How to hide the fact that I'm Qubes OS from Telegram


The feature you’re looking for and detailed reasoning why this cannot be implemented has been documented just now:


When you use desktop Telegram in Tails it sees all your real hardware information. Does it? But now, thinking about amount of people using Qubes + Whonix + Telegram, I already don’t know what’s better. :face_with_diagonal_mouth:

I just read this. Does it mean that desktop Telegram in Qubes Whonix app qube still can see my real hardware information? I always thought that Qubes virtual machines hide your real hardware information (this is how virtualization works. Doesn’t it?). I heard all virtual machines hide your hardware.

Other than that, I can say that I read all your comments and it seems all you, guys, think in wrong direction. The point is not in hiding from applications you use the fact you’re using Qubes OS. The point is to hide that fact from your ISP. If they will not know that it doesn’t matter much how big is pool of Qubes users. To hide that fact you need to disable all traffic that can tell your ISP that you’re using Qubes. I discussed it before with one of guys presenting here and he said that for this you need to disable checking for updates for all qubes except of Whonix based. I would say it’s better if your non-whonix qubes had no networking enabled at all.

Your suspicions are correct (at least in the default install). But - big BUT - it does not leak the fact that you use Qubes, because it is a plain default Fedora clocksync setup. See Dom0 Clock Time Server .
At most, it tells your ISP that you run Fedora.

P.S To the angry moderator(s): I consider that this answer is not completely off-topic, and contains a link that furthers the discussion of OS fingerprinting, which is in the same direction as the topic of this thread.


Did you mean under these words hardware info of user’s real device? I want to know what hardware info gets app like Telegram when running in qube. Does Qubes hide hardware info of the real device? I always thought so.

Use a different host OS. Install arch or something inside a qube and set it to use whonix as its net qube (may or may not require fiddling to work). If it still knows it’s running on Qubes or Whonix then uhh… wait why are you using telegram anyway? session messenger exists and is tangibly superior

Run any tool that shows information about the available devices inside the qube and find out what is hidden and what is not.

1 Like

Yes, I exactly was going to ask about such tool. I suspected that such thing exists. Tried to find but couldn’t yet. Could you suggest something that might be suitable for use in Whonix qube?

Plenty, with and without GUI. You can try anything, especially tools that are available in the official repos.

Some random links:

1 Like

Found these tools so far. But not sure if they display exactly what Telegram can see. If you don’t know the best option for this purpose I will have to try everything myself. There are also special terminal commands but I think it’s not really what is needed here 'cause terminal is not the same as an hypothetical application. Am I right? The terminal is supposed to have special rights over any application.

I would recommend running telegram from flatpak or some kind of sandboxing alternative. I do not know how to easily check what is available to app inside flatpak. But if you install telegram as native app, it has almost the same access to system properties as any other service tool.
If you install telegram from source code, you can potentially check what this version of telegram is accessing and requesting.

1 Like

Thank you anyway. I wrote my previous comment before you answered. Anyway I assume that GUI programs would be better than commands since terminal has more rights so its results could be not so indicative.

Not at all. GUI or not - does not matter, terminal is not providing any additional access rights. Moreover, any GUI tool can internally run any terminal commands it wants, without showing the terminal output.

1 Like

Installing Telegram from repositories is the thing you say? But what if to use application downloaded from official site? Don’t remember what format does it have. Appimage or what (only remember that it is executable file). What will be difference in these two versions in terms of the rights they will receive?

Never used and never heard about such format so know nothing about how to handle it. Will have to learn it if anything. :slight_smile:

So any GUI has sudo rights because I used sudo to install it and how it would thus delegate to it the use of these rights?

Any program can call sudo, it can be a script or it can be a GUI tool.
By default both scripts and GUI application start with user rights, both can increase it to root considered root is passwordless accessible in Qubes OS by default in templates and qubes.

flatpak is a sandboxing provided by Fedora and other distros. Ubuntu uses snapm which I consider worse in multiple ways.

The discussion derailed to semi-offtopic, though.

1 Like

So… I tested many of commands from those links and severel terminal utilities in a qube. Currently it seems it leaks only info about my real processor. But why? I expected that vms and particulary qubes will hide all my hardware information.
Let’s imagine: if adversary (government) knows that you use Qubes and knows your real processor info, he will try to find that user, that may be living in his country and uses Qubes, and has the same processor. Can he find somehow processor info of all users that use Qubes in his country? Let’s assume that user uses another OS (Windows, Linux, etc.) on the same device with Qubes. Can that other OS somehow leak processor info during Internet connection (for example during updates checks or update process)?

P. S. For angry moderator :slight_smile: I disagree that this is off-topic! TC is afraid that adversary finds him because of Telegram that knows that he uses Qubes. I SAY that more importantly, his Internet provider should not know that he uses Qubes! If provider will not know that, then it doesn’t matter much if Telegram will know. And my comment is calculated to find out how much information the ISP can get in order to use it to identify the Topic Starter (and us all of course). :slight_smile:

1 Like