Sorry, creating 2 threads of the same topic is because my 1st thread was removed by spam filter with notification that I am allowed to add only 2 links. So I created the 2nd thread with only 1 link, but it’s still marked as spam and removed. I don’t know why
I use version R4.0 is b/c my laptop (HP Elitebook 840 G2) is only compatible to this version according to Qubes os Hardware compatibility list. So, I don’t update it to R4.1.
Whonix 15 template is being used, but it’s still supported on the day that I recorded the video (March 22 2022).
Hi. I’ve watched the video. I’ll only comment about the parts relating to Qubes, but here are my two cents. Two cents:
- it was probably a bug and not a hack
- even if whonix-ws-dvm gets hacked it’s OK! Qubes does not claim protection within individual VMs
- No system can protect you if you don’t update it
#1 it was probably a bug and not a hack
I’ve seen this one before. It’s unfortunate that the system isn’t 100% free of bugs. If that were the case, any deviation from expected behavior would obviously be an attempted hack.
I can’t find the issue page, but this is a known bug. Basically you must have clicked some video or something that made the browser become fullscreen but Qubes did not make it full screen. To fix this you should click F11.
#2 Qubes is still protecting you
Even if it were to be hack, it Qubes would still be doing it’s job by protecting your other qubes. Qubes makes no claims of in-vm protections.
They actually assume an OS like Linux and Browsers is guaranteed have a large number of security vulnerabilities due to large attack surface and complexity.
For example, from the Qubes FAQ:
For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk
And you’re using a disposable qube. All you have to do is to close it and open a new one (assuming that was an anonymous session and you had not logged in to any service – if you had, you would need to assume those accounts having been possibly compromised)
3. Keep the system up to date
With pending updates, there is no system that can secure. Once a security update is out, it’s a race for attackers to use those known flaws to exploit your system…
To fix this, always keep the system up to date:
-
Fixing Pending System Updates
1.- When the system has updates available, run them at the very least once a day in your situation. This is done via theQubes Updatetool -
Fixing Outdate Templates (
2.and3.) - this may not be entirely your fault. Qubes sometimes ship with outdated templates. This is because it’s has its own release schedule. See this for more info. The solution is to keep an eye out on the Qubes news section for posts like this or this or better yet, subscribe with your email to the qubes-announce newsletter, where you’ll be directly informed of these end-of-life notices -
Tor Browser updates (
4.) - You have to use the Tor Browser Downloader application when you see an update and not update via the internal “update available” notification within Tor browser.The fact that it needs an external application (in whonix) or updates via itself is is a really really sad usability issue. A long issue the Tor Browser developers have failed to address.
Final comments
The “being complicated” is an issue everyone here is aware of and is something being worked on, for example via the upcoming application menu and an intergrated onboarding-tutorial, I’m working on as well as other community initiatives. It’s understandable if the burden of Qubes is too big for your workflow or consumes too much time.
However, the issue you’ve demonstrated is not a breach of Qubes
9 Likes
@steve123 I have edited your post to move the details and video references from your alleged previous hacks into an expandable section. This is to keep the discussion focused on Qubes OS only. Users can still expand it to see it.
@deeplow Thanks for your detailed response above. I’ll keep it in mind.
Could you change the first link marked as 1 in this screenshot to this link www[dot]youtube[dot]com/watch?v=a9hmzaayxoY&list=PLF89Idwk0YuwwrFkZO6WGt7b26MxpITBx&index=4&ab_channel=onlcenjik ? it’s because the links marked as 1 and 2 in the screenshot are the same video.
1 Like
By “hacked” do you mean that your speaker is malfunctioning? Please clarify why you believe someone has hacked you
@user128 how do you explain when a speaker working normally on one site (Youtube) and malfunctioning on a different site (Wall Street Journal), and tabs on PulseAudio Volume Control doesn’t change when clicking on them ?
That seems like a pretty huge leap in logic to assume that has anything to do with your computer getting hacked. There are any number of way more likely reasons for why this might be happening, malfunctioning drivers, hardware issues, pulse audio glitches. Even if your device was actually hacked there is a million more productive things they would be doing on your device rather than break the audio on the wall street journal website. Even as a non-technical user if I had hacked into your computer it would be trivial to cause much more severe issues than an audio bug. In fact I’d do my very best to prevent causing you issues and alerting you in any way that I had gained access. Audio commons are pretty common on linux I had a bunch of audio issues on my first ubuntu install that was fixed by installing proprietary drivers. All software will have bugs and glitches If you take a look through PulseAudio / pulseaudio · GitLab you will see they currently have 854 open issues.
I should also note that Kali is NOT a defensive security oriented distro, it’s an offensive pentesting oriented distro. It’s primary use is for offense, not defense. Even if you want a pentest distro you would be better off going with parrotOS which also comes with some useful defensive tools and various other useful day to day programs like onionshare and libre office
I’ve had mouse glitches many times in the past, it’s usually either a symptom of dust getting inside it or the mouse being worn out physically. in most cases taking the mouse apart and cleaning any dust or dirt fixes it.
2 Likes
One day earlier, the speaker on my laptop still worked normally on Wall Street Journal.
