I am in a conundrum. I use a hotspot on my phone for my Internet. My cell phone company limits me whenever it thinks I am using a hotspot, alloting only a small amount of data.
It determines whether I am using cell phone data or hotspot data by looking at packets and seeing who I am connecting with. In a non-Qubes distro, with a no-leak VPN, I can change a few things and nothing is going out suggesting I am using anything other than normal cell phone data.
With Qubes, however, the sys-net Qube is going to be leaking either some Fedora stuff or some Debian stuff and then, they will see I am not really a cell phone data user, since cell phones don’t contact Debian or Fedora for updates.
Presuming a sys-vpn—>sys-firewall—>sys-net scenario, how can I stop sys-firewall and sys-net from contacting domains that will indicate that I am not using cellular data on my phone?
(This is just for learning purposes and I don’t intend to exceed my hotspot plan anyway, but I’d like to understand better conceptually how to limit extra data leaks in this manner.)
I was recently hacked using a non-Qubes distro and Qubes would have prevented the hack. I need to go back to Qubes, it’s safer.
I know how to set up a VPN and route everything through it.
The problem is sys-net may do things like contact Debian or Fedora servers to try to see if there are updates, or check the time, or ping something to see if the connection works and it’s some sort of linux site (like pinging xfce.org or whatever). The AI that limits hotspot data is smart, any leak like that which lets it logically determine it’s not phone data wrecks my evil plan to lower my monthly cell phone costs and while using lots of data and Qubes on my mobile hotspot.
I need something in sys-net that prevents leaks, and I don’t think I can use the firewall option in sys-net.