Well, it kind of does. Qubes OS is used so rare, it can make user almost unique. Especially if you limit the choice with connection info, country, screen size and etc. All that is available to any app in every online qube.
I would even not exclude the possibility, that there are countries that have only 0-1 actual users of Qubes OS. It makes them completely unique.
P.S. Whonix is helping with privacy but it is targeting mostly the different problems: like TOR connection with no leaks, security of something running in the browser sandbox. It probably does not help much against application that run in the qube.
I agree about the uniqueness of the name and the pool size of users using it. But as I said and as you confirmed, Qubes can be detected in many different ways.
Qubes is security based while Whonix is privacy based. I guess it’s up to Whonix to change that or work with the Qubes team to limit the amount of uniqueness that Qubes provides within Qubes-Whonix. Unfortunately, that would change a lot and would most likely make it difficult to maintain between classic Qubes and Qubes-Whonix.
While the pool size is smaller, since it includes both Qubes and Whonix instead of just Whonix, it’s still better than nothing. Also, Qubes-Whonix is installed and used by different people in different countries, which at this level is kind of enough (imo) to blend in properly (depending on what you do, of course).
From statistics, we are about ~40k people using Qubes, and a few thousand using Tor (most likely Whonix) in Qubes.
If the original design respected privacy better, we would have different situation and most of the ways would be mitigated. Currently a lot of privacy problems exist for no particular reason and could have been solved from the start.
Some additional things like marking qube with some attribute to force it be unaware (or less aware) of Qubes OS would be a good step, too.
The problem is that Qubes OS is an operation system, while Whonix is targeting mostly reliable network gateway + safe browser. But the topic, we are in, is about privacy problems for desktop application (Telegram desktop) that run in Qubes OS. So, as I understand, Whonix is not helping much in this case. Or is it (I am not certain)?
It is very small number. Especially taking into account that vast majority of these people are located in quite limited number of developed countries.
The problem is that you can’t hide it, no matter what you do. You can only reduce the amount of identifying information, not all of it. For example, even if you rename all Qubes-related systemd services, the binaries are still unique to Qubes and can be used to know if the user is using it. Some things have been done, such as the unique mac identifier for all qubes, but that’s not enough, of course.
Qubes and Whonix devs have been working together for quite some time now and they make sure it works as much as possible like any other Whonix release (KVM/VirtualBox). It’s not perfect, but it’s still a lot better than a normal Qube.
It is about desktop applications, yes. It’s still a better choice to use Whonix since it includes specific modifications (stream isolation, sdwdate…). That’s why Whonix ships with some programs by default, because these don’t leak as much as telegram for example.
I know that’s not enough for everyone. Some threat models require a larger crowd, but those would probably be better off using something like Tails. It’s all about what you want to do and how you want to do it.
I’m wondering why there is no spoofing of this in such a system? I mean, why didn’t the Qubes OS developers do spoofing?
Maybe there’s some way to contact them to get them to develop spoofing? Because it’s a very important thing for security, especially for a system like this.
“few thousand using Tor” - that’s not that many to be honest, there aren’t very many Tor nodes either, less than 10 thousand of them and that’s not good either too.
This system is designed for security but yet it has no spoofing, this is very strange, we should contact the developers of this system to make them this spoofing if it’s possible ofc.
As mentioned in the previous answers, Qubes is security oriented. Whonix has been integrated for the privacy part and everything about it is handled by the Whonix developers themselves.
This is the case if you are using applications that capture Qubes-related metadata such as telegram. If you’re using the Tor Browser or any other application that doesn’t store an identifier, you’ll get the normal Tor user pool size.
Spoofing provides no additional security.
This is very outdated. That kind of thing is not made for what Qubes is made for anyway.
I understand that security is not related to anonymity/privacy. And that Qubes have added Whonix, but the problem is not in Whonix. It’s a Qubes problem because it shows that I am using the Qubes system and not Whonix, if I use Whonix without Qubes it will show in telegram that I am using Linux XFCE X11 glibc 2.36
But I see what you’re getting at, you mean it should be done by Whonix developers, maybe yes, it’s very strange that such systems don’t have this feature (changing identifiers).
One way to fix this would be to give whonix a generic name instead of X-QUBES. But as I said, it seems to be tied to a lot of things Qubes-related and would require some modifications.
This should be done by the developers to make it available to everyone by default, and ideally make it possible to change the system identifier (this should also be done by the developers of these systems). I don’t know why they haven’t done it yet.
I don’t think it’s really a priority. It’s a small identifier, unlike some others. You should create an issue on github and explain your problem as much as possible. Maybe they will consider changing this within Qubes-Whonix.
I hope this gets addressed. Not for me in particular but for those where anonymity is part of their threat model.
A lot of these posts are not appreciating that your threat model is not my threat model is not @Aleow’s threat model. Using security-focused or even “secure” devices can be a massive security risk in some parts of the world. Any unique or mostly unique identifier can be all it takes for someone to get noticed and hurt.
Also, I strongly disagree that security and privacy are not related. They are not the same but I don’t think you can have one without the other.
We can discuss details, but do we all agree, that sharing qubes names (including own) with all applications of unsafe qube is not right and can be easily avoided in the current system?
It is a design flaw. 1) That domain name inside the qube is the same as qube’s name in dom0 for no reason. 2) Copy process leaks source qube names to target qube software for not actual reason, too (my proposal how to fix it).
My opinion: Qubes OS should not leak qube names to qube’s internal software (possibly malicious). Only dom0 should be able to know qubes’ names. It is easy to make it so.
Regarding OP, i use the web app version of telegram. Its just as good and my device info shows up as chromium linux (as i chose hardened brave browser). You could use torbrowser or arkenfox instead, but i feel hardened brave does a better job at fingerprinting resistance (aims for privacy whereas tor browser aims for anonymity).
If you’re using it locally then it’s a good alternative. But you shouldn’t use it using their web site because you don’t know what javascript did they serve you.
I don’t use telegram on my phone, to log into a telegram account you need a code that comes to telegram, I only use telegram on my computer, but if I have already logged into my telegram accounts from my computer (I use a lot of accounts), telegram has already seen that I am using Qubes, why do I need to use a browser? If they know that I have a Qubes system. If they found out about it, it doesn’t make sense to switch to a browser anymore.