Re: [qubes-users] Re: cognitive issues when default is to use tor

[Oleg Artemiev]

On Thu, Jul 6, 2017 at 5:24 AM, cooloutac  wrote:
> On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
>> On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
>> > Hi.
>> >
>> > I'm not very glad w/ defaults provided in Qubes OS.
>> > Are there any chances the situation 'll get fixed?
>> >
>> > Details:
>> > I've no real trust to https - this is reputation scheme.
>> > I've no real trust to tor - exit nodes sniff.
>> >
>> > I've installed new instance w/ tor as default.
>> > I've two network VMs w/ diffrent networking defaults.
>> >
>> > I'm switching my work VM to get run w/o tor.
>> > Ooops - my work VM has now no firewall VM attached.
>> > This is bad default - isn't it?
>> >
>> > Why should I go via tor w/ work VM even when sitting in the office?
>> > Tor exit nodes should not know anything about my work.
>> > Also tor makes things run slower.
>> >
>> > Shouldn't we have have a trigger transparently applying firewall VM
>> > when network VM has changed?
[]
> also I should add,  they have new feature to update with tor.  but I also 
> wonder how better that is because it seems to me tor is attacked with fake 
> keys more then anything.  And all it takes is for the user to hit y one time.
Qubes team keys for Dom0 updates should be preinstalled  - aren't them?

> I can count dozens upon doznes of times i had to make sure i hit n.  and kept 
> trying till I got a verified key. I've mean i posted so much about it on 
> whonix I pissed the guy off.  not just wrong keys but servers going out.   
> But I can only count 1 or 2 times that happened through my regular connection.


-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6O3z60xMZUDO1q0oHUoxU66fEYnWSout8JXYV9OAQTE0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: cognitive issues when default is to use tor

[Oleg Artemiev]

On Wed, Jul 5, 2017 at 2:35 PM,   wrote:
> My understanding is that you shouldn't be accessing Tor through anything but 
> anon-whonix or a copy of that VM (this might be wrong). I'm not sure what 
> metadata your work applications may leak that will compromise the anonymity 
> of your Tor connection. You should do some reading up on whonix.
>
> But if you don't trust Tor more than https, when are you using it?
Just to test how it works. W/o using I've no experience - do I?

>
> If you want to create a secure connection to your office, I think the best 
> tool to use is VPN.
>
> I'm not sure what kind of trigger you're looking for, but I'm sure that you 
> could write a script that will make it happen.
Yep. Though scripting for everything sooner or later becomes annoying.
Low in time - give up and use it as it goes .


-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6M9Pjp-kjVdH2jrkDsmyEZsