Qubes OS could be honeypot?

Mods.

We like to keep an open forum, where moderation is kept to minimum and only when people break things like code of conduct or discussion guidelines .

Generally if something isn’t breaking those, then we dont moderate.

I will echo @adw and say our ethos has always been to distrust infrastructure. Validate things for yourself. Make your own reproducible build and validate all the hashes are right. The code is all open and there to be audited by anyone. Thats how you can find out for sure, for yourself, with your own eyes/fingers and skills - that the answer to the subject of this forum post is “no, it is not”

I will add, develop your own threat model. I think its great people want to question things, challenging what you are told and making your own assessments is a positive thing. It’s completely fine to ask questions of the community. I think the line of “be a good community member” gets crossed very quickly if posts go from asking questions into to making assertions without anything to back those assertions up.

$0.02.

S

8 Likes

I agree, the trick to letting this die is NOT TO ENGAGE - unless of course there is something meaningful to contribute or ACTUAL EVIDENCE of this claim.

1 Like

It’s a relevant question, there are probably lots of people asking the same question, “How do I know Qubes isn’t a honeypot?”

The OP just took it one extra step, and claimed it to be fact with only their gut feeling as evidence.

Extraordinary claims should be supported with extraordinary evidence, you should be allowed to ask the question, but not claim something is fact without any evidence.

7 Likes

I am a bit disappointed by most of the answers in this thread so far. The question asked is reasonable.

The answer is complicated for sure. “No, it’s not!” is not likely to convince anyone. This could be a great conversation about how to asses risk, which things can be verified and what cannot, what the residual risks are and why there will always be some… etc.

Instead the form the question was asked gets attacked and some are calling for the mods to do something about the thread. I feel as protective of the project as most of you, but that’s exactly why I think we are better off discussing and answering such a question then moderating it away.

7 Likes

I agree with Sven - it is a reasonable question, if somewhat unclear.

In what way could Qubes be a honeypot?
Does the questioner mean that it could be used to identify users who
have something to hide? I have seen similar things said of Tor.

It would not be difficult to identify users who downloaded Qubes,
except that the iso is available from multiple sites, including the
onion site.
So that makes it more difficult to identify those who download. If
Qubes were a honeypot in this sense, these options would not be
available.

In the default install it is relatively simple to identify Qubes use by
monitoring network traffic, just as it is relatively simple to identify
Tor or Whonix users.
Users who want to can take steps to avoid this to some extent.
If Qubes were a honeypot in this sense, it would not be possible to do
this.

In what other way could Qubes be a honeypot?
Perhaps the question means that it could be used to give people the
illusion of security, while covertly opening up their secrets to
someone.

Is there a back door?
Are there baked in vulnerabilities?
The code is open source - it is open to review by any one. No one has yet
found a back door.
There have been security flaws: these have been identified, (usually
internally), and fixed with public announcements. Issues arising from
use of Xen are analysed and fixed - often before fixes are available in
other OS.
All of this is done in the open.

Is it not likely that there are security researchers poking at Qubes all
the time? It would be a feather in any ones cap to find fundamental
flaws, or a back door.

It takes no effort to say this sort of thing.
What takes effort is working on a project, identifying errors, and
fixing them to make things better.
Do not listen to people shouting in the forums without work behind them.

Of course, some one might at this very moment be typing up Ultra Secret
memos originating from MKUltra, or pointing out that the Qubes icon
shows that Qubes is linked to QAnon, or that the Qubes logo is
obviously a pizza box from that pizza parlour, or some other stupidity.

And someone might equally be working hard on the source to identify
flaws and attacks on Qubes. If they have any integrity they will report
their findings to the security team, and help to
make Qubes more secure.

If there were any sign that the dev team consistently made decisions
that undermined the security of Qubes in use, then that should be easy
to identify, and to call out. (There have been decisions that I
think were wrong, but I accepted the reasoning behind them. Often there
is a balance in Qubes between security and usability.)

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
12 Likes

The fact that the question has a theoretical validity is true. The delivery is another matter.

