I am trying as much as possible to retain/protect my pseudonymity by using qubes in this configuration. I’m happy for anyone to point out any pitfalls or offer advice.
The DNS I use for my wireguard multihop config blocks trackers and ads to some degree at least… and in firefox I use all the different fingerprint defender addons for fonts, canvas etc. also not sure how well these works besides the annoying notifications. I also use a cookie autodelete addon set to purge everything as soon as a tab is closed and privacy badger.
Networking is really what I’m worst at and but I will look into IDS and IPS
A ‘transparent domU’ would that just be a ‘blank VM’ somewhere in my vm chain with my traffic passing through it? Presumably then I would use something like wireshark to check the packets?
As I’m sure you can tell, I’m really far beyond my knowledge level already but if that’s what needs to be done I’ll learn, I just don’t want to compromise my pseudonymity doing this in the meantime as this is a setup that’s in use. I’m committed to becoming thoroughly competent in qubes but for now I just need so targeted pointers as it’s critical this setup works securely for daily use.
using Tor broswer without the tor network is a great tip, thank you I will definitely look into that, any ideas how easy would it be to get it to run without the tor network? Only if you know already, if not I’ll find out.
I get confused by tor-over-vpn/vpn-over-tor terminology but I do use whonix for some tasks, where I can and use a vpn to hide from my isp that I am using tor.
I haven’t been able to get it work the other way though, (the way in which the vpn effectively becomes your permanent exit node), as there seems to be some problem with qubes 4.1, multiple users are experiencing the same issue and I don’t want to use the arp hack around.
Yes this is exactly what I do and am aware that my ISP must know which VPN provider I use by it’s IP but I have to have some trust somewhere and so I trust my VPN providers no logs policy, well it’s the best option I have really, I certainly can’t trust my ISP
Thanks so much for your help