Could randomizing my host name endanger my privacy if I'm compromised?

it is recommended to randomize the host name in order to not let an attacking that compromised your system know you’re using Qubes based on your host name ‘sys-net’.
however, if they see that my different VMs are run by the same host name (that is not sys-net but an unique one), could that lead to them finding out my VMs (different identities) are run by the same person (me)?

There’s a page on the Qubes Community documentation on Github for doing so. https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md

I do it personally to help avoid leaking the knowledge I’m a Qubes OS user via DHCP requests on untrusted networks. I also randomize MAC Address on my Wi-Fi card & use Disposable sys-net.

No the hostname of your VMs aren’t leaked over the network.

But yes if you’re sys-net is compromised (esp. if TemplateVM infected) then yes your activities could potentially be linked together by the adversary.

1 Like

This isn’t right - if someone has compromised your system, its trivial to
find you are using Qubes. Changing the hostname of sys-net will make no
difference.
The only benefit would be against some one monitoring network activity -
perhaps they have compromised your router, or are running a rogue access
point.
In that case sending out “sys-net” might be enough to tell then you are
using Qubes - but so might an examination of your network traffic.
Instead of changing the sys-net name, it would be better to stop sending
out the hostname in the first place - this is straightforward, and easy
to do.

A watcher might be able to do this simply by monitoring network traffic,
even encrypted traffic. If they are close enough, and your habits are
fixed, you make it easy for them.
If you are serious about this, you should use different network devices,
randomise your activities, (or stick to a fixed regime), invest in an
UPS, use all the capabilities of Qubes to separate out activities.
I can almost guarantee that in the end it will be your own actions which
will let you down.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
3 Likes

it would be better to stop sending
out the hostname in the first place - this is straightforward, and easy
to do.

how?

you should use different network devices

you mean different WiFi routers for different identities?

invest in an UPS

what is this?

Rest is clear, thanks. :slight_smile:

it would be better to stop sending
out the hostname in the first place - this is straightforward, and easy
to do.

Many problems that people have in Qubes are actually not Qubes specific.
This is one of those.
You can find guides online which explain how to block sending hostname.
The only Qubes specific part is that you have to do this in sys-net.

NetworkManager doesn’t allow you to do this globally, but you can
configure it per connection, by adding this to your connection file:

[ipv4]
dhcp-send-hostname=false
...
[ipv6]
dhcp-send-hostname=false

You can configure the dhclient agent not to send hostname by editing the
config file at (Debian) /etc/dhcp/dhclient.conf.

I mean different devices.
If you want to keep identities separate, think about how they might be
correlated, and how an adversary might demonstrate that they are linked.
The simplest way would be to cut phone or fibre connection, while
you are online with both persona active. If both drop off, that’s good
evidence that they are using the same line.
Better would be to use line of sight for one connection, while your
vanilla persona uses sys-net linked to your standard connection.
You could use a cantenna to access a remote AP.
You could use a phone, but you should use burners - otherwise it would
be simple to correlate that activity with your standard.

Uninterruptible Power Supply.
If the power goes, you would want to keep one connection running.
Again, think of how an adversary could simply correlate personae.
Shutting off power to your building while you are on Facebook and also
administering SilkRoad2000 could be catastrophic.
Keeping one connection running with a UPS could help.

I’ll say it again - think about how some one else could show that two
personae are linked, and then take steps to mitigate that risk.
Tor can help, of course. But in the end it will almost certainly be
stupidity or carelessness that will expose you.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes