Everyone who has even a cursory knowledge about how QubesOS’s security protection works knows that it doesn’t matter whether firefox is hardened or not. QubesOS protects you by containing your browser in its own virtual machine. So, it doesn’t matter if you use the default firefox or the hardened one, as long as you use it in its own VM.
5 Likes
It absolutely does matter if your Firefox is hardened. Or at least it does if you make a mistake or dont want the hassle of copy pasting or moving files from VM to VM for no real reason.
I think we are just talking apples and oranges here. Plus it appears to have been my mistake to have thought the firefox preinstalled on my personalVM would have been hardened in a reasonably secure OS.
I may have missed a warning in the documentation, it was a lot for even an elephant to remember 100% without reading it a few times so I probably missed where it said the individual qubes offer no added security outside of the compartmentalization benefits. or am I wrong here?
This is no big deal and I will explain this in my tutorial. There are things people will have to do to personal and work VM if they want to be able to have a remotely convenient daily driver experience and more security than they would on a convenience focused OS.
I wouldn’t want people to get the idea(like I had) that things like logging onto facebook are more secure with Qubes than they would be on any other system without hardening the browser themselves.
I still need to give standalones a try because for me and most people they would probably prefer to compute in a stand alone 99.9% of the time for the convenience of a traditional OS while having the Qubes functionality for stuff like opening email attachments and PDFs ect.
I am starting to think I can get that far easier without using Qubes so maybe Qubes is not for me. Maybe just booting into tails to check my email would save me endless hassle but I don’t know yet.
either way Qubes is interesting and learning is fun so ill stick it out for a while and see how it goes. But as of now my mental calculation is that Qubes wastes a lot of my time doing trivial stuff where it would be a net gain in time to just boot tails and check out shady files and just clean them and use a flash drive to transfer them to my desktop.
Time will tell though, One thing I can absolutely recommend Qubes to people for is that if you like paradigm shifts Qubes can give you one or two a day if you are coming from Windows.
I am not asking someone to prove a negative even though it is possible to do so. For instance I can prove in a few sentences that a circular square does not exist and can not exist simply with the definitions of circular and square.
To prove this(miners are cracking passwords or encryption for the NSA for example) was impossible I would just need proof that people mining crypto have some way of monitoring what exactly their mining rig is hashing or whatever and I dont think it can be done. Miners just have to trust that what their system is doing is hashing the ledger or whatever but the truth is probably that the only thing they can know is that they’re system is doing trillions of mathematical operations that they are completely unaware of.
“For all I know” means I do not know if I was or was not.
For example if I gave you a USB keyboard for Christmas for all you know it is keyloggered because you dont know. You would just be taking my word for it and I could be a liar.
You could then do a forensics exam on it and be reasonably sure you know if it does or does not have a keylogger on it. If you find a keylogger you know for certain it does have a keylogger. You still could probably not know for certain it does not because maybe there is a undetectable keylogger or one hidden very well ect ect. As humans we do tend to use “know” with a good deal of flexibility. Its modern meaning is more like “I am pretty damn sure”. In the true sense of the word we know very little with certainty. For example I know a circular square can not exist. I cant really know my keyboard has a keylogger on it because I cant really know my keyboard really even exists because I could be dreaming or delusional.
So it’s apparent that you don’t want answers or a real discussion and you’ll never accept any answer or concept. And this kind of discussion hurts every good concept, cause nothing ever will be accepted, cause you want no proof.
You want to believe and keep questioning, to be against it.
From this point of view, your only chance is to live without any kind of electronics, far away from humans, and praying not to live in the matrix, to have a small chance to be not surveilled and spied on. But even then, you’ll never be sure.
If you’re really concerned about privacy and security, you’ll have to learn and prove things by yourself.
QubesOS could be a good point to start. If you want to be really sure, audit and compile the source code yourself. And consequently, you harden your browser (after checking its source code too) yourself, cause why should you trust an already hardened browser, which could also be a honeypot?
