Do VMs have different fingerprints depending on the machine used?

If I am using a VM on one laptop, and then I restore a backup of that VM on another laptop, will they have identical fingerprints?

Do Qubes users have identical or different fingerprints if they use the exact same VM?

For instance if someone is using Firefox in Debian 12 on one laptop, then uses the same Debian 12 Firefox on another laptop, will there be different canvas fingerprints or will those be exactly the same because of virtualization?

1 Like

Virtualization is not hiding you CPU model, so the fingerprint can be different.

2 Likes

Are CPU models very unique?

If two laptops had an i3 processor, would the fingerprint look identical?

There are tens of different i3 models. If you’ll have the same exact model then the CPU information in the fingerprint will be the same, but I’m not sure that your whole fingerprint will be the same.

1 Like

Would canvas fingerprinting still have a unique fingerprint for each computer or would this be the same for each Qubes computer with the same template because of the virtualization?

Is there any way to block this? Even VirtualBox blocks this.

2 Likes

I don’t agree with andrew wong’s response.

just because there could be a complex code execution to try to fingerprint the CPU in other ways doesn’t mean most programs would do that

tracking companies go for the easy method of tracking most often because most users are easily tracked because they have no technical knowledge and are naive. most exploits come from either malicious programs downloaded without checking the hash or maliciously engineered closed-source program or javascript but the biggest threat is javascript tracking and always has been

i can’t run virt-manager in qubes to get around this. if i were trans person in nigeria, or a woman in america who considered exercising reproductive choices like using birth control i could be concerned about corporations selling tracking data about this linked to information like CPU

the solution seems to be an dual-boot system if there is no method to hide obvious identifiers…

Which response? Please quote the part you’re referring to.

What did I say that you believe to be in disagreement with any of this?

1 Like

There is a tendency for some security researchers to be against mild anti-fingerprinting techniques because there are more complex fingerprint techniques available that bypass this.

I read your reply as saying such mild fingerprinting techniques wouldn’t defeat sophisticated attacks and therefore CPU identity obfuscation wasn’t something worth coding for the OS and I disagree because most tracking techniques are less sophisticated and results of such techniques get sold.

Did I misread your post?

You didn’t say this. I am wrong. You declined the issue so I think it must be opinion. My reading isn’t always right.

Yes, I think so. I don’t recall having said anything like that. (If I did, I’d appreciate a quote showing where I said it.)

Okay, no problem.

Technically, Marek declined the issue by adding this comment and closing the issue. I just added the “declined” label for him afterward, since he didn’t add it himself. The reason I mention this is because Marek is the one who has the technical expertise and authority to decide whether the issue should be declined, not me.

I’m not sure what this part means.

Same. :slight_smile:

1 Like