Qubes OS could be honeypot?

While I agree that web security is indeed important, I don’t think developers at Mozilla go out of their way to purposely make Firefox unsecure by default.

From Mozilla: Firefox privacy and security features | Firefox Help

privacy and security are the top concern. Firefox recognizes this and offers some of the most advanced and highly customizable privacy and security features in a web browser.

Other useful links:

I also suggested that if OP had evidence of security vulnerabilities in Firefox, they should contribute directly to the upstream project.

That’s right, in fact I did the former and not the latter.

Is this still about how QubesOS could possibly be a honeypot or about firefox hardened vs. unhardened and the missing of a standard hardened version in Qubes?

I’ve never used a hardened firefox in my lifetime, as far as I know. :wink:

1 Like

Let me try to sum the topic up:

It could be.

4 Likes

The hardening of Firefox or any other application inside a VM is nothing to do with the Qubes OS main focus of compartmentalization.

4 Likes

I have already said it appears I was just dumb for making assumptions. I should have known better and typically I do.

Also most of this is just people misunderstanding what I meant to say so I am probably a poor communicator as well.

Also none of this really has anything to do with the original point I was bringing up to the person that made the original post.

The assumption I had made was that the default personal VM was somehow more secure than a typical Firefox install on Windows 10 and it seems as though I am being told it is not. This is not a big deal as I to my knowledge have never been hacked using vanilla Firefox.

Another assumption that I had made was that since there was a Firefox shortcut on my personal and work browser it was okay to use them and it seems like now I am being told that it is not unless I want to open myself up to Firefox related hacks potentially gaining persistence on my personal/work VM.

This is fine and now that I understand it I can proceed accordingly and adapt my workflow.

Also I am not arguing anything in any of this, I was just responding as sort of a devils advocate to what logically appear to be flawed arguments. Some of those arguments seem a lot more logical now that I understand how Qubes works better.

Most of the recent posts are arguing with a person that doesnt even exist because my mind was changed on many of the points people are arguing against days ago.
It is pretty obvious who comes in and reads the first post and comments without reading the rest. This is understandable because much of what I have said looks a lot like something you would see written in sharpy by a schizophrenic homeless person on an old pizza box.

The main thing I learned is that I need to harden my personalVM Firefox myself if I want to be able to use Firefox to copy and past into text documents without a huge hassle.

Indeed, but that wasn’t the scenario under discussion. I was addressing only the point about being a high-profile target.

Thank you. The entire point of all this is to compartmentalize so you do not have to trust any one particular thing. Qubes-OS is trustworthy in the sense that one is protected because it is compartmentalized to protect the system from one compromised component. Its as fail-safe as any software can be.

4 Likes

I know that the hashing power of the bitcoin network can’t be redirected to cracking passwords, not even by the NSA or other 3-letter agencies, because the ASIC chips that all profitable miners use are physically made to solve /only/ bitcoin’s SHA256 hashing algorithm. An application-specific integrated circuit (abbreviated as ASIC) isn’t a general purpose computer chip that can be programmed for general computing tasks; rather ASICs can only calculate the bitcoin algorithm. What is that algorithm? They’re searching for a very specific hard-to-find number (a “nonce”) with a certain number of zeros in front of it, that can only be found by rapidly trying number after number after number. Whoever finds it first gains the right to issue a block of transactions from the mempool (memory pool of unconfirmed transactions), and the network then begins looking for the next block’s nonce.

Since 2014 its not been possible to profitably mine bitcoin using GPUs or regular general-purpose CPUs; only ASICs are profitable (unless you’re very small scale with free electricity). But the vast majority of miners run ASICs and those chips are only good at running bitcoin, not other computing tasks. (If you want to read more on ASICs, see here: ASIC - Bitcoin Wiki).

You’re correct to generally distrust general-purpose CPUs, especially where the Intel Management Engine isn’t in your control or disabled/removed. But this isn’t applicable to the bitcoin mining network—its a separate problem.

Reassuring :grin:

Agree :100:

Acknowledged

My guess: fear.

Truth that bears repeating.

As much as I enjoy philosophical discussions I think this is off-topic. @anon11917472 please correct me if I am missing something.

Are you still talking about keyboards or have you circled back to confidence that Qubes could be a honeypot?

:laughing:

But the philosophical question is, of course, how do we know they ever existed at all? (Bear with me unfortunate readers, I’m slowly getting to a point) Didn’t you take knightmare/xSCAMMMER0’s course? I’m confused so please correct me if I am wrong.

Does the current @anon11917472 if he/she/it exists at all still believe this?

Me too. (but it can be a good diversion from dealing with serious real world problems imho… just my $0.02)

  • Best

Nah, the FBI is too busy monitoring people posting mildly edgy takes on twitter

1 Like