Nothing ever can be 100% secure. So everyone has to decide for him/herself what and who can be trusted and who can’t. To distrust everybody and everything, but using it anyway won’t work.
I think QubesOS has a good and comprehensible concept, far better than (every) other OS I know.
If you find a weakness in it, name and discuss it. That would be great.
If you distrust the code and the maintainers, proof it for yourself and make every bug, weakness, or even a backdoor public, please. That would be a real help.
Cause a security concept is always based on facts and not on faith, to believe and caused by it, therefore, arguing the only argument, that there could be something nobody can ever know is ridiculous.
3 Likes
Well let me just congratulate you on solving a philosophical question the greatest minds in history have been working on for thousands of years! Now if you could please write a book on how you proved the existence of a materialistic world we can start teaching it in philosophy class.
I am joking. You think you know but you do not and it is almost certainly impossible that you or anyone ever will know.
But obviously we have to live as though the keyboard exists but you or I will most likely never know for certain. I was just trying to be precise in my example. This is a somewhat scientific discussion so I was just speaking with scientific rigor.
I am going to stop responding now because you are misunderstanding everything I say and it is sure to be seen as off topic or spam or whatever anyway.
I personally didn’t want to get involved in this but I really dislike your overall attitude towards those who are trying to bring valid points forward.
Well, “Security by Compartmentalization” is kinda QubesOS’s main selling point, innit?
In a recipe, do you look for the ingredients that are not used?
Hold up, let me place a big red warning that says “This cake does not come with pepper”.
Bear in mind that hardening often comes at a cost of convenience and/or usability. The average Joe may simply not care about hardened Firefox and instead may be happy with simply compartmentalizing various aspects of his life, instead of possibly having to deal with breakages caused by security measures.
Since I know you like examples, just look at Firefox RFP. Is it effective? Sure. Is it convenient? Not so much, and surely not for everyone: the preferred color scheme is always light, the timezone is set to UTC, and let’s not even mention uploading pictures since websites won’t be allowed to access canvas data.
Clearly, not for everyone, hence the reason the best compromise is to simply ship default settings. If you have issues with such settings, open a PR with the respective upstream developers.
And since you’re of the idea that Firefox should ship secure defaults, you should consider contributing to the project: How To Contribute Code To Firefox — Firefox Source Docs documentation
I believe this to be completely irrelevant to the discussion, also considering he raised a valid point:
At the end of the day, it shouldn’t be such a hard task for you @anon11917472 right?
This full code audit might just be the breakthrough we didn’t think we needed.
It really seems like you’re ready to spit facts left and right, but are not able to take criticism very well when it’s directed at you.
3 Likes
For your assertions to be valid, you need to have some type of proof to back up your claims. Your argument is not one of technology, but of language and debate providing argument and inane comments to your post.
While you are certainly welcome to share your thoughts and comments, posts such as yours serve no useful or productive purpose in the development of the product, or assist anyone in the usage of Qubes-OS and in the end just waste ones time.
4 Likes
No it doesn’t in QubesOS.
Using isolated virtual machines is the WHOLE point of QubesOS. If you find VM isolation and moving data between them redundant, then QubesOS is not for you.
4 Likes
This.
You shouldn’t assume that Xen is an impenetrable fortress, and for most people the web browser is very likely to be the initial attack vector.
Both in terms of privacy and security, it makes sense to take extra precautions when it comes to the web browser, and this is also true for Qubes OS users.
3 Likes
Look, it’s not like Firefox is a swiss cheese when it comes to cyber security. Keep the browser updated on a latest version and you should be 99% fine.
Assuming that you browsing pornhub on a firefox will lead to a massive security breach that zero days your browser and then your Xen hypervisor and out breaks to your whole QubesOS (and assuming that happens even when you are NOT targeted by the alphabet-soup agencies) is just insane. And the OP is full of sophistry in this thead, assuming insane hypothteticals and veering on the verge of concern trolling whether Qubes is a honeypoy or not.
