in Q the Firefox battery fingerprinting is enabled.
https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/
Manual you might disable it:
1. start Firefox
2. open the URL about:config
3. scroll down to dom.battery.enabled and disable this feature
It would be nice if the DispVM has running a Firefox, which don't support the fingerprinting (or even better, a real secure-browser...)
Kind Regards
good to know that Firefox and other mainstream-browser's spy-features don't work inside the Q-VMs.
But here are many ways to find out, who is sitting in front of the screen, without get logged in, e.g. also keyboard-typing-patterns and mouse movements...
So for ebanking and free of digital dicriminating shopping I should use Whonix?
And must I run the Tor network in the background, or can I use Whonix also just as the Qubes Secure Browser?
The browser is normally the direct interface to the network, so there might be many reasons, why some organisations have a huge interesst to get this pice of software under their control - instead that you control your laptop (& software).
Today there are many "Secure Browser", e.g. like Kaspersky on the market and every browser claims to be more secure than the competitor (on another definition of security in the background).
For eBanking it would be a nice solution, if the bank offers a digital counter behind the first banking firewall and you can reach this terminal via an screensharing from a safe endpoint and the screensharing has some embedded authentification and strong enryption in place.
But 2016 this sounds like science fiction.
So I thought some good robust Secure Browser, which by the way only need some basic navigation (videos are here not in the scope) and could be more slim and robust than any mainstream browser.
Thanks and Kind Regards
many times technology can be used in both sides good and e*
My first concern with this internet and lack of IT-security is, that in some main-stream browsers you have enough backdoors to book in the second you type in your credit-card information in parallel for you on another place with a another delivering-address of course...
In my eyes a hard browser focused to the financial goals of the owner will be quite helpful in this crazy internet game.
Tor, I'm afraid will be also a perfect tool to deliver a hidden command and control structure (e.g. my QR31 was not updating anything any more...).
"Of the top twenty most popular Tor addresses, eleven are command and control centres for botnets, including all of the top five."
So Tor will be useful on a live-QubesOS DVD in a dual mode, if you need Whonix browser + Tor Features, e.g. for security-research without the tracing features of the network.
It's so hard to get an coherent picture about the good and robust internet infrastructure. Perhaps a new kind of network will get this straight out of the box.... one day in the far far future...
A how to do banking, shopping ans surfing-guide will be quite helpful to get a solid baseline towards a better safe internet-experience.
Thanks and Kind Regards