cognitive issues when default is to use tor
73 views
Skip to first unread message
Oleg Artemiev
Jul 4, 2017, 1:34:17 PM7/4/17
to qubes...@googlegroups.com, Andrew David Wong
Hi.
I'm not very glad w/ defaults provided in Qubes OS.
Are there any chances the situation 'll get fixed?
Details:
I've no real trust to https - this is reputation scheme.
I've no real trust to tor - exit nodes sniff.
I've installed new instance w/ tor as default.
I've two network VMs w/ diffrent networking defaults.
I'm switching my work VM to get run w/o tor.
Ooops - my work VM has now no firewall VM attached.
This is bad default - isn't it?
Why should I go via tor w/ work VM even when sitting in the office?
Tor exit nodes should not know anything about my work.
Also tor makes things run slower.
Shouldn't we have have a trigger transparently applying firewall VM
when network VM has changed?
--
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/
I'm not very glad w/ defaults provided in Qubes OS.
Are there any chances the situation 'll get fixed?
Details:
I've no real trust to https - this is reputation scheme.
I've no real trust to tor - exit nodes sniff.
I've installed new instance w/ tor as default.
I've two network VMs w/ diffrent networking defaults.
I'm switching my work VM to get run w/o tor.
Ooops - my work VM has now no firewall VM attached.
This is bad default - isn't it?
Why should I go via tor w/ work VM even when sitting in the office?
Tor exit nodes should not know anything about my work.
Also tor makes things run slower.
Shouldn't we have have a trigger transparently applying firewall VM
when network VM has changed?
--
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/
wordsw...@gmail.com
Jul 5, 2017, 7:35:25 AM7/5/17
to qubes-users, a...@qubes-os.org
My understanding is that you shouldn't be accessing Tor through anything but anon-whonix or a copy of that VM (this might be wrong). I'm not sure what metadata your work applications may leak that will compromise the anonymity of your Tor connection. You should do some reading up on whonix.
But if you don't trust Tor more than https, when are you using it?
If you want to create a secure connection to your office, I think the best tool to use is VPN.
I'm not sure what kind of trigger you're looking for, but I'm sure that you could write a script that will make it happen.
cooloutac
Jul 5, 2017, 10:19:32 PM7/5/17
to qubes-users, a...@qubes-os.org
I agree I don't use tor for anything I type a password into. I use tor for random untrusted webpages only. Sometimes I just use tor to compare a key or cert, a trick I learned from Qubes forums.
cooloutac
Jul 5, 2017, 10:24:32 PM7/5/17
to qubes-users, a...@qubes-os.org
also I should add, they have new feature to update with tor. but I also wonder how better that is because it seems to me tor is attacked with fake keys more then anything. And all it takes is for the user to hit y one time.
I can count dozens upon doznes of times i had to make sure i hit n. and kept trying till I got a verified key. I've mean i posted so much about it on whonix I pissed the guy off. not just wrong keys but servers going out. But I can only count 1 or 2 times that happened through my regular connection.
cooloutac
Jul 5, 2017, 10:25:23 PM7/5/17
to qubes-users, a...@qubes-os.org
I don't let my family update dom0 anymore.
Oleg Artemiev
Jul 12, 2017, 5:44:32 PM7/12/17
to cooloutac, qubes-users, Andrew David Wong
anyway - all defaults bound on idea of one netvm and one firewall vm.
This is not good for a custom scheme. I miss a network map feature.
Finally when I'm busy I giveup and leave defaults. I currently use tor
w/ whonix blindly trusting them made all right. This is damn slow.
This makes my google and yandex search engines (and lots of other
sites) ask me "you're not a robot". Very annoying. No easy GUI fall
back to non-tor defaults. Hrrm. Next time I'll start w/o Tor layer as
default - the setting finally makes me loose my time.
Oleg Artemiev
Jul 12, 2017, 5:51:32 PM7/12/17
to wordsw...@gmail.com, qubes-users, Andrew David Wong
On Wed, Jul 5, 2017 at 2:35 PM, <wordsw...@gmail.com> wrote:
> My understanding is that you shouldn't be accessing Tor through anything but anon-whonix or a copy of that VM (this might be wrong). I'm not sure what metadata your work applications may leak that will compromise the anonymity of your Tor connection. You should do some reading up on whonix.
>
> But if you don't trust Tor more than https, when are you using it?
Just to test how it works. W/o using I've no experience - do I?
> My understanding is that you shouldn't be accessing Tor through anything but anon-whonix or a copy of that VM (this might be wrong). I'm not sure what metadata your work applications may leak that will compromise the anonymity of your Tor connection. You should do some reading up on whonix.
>
> But if you don't trust Tor more than https, when are you using it?
>
> If you want to create a secure connection to your office, I think the best tool to use is VPN.
>
> I'm not sure what kind of trigger you're looking for, but I'm sure that you could write a script that will make it happen.
Low in time - give up and use it as it goes .
Oleg Artemiev
Jul 12, 2017, 5:55:24 PM7/12/17
to cooloutac, qubes-users, Andrew David Wong
On Thu, Jul 6, 2017 at 5:24 AM, cooloutac <raah...@gmail.com> wrote:
> On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
>> On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
>> > Hi.
>> >
>> > I'm not very glad w/ defaults provided in Qubes OS.
>> > Are there any chances the situation 'll get fixed?
>> >
>> > Details:
>> > I've no real trust to https - this is reputation scheme.
>> > I've no real trust to tor - exit nodes sniff.
>> >
>> > I've installed new instance w/ tor as default.
>> > I've two network VMs w/ diffrent networking defaults.
>> >
>> > I'm switching my work VM to get run w/o tor.
>> > Ooops - my work VM has now no firewall VM attached.
>> > This is bad default - isn't it?
>> >
>> > Why should I go via tor w/ work VM even when sitting in the office?
>> > Tor exit nodes should not know anything about my work.
>> > Also tor makes things run slower.
>> >
>> > Shouldn't we have have a trigger transparently applying firewall VM
>> > when network VM has changed?
[]
> On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
>> On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
>> > Hi.
>> >
>> > I'm not very glad w/ defaults provided in Qubes OS.
>> > Are there any chances the situation 'll get fixed?
>> >
>> > Details:
>> > I've no real trust to https - this is reputation scheme.
>> > I've no real trust to tor - exit nodes sniff.
>> >
>> > I've installed new instance w/ tor as default.
>> > I've two network VMs w/ diffrent networking defaults.
>> >
>> > I'm switching my work VM to get run w/o tor.
>> > Ooops - my work VM has now no firewall VM attached.
>> > This is bad default - isn't it?
>> >
>> > Why should I go via tor w/ work VM even when sitting in the office?
>> > Tor exit nodes should not know anything about my work.
>> > Also tor makes things run slower.
>> >
>> > Shouldn't we have have a trigger transparently applying firewall VM
>> > when network VM has changed?
> also I should add, they have new feature to update with tor. but I also wonder how better that is because it seems to me tor is attacked with fake keys more then anything. And all it takes is for the user to hit y one time.
Qubes team keys for Dom0 updates should be preinstalled - aren't them?
> I can count dozens upon doznes of times i had to make sure i hit n. and kept trying till I got a verified key. I've mean i posted so much about it on whonix I pissed the guy off. not just wrong keys but servers going out. But I can only count 1 or 2 times that happened through my regular connection.
Reply all
Reply to author
Forward
0 new messages