Good to know
Yes, I am being CyberStalked and targeted by the hacker who is CyberStalking me … he may or may not know how to exploit QubesOS. He certainly does know how to hack Debian distros and BSD distros I know that which is why I am trying to understand what I can do about it and why I am asking really “dumb questions”. I would rather look completely stupid than have him own my new QubesOS build, as I don’t have the money after he stole it all to be replacing equipment again.
So you can open up something like your debian template and type sudo apt install gtkhash or in Fedora sudo dnf install gtkhash and then you can have that tool in your template.
yes, sorry if I seemed critical.
Do you have a link to the resources that has these instructions? As I will be doing this soon. I want to have a iso of KickSecure as one of my templates to clone for multiple VMs
That’s lovely and all, I just need to get back online with hardened security so I can make $ before I starve and become homeless from defaulting and not paying property tax after being robbed by this hacker … as said I will learn later but not now. Sorry not sorry if that offends you or anyone, but the real world will use Qubes as a solution sometimes not as a flex academic exercise of hypotheticals. I am under a real world threat and here because QubesOS likely solves most of it
In that situation, you may want to use minimal templates for you sys-net and firewall VMs. minimal templates are harder to hack because there is a smaller attack surface. That’s an advanced topic so learn fast?
You can also use operating systems that never save anything (unlike Qubes) if you are concerned about that.
You should stop using home internet if the person has your IP and get a new MiFi that is not in your name if possible. Cellular networks usually rotate the IPs Make sure you do not have a fixed IP. It’s better if everything goes through sys-whonix then.
Normal websites linked to you will be hard to access through sys-whonix so you may want to try to get static IPs and connect them to whonix to access those sites. This is harder to do and it’s not really in the documentation.
If you have a hacked phone, they may be trying to access your network through that. Make sure you don’t have weak points connected to your network. Don’t use default passwords. If you know Debian and BSD then you probably know all that.
Wait I’m confused by this
So I make a VM of say Debian
Then from that little Debian computer I install?
I thought, actually I don’t know yet as I haven’t yey hooked it to the internet, I imagined I would have to open Terminal as my user name which means I would be in Dom0? Then have it installed?
How would I install from a VM to a Template? What? I am so confused now
np
You may want to use Tails while you are learning Qubes?
Tails takes almost no time to learn, everything goes through Tor. You can probably learn Qubes faster than I did. I’m not that good at all of this. I am just someone here in this forum. Most of the people here are smarter than I am.
You have to install the applications in the template. Then you refresh the VM to see the applications from the template.
You only install from the Template.
Again, Tails could be better for you until you understand Qubes entirely.
I got a loan from a family member and have gotten all new equipment yes, and I will have a different ISP — sadly it is still in my name though. This time it is not a static IP and it isn’t cellular (which he somehow sniffs I have no idea how he is watching cellular ATT towers). I have a mobile satellite unit now that I will set up once I build out the LAN (I will have a crash self course it seems with 2 network firewalls coming up, after I get past setting up QubesOS)
As for minimal templates I heard of them but I was told and it says in the documentation that it is advanced, plus someone on here also said if I didn’t setup the minimal template correctly that I would introduce a security risk so I am hesitant to try until later
Some things I am willing to compromise on by relying on the VPNs and Firewalls I will be leveraging as well to keep me hidden and safe
Just to let you know, this person probably will hack you again. It will just be much much harder in Qubes. It will increase the amount of times it takes to hack you, it will become a pain for them instead of easy. Same with Tails. Make it hard for them, right?
But also back up all your data and don’t keep it connected to your network. Good luck!
Is there a way that I would be able to reconfigure Whonix to use a system wide VPN instead of TOR? I have been wondering about that …
There are ways to do this and guides here, but it won’t go through whonix and if you are predictable, it will still be possible to hack you.
You can attach things to whonix, but it’s hard to do and very advanced. You can do strange networking things in Qubes and do whatever you want. If you lack time to learn, you may want Tails. If you weren’t using a VPN at all before or a firewall, doing even a little bit may stop this person.
Tails doesn’t have security that QubesOS has, just because it is amnesiac doesn’t make it as let alone more secure than others like QubesOS or even KickSecure OS
QubesOS solves my problems much better, because I have to log back into Google which he has zero days on … so I can migrate my stuff off of Google
My anonymity is going to be more addressed at the network level, while I want the OS to address the security more. Hence if I wanted Tails I would be using it already for this scenario but it is not a good fit, QubesOS fits my use case under my current Threat Model
0days on Google? That sounds unlikely. Can this person get in even with 2FA that is based on an authentication that is not connected to the Internet? You are probably doing something wrong, but it’s possible?
He is able to gain persistence on the firmware level, like NICards and all that — Tails does not solve this problem but QubesOS does as Qubes also controls access to hardware components thus its firmware
If you are already exploited with firmware, you need new hardware to not be exploited, probably even in Qubes. You also may be wrong and your firmware may not be hacked. That would be really hard for someone to do, but not impossible? It’s more likely they know your static IP or that they have compromised your router or that they have malware on your phone that connects to a router.
Sorta
I wasn’t using anything substantial sadly
At the time of the hack I was behind the AT&T Armor Firewall as well as the basic MacOS firewall. That was it. He bypassed those like butter as if they were nothing at all … mind you I had only the regular 2 internet ports open. Once he was in HE turned on “SSH” but it wasn’t allowed prior until after he took over my system
This time around I will have literal hardware based firewalls and stricter port control as well as a layered VPN tunnel
Did you use default passwords or passwords that have been compromised? like you used the same password everywhere?