But I already know that I’ve been cyber-spied on for several years (since 2016) starting in the early 2019, therefore hackers who have cyber-spied on me no longer try to conceal their cyber-espionage against me. Here is video I made back in 2019 recording various occasions that took place on my PC unexplainably. Its title is is a bit misleading as Vietnamese Google staffs only aid hackers to cyber-spy on me and aid state-sponsored troll brigade’s activities on Youtube, rather than directly involving in hacking me. Even after learning that I have gotten cyber-spied on, I can’t do anything to evade it. The hackers who have cyber-spied on me just want to make sure that I won’t do anything dangerous to Vietnam and Russia, and won’t popularize my knowledge about Russia’s and Vietnam’s activities on a certain area, which I won’t write down here, and make my life filled with annoyances, rather than trying to steal personal data from me. Their Intelligence Agencies already know everything about me after several years cyber-watching me. Back in April 2019, they even sent people to stay in the same hostel dorm room with me for over a month before I ran away. They know that I know that they cyber-spy on me, but cannot escape it. So there’s no need for them to hide it from me.
Have you made any changes to your laptops software or hardware between when it was working and when it stopped working?
From skimming the video all the issues I read were all minor things that are not exactly uncommon. Navigation apps have to calibrate
At 2:46 You can even see the icon at the very right of the url bar indicating that the page has been zoomed in by 10%, probably from you hitting CTRL- on accident
off-topic
Most Big Tech services are inherently hostile towards privacy I’ve had a good 10-20 various google accounts blocked or banned because I don’t provide any personal details and connect over vpn or Tor. They likely assume it’s bot activity and its easier for them to just ban anyone they deem suspicious since they can’t milk any of your personal information from you anyway and thus have no incentive to keep you around.
Big Tech censoring comments is not anything new and completely unrelated to hacking. Even swear words will make your comments not show up on certain channels and I’m guessing it’s the same for any number of reasons why you might get caught in some filter. Especially if you are telling people to go watch your channel they will get caught by anti-spam filters
Syntax errors like in the JSON file is not exactly uncommon. A refresh would obviously never fix that since the issue is the contents of the file itself
Youtube has long had terrible/inconsistent GUI and ghost comments. No reason to suspect hackers
All of these things are WAY more likely to be caused by hardware/software issues than any hacking. I dont know enough about it to comment intelligently on it, perhaps someone else can help, but back when I used windows it’s not at all uncommon to have minor bugs and glitches with various types of software. Considering how much you use computers you are almost guaranteed to run into some bugs and glitches at some point, to immediately assume that the cause is hacking is unjustified. Even though I hate these companies not everything that happens is a product of them being malicious. Many of these things you mention happens to all of us all the time, especially those of us with security settings on max stuff is bound to break.
1 Like
The proper way to go about this would be to first provide the evidence, understand what happened and then have a conversation about what it means. What you do is making an assertion “nation-state actors can hack Qubes OS easily” without anything backing it up.
That’s why I struggle to take any of this seriously. Maybe you are a nation-state target, maybe you are just intensely paranoid and/or have little understanding of technology, …
… maybe you just want attention. I strongly recommend you to dial down the assertions and start backing up with data if you want to be taken seriously.
5 Likes
@Sven Ok, thanks for the response. I’m an anonymous user. There’s no benefit to get attention. You’re right, I should provide data to be taken seriously.
3 Likes
I installed mvt android forensic toolkit.
off-topic
Youtube is known to cooperate with Vietnam to censor contents in industrial scale. I don’t live in the country, but still get affected. Problem is my youtube comments as shown in the video aren’t politics-related, however they still get removed.
Software and hardware issues can make the URL to switch constantly as in the end of the video ?
Moderator notice: edited some posts to hide by default discussions on big-tech and their morals. Let’s keep the discussion focused on Qubes OS and the issue at hand.
2 Likes
You should also consider that maybe you are not communicating with Youtube at all. Maybe you were directed by DNS cache poisoning to a different server simulating Youtube, and this server could be set up such that it simulates Youtube as well as create the effects you observe - and in the background manipulate your browser in order to attack you. In Qubes, these manipulations should evaporate as soon as you shut down the AppVM running the browser (as long as you don’t connect the TemplateVM to any network).
2 Likes
@GWeck Thanks. I also think that there’s external influence, but just don’t know what it is. I contacted a couple of cyber forensic and investigation companies in the country that I’m staying in. However, they said they only help corporations and government agencies, rather than individuals.
Or maybe @steve123 is a nation state actor trying to push people away from Qubes OS as it’s too secure to hack for them.
6 Likes
@renehoj and @Szewcu I find your latest posts equally unproductive, especially since the OP has already acknowledged that we need to look at what actually happened. Maybe we all calm down now and help figure out what might have been observed here. For that purpose I am moving this thread into ‘User support’ and rename it to reflect the actual issue observed.
@steve123 a quick web search reveals that the effects you observed can stem from “hardware acceleration” being enabled in the preferences and/or firefox (which torbrowser is based on) has the ability to “hide tabs”.
The rendering of your tab bar seems defective. It appears the URL text itself and the actual web context are still updated, while the tabs and their rendering are somehow frozen.
Is this reproducible? Meaning if you try to do the very same thing you did last time this happened, can you make it happen again?
Is it possible you ran out of space in that disposable?
Have there been any other messages or warnings in this context?
Has this happened more than once?
The larger point here is that Qubes OS actually worked as designed. You ran Whonix/Tor Browser in a disposable qube. Let’s say this really was a compromise of the Tor Browser … then Qubes OS did exactly what it is meant to do: it kept the whatever it is that happened contained in that one disposable qube. No other OS can give you that level of compartmentalization / security.
2 Likes
It’s not reproducible.
There’s still a lot of space in that disposable VM
There’s no message & warning.
This happened more than once.
1 Like