But, as I’ve said before, this is only one aspect of fingerprinting.
And, as with DNA, this may be an identifier, particularly if you have
leaked your IP - otherwise it is evidence that may be used to confirm
your identity after the event.
2 Likes
1 Like
@unman
Wow, what’s that “dltoken”? Where can I read about that?
After changing my hostname I got a “your logging in from a new device” message today.
1 Like
dont websites track what operating system you use
Some do, others don’t. Often, it is not the websites themselves but infrastructure service providers (e.g. CloudFlare, Amazon, Akamai).
if so wouldn’t using qubes make your fingerprint far more distinctive on a similar note
If the website can detect your OS, then yes.
not that it has anything to do with qubes but if website also track your computers hardware is there anything you can do to to change the appearance of your hardware to websites?
Most trivial: Disable JavaScript, use Tor Browser.
However, the subject of OS detection is much bigger:
2 Likes
Thanks for posting this link! It explains everything! 