traveling - best practice

[haaber]

Hello, I wonder how you behave when traveling, for example in places
with cameras all around. I feel uncomfortable to enter my passwords in
such situations. Of course I can simply not turn my computer on. But
sometimes you have several hours in an airport .. I thought about 3
options.

0) Change all (disk / user) pwd before & after traveling (how do I
change the disk pwd?).

1) Pull out my tails usbkey and surf with that?

2) maybe it woud be nice to have an additional "single cube"
usr/password : when using this user name, one would get a single
disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
feasable / reasonable?

how do you cope with that? Thank you, Bernhard

[Franz]

But is the resolution of these cameras high and fast enough to be able to read the movements of my 10 fingers all working together and covering the whole keyboard?

I installed a high definition security ethernet camera in my home, but resolution and speed are not that spectacular.

There are mini-cameras that can be hidden, but resolution is worse.

So cameras can be easily identified and  I suppose it is enough to avoid sitting down  having a camera just over your shoulders.

Best

Fran

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de.
For more options, visit https://groups.google.com/d/optout.

[Connor Page]

if you're afraid of cameras, just cover it all when entering sensitive information like citizen four did.
don't ever enter LUKS passphrase if someone else had an opportunity to boot your laptop without your direct supervision.in that case yes, a live USB drive is your friend until it is safe to confirm that boot sequence wasn't altered and you can trust the bootloader, kernel etc.
I am not that paranoid, so just use a yubikey as a second factor for crowded places and under cameras.

[Jake]

On 02/07/2017 08:43 AM, Franz wrote:

On Tue, Feb 7, 2017 at 10:09 AM, haaber <haa...@web.de> wrote:

Hello,  I wonder how you behave when traveling, for example in places
with cameras all around. I feel uncomfortable to enter my passwords in
such situations. Of course I can simply not turn my computer on.  But
sometimes you have several hours in an airport ..  I thought about 3
options.

0) Change all (disk / user) pwd before & after traveling (how do I
change the disk pwd?).

1) Pull out my tails usbkey and surf with that?

2) maybe it woud be nice to have an additional  "single cube"
usr/password : when using this user name, one would get a single
disposable untrusted VM,  no dom0 acces, no USB, and so forth. Is that
feasable / reasonable?

how do you cope with that? Thank you, Bernhard

But is the resolution of these cameras high and fast enough to be able to read the movements of my 10 fingers all working together and covering the whole keyboard?

I installed a high definition security ethernet camera in my home, but resolution and speed are not that spectacular.

There are mini-cameras that can be hidden, but resolution is worse.

So cameras can be easily identified and  I suppose it is enough to avoid sitting down  having a camera just over your shoulders.

i am a strong proponent of entirely removing both microphones and cameras in all computing devices. even with a hardware switch, you can't know it's actually disabled, whereas when you remove the mics and cameras, you can be confident they are disabled.

this can be done to pretty much any laptop, but it may void your warranty, so if you care about that kind of stuff, keep that in mind. it typically takes 1-2 hours to disassemble and reassemble a laptop when doing this.

Best

Fran

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.

To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAizi%2B%2BkUxeCpwiZvT%3DgvEFVPHaDhqDQGWb1AqC2FGjBQ%40mail.gmail.com.

[Tai...@gmx.com]

On 02/07/2017 03:36 PM, Jake wrote:
> On 02/07/2017 08:43 AM, Franz wrote:
>
> >
> >

> > On Tue, Feb 7, 2017 at 10:09 AM, haaber <haa...@web.de <mailto:haa...@web.de>>

It doesn't void your warranty unless you damage something, the "warranty
void if removed" stickers have no legal backing in most countries due to
1970's automobile repair laws in regards to the "authorized repair
center" bullshit.

It takes around 10 minutes for every laptop I have done it on, certainly
not hours and hours.