My comment above was really meant to express admiration for how much time and effort many of you here spend answering people who, at time, make wild allegations.
No need to censor anyone as such but equally I don’t think Mods should feel obligated to let through absolutely everything. I’ve spent enough time with the alternative crowd. People for whom you are a hero until there is the slightest disagreement and then they turn you into an enemy or controlled opposition or a honeypot.
It’s not my time sacrificed so I’m not criticising. Just saying. With some people you can’t win.

This is what I was trying to convey here

I guess i didn’t word that very well - I was not trying to say “believe me, no its not” - I was trying to convey its up to the user to verify for themselves everything and reach that conclusion themselves, and we work in an open fashion to make that verification pathway available.

1 Like

How security flaws aren’t actually backdoors? Intended or not.

Backdoors are implemented deliberately for the purpose of getting covertly access to the system, flaws are not made deliberately.

1 Like

says who?

The dictionary, the two words have different meaning.

3 Likes

So when I create honeypot with deliberate flaw in the code in order to misuse it later, it’s not a flaw, because the dictionary says so?

Yes, if you do it deliberately it’s a backdoor, but not every mistake is a deliberate action with malicious intent.

I didn’t say that any flaw is deliberate, but that any security flaw is a backdoor.

I agree that the questions around what makes Qubes reasonably secure and testing the falsifiable hypothesis that Qubes is a honeypot are valuable. However, criticizing the format or intent of the asker is not inappropriate. The rhetorical style of the OP, is, to my eyes, strictly there to stir the pot or troll the forum. As others have pointed out, the OP offered zero evidence or even a convincing thought exercise.

The fact that OP thinks that Kali is “plenty secure” is another red flag to me. Running Kali as a daily driver (the implication) is a mistake most experienced folks don’t make; if/when you get popped, then you’ve given your attacker all the tools they need to carry on from there.

My instinct is that OP was not acting in good faith. YMMV.

5 Likes

This post glows brighter than the sun itself. Agent smith is just throwing a bunch of techno babble up in the air, hoping that something sticks and makes visitors distrust our favorite OS.

1 Like

I find the OP’s thoughts valuable exactly because these are the thoughts of a non-technical person with insufficient knowledge. … as I expect most of the users that we say we target are (journalists, lawyers, activists etc).

So how are these person supposed to judge the risk? Good arguments I heard so far:

  • FOSS, auditable
  • juicy target for security researches (some of which rely on Qubes OS themselves)
  • endorsed by Freedom of the Press Foundation, Snowden
  • based on XEN (much more widely used, smaller attack surface)

I agree that this thread has the potential to make “visitors distrust our favorite OS” … the antidote to that would be arguments as the above and more of the kind.

Speculating about the OP’s “good faith” and hiding the conversation makes us look weak. If you can’t justify or explain why you think the OP is wrong, then on what basis do you feel secure to use Qubes OS?

Again, before anyone questions my intentions… I sincerely hope there is plenty of evidence in the last 5+ years of posting. But to a degree this forum has become a huddle of regulars telling each other “the way”. Strong community is what we want, but it shouldn’t lead to intellectual laziness.

I think what we need is to distill more FAQ’s out of all the material here and then work together on good answers (maybe in megathreads). That way the next time someone comes and asks about honeypot or Hana Montana Linux in dom0 or whatever we can simply point to that collection of good arguments.

3 Likes

It’s on the accuser to lift the burden of proof, I don’t think it’s fair to say you need to prove them wrong, when they didn’t even try to prove they are right.

I don’t like when people use the “X is true, prove me wrong” argument, it’s a extremely lazy and it doesn’t mean X is true.

2 Likes

When you’re in the jungle, you (are often forced to) behave like an animal. When you’re in a Hyde park, you (would be embarrassed not to) behave like a human being.

Well, Qubes made me felt of it like of a Hyde park. It totally positively changed my computer habits, to the extent that for the first time in my life I wouldn’t mind to say that hatred sentence: “I have nothing to hide”.
And I don’t. I did my best to protect my digital property and it is reachable only, and only if Qubes is honeypot, unlike it was constantly on “help yourself” out there in the “jungle”.

So, what are the odds of such a risk assessment?