Qubes OS could be honeypot?

No it doesn’t in QubesOS.

Using isolated virtual machines is the WHOLE point of QubesOS. If you find VM isolation and moving data between them redundant, then QubesOS is not for you.

4 Likes

This.

You shouldn’t assume that Xen is an impenetrable fortress, and for most people the web browser is very likely to be the initial attack vector.

Both in terms of privacy and security, it makes sense to take extra precautions when it comes to the web browser, and this is also true for Qubes OS users.

3 Likes

Look, it’s not like Firefox is a swiss cheese when it comes to cyber security. Keep the browser updated on a latest version and you should be 99% fine.

Assuming that you browsing pornhub on a firefox will lead to a massive security breach that zero days your browser and then your Xen hypervisor and out breaks to your whole QubesOS (and assuming that happens even when you are NOT targeted by the alphabet-soup agencies) is just insane. And the OP is full of sophistry in this thead, assuming insane hypothteticals and veering on the verge of concern trolling whether Qubes is a honeypoy or not.

Don’t like it, don’t use it.

2 Likes

To assume that QubesOS could be a honeypot, cause Firefox isn’t hardened (manipulated /changed) by default? Is that now really the point? And why is firefox trusted? :thinking:


If I am concerned about my privacy, I should use things like TOR. Whonix is already ready to use in QubesOS. If it’s about security, I’ve maybe other claims.

QubesOs is a security-related OS. Not more, not less. Nobody said that it’s the perfect one-OS-fits-all ready-to-go stop thinking Security Suite.

The point is that OP expected hardened Firefox to be included by default, and then expected a warning in the documentation to explain that the default version is in fact not hardened.

And don’t get me wrong, I’m an advocate for hardening everything, but on my machine since I know everyone’s needs are going to be different. And there are ways to easily and reliably harden Firefox: [Guide] Automatically install extensions and configure new (dispvm) hardened Firefox profiles with arkenfox user.js and policies

At the end of the day it just comes down to common sense. It can’t be expected that everyone will be satisfied with the default settings, but a project being open-source generally means it’s quite trivial to customize it to one’s demands.

1 Like

The OP says hardening is important, to which they get the reply that it doesn’t matter when you use Qubes OS.

The OP might be wrong about everything else, but they are not wrong about web security being important.

You can easily make the argument that hardening shouldn’t be enabled by default, but it’s nonsense to say you don’t need it if you run qubes.

4 Likes

If firefox wouldn’t usable without being hardened, there would only be a hardened version. :wink: To attack QubesOS caused by leaking the hardened firefox is a strawman argument.

1 Like

While I agree that web security is indeed important, I don’t think developers at Mozilla go out of their way to purposely make Firefox unsecure by default.

From Mozilla: Firefox privacy and security features | Firefox Help

privacy and security are the top concern. Firefox recognizes this and offers some of the most advanced and highly customizable privacy and security features in a web browser.

Other useful links:

I also suggested that if OP had evidence of security vulnerabilities in Firefox, they should contribute directly to the upstream project.

That’s right, in fact I did the former and not the latter.

Is this still about how QubesOS could possibly be a honeypot or about firefox hardened vs. unhardened and the missing of a standard hardened version in Qubes?

I’ve never used a hardened firefox in my lifetime, as far as I know. :wink:

1 Like

Let me try to sum the topic up:

It could be.

4 Likes

The hardening of Firefox or any other application inside a VM is nothing to do with the Qubes OS main focus of compartmentalization.

4 Likes

I have already said it appears I was just dumb for making assumptions. I should have known better and typically I do.

Also most of this is just people misunderstanding what I meant to say so I am probably a poor communicator as well.

Also none of this really has anything to do with the original point I was bringing up to the person that made the original post.

The assumption I had made was that the default personal VM was somehow more secure than a typical Firefox install on Windows 10 and it seems as though I am being told it is not. This is not a big deal as I to my knowledge have never been hacked using vanilla Firefox.

Another assumption that I had made was that since there was a Firefox shortcut on my personal and work browser it was okay to use them and it seems like now I am being told that it is not unless I want to open myself up to Firefox related hacks potentially gaining persistence on my personal/work VM.

This is fine and now that I understand it I can proceed accordingly and adapt my workflow.

Also I am not arguing anything in any of this, I was just responding as sort of a devils advocate to what logically appear to be flawed arguments. Some of those arguments seem a lot more logical now that I understand how Qubes works better.

Most of the recent posts are arguing with a person that doesnt even exist because my mind was changed on many of the points people are arguing against days ago.
It is pretty obvious who comes in and reads the first post and comments without reading the rest. This is understandable because much of what I have said looks a lot like something you would see written in sharpy by a schizophrenic homeless person on an old pizza box.

The main thing I learned is that I need to harden my personalVM Firefox myself if I want to be able to use Firefox to copy and past into text documents without a huge hassle.

Indeed, but that wasn’t the scenario under discussion. I was addressing only the point about being a high-profile target.

Thank you. The entire point of all this is to compartmentalize so you do not have to trust any one particular thing. Qubes-OS is trustworthy in the sense that one is protected because it is compartmentalized to protect the system from one compromised component. Its as fail-safe as any software can be.

4 Likes

I know that the hashing power of the bitcoin network can’t be redirected to cracking passwords, not even by the NSA or other 3-letter agencies, because the ASIC chips that all profitable miners use are physically made to solve /only/ bitcoin’s SHA256 hashing algorithm. An application-specific integrated circuit (abbreviated as ASIC) isn’t a general purpose computer chip that can be programmed for general computing tasks; rather ASICs can only calculate the bitcoin algorithm. What is that algorithm? They’re searching for a very specific hard-to-find number (a “nonce”) with a certain number of zeros in front of it, that can only be found by rapidly trying number after number after number. Whoever finds it first gains the right to issue a block of transactions from the mempool (memory pool of unconfirmed transactions), and the network then begins looking for the next block’s nonce.

Since 2014 its not been possible to profitably mine bitcoin using GPUs or regular general-purpose CPUs; only ASICs are profitable (unless you’re very small scale with free electricity). But the vast majority of miners run ASICs and those chips are only good at running bitcoin, not other computing tasks. (If you want to read more on ASICs, see here: ASIC - Bitcoin Wiki).

You’re correct to generally distrust general-purpose CPUs, especially where the Intel Management Engine isn’t in your control or disabled/removed. But this isn’t applicable to the bitcoin mining network—its a separate problem.

Reassuring :grin:

Agree :100:

Acknowledged

My guess: fear.

Truth that bears repeating.

As much as I enjoy philosophical discussions I think this is off-topic. @anon11917472 please correct me if I am missing something.

Are you still talking about keyboards or have you circled back to confidence that Qubes could be a honeypot?

:laughing:

But the philosophical question is, of course, how do we know they ever existed at all? (Bear with me unfortunate readers, I’m slowly getting to a point) Didn’t you take knightmare/xSCAMMMER0’s course? I’m confused so please correct me if I am wrong.

Does the current @anon11917472 if he/she/it exists at all still believe this?

Me too. (but it can be a good diversion from dealing with serious real world problems imho… just my $0.02)

  • Best

Nah, the FBI is too busy monitoring people posting mildly edgy takes on twitter

1 Like
Pointless Post

Assuming the FBI reference is a joke :smiling_face:

Twits are undoubtedly :jokers: nowadays. :laughing:

The siloed nitwits at the FBI seem WAY out of their league (even with “Fusion Centers”) if they think they’re making inroads into the qubes community. :rofl:

If I’m wrong please tell me more. I’m really really interested. No personal offense @jpbaiocchi I presume we are :laughing: together, but if I am mistaken I’m not just @confused but very curious.

  • Best

Not really.

Interesting assumption. Who do you think it is for?

Hahaha. That was a joke, right?

Obviously

Always nice to meet an 31337. Pleasure to meet you! Any tips?

So that’s what I was smelling.Thanks for clarifying.

I doubt the computer scientist part is the major issue, but I have been wrong many many times before.

Please help me understand. All I smell is BS.

Not yet.

Are we in conspiracy land or have I missed the reference (hidden link somewhere)?

Nope. Do you?

Were the Snowden “dumps” 20 years ago already? Did I miss a good or bad decade?

DARPA made us all their B/tches long before that (based on your logic). When did you first get on the ARPAnet…sorry I mean the Internet.

No prob. As long as this remains in General Discussion I like reading compulsive Aspie theories. You might be surprised how many ARPAnet creators fit in that category. But since I’m new here, I’ll shut up and read the rest of this “honeypot” discussion before I say more.

Good luck to you also!