Link protection with (default web-browser) porcupine

whoami · November 17, 2020, 7:16am

In the Qubes OS introdution video:

time: 17:24

The program porcupine has been introduced.

I really like the idea - simple and provides one layer of security.

Who is using it?
Any plans to bring this in standard?
Any alternative solution for “hyperlink-routing”?

adw · November 18, 2020, 5:03am

Interesting. My own approach is just to use a minimal template that doesn’t have a web browser installed at all for qubes in which I don’t want links to open in a web browser.

whoami · November 18, 2020, 7:07am

Well, up to now I did not have a look into minimal template but your approach looks also doable. Nevertheless, the implementation of this simple tool would make it super simple for all without making the manual work one-by-one.

I am absolute sure that all of us forget sometimes the SHIFT+ctrl.+v when we want to copy something to a different AppVM. For me it is the same with links in i.e. a messenger or private AppVMs which you do not fully trust but accidentally you just click instead of ctrl.+c > shift+ctrl.+c > shift+ctrl.+v > ctrl.+v the link.

Needless to say everyone could implement the small tool into her/his Qubes but I think the implementation effort to bring this into standard is small compare to the benefit and security it brings for Qubes users.

Any Qubes dev opinion on this?

Sven · November 18, 2020, 5:27pm

Another approach is documented here:
https://github.com/Qubes-Community/Contents/blob/master/docs/common-task
s/opening-urls-in-vms.md

So whenever I click on a hyperlink I get the Qubes dialog asking me in
which qube to open it.

My choices are:

* dvm-anon (whonix/torbrowser)
* dvm-clearnet (secbrowser)
* app-work-web (firefox, state-full, VPN)
* app-web (secbrowser, state-full, goes through sys-whonix)

* ... or an already running instance of dvm-anon or dvm-clearnet

I am also using this approach to open/view documents in offline
disposable qubes.

It’s quite powerful and the least clicks / key presses to the desired
result, while nothing ever gets just opened.

Sven · November 18, 2020, 5:29pm

Oh wow, I accidentially sent this with a PGP signature and then came here to apologize and edit/remove it. Seems Discourse has automatically taken care of it … which means I don’t have to think about it. Awesome!

Maybe it should strip signatures too?

deeplow · January 10, 2021, 1:01pm

For future readers of this thread, SecBrowser has been deprecated.