Qubes ready to install for Journalist-Human Rights workers

alzer89 · July 15, 2022, 11:23pm

Nope. That pretty much says it all. Excellent definition. Perfect for a regular person to understand.

All video chats are encrypted (and in 2022, if you’re silly enough to put ANYTHING unencrypted over the internet, you must assume that someone else has already seen it and tried to use it for something). That’s not the issue. The issue is who can decrypt them. The other issue is who can see it while it’s in transit, where it cane from, and where it’s going. For a whistleblower or HRD, the issue is the source and destination addresses of he data packets that are coming out of their machine.

A good analogy is the postal service keeping track of the delivery address and the return address of every letter and package they deliver to you.

What can they find out about you from that information?

They can x-ray the mail to guess the contents
They can measure the size and weight of the package
They can keep track of how much mail goes between two addresses (and what type of mail)

Computer networks are exactly the same. If someone can see that you’ve sent/received a certain number of packets to a certain address, and nothing to any other addresses for an extended period of time, that’s a dead giveaway that it’s a VPN.

Also, if all your data packets are the same size, that’s a good indication that you’re using Tor or I2P.

How do they know? Because they’ve been carrying the data packets for you!

In some countries that’s enough justification for a search warrant, unfortunately.

Yes. There are things you can do to the data packets to make them more inconspicuous, but the point I’m trying to make is that encryption isn’t the problem here.

Because they’re getting potentially untrusted parties to transmit their messages for them.

That’s basically how the internet works, and why encryption is only half the picture (especially if someone is looking for you, like I’d imagine some journalists and HRDs would be…).

Yes. That’s true. They probably still do. And if they don’t, then it’s they probably have access to the servers outside China.

The location of the servers isn’t important. The issue is whether that server can decrypt whatever it’s relaying to each participant in the video room, or not.

If they can’t decrypt it, then it’s fine. But my guess is t that they can….

(If you’re selling a product, customers won’t accept “well, for protection of your privacy, we can’t actually access your data” as an acceptable excuse when their video room crashes… It’s not exactly good for business)

So that sounds like they can decrypt everything, so WHY ON EARTH WOULD HRDs USE IT?!?!?!?

You might as well be communicating over police radio… (a bit of an extreme analogy, but I hope it gets my point across that it’s a bit silly…)

You’re not wrong. There is always room for improvement in any piece of software. Keep the feedback coming.

The tiny misunderstanding comes from the way that VPNs are marketed, at least to the general public.

A VPN is simply encrypting your “stuff” before you send it over someone else’s network (usually the internet, but not always) to another computer. That stuff can be anything, but usually it’s network requests that you want that other computer to do on your behalf, and then “pass to you”.

I’m sure you already knew this

So what you need to create a VPN is:

a destination IP address (Where do I connect to?)
an encryption key (What secret code do we use to talk to each other?)

THAT’S IT

No special app. No fancy software. Just a config.

The issue with most commercial VPN providers is that some don’t want to have that config available. They want you to install their software.

NetworkManager already can read most VPN config files, and there is an option in the nmapplet (the network thing in the top-right corner of the Qubes OS desktop that we all click to connect to a wifi network) to import a config but it’s not exactly prominently displayed.

So yes, I agree that unless you already know where to go, it wouldn’t come naturally….

Could have been Arch. That would have been much more frustrating

You always remember your first….

What software was that?

This is the information that would be extremely valuable in getting HRDs to adopt Qubes.

Destroying the notion that you “need” Windows because you need to run a specific program.

Then we will make a tutorial for this (and all the other things too).

Which is extremely difficult when tech companies keep throwing around meaningless jargon and “buzzwords” without ever explaining them properly…

I have a feeling that an “unattended install” ISO, or an option to do so, would go a long way in solving this.

Even if it’s incredibly bloated, so that it covers as much hardware as possible, that would still be a step in the right direction in getting Qubes OS adoption where it’s desperately needed.

If I had enough capital, I’d happily start a business in Qubes OS hardware, both ready to use, and “send us your own and we’ll set it up for you”. If only….

Yes, I agree. They also need to be able to have access to it, which I’d imagine would be difficult in some areas of the world with internet censorship….

But there is definitely a way to do it.

Wissam:

Another step towards a “solution” is some outreach and marketing to the human rights community, and the IT for HRDs community. That would be easy if you consider that many congregate in Geneva during the Human Rights Council, in Brussels around the European Union, in New York around the UN, in Nairobi and in Addis Abeba, and in other regional human rights meetings and events. Such outreach could include the Human Rights donor community, and human rights organizations based in the West, to get them on board in order for them to promote Qubes OS with the people who need it across the world, their partners and beneficiaries. I know a dozen of organizations in Europe that have networks, members, and affiliates all over the world. These are valuable networks to tap into to promote Qubes OS.

Do they ever have “trade shows”? Would a Qubes OS booth be worth considering?

It doesn’t matter what they use, as long as they understand how it works, where their data goes, and they’re ok with all of that.

Often times, the users haven’t got a clue….

Plus, sometimes it is good to “blend in”

Depending on the licences of the software, I’m fairly certain that a preconfigured Qube would be doable. Or at least an automated script that would make one.

The “Trail Guide” guided tutorial will address this.

For example, system updates could come with additional tutorials included on how to use them.

There could even be a guided tutorial on how to upgrade from 4.0 to 4.1. “Click here” “type this in.” “Well done. Now go get a coffee and we’ll do the rest”.

It can be automated, but we’d first need to know what sort of configuration would work best. But it can definitely be done.

Wissam:

For a small subset of high-profile journalists and HRDs, evil-maid becomes a bigger risk after installing Qubes OS. In addition to other measures, an anti-evil-maid software/USB dongle is required. I never tested it because I don’t have TPM 1.2 hardware. I prefer latest hardware and speed over older hardware. This said, the main challenge here could be this procedure that comes up when Dom0 get some critical updates: “If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries.” Maybe Insurgo/Nitrokey does’t require this? I admit, I don’t know what it means. But I read this in advisories and I if anti-evil-maid requires advanced technical procedure every few months when there’s a critical update. I may be wrong. Therefore, again, ongoing IT support is needed for HRDs and journalists.

They’re making excellent progress on getting AEM on TPM 2.0 chips, as well as AMD CPUs.

I’ve been testing them, and they look promising. Not ready yet, though, but soon

qubes-remote-support will help with this. Then all you need is someone you trust to help you.

Wissam:

Backups and recovery. Someone might get his laptop stolen, or office raided and equipment seized. Or the laptop hard disk dies. How easy is it for HRDs and journalists to recover ASAP? A standard Qubes back requires a brand new laptop with a fresh identical Qubes OS installation. Depending on how complex the setup was, and the IT fluency of the user, this could require urgent and immediate IT support which may not be available immediately. This brings us back to square 1. UNLESS there’s a way to backup the whole Qubes system Dom0 + templates + Qubes and then import everything back to a fresh install. An easier backup option is to manually copy all files to an encrypted USB drive, or to copy using rsync. Recovery would need to be to Qubes or to a Linux laptop. So the question becomes: how easy is it to set up recovery procedures – acquire a new laptop, install Qubes OS or Linux, setup Qubes, copy files, and resume work?

That’s a good point.

Next project: sys-encrypted-backup, powered by libsven:

Maybe use wormhole to sync encrypted backups somewhere.

Needs more investigation, but definitely something that could be automated.