--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de.
For more options, visit https://groups.google.com/d/optout.
On 02/07/2017 08:43 AM, Franz wrote:
On Tue, Feb 7, 2017 at 10:09 AM, haaber <haa...@web.de> wrote:
Hello, I wonder how you behave when traveling, for example in places
with cameras all around. I feel uncomfortable to enter my passwords in
such situations. Of course I can simply not turn my computer on. But
sometimes you have several hours in an airport .. I thought about 3
options.
0) Change all (disk / user) pwd before & after traveling (how do I
change the disk pwd?).
1) Pull out my tails usbkey and surf with that?
2) maybe it woud be nice to have an additional "single cube"
usr/password : when using this user name, one would get a single
disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
feasable / reasonable?
how do you cope with that? Thank you, Bernhard
But is the resolution of these cameras high and fast enough to be able to read the movements of my 10 fingers all working together and covering the whole keyboard?
I installed a high definition security ethernet camera in my home, but resolution and speed are not that spectacular.
There are mini-cameras that can be hidden, but resolution is worse.
So cameras can be easily identified and I suppose it is enough to avoid sitting down having a camera just over your shoulders.
--Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAizi%2B%2BkUxeCpwiZvT%3DgvEFVPHaDhqDQGWb1AqC2FGjBQ%40mail.gmail.com.
most "security" cameras cant see much. but the cloud of cell phones
and any cameras worn by those looking to do this will have little trouble
seeing and hearing your passphrases.
you could use a yubikey to type your passphrase in, though be careful of
pick pockets.
you could also velcro some cloth around the lid like this, https://goo.gl/photos/py8qdxRPtoz3PGL19
if you do, make sure theres some going around the front too. then use it with your back to two corners.
someone could still pick up your typing with a good directional mic, but then
you have a different threat model.
in this case, you could have your laptop unlocked and suspended, with a
qrexec service to shut it down should it leave, for example, the vicinity of your cell phone or NFC implant.
> sometimes you have several hours in an airport .. I thought about 3
> options.
>
> 0) Change all (disk / user) pwd before & after traveling (how do I
> change the disk pwd?).
everything you ever wanted to know about luks, https://gitlab.com/cryptsetup/cryptsetup
> 1) Pull out my tails usbkey and surf with that?
yes. or, better yet, tails on a dummy netbook or chromebook.
>
> 2) maybe it woud be nice to have an additional "single cube"
> usr/password : when using this user name, one would get a single
> disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
> feasable / reasonable?
this goes back some earlier discussions. easiest way is to dual boot
your laptop.
>
> how do you cope with that? Thank you, Bernhard
leave it off, walk around, see the local art. sample the chocolate and coffee.
try not to work.
--You received this message because you are subscribed to the Google Groups "qubes-users" group.To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f778e42-ae04-4d12-ac5e-ae60e41c675f%40googlegroups.com.
thats what AEM is for, but then, on most laptops, you lose iommu protection. the lemur7 from system76 has a pci bridged sd card reader, but you cant boot from it!
if 0xdeadbeef is running on the dummy partition most of the time, this probably is not a problem, unless it runs into a badusb that can compromise bios or firmware.
some laptops can have multiple internal drives, but since sometime after 2010, they stopped letting you disable devices in bios. havent found any modern ones that let you do this.
maybe something can be done with coreboot if bootguard is disabled. but then you dont have bootguard protecting your bios.