Seeking to get the most out of messaging services whilst sacrificing the least. Topic centered around my own threat model: people can know who I am (when I choose), just not where I am. I’d prefer to not use a smartphone due to all the tracking that goes on.
Am looking to run android emulator VMs to facilitate certain apps which don’t have desktop interfaces, or that do have desktop interfaces but first require signup with a mobile number/device, or that require a mobile device for periodic re-authentication of account.
Possibly also has a use-case for 2fa with a voip number (such as with banking) that isn’t associated with an actual cell phone and simcard, though that might be more easily achieved in a desktop appvm with web interface that accepts sms forwarding, or if it suits your model, from a USB sim dongle opened in disposable.
Please offer your insights into approaches for how you might get whatsapp or signal working in qubes without using a mobile phone at any point. Google or Skype numbers seem like a place to start, and can have anonymous signup workarounds.
Absolute anonymity isn’t a desperate problem for me, so much as mitigation of SS7 geolocation, exploits, and other baseband modem attacks are. I want my ‘cell phone’ to be trashable in the event of zero day attacks and stalkerware.
Am wondering if android emulators ‘phone home’ and allow some sort of big tech tracking? Is there a solution I should look at which abandons the android part all together? I’ve had a search for android emulator threads in here, but not so much about specific use cases or privacy concerns
Wickrme is working well in a standalone appVM, have had no successes with installing it in templates and executing in appVMs or dispVMs. DispVMs may not be sensible for chat apps anyway as you’ll find you’re signed out and have to log in as a new device each time, which makes intrusion harder to detect. I think with whatsapp trashing your vm or logging out would prompt you to have to re-authenticate with a mobile device, which may not be ideal. In wickrme this causes loss of messages between your shutdown and new log-in if (like me) you keep just trashing the dispVM (or my standalone vm) without logging out. Obvious solution is to always log out. But because wickrme doesnt have 2fa, you need a complex trusty password and would be wise not to store it in the minimal wickrqube you create. Wickr has very few users, and to maintain contact with a lot of people, you’ll need a way to use other services, with or without efforts towards anonymity depending on your needs.
Eventually i need a workable solution that will allow me to operate both professionally and personally with cellphoneVMs, routing various modes of contact over tor, vpn or clearnet depending on use case. I need to be able to, in some instances, make calls to ‘real’ telephone numbers (pseudo anonymously signing up with reputable voip provider likely required).
I invision a wickrme vm, a whastapp vm, a signal vm (probably a desktop app qube), maybe xmppVM (already easily achievable) a 2favm (for authentication, 2fa and sms forwarding if achievable), a skype or google number voip management vm, a professional context voip vm etc. What would you like to see from such a framework?
With all of the above vms could be a dedicated system of firewall ruling and usecases which preserve information related to one service being exposed to another.
Sms forwarding, voicemail inboxes, witheld numbers and ip information, forward signposting to other services etc, could give the user absolute granular control over who knows how to contact you in which ways and who does not.
One option i’ve seen discussed is to have a real phone and simcard that is left with a trusted person or viewed by secutity camera to pick up 2fa messages. The ‘trusted person’ use case could also work well with remote working whereby you funnel your traffic to a proxy at your ‘home address’.
I’m sure some kind of protocol framework and definitive guide for this would be useful. If I can pull it all of i’ll write the guide for people to refer to. This is the most important aspect of qubes for me, maybe it is also for someone else.