On Thu, Jun 22, 2017 at 01:27:28PM -0400, Chris Laprise wrote: > On 06/22/2017 11:40 AM, Ryan Tate wrote: > > I am perplexed by the challenge of containing Twitter use in Qubes. > > > > With Twitter, you must be logged in to effectively read or write. > > > > On the read side, it is a wildly promiscuous experience exposing the > > user to various untrusted sites. Indeed a key goal of using Twitter > > is to discover new sites and media. > > > > On the write side, it is very sensitive, containing private messages, > > the ability to post public messages with significant personal > > reputational risks, and even to do lightweight out-of-band > > authentication for other channels. > > > > If I had to pick from the default VMs, I would probably put Twitter > > in “untrusted” due to the risks on the read side, even though the > > account itself is sensitive and ideally you would not put such write > > capabilities in a "wild west” environment like “untrusted." Perhaps > > better is to just make a “twitter” vm to keep the damage of any > > compromise contained to the Twitter account itself. Most ideal, in > > the future, would be to combine this last approach with a Qubes > > browser add-on and force each non-twitter link to open in another VM, > > either disposable or the “untrusted”. > > > > (Has anyone figured out a better approach?) > > I do two things: > > * Refrain from clicking links; copy to untrusted VM browser instead > > * Turn on https everywhere addon in https-only mode > > The latter means that even if I click on a link, the site visited will at > least have some verification (or else it won't load). >
There is an alternative approach which would be to use a twitter client like corebird, and to configure mimeopen so that links are opened in a disposableVM. I would certainly use a dedicated qube for this. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170623155418.ozwrlaksrdpbzzpb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
