guys, thank you for the answers, so in the future I will install qubes on a PC
Regarding the modem stuff:
With your current setup:
You have to figure out on what USB controller it is, then you can assign the whole controller to a qube that handles the networking, for example sys-net. This only works if you have multiple controllers, so the controller with your system stays at dom0 and you plug in your modem in the other one.
If your system is installed on an HDD you can choose to use a dedicated USB qube or use sys-net for that. The latter should work for you.
After you have ensured that you have your modem visible in your sys-net with lsusb you only have to figure out how to use your modem with linux.
Thanks for the advice, maybe I can figure it out, I’m new to this business. Without instructions, I can only figure it out by eye, I’m not a programmer and the same terminal is a dark forest for me + to the fact that I’m Russian and don’t know English, I translate everything in Google translator and the same pages. If you help me figure out where to click according to the instructions, I will donate a little Bitcoin or monero to your wallet, and qubesu cooperation will also make a donation. For such an excellent system) in general, if there is time, help, I will remind you that my qubes is installed on an external ssd hard drive. Because of this problem
You can connect your USB controller to sys-net without a terminal. Just go to Qube Manager, open “Settings” of sys-net , tab “Devices” and choose the USB controller and put it to the right. sys-net should be powered off, it should not be running for this.
However I am not sure how it works without sys-usb. It might be dangerous or impossible like this, because your dom0 needs USB to boot.
Did you try to create sys-usb? But I’m not sure how it’s gonna work if you’re booting from a usb ssd drive. If it doesn’t work then if you have multiple USB controllers on your PC you may leave 1 USB controller with usb ssd drive for dom0 and create sys-usb with other USB controllers.
TLDR: Just run this command in dom0 terminal:
sudo qubesctl state.sls qvm.usb-keyboard
And add this:
sys-usb dom0 allow
At the beginning of this file:
/etc/qubes-rpc/policy/qubes.InputMouse
Sorry, you have to use the terminal. It is the easiest to provide help over the internet, don’t be scared of it. We will get you through this. 
So what we are going to do is:
- Identify the usb qube
- Identify the modem
- Find out how to use it
- use it
1. Identify the USB qube
First, you have to find the qube that has your USB devices.
There are 3 possible qubes that could have them.
- (dom0) No sys-usb
- (sys-net) sys-net as sys-usb
- (sys-usb) sys-usb
You can choose this in the setup. If you know your USB qube, skip to 2.
Try this: Click on the qube icon in the upper right corner to list your running qubes. If there is a sys-usb qube running, you have sys-usb. Skip to 2.
If not, click on sys-net → Run Terminal.
Run:
lsusb
in sys-net.
Here is an example output:
Bus 005 Device 004: ID 0000:0000 Realtek Semiconductor Corp. Gigabit Ethernet Adapter
Bus 005 Device 002: ID 1111:aaaa Some corpo, Inc. USB3.1 Hub
Bus 005 Device 001: ID 2222:bbbb Linux Foundation 3.0 root hub
Bus 004 Device 006: ID 3333:cccc some corpo, Inc. USB Billboard Device
...
If it looks like that, sys-net is your USB qube. Skip to 2.
Here is an example for when lsusb returns nothing:
[krakin@sys-net ~]$ lsusb
[krakin@sys-net ~]$
If it looks like this, dom0 is your USB qube.
Confirm this by clicking on the qubes menu in the upper left corner → Run Terminal.
Run:
lsusb
in dom0.
It should display something like the example. If not, something is wrong.
2. Identify the modem
In your USB qube open a Terminal.
You can do this over the start menu:
- dom0: Run Terminal
- sys-net: sys-net → Open Terminal
- sys-usb: sys-usb → Open Terminal
Run:
lsusb | grep Huawei
and post the output so we can determine the next steps.
2 Likes
Check if you have one or more USB controllers in your system in dom0 terminal:
lspci | grep USB
You have 2 USB controller. You can leave one controller with USB keyboard/mouse and with your USB SSD to dom0 and create sys-usb with the second controller.
Follow this guide:
Sorry for drifting the topic
I strongly recommend to throw away anything with Chinese brand. They are purely made for spying for the Chinese government. Chinese government subsidies Huawei with hundreds of billion dollars to make its product dominate the market.
There would be no mean to use Qubes if you have a Huawei Modem connected to your PC.
Good.and then what to use? I have a laptop. And I’m on the road all the time. I always need a good internet connection. These modems are popular in our country. They work with all operators. And they have a stable Internet connection. I live in Russia.
Thanks for the help. I will try
Thanks for your interest. I’d suggest to use OpenWRT(or DDWRT). Buy a router that strictly matches a model in https://openwrt.org/toh/, and flash it with OpenWRT firmware. They are open source, privacy friendly, secure and hackable.
1 Like
Hey, does the wire connection refer to USB or RJ45 connection? Check sys-net-----Qube settings-----Deivces----- see if Ethernet Adapter(Something like that) exists. In most cases sys-net has direct connection to the Ethernet Adapter hardware.
If it does not work, try a RJ45 to USB adapter. Ethernet adapter on your motherboard may needs driver that Qubes does not have but USB Ethernet adapter normally works fine.
USB Ethernet adapter is something like that 
Thanks for the help I
I disagree.
Two things:
- Either you have the chinese backdoor, or the american one, so choose your posion/least adversarial option. However i see less people complaining about Cicso. (obviously OpenWRT is the best option if one can live with additional external hardare)
- Everything entering your sys-net should be considered “in enemy hands” anyways. Right after that comes the insecure network so it is not to be trusted. Either you have taken precautions like using Tor/VPN/whatever or not Qubes gives you the tools do take those precautions with an astonishing level of security so especially when having untrusted hardware components like network interfaces Qubes gets very useful.
Agree to disagree. If i weren’t Chinese, I’d always use Chinese backdoor. Their motifs against foreign ordinary people are without a doubt less adversarial, and even if they wouldn’t, I’d be less reachable to them.
The mobile broadband modem is much more dangerous than something like ethernet/wifi adapter. You can place hardware firewall between ethernet/wifi adapter and internet and filter potential malicious traffic but you can’t restrict the mobile broadband modem traffic.
Also the mobile broadband modem can track your geopositioning based on nearest base stations and report it over the internet unrestricted as there is unknown proprietary firmware in the modem with broad capabilities because it has linux inside.
1 Like
Why this?
Sure, getting geolocated by the carrier, but that is a trade one has to agree on when using cellular services. That is why i am not using them. Compromised or not.
A rogue sys-net with wifi capabilities can geolocate you much more accurate, than with a rogue broadband adapter.
Having a malicious sys-net pretty much sucks, but is not fatal (depending on goals, threat model and so on).
I thought about placing another firewall between my Qubes and the outside to only allow traffic to my guards.
But i am not sure, that this would help anything regarding data extraction: I cannot reasonably inspect Tor packets and if my sys-net wanted to extract something, this would be the way: Going over Tor with the same guard as me. So even if i use the most restrictive firewall, data extraction is ridiculously easy, as it would be over broadband.
Other than that, it cannot modify packets or read them with either wifi, ethernet or broadband.
I see some technical differences between wifi vs broadband of course, but the capabilities that an adversary would gain are very comparable imo. Or is there something i am not seeing?