I’ll explain: when you give to user possibility to enable in installation window downloading all updates through tor, you mean that user wants to hide from his ISP the fact that user uses Qubes OS. At least I think this is how user understands this feature (and how I understood it and why I enabled it). BUT in the same time new user may (and most likely) do not know that Qubes still will be leaking to ISP Qubes usage while performing clearnet updates checks. Of course he may disable it later but it most likely will be useless post factum since this leakage most likely will happen before user finds out and takes any action. So it’s much better if such feature will be implemented in installation process.
Two little detours:
Of course you might not mean what I meant and implemented updates through tor just to increase the security process of updates, but this is really important point for many users whose interests to hide the use of Qubes. For example Qubes doesn’t (and as I understand can’t) hide the fact of its usage for apps running in qubes (like Telegram for example). If evil government wants to find such user (and knows that he’s living on its territory) it will use its recources to find number of all Qubes users on its territory and try to figure out which one is he. For example Russia most likely has such possibility since all its ISPs have such feature like “СОРМ” pre-installed (it collects and saves all users traffic. Most likely gives possibility for its quick analysis). So lives may depend on it.
I hope disabling crearnet update checks is enough to prevent Qubes usage leakage (of course if user doesn’t run applications in qubes that have sys-firewall as netvm instead of sys-whonix), but may be not. So could you make it possible if so? To add some special feature that eliminate the threat without user having to use VPNs before tor? Or at least could you create some guide that explains what steps user should do to prevent this threat (if it’s possible to do without using VPN at all). But if it’s possible implementing of special feature in installer of course is the best solution.
what you can do is to not connect to the internet immediately after install, change Global settings to whonix with bridge, this will route all update traffic of Qubes through Tor bridge, hiding usage of tor from ISP combined with the servers of Qubes being pinged from your machine.
bare in mind that before anything, before all of this, you most likely downloaded Qubes through clearnet bare IP, so your ISP already knows if anything, just letting you know.
You probably don’t know that even if you select sys-whonix as update proxy Qubes still performs update checks for Debian, dom0 and Fedora via clearnet (if it is default settings). And you most likely did read my text not carefully. I say that new users most likely find out it when it will be already too late. That update through tor option in installer confuses them and they think that it is implemented to hide Qubes usage from ISP but it is not. So I created this request to convey the idea that it is necessery to add option in installer that gives users possibility to route all updates checks through tor. Yes, they can configure it later but they will do it only if they will know about it and there is high chance that they will know already after their first connection to the net when it will be already too late to hide something. Now understood?
And by the way: it’s better to route time sync through tor too, because even if this operation doesn’t tell ISP that user uses Qubes, it looks suspicious, because if there will be only time sync without any regular OS clearnet activity (like update checks for example) this will give reason to suspect that the user uses Qubes OS (or other anonimous system).
So you think I’m worried that my ISP will find out that I’m using Qubes OS through my updates checks and updates but in the same time I am so idiot to download its image through clearnet? If you only knew how many verifications I performed with this image…
yea, btw i do not disagree with anything you said, you are correct on everything, just throwing it out there what you can do if it’s “too late” at the very least, of for new or potential new users of Qubes if they see this post, you are also lucky IF, you never used Qubes under ISP you are registered with under your name to some extent, less finger print to some extent.