On Thu, 14 Feb 2019 16:12:36 +0000
unman <un...@thirdeyesecurity.org> wrote:
>On Wed, Feb 13, 2019 at 08:55:01PM +0000, zxcvw...@scryptmail.com wrote:
>> Hello All,I have a laptop from family that is rarely used,but with windows10
>> installed on it,arguably the most infamous windows version.If I install
>> Qubse4.0 on this laptop, would qubes completely wipe windows10 away? Since
>> some hardware's ID numbers are registered with microsoft in update
>> process,and maybe even UUID, would microsoft still be able to track this
>> laptop when it's online?Second option, is to take off the harddrive with
>> windows10 and change to a completely new one purely for qubes. with the
>> concern above still there-the hard ware records---can microsoft track THIS
>> laptop when it's online?* by installed with windows 10 ---I mean it pressed
>> the agree button on microsoft agreement when new laptop switched on, this
>> stage is offline, and pressed 'update' button, and fully updated with
>> microsoft and registered with it, this part is online.Please advise, thank
>> you
>>
>
>That's a really good question.
>Certainly MS will have some information about the hardware configuration
>of that laptop. That doesnt mean that MS would be able to track you
>online, but it does raise the issue that IF someone were able to get
>information about the hardware and IF they were able to get information
>from MS THEN they would be able to trace it back to you.
>When you install Qubes there are options to delete existing partitions,
>and if you choose to encrypt Qubes (I seem to recall that) the existing
>partitions will be overwritten, so the old Windows will be gone.
>
>If you are seriously worried about these issues I would recommend
>getting a burner laptop with new drive and look in to the use of
>Whonix-Qubes, or Qubes and Tor. If you are just somewhat concerned then to
>be honest a simple wipe and install of Qubes would be enough.
>
>unman
>
I prefer to go a step farther and use a laptop which can have the bios
overwritten with coreboot, sans Intel ME. This limits to laptops of a certain
age/design, and I currently use a Lenovo T520. The newest Lenovo laptop which
ME can be completely removed is the X1 Carbon GEN 1. After that, the best you
can do is set the HAP bit...which still relies on some of the "blobs" and the
early part of the ME. I have not messed with doing either, and have a "guy"
who coreboots my bios for me at present.
With the recent revelations about Austrailia's laws and the maintainers of
Whonix, I would not trust it to provide anonymity. Nevertheless, coreboot is a
good start.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20190214103136.5e768a06%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
