I hope this message finds you well! I am exploring ways to enhance the functionality of disposable VMs (disp-VMs) in Qubes OS, and I have a specific question regarding setting different environment variables each time a disp-VM is launched.
Is it possible to launch a disp-VM with a different environment variable (like timezone) each time? I would like to have a random timezone set for each disp-VM instance to improve privacy and reduce the risk of tracking. I’m aware of and do set the timezone on the host dom0 to UTC for privacy.
I had the idea of a isolated random timezone for different tasks like messaging app sees different system time and browser sees different time and so on.
I’ve put together a simple example script of what I’m trying to get at. Here’s the script I came up with:
#!/bin/bash
# List of timezones
TIMEZONES=(
"America/New_York"
"America/Los_Angeles"
"Europe/London"
"Europe/Berlin"
"Asia/Tokyo"
"Australia/Sydney"
"Africa/Johannesburg"
"America/Chicago"
)
# Select a random timezone
RANDOM_TZ=${TIMEZONES[$RANDOM % ${#TIMEZONES[@]}]}
# Launch the disposable VM with the random timezone
qvm-run --dispvm my-disp-vm "env TZ=$RANDOM_TZ bash"
In this script, I replace my-disp-vm with the name of my disposable VM template.
It would be nice it something like this could be implemented into disp-vm that the setting pointed to a config file with preferred timezones (to avoid your real timezone).
I would love to hear your thoughts on this approach. Is there a more efficient way to achieve this?
Also, are there any potential issues I should be aware of when modifying the environment of disp-VMs?
If the purpose is only to change the timezone that apps see, add this before sudo ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime; .
Changing the timezone isn’t enough to stop fingerprinting, as qubes usage (uname -a), CPU model (lscpu) and qubes settings (qubesdb-multiread /) are available. Two VMs on the same computer can also be linked through update times (cat /var/log/apt/history.log).
My advice, use tor or mullvad browser to prevent websites fingerprinting you. Limit use of hidden source apps. Timezones are a small part of fingerprinting, consider installed languages, keyboard layout, monitor size, too.
edit: timedatectl set-timezone America/New_York should also work
use tor or mullvad browser
Limit use of hidden source apps
I already do those.
Timezones are a small part of fingerprinting
Not entirely true, While its best to just use UTC +0 some fingerprinting and websites detect or try to match your GeoIP header with your timezone.
I have had websites trigger a captcha when not suing Tor since the system time didn’t match the geo-location of the IP address.
Furthermore When you connect to certain chat applications (e.g. IRC), users can see your timezone despite you using Tor which kinda defeats the purpose if people can guess your general area by timezone. Also when creating files, certain formats can include the timezone in the data structure. So it’s not entirely true about, while it may not be for fingerprinting it is for tracking/metadata.
Somewhat related but their was program or configuration that would change your system time depending on the VPN of country GeoIP you are connected to but I can’t find it?
edit: timedatectl set-timezone America/New_York should also work
Ok but wouldn’t that require sudo, please forgive me I’m new to understanding Qubes and templates. I previously tried setting ENV on linux when launching application but it wouldn’t work.
I was looking for sudo-less way of doing this but the only way is to utilize network namespaces or like you mentioned above the timedatectl command. Since VM’s also have isolation just like network namespaces I would assume this would work with ENV but maybe not?