Best option can be dom0+ minimal templates+ Whonix full version. But minimal with networking packages included cannot be a good option. Networking requirements if can be provided out of dom0 and minimal templates will be best (Why I think that is because any user may want some appvm which does not contain any networking code/packages/anything possible at all). But It’s not possible without funding I think as @adw mentioned.
I dont quite understand what you say.
What little evidence there is suggests that Whonix users account for
less than 10% of Qubes users (if updates are any guide), so I cant agree
The best option is a fully workable Qubes system with the option of
using Tor at install, and the option on configuration (or after) of
downloading, installing, and using Whonix.
Funding would be nice, but is not essential - if there is really any
call for this, and I’ve already said that I doubt there is. Convince us
it’s necessary and it will be built.
So you are saying that only 10% users are using Whonix. I may disagree here. I use whonix but don’t use it for updates as it’s slow. Not everyone on this earth has 300 Mbps connection.
But I will say that what panati suggested cannot be default option because it makes new users helpless as customizing minimal templates can be confusing for new users. But it will certainly help many advanced users (but then again it means maintaining two iso may be or may not be feasible). I even highly appreciate if that can happen someday.
With respect to hardening, the first step might just be to use the Fedora-minimal template for sys-net and sys-firewall.
I would like to add fedora/ debian minimal templates to create disposable sys-net, sys-firewall and sys-usb.
Thats o.k., as long as one puts more trust into Debian than into Fedora (which I do, because, in my opinion, the update frequency in Fedora is somewhat too high).
The title of this thread struck a chord with me because I remember writing an email to Ms Joanna back in early 2018 to thank Qubes OS for helping to shape my online working system into a more advanced level of operation. The whole thought process for navigating the World-Wide Web becomes clearer with this compartmentalisation of different types of sites. The categorisation of the system enables the categorisation in the mind of the user, so I have found.
I’ll try not to get too locquacious because I always tend to do so, but briefly list the organisation of the sixteen(16) VMs I’ve been using for the past few years, almost now.
First of all there are three(3) offline VMs. BASE, PLAY, and SAFE.
BASE is my main working VM for offline housekeeping, writing, graphic design, photos, file management; the basic stuff
PLAY is for the games, because I am not much good at games so best play against myself or a computer than other living opponents who usually beat me at anything. That is why I don’t play games online.
SAFE is the least used and most secure, which has confidential data such as passwords and things like that, if I ever forget something. SAFE probably only gets used once a year or less, but it has the secret stuff locked away, offline. If anyone ever got in there, all the files are encrypted and then compressed, so it’s quite protected, and that’s why I hardly ever bother forgetting anything anymore.
That covers the three(3) offline VMs. Now for the online. It seemed like a good idea at the time in 2018 to follow the groupings of top-level domains. COM, EDU, GOV, MIL, NET, ORG.
These all have a Web- prefix, so Web-Com is the VM for online shopping, Web-Edu (actually I used Web-Dev for development but it should have been Edu) is for the Qubes website and other IT related sites, Web-Gov is for stuff like Dept. of Transport or other government agencies, Web-Mil is dedicated to Facebook, and ‘mil’ could stand for ‘military’ or ‘grinding mill’, then Web-Org contains websites which are generally social and friendly, and opens with the weather website for wherever I might happen to be that day.
There are also four(4) additional online VMs: Web-Bank, Web-Mail, Web-News, and Web-Wild.
Web-Bank is firewalled to only access my bank’s domain, and that’s the best security I can come up with.
Same for Web-Mail, which is firewalled to my email provider’s URL.
Web-News is now mainly used to grab the latest news from Youtube because they all post the stories there and it is easier to scan over the Youtube list and get the news from all the different sources.
Lastly Web-Wild is the joker in the deck. For miscellaneous outliers, and includes Google Translate for some reason, probably because a translator might be useful across other VMs but should not be associated with any of them. I don’t want Google to know which weather website I am on tomorrow, nor facebook to know what I am shopping for this week.
Qubes OS has really been both very helpful as well as enlightening because I am not getting tracked by those charlatans anymore, and I can understand how the different online operations operate in the context of the original top-level domains. The magnitude of this change is something quite significant, a bit like moving from the VIC-20 to the Amiga 500 all those years ago.
Yeah, thinking with Qubes is to thinking with Linux like living in mud huts is to living in hi-rise condominiums, and view is fantastic! , .
PS: I forgot to mention the three(3) Whonix VMs, after proof-reading and counting through the paragraphs. Well these are best left unspoken, but those three make up The Sixteen VMs.