[pixel fairy]

On Tuesday, February 7, 2017 at 5:09:45 AM UTC-8, haaber wrote:
> Hello, I wonder how you behave when traveling, for example in places
> with cameras all around. I feel uncomfortable to enter my passwords in
> such situations. Of course I can simply not turn my computer on. But

most "security" cameras cant see much. but the cloud of cell phones
and any cameras worn by those looking to do this will have little trouble
seeing and hearing your passphrases.

you could use a yubikey to type your passphrase in, though be careful of
pick pockets.

you could also velcro some cloth around the lid like this, https://goo.gl/photos/py8qdxRPtoz3PGL19

if you do, make sure theres some going around the front too. then use it with your back to two corners.

someone could still pick up your typing with a good directional mic, but then
you have a different threat model.

in this case, you could have your laptop unlocked and suspended, with a
qrexec service to shut it down should it leave, for example, the vicinity of your cell phone or NFC implant.

> sometimes you have several hours in an airport .. I thought about 3
> options.
>
> 0) Change all (disk / user) pwd before & after traveling (how do I
> change the disk pwd?).

everything you ever wanted to know about luks, https://gitlab.com/cryptsetup/cryptsetup

> 1) Pull out my tails usbkey and surf with that?

yes. or, better yet, tails on a dummy netbook or chromebook.

>
> 2) maybe it woud be nice to have an additional "single cube"
> usr/password : when using this user name, one would get a single
> disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
> feasable / reasonable?

this goes back some earlier discussions. easiest way is to dual boot
your laptop.

>
> how do you cope with that? Thank you, Bernhard

leave it off, walk around, see the local art. sample the chocolate and coffee.
try not to work.

[john.david.r.smith]

On 07/02/17 14:09, haaber wrote:
> Hello, I wonder how you behave when traveling, for example in places
> with cameras all around. I feel uncomfortable to enter my passwords in
> such situations. Of course I can simply not turn my computer on. But
> sometimes you have several hours in an airport .. I thought about 3
> options.
>
> 0) Change all (disk / user) pwd before & after traveling (how do I
> change the disk pwd?).

i already had the same question.
I think a simple way to do this from dom0 would be nice (simple = one terminal call and not digging around in some config files)

> 1) Pull out my tails usbkey and surf with that?

do you always allow booting from usb? (in my case the bios pw is required and i would not want to enter it)

> 2) maybe it woud be nice to have an additional "single cube"
> usr/password : when using this user name, one would get a single
> disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
> feasable / reasonable?

i think this would be a nice feature

[Jean-Philippe Ouellet]

> 2) maybe it woud be nice to have an additional "single cube"
> usr/password : when using this user name, one would get a single
> disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that
> feasable / reasonable?

I want something similar to this too, but there are several things
which need to be implemented first in order for it to be able to be
implemented securely, particularly splitting out the desktop
environment / window manager / main gui out from dom0.

https://github.com/QubesOS/qubes-issues/issues/833

Progress is being made, albeit rather slowly. More funding would
accelerate this work ;)

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Right now, it's very difficult. I just try to be very careful when
entering passphrases. If I have insufficient privacy, I don't enter
them at all. Once per-VM encryption is implemented, it should help
with many aspects of this problem:

https://github.com/QubesOS/qubes-issues/issues/1293

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYm45hAAoJENtN07w5UDAwEuIP/2tYktkKEBzmPmUZo7Ewb9mR
Pn3xMdF6kFHvrhK+cUTHYqC0+bejXuspV7jEtgLBJxhfkhhBtwhgMoR1cvcwRIAt
heQl+3rhvc/5S8hNYhUGKce2rd1cNTgLwR8P9P1lqTLX0uwU9xaSRimlBssomr1r
XWnrinxnzyXBfBivbDxxK66cwbgwcJBxoCRIwIfYgk9Mcshjr+LTC2ibE6kPhq50
FJQ3Tl9oMFyjtBGEWHijOal1S0oLZeainm/xXfz79X40BrzH2VtSWE44qw8XbWIE
UwLnuxTc7rkEPK4udPfcqQ+fvQqTYNWlmaAD03q9v/pyulbZEARLOWt7DLlQbkpv
k9FPx0Qq24NbqUhwqMHF9322I0+HZhu1BlBL9q/0sgCA392uAcS6dybWya3Xq/Bd
598YEbG1sW5Lvrcm96k1aJPcDiKHSBZwXJdOYcz2BFJwiw8cDL/GnvBOjqzbs3Du
xQDGx8OpZpU2dPGzqfcabmixBQ+//FHI2amWhydsa4gK7+bBrtxLd/4G9y6Il7hO
rPhEE3J3b0ulyutQlyj3f7MdHaimbkpG0G5iQHkYdA6BhBSpSGcTc43qBUaHnU7x
aCYFzfxssrdh18KB8hkiEQWOIfBVd8s5NAyPSlbPOlwHpwUoNQ2rwNbztHRIMtuh
teum5x/tlvZKTJEjugiv
=T7+Z
-----END PGP SIGNATURE-----

[0xDEADBEEF00]

Interesting topic...

I would like to here more about how people handle this.

On my side, I'would never work on sensitive information in such a situation.

To make just some surfing in public place, my laptop is installed with a standard w10 that I use only to check a generic mailbox with on sensitive information, do some nonsensitive work and surf. By the way, the boot sequence of my laptop is set to boot this partition by default with no menu or prompt of any kind. If I want to boot into qubes, I have to do it manually by interupting the boot sequence.

This also serves as a decoy, if I'm forced to boot my laptop when passing borders or so.

Best,

0xdeadbeef

Sent with ProtonMail Secure Email.

--

You received this message because you are subscribed to the Google Groups "qubes-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.

To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f778e42-ae04-4d12-ac5e-ae60e41c675f%40googlegroups.com.

[john.david.r.smith]

On 10/02/17 11:53, '0xDEADBEEF00' via qubes-users wrote:
> Interesting topic...
>
> I would like to here more about how people handle this.
>
> On my side, I'would never work on sensitive information in such a situation.
> To make just some surfing in public place, my laptop is installed with a standard w10 that I use only to check a generic mailbox with on sensitive information, do some nonsensitive work and surf. By the way, the boot sequence of my laptop is set to boot this partition by default with no menu or prompt of any kind. If I want to boot into qubes, I have to do it manually by interupting the boot sequence.
> This also serves as a decoy, if I'm forced to boot my laptop when passing borders or so.
>
> Best,
>
> 0xdeadbeef

dual booting opens a whole new attack surface.
is there a way to deal with this?
the other os may not be able to read/modify qubes due to encryption, but it can write something malicious on the disk (e.g. some loader running before qubes)

[pixel fairy]

On Friday, February 10, 2017 at 3:02:23 AM UTC-8, john.david.r.smith wrote:
> On 10/02/17 11:53, '0xDEADBEEF00' via qubes-users wrote:

...

> > This also serves as a decoy, if I'm forced to boot my laptop when passing borders or so.
> >
> > Best,
> >
> > 0xdeadbeef
>
> dual booting opens a whole new attack surface.
> is there a way to deal with this?
> the other os may not be able to read/modify qubes due to encryption, but it can write something malicious on the disk (e.g. some loader running before qubes)

thats what AEM is for, but then, on most laptops, you lose iommu protection. the lemur7 from system76 has a pci bridged sd card reader, but you cant boot from it!
if 0xdeadbeef is running on the dummy partition most of the time, this probably is not a problem, unless it runs into a badusb that can compromise bios or firmware.

some laptops can have multiple internal drives, but since sometime after 2010, they stopped letting you disable devices in bios. havent found any modern ones that let you do this.

maybe something can be done with coreboot if bootguard is disabled. but then you dont have bootguard protecting your bios.

[Jake]

while i can't deny the utility of a decoy, dual booting does indeed open
a new attack surface, e.g. win10 gremlin rewrites the bootloader on your
non-win10 partitions in a way that caches your disk passphrase somewhere
win10 can access it next time it boots.

the best policy with windows is to never use it under any circumstances,
provided you can manage it.