Frozen/hidden tabs in tor browser -- hacked?

Or maybe @steve123 is a nation state actor trying to push people away from Qubes OS as it’s too secure to hack for them.

6 Likes

3 posts were split to a private message by @deeplow as they were off-topic

@renehoj and @Szewcu I find your latest posts equally unproductive, especially since the OP has already acknowledged that we need to look at what actually happened. Maybe we all calm down now and help figure out what might have been observed here. For that purpose I am moving this thread into ‘User support’ and rename it to reflect the actual issue observed.

@steve123 a quick web search reveals that the effects you observed can stem from “hardware acceleration” being enabled in the preferences and/or firefox (which torbrowser is based on) has the ability to “hide tabs”.

The rendering of your tab bar seems defective. It appears the URL text itself and the actual web context are still updated, while the tabs and their rendering are somehow frozen.

Is this reproducible? Meaning if you try to do the very same thing you did last time this happened, can you make it happen again?

Is it possible you ran out of space in that disposable?

Have there been any other messages or warnings in this context?

Has this happened more than once?

The larger point here is that Qubes OS actually worked as designed. You ran Whonix/Tor Browser in a disposable qube. Let’s say this really was a compromise of the Tor Browser … then Qubes OS did exactly what it is meant to do: it kept the whatever it is that happened contained in that one disposable qube. No other OS can give you that level of compartmentalization / security.

2 Likes

It’s not reproducible.
There’s still a lot of space in that disposable VM
There’s no message & warning.
This happened more than once.

1 Like

Thanks Sven, for trying to bring some sanity to the thread.
That said, I see no point in continuing with it - OP has already said
that they have moved on to Kali, so will not be able to provide
meaningful answers to any Qubes questions.

I was only able to view one video. In the last month I have watched
Paris being attacked by Russian forces, and heard numerous pieces
of misinformation coming from Ukraine. I set no store by any video
evidence, unless I generated it myself: even then I often have doubts.

We seem to have ended up with comments in at least two separate threads,
neither of which are in any way productive for Qubes. If I could,
I would lock these threads on that ground.

One issue does concern me.
It has been suggested that OP’s report be discounted on the grounds that
they had not updated their system.
This is a mistake.
It could be that OP has been the victim of a hack against Whonix, and
that the vulnerability in Whonix 15 is still present in Whonix
16. It could be.
There are many examples of vulnerabilities that have lingered unreported
through repeated updates and new software versions. So the fact that
this user was using a version that was approaching EOL does not mean
that the report should be dismissed out of hand.
What would be required would be a detailed investigation, monitoring
process and network activity, during and after the alleged incident.
Then it might be possible to identify the root of the problem, if one
exists at all, and consider whether it still exists in Whonix 16.
There is no chance of that happening in this case, which is why I think
these threads are unproductive noise.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
5 Likes

2 posts were merged into an existing topic: Reflections on the “Noise” in the Forum

@unman I will return back to using Qubes OS in the future b/c I have seen a forum team that is ready to solve issues for Qubes users. I hope my issues would be solved by following your team’s instructions in the future.

4 Likes

Ok. So next time this happens, if you can keep the disposable running and in that state. Then post to this thread and you’ll receive proposals on how to debug / diagnose this. I am sorry for some of the directions this thread has taken and I hope you see the moderators efforts to keep it focused.

Going forward posts that do not address the technical issue of this thread will be flagged and removed.

3 Likes

@unman, not sure if your comment was about mine or not, but I totally stand by what you said. Sorry if my comment sounded otherwise. I did not mean to discard OP’s post due to that. Also I have made a specific effort to frame as the solution instead of blame:

Glad our discussion made you reconsider :slight_smile: In any case, always think of your threat model to determine what tools are appropriate.

Also, please note we are community member and not a team. Our views are our own and we’re just trying to help. Even though this is the official forum, it’s run by the community essentially.

3 Likes

I also randomly have frozen/hidden tabs in firefox. I guess it could
happens in the tor browser too if I used it more often.

I don’t know how to reproduce it, but I found that toggling the
fullscreen mode usually get things back in place.

I use i3 as window manager thought.

2 Likes

@Sven @deeplow Thank you. I will only be able to use version R4.0 as it’s compatible to my hardware (HP elitebook 840 G2) according to HCL.

A post was merged into an existing topic: Can Qubes Run on a Computer if It’s Not on the HCL?

I suggested this, and I agree a vulnerability could be present in EOL and have persisted. But if that were so, the same experience could be had if the user performed the maintenance; any investigation would then be at a much more stable starting point. It is rare for someone to want to investigate a potential security issue on already-known-vulnerable software.

Given that the very first sentence by the user was:

"The purpose of posting this thread is […] simply to warn that nation-state actors can hack Qubes OS easily. "

…and is a statement that marks high on my spam meter, it was obvious the user is not interested in an actual investigation.

The user has not provided any information regarding their experience with Qubes, such as how long they’ve been a user, their hardware, specs, what they were doing when the behavior was observed, etc.

No attempts were made by the user to try to figure out if this is a known issue and how to resolve it, especially if the next step was to install Kali linux, which, they claim was coincidentally hacked. One video claims Qubes was hacked on 3/18 while another says then 3/22; one video claims Kali was hacked on 3/25 while another says 3/27.

I’m all for benefit of the doubt, but the story did not add up to “a user who experienced an issue and wanted to resolve it” but more inline with potential conspiratorial thinking, which is never helpful in a technical community.

The most helpful advice I could provide despite all my attempts to ignore the thread was to upgrade the system. If the user put in the effort to do that, then came back and showed interest in an investigation, then this thread could potentially turn into something helpful for the community. If not, I’d argue the user’s intentions were elsewhere and I’ve unfortunately contributed more noise!

1 Like

I had the exact same bug that you displayed in that video–more than six times at the very least (easy fix: open a new window and move all the tabs in that earlier broken window to the new window) and I’m sure I didn’t get hacked.

Just rest assured, you weren’t hacked.

3 Likes

Oh yeah forgot to mention, that bug even happened to me two times on an offline VM with Firefox ESR.

2 Likes