How do you firewall a bank domain? If I whitelist the domain it never works. There are too many interconnected 3rd parties? and getting them all whitelisted is very difficult, especially if there is a dynamic interchange that keeps changing the URLs.
Actually there is a third party documentation about http-proxy running in a proxy VM for restricting access, but I never had time to give it a try. If you want to give it a try here it is-
I see. Breaking using the original ideas behind the purpose of domain names is quite nice. And above all what I think Qubes does well is making things explicit.
One thing to note there is that Qubes compartments themselves only assure isolation from a security perspective. Isolation from the privacy perspective (anti-tracking) is very difficult and for that only whonix-based VMs are appropriate. (FAQ: What about privacy in non-Whonix qubes?)
Hello ejd and thanks for your reply. True indeed for me too. My bank’s website seems to have a liking for googleaps and one or two others I’d have to login there again to remember, but they all timeout within five or ten seconds and after that kind of delay, I get through. Secure.
It bothers me quite a bit that my bank is sharing my financial details with Google but I know from experience that they would never listen to plain simple logic, so I just put up with it. The damned delay, that is. I guess that’s the price I pay for reasonable security in the 21st century.
I noticed that Facebook saw when I tried to translate another language on a Facebook post using Google Translate in the other Web-Wild VM. I assumed that they’d honed in on my IP address, so yes I agree that it might be more secure to use Whonix VMs. It seems though that Facebook don’t like Tor IP addresses though.
My answer to that: Don’t use Google Translate with Facebook even with different VMs, It’s a hassle and a half considering what the end result of a translation usually turns out to be worth.
So funny in hindsight how in 2000 I was sad that most people didn’t know anything about computers or The Internet and I wished that everyone would hurry up and get online and share in the technology.
Now look what I wished for that happened. Big Gov ruins my dreams once again …
Interesting that you are experiencing a delay. I thought the Qubes Firewall would reject requests to IP addresses not in the whitelist instead of silently dropping them. Maybe you could fine-tune your firewall here to improve the user experience?
2 posts were split to a new topic: Printing from DisposableVMs
Very important in this day an age. Unfortunately, when I reisntalled qubes this feature got corrupted by my qubes back up somehow. Is there a packet to install to fix this in dom0 if it isn’t working properly?
Sorry for the delay in replying. It has been quite a busy week. I have been pondering your point about the timeout and the more I think about it, the more perplexed I get.
I have always in the past assumed that it was at the bank’s end that timeouts were coming from. A system where the bank’s server receives a request from the client at my end, for a whitelisted domain address …
… but then, inside that allowed web page some overpaid, underqualified cretin has added links to all the usual googleapps garbage, which is denied at my end by the firewall …
… so, the bank’s server keeps trying to send the denied domain address data for a while until it gives up and tells my client to render the blimmen page with what it can best use at the time.
That doesn’t seem to make much sense now I think it over. There are no timeouts at the transfer end of the hypertext transfer protocol. It just doesn’t work that way as far as I can imagine.
The best answer I can come up with now, having just thought it over a bit more while typing, is that my Qubes firewall is smart enough to identify a whitelisted web page domain address and still deny any embedded external links which are not whitelisted.
Curious to me, since you mentioned it. I’ve always just put up with the delays without too much question because after all it works sufficiently to do my banking operations with reasonable security.
I have never tried running the Web-Bank VM to access my bank’s website without the firewall, so there’s no standard to measure Qubes’ with or without a firewall, and I can’t be bothered with that anyway. Now that my Qubes OS has died of bootstrap disease an I am having to resort to Linux Mint though, it is clear that accessing the bank website with plain old Linux without a firewall and taking all the googleapps crap in the process is far quicker and smoother than doing the same banking chores with Qubes OS and a firewall.
Sorry I could not provide more reliable answers, phi.
4 posts were merged into an existing topic: What’s your system layout like?
I like the idea from here: https://news.ycombinator.com/item?id=7585740. I would probably call it split root.
I agree that it should be harder to go from domU user to domU root. However I think having to manage passwords for every AppVM also negates a lot of the benefits of the template setup in qubes (I currently have about 30 AppVMs).
My ideal solution to this problem, which I might implement at some point, would be to implement a PAM module for domU that asks dom0 whether escalation to root is okay. That way, dom0 can prompt the user whether to allow it or not, and no per-AppVM passwords have to be remembered.
There’s actually already a documentation for that:
Never used it myself, though.
I’ve used this in StandaloneVM’s because there the logic for the passwordless root AFAIK doesn’t apply.
it’s neet. Even though a propt shows up, it’s still faster and more convenient than having to type out a password