I have never been sure I am doing the right thing with this setup, but I have found it really very convenient. Since security/privacy is usually inversely related to convenience, something is probably wrong. I’d like to hear your critique.
Objective: GUI Mullvad app in a VPN-vm (as template for disp-vm) - visual representation of connection, easy-to-change locations, killswitch.
- Mullvad app > Use multihop (bridge) connections.
- Website (server list) > Select a limited number of “entry” servers to use.
- Qubes firewall tool (Settings panel) > limit connections to these IP addresses.
- Mullvad app > chose/change “exit” server in the GUI as you wish.
Qubes Firewall rules (GUI settings panel) doesn’t catch
- enable Mullvad’s
shadowsocks5proxy in the browser (about:preferences Networking)
- make sure the option to shunt DNS traffic through the proxy is switched on.
Mullvad’s check page (mullvad.net/check) always seems to go green for me, although DNS is the slowest to register (especially between server changes). Is it enough to trust this page? If not, what other tests can we do?
gpg (for any network access) don’t work in client qubes, but that’s probably because I haven’t bothered to work out how to pass them through the proxy. (I just use another dispVM).
I have occasionally had Google or a large chain store seem to pick my real location (or close to it), but its not common. That may be a leak through other ‘layers’ (e.g. fingerprinting).
I would love it if someone could point out where this strategy is flawed.