Containing Twitter sessions
Ryan Tate
With Twitter, you must be logged in to effectively read or write.
On the read side, it is a wildly promiscuous experience exposing the user to various untrusted sites. Indeed a key goal of using Twitter is to discover new sites and media.
On the write side, it is very sensitive, containing private messages, the ability to post public messages with significant personal reputational risks, and even to do lightweight out-of-band authentication for other channels.
If I had to pick from the default VMs, I would probably put Twitter in “untrusted” due to the risks on the read side, even though the account itself is sensitive and ideally you would not put such write capabilities in a "wild west” environment like “untrusted." Perhaps better is to just make a “twitter” vm to keep the damage of any compromise contained to the Twitter account itself. Most ideal, in the future, would be to combine this last approach with a Qubes browser add-on and force each non-twitter link to open in another VM, either disposable or the “untrusted”.
(Has anyone figured out a better approach?)
Chris Laprise
* Refrain from clicking links; copy to untrusted VM browser instead
* Turn on https everywhere addon in https-only mode
The latter means that even if I click on a link, the site visited will
at least have some verification (or else it won't load).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
pixel fairy
> (Has anyone figured out a better approach?)
keep your twitter passphrase in vault, use a dispvm.
if your low on resources and want to make a dedicated vm that will be used for twitter and other things, you could use firejail --home, and maybe --x11 as well for isolation. for this to be effective, you'll also need to add "-nolisten local" to your templates qubes-run-xorg.sh https://firejail.wordpress.com
another isolation you can use is firefox containers, which are not enforced sandboxes, but more of a privacy and organizational separation. this feature is in testing. https://testpilot.firefox.com/experiments/containers/
the two work fine together if you want to use them both. if have the resources, i think its better to use a dispvm or dedicated twittervm.
pixel fairy
> if your low on resources and want to make a dedicated vm that will be used for twitter and other things, you could use firejail --home, and maybe --x11 as well for isolation. for this to be effective, you'll also need to add "-nolisten local" to your templates qubes-run-xorg.sh https://firejail.wordpress.com
to clarify, "-nolisten local" should go in the last line, so it should read
exec su -l user -c "/usr/bin/xinit $XSESSION -- $XORG :0 -nolisten local -nolisten tcp vt07 -wr -config xorg-qubes.conf > ~/.xsession-errors 2>&1"
Unman
like corebird, and to configure mimeopen so that links are opened in a
disposableVM.
I would certainly use a dedicated qube for this.
unman
J.M. Porup
> I am perplexed by the challenge of containing Twitter use in Qubes.
>
> If I had to pick from the default VMs, I would probably put Twitter in “untrusted” due to the risks on the read side, even though the account itself is sensitive and ideally you would not put such write capabilities in a "wild west” environment like “untrusted." Perhaps better is to just make a “twitter” vm to keep the damage of any compromise contained to the Twitter account itself. Most ideal, in the future, would be to combine this last approach with a Qubes browser add-on and force each non-twitter link to open in another VM, either disposable or the “untrusted”.
>
> (Has anyone figured out a better approach?)
I use Twitter in a Whonix Workstation template-based Disposable VM.
Open links in a different disposable VM.
hth
jmp
--
J.M. Porup
www.JMPorup.com