Don’t like it, don’t use it.
2 Likes
To assume that QubesOS could be a honeypot, cause Firefox isn’t hardened (manipulated /changed) by default? Is that now really the point? And why is firefox trusted? 
If I am concerned about my privacy, I should use things like TOR. Whonix is already ready to use in QubesOS. If it’s about security, I’ve maybe other claims.
QubesOs is a security-related OS. Not more, not less. Nobody said that it’s the perfect one-OS-fits-all ready-to-go stop thinking Security Suite.
The point is that OP expected hardened Firefox to be included by default, and then expected a warning in the documentation to explain that the default version is in fact not hardened.
And don’t get me wrong, I’m an advocate for hardening everything, but on my machine since I know everyone’s needs are going to be different. And there are ways to easily and reliably harden Firefox: [Guide] Automatically install extensions and configure new (dispvm) hardened Firefox profiles with arkenfox user.js and policies
At the end of the day it just comes down to common sense. It can’t be expected that everyone will be satisfied with the default settings, but a project being open-source generally means it’s quite trivial to customize it to one’s demands.
1 Like
The OP says hardening is important, to which they get the reply that it doesn’t matter when you use Qubes OS.
The OP might be wrong about everything else, but they are not wrong about web security being important.
You can easily make the argument that hardening shouldn’t be enabled by default, but it’s nonsense to say you don’t need it if you run qubes.
4 Likes
If firefox wouldn’t usable without being hardened, there would only be a hardened version. 
To attack QubesOS caused by leaking the hardened firefox is a strawman argument.
1 Like
While I agree that web security is indeed important, I don’t think developers at Mozilla go out of their way to purposely make Firefox unsecure by default.
From Mozilla: Firefox privacy and security features | Firefox Help
privacy and security are the top concern. Firefox recognizes this and offers some of the most advanced and highly customizable privacy and security features in a web browser.
Other useful links:
I also suggested that if OP had evidence of security vulnerabilities in Firefox, they should contribute directly to the upstream project.
That’s right, in fact I did the former and not the latter.
Is this still about how QubesOS could possibly be a honeypot or about firefox hardened vs. unhardened and the missing of a standard hardened version in Qubes?
I’ve never used a hardened firefox in my lifetime, as far as I know.
1 Like
Let me try to sum the topic up:
It could be.
4 Likes
The hardening of Firefox or any other application inside a VM is nothing to do with the Qubes OS main focus of compartmentalization.
4 Likes
I have already said it appears I was just dumb for making assumptions. I should have known better and typically I do.
Also most of this is just people misunderstanding what I meant to say so I am probably a poor communicator as well.
Also none of this really has anything to do with the original point I was bringing up to the person that made the original post.
The assumption I had made was that the default personal VM was somehow more secure than a typical Firefox install on Windows 10 and it seems as though I am being told it is not. This is not a big deal as I to my knowledge have never been hacked using vanilla Firefox.
Another assumption that I had made was that since there was a Firefox shortcut on my personal and work browser it was okay to use them and it seems like now I am being told that it is not unless I want to open myself up to Firefox related hacks potentially gaining persistence on my personal/work VM.
This is fine and now that I understand it I can proceed accordingly and adapt my workflow.
Also I am not arguing anything in any of this, I was just responding as sort of a devils advocate to what logically appear to be flawed arguments. Some of those arguments seem a lot more logical now that I understand how Qubes works better.
Most of the recent posts are arguing with a person that doesnt even exist because my mind was changed on many of the points people are arguing against days ago.
It is pretty obvious who comes in and reads the first post and comments without reading the rest. This is understandable because much of what I have said looks a lot like something you would see written in sharpy by a schizophrenic homeless person on an old pizza box.
The main thing I learned is that I need to harden my personalVM Firefox myself if I want to be able to use Firefox to copy and past into text documents without a huge hassle.