Re: Re: [qubes-users] How does dropbox know that I‘m using qubes?
On Thursday, June 20, 2019 at 5:16:28 AM UTC-4, cy...@protonmail.com wrote: > Any other suggestions how servers can determine the client kernel version > when browsing with the pre-installed fedora browser? Does the template have flash installed? Actionscript's OS.Capabilities can readout the linux kernel version, I think. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/93b692e6-8e30-4dd1-80fc-2da6856eb840%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Fwd: Re: [qubes-users] How does dropbox know that I‘m using qubes?
> -- Weitergeleitete Nachricht -- > Von: Claudia > Datum: Ein Di., Juni 18, 2019 um 07:18 > Betreff: Fwd: Re: [qubes-users] How does dropbox know that I‘m using qubes? > An: , > CC: > Stefan Schlott: >> On 6/18/19 12:39 PM, cycle via qubes-users wrote: >> >>> recently I logged in into dropbox with a browser from my qubes box and >>> had to confirm my login. Afterwards I got a mail saying that there was >>> an login attempt from: >>> >>> *Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 >>> >>> *How can I avoid that this information is send to servers? Is it part of >>> the http header? >> >> My guess: You have the Dropbox sync client installed. >> "4.14.116-1.pvops.qubes.x86_64" is part of the kernel id - you can see >> it for yourself using "uname -a". >> >> >> Stefan. >> > > Something you could try, if Dropbox is indeed using uname(2) to get this > info, is editing the systemd service file to lock down the Dropbox > process (see systemd.exec(5) man page). I'm thinking something along the > lines of > SystemCallFilter=~uname:EPERM > but there's a good chance Dropbox will just crash, depending on how good > its error handling is. > > If Dropbox can't handle an error from uname, you may be able to find or > write something that fakes it by way of LD_PRELOAD. > I don‘t think it‘s an dropbox client issue. I received the e-mail with this kernel statement when I logged in from a dvm with no dropbox installed. That‘s why I‘m thinking that the dropbox web server somehow extract that info from my browser requests. Any other suggestions how servers can determine the client kernel version when browsing with the pre-installed fedora browser? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/RW8a-16cxlUrWh4PagiQrpu4JEfA8_NxisufJR42N-MUmvo5XJbQbMvIdT3bQEeIo0qdAH0ISak0DgF0kd-qfd5ryuSPhWOMFQeus7cF2Q8%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How does dropbox know that I‘m using qubes?
Stefan Schlott: On 6/18/19 12:39 PM, cycle via qubes-users wrote: recently I logged in into dropbox with a browser from my qubes box and had to confirm my login. Afterwards I got a mail saying that there was an login attempt from: *Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 *How can I avoid that this information is send to servers? Is it part of the http header? My guess: You have the Dropbox sync client installed. "4.14.116-1.pvops.qubes.x86_64" is part of the kernel id - you can see it for yourself using "uname -a". Stefan. Something you could try, if Dropbox is indeed using uname(2) to get this info, is editing the systemd service file to lock down the Dropbox process (see systemd.exec(5) man page). I'm thinking something along the lines of SystemCallFilter=~uname:EPERM but there's a good chance Dropbox will just crash, depending on how good its error handling is. If Dropbox can't handle an error from uname, you may be able to find or write something that fakes it by way of LD_PRELOAD. Sort of like libfaketime, but for uname instead of time. I thought I remembered something about torsocks being able to do this, but I looked and didn't see anything about uname in the man pages. Note: you may also want to hide some files from the process, for example InaccessiblePaths=/proc/sys/kernel/osrelease In addition, there are probably tons of other ways a program can find out this information and other Qubes-identifying stuff. So it may take some trial and error, and it may not apply to a wide range of other programs. If you really want to get down and dirty, you can try running it through strace and find out exactly where it's getting what info from. - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/240a7ecf-3e0f-e9d8-695e-7b0ce44cdca8%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How does dropbox know that I‘m using qubes?
On 6/18/19 12:39 PM, cycle via qubes-users wrote: > recently I logged in into dropbox with a browser from my qubes box and > had to confirm my login. Afterwards I got a mail saying that there was > an login attempt from: > > *Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 > > *How can I avoid that this information is send to servers? Is it part of > the http header? My guess: You have the Dropbox sync client installed. "4.14.116-1.pvops.qubes.x86_64" is part of the kernel id - you can see it for yourself using "uname -a". Stefan. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c56ebc8c-1e7e-61f2-f03b-516a7394ebbe%40ploing.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How does dropbox know that I‘m using qubes?
Hi, recently I logged in into dropbox with a browser from my qubes box and had to confirm my login. Afterwards I got a mail saying that there was an login attempt from: Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 How can I avoid that this information is send to servers? Is it part of the http header? Txs - Eva -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/IsTFC5a7IQruf6St8gCurmUhXEa8PgfFCovHdK4N4aaIMyi9QnUzSwnGi6Fu02_TdhE38H5NRgt1vCz-uegb_9sezRqDX7whdbfCZ6od6aI%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
