Anonymizing MAC adress through dvm ?

46 views
Skip to first unread message

nishi...@gmail.com

unread,
Aug 25, 2016, 5:15:54 PM8/25/16
to qubes-users
Hello everyone,

I was just wondering if you can apply this documentation https://www.qubes-os.org/doc/anonymizing-your-mac-address/ to your disposable VM (like if you like to browse the internet being safe, not saving any data but also preserving your anonymity, in a way like Tails do).

I tried to apply this on the AppVM-dvm, stopped it, then entered "qvm-create-default-dvm nameoftheTemplateVM-on-which-is-based-the-AppVM" in dom0, so eventually it would save the configuration on the img on which is based the new Disposable VM, but it don't seem to work, my interface ID don't change when I type "/sbin/ifconfig" into the new DispVM.

I guess the problem comes from the fact the TemplateVM creates a symlink to /etc/systemd/ to load the service, but as you don't have persistence in dispVM, the process fails, but I'm not sure.

If you have an idea on one could eventually do this, I think it would be a great feature (even if it is already really nice to be able to do so on standard VMs, problem is when you're paranoid you have to trade off in a way between a non anonymous but full secured non persistent model for a more anonymous but less secured one, lol)

Marek Marczykowski-Górecki

unread,
Aug 29, 2016, 10:19:49 PM8/29/16
to nishi...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In theory it can be probably applied there (apply the instruction in the
template - the same way as for sys-net). But in practice it doesn't give
you much more anonymity. First of all, MAC address of the VM network
interface have no relation to your real hardware. It is always
00:16:3e:5e:6c:XX, where XX is ID of the VM. So it gives information
that you use Qubes OS. And if one can read that MAC address, can also
read a dozen other indicators that you use Qubes OS - like running on
Xen, or /var/lib/qubes directory presence, or simply a hostname
("dispXX").

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXxO0/AAoJENuP0xzK19csBKMH/2EvL7/LNwvSM0peXlNpBTZF
NbfYvZzJcqG2KZoI4NM323CeJxINPCh6aXLo4oN4666VJOY8yGsyYyUAes9dYJwy
EWA6phcPd7D9+yEnOul1ELY5/O4xzmtEKsUo+e9fAcRQddi8Pqhflt2slmBMl4eZ
1Taqb7jVMWf/iGYsLRV7B0WAcoHxRrBmkXvQWn2eyEAg7Al1skFgqp89LMLdd+As
n6301yuL6hVadfgcyuJAt7AjOj+pBLGRe+TAHno2327dvYaWOkNTF0b9pEWC+ti3
KOIJmzF0uFCATyAvpWVwgl5MPOsbeyvLe64sgJ+2zP94EigKCByUXKfTvrdHZYA=
=nT2K
-----END PGP SIGNATURE-----

nishi...@gmail.com

unread,
Sep 2, 2016, 11:23:26 AM9/2/16
to qubes-users
Thank you very much for your support :) I understand better how Qubes handles MAC addresses now thanks to you, I was curious about that ^^

Eva Star

unread,
Sep 4, 2016, 1:14:26 PM9/4/16
to qubes...@googlegroups.com
On 08/30/2016 05:19 AM, Marek Marczykowski-Górecki wrote:

> In theory it can be probably applied there (apply the instruction in the
> template - the same way as for sys-net). But in practice it doesn't give
> you much more anonymity. First of all, MAC address of the VM network
> interface have no relation to your real hardware. It is always
> 00:16:3e:5e:6c:XX, where XX is ID of the VM. So it gives information
> that you use Qubes OS. And if one can read that MAC address, can also
> read a dozen other indicators that you use Qubes OS - like running on
> Xen, or /var/lib/qubes directory presence, or simply a hostname
> ("dispXX").
>
Why not add some settings and gill them with some random when OS installed?


--
Regards
Reply all
Reply to author
Forward
0 new messages