One Drive with Qubes


Setting up my first work environment, one site at a time, and I started with… OneDrive… I didn’t choose that tool, I just have to use it (for now).

I used @Rooftop guide (love it !!)

Selected websites restriction

Using my customized “my-proxy” filter (see the guide), I added so I could install noscript in Firefox in the “my-qube” AppVM.

Then, I tried to connect to OneDrive and, slowly, I added ‘sub-sites’ (don’t known how to call them) which the proxy and/or noscript were blocking (as expected) along the way.

Out of some 25+ ‘sub-sites’ and/or scripts, I managed to identify 10 I believe have to be allowed in the proxy and/or noscript in order to be able to use OneDrive.

I find 10 is a lot for just one « stuff », I guess they are most likely trying to make sure all their technologies are speaking with one another, hence why various login ‘path’… but really, some of the things it was trying to connect to are not needed…

Here are the domains/urls I authorized in « my-proxy » for OneDrive :

I have the list (10 elements) but an error message saying that new users can only add 2 links :sweat_smile:

As for scripts which I whitelisted in noscript :

I have the list (3 elements) but an error message saying that new users can only add 2 links :sweat_smile:

I didn’t touch any other scripts or status.

Some of those are needed because of some scripts (otherwise you can’t see or enter login info for example), some others to pass sign in to other Microsoft sub-sites (otherwise you’re missing the ability to disconnect from the drive once logged in, duh).

It is most likely possible to add the tiny account icon from can’t add the link :sweat_smile: (to be authorized in the proxy as well I guess), but I didn’t try and won’t bother to.

In the end, it felt very satisfying to stop “vomiting” information throughout the web (and to MS, although, yes, I’m logged in, so… I’m not using whonix…). I also realize that if MS decides to change to way the sign in / sign out (and everything in between) is done, that won’t work anymore…

I also want to add that, no, I’m absolutely not sure of what I’m doing, I haven’t checked in detail what all these « thingy » are used for (see how technical I am ;)), I just saw that without them allowed in the proxy, I can’t access the site (or see the folders, or download/upload docs, or sign out…)

There are most likely better ways to do this, less cumbersome, but hey, I’m learning and having fun, and thought this might help some other newbies like me who are at the same time eager to regain some control of their privacy and are (yet ?) not able to influence which tools they have to use on a day to day basis…

On a final note, I most likely won’t do that again for too many sites :))) !! It took me ages, especially to identify the 2 sites/scripts required to see the account log out options (out of 25+…). I’m using some other opensource tools which, hopefully, won’t be such a hassle for the next steps of my discovery and setup…

Cheers !!