Changing Qubes wallpaper

You know any good site out there? And how do i add them in Qubes? Thank you

Hi @b4xqrm7nti. Websites to find wallpapers are outside of scope of this forum (there are plenty of answers on that already on the internet).

:warning: you should keep in mind that background colors may affect your ability to disabiguate qube’s border colors. I don’t know if this is well studied, but I would encourage using either light or dark wallpapers.

A) Using the default wallpapers (easy and safe)

A lot of amazing qubes artwork already exists in dom0 in the folder (/usr/share/backgrounds/).

Just open the Settings Manager application in dom0 » Desktop

And then set the Folder: to /usr/share/backgrounds/.

B) Downloading from the internet

1. Moving image to dom0

Option a) - safest

The safest way is to open it in full screen from within a qube and then use the dom0 screenshot application to take a pic of the wallpaper. It will be saved on your pictures folder (/home/user/Pictures).

Option b) - discouraged but is “prettier”

You download the files from a qube and then move it to dom0. It’s not technically easy but you can consult it here. The security downside is that you are copying an untrusted image from the internet onto the most trusted component of Qubes (dom0)…

2. Setting background

See path A) but set the Folder to wherever in dom0 you downloaded it.

2 Likes

Thanks. Yeah, but it’s a picture… Are there many exploits today in pictures or what? I’m not that paranoid, but it’s good to know. Thanks for your reply! I need some more wallpapers in this cool OS.
I found this now randomly… Some people in here might like cubes. :slight_smile:

1 Like

Yes, there are:

There are many more I can post, and this is just from the top results of searches such as “hiding malware in jpegs” and “malicious image attack”, but the point is that this is old hat for even moderately sophisticated everyday attackers, the sort that go after your Instagram account or credit card information—not truly sophisticated APTs with nearly unlimited budgets. When considered in the context of NSA capabilities, which includes exploiting network race conditions in-transit and injecting malware into packets after they leave the server but before they arrive to you or by intercepting the request altogether1, image-based exploits that take over dom0 through a wallpaper you downloaded off the Internet is entirely within the realm of possibility.

If your threat model includes such expensive and targeted attacks from nation-state adversaries, even if only because your use of Qubes OS already sets you up as potential “collateral damage” of any nation-state attack on Qubes users generally, then not even your wallpaper is safe.

Remember: images and even text are not just images and text, but code that must be rendered by your computer and so can be exploited during that process. Simply loading an image or running unsafe text containing malicious code, even without further user interaction, can be sufficient to trigger an exploit chain that infects your computer. While they are rare and sophisticated, they can and do occur.

Regards,
John


1 One example is QUANTUM, which was used in conjunction with FOXACID to successfully attack Tor users. From Schneier’s blog:

Expand to see full quote
3 Likes

Highly related:

1 Like

Just found out about dom0 terminal command qvm-get-image. Apparently it converts an image to trusted.

2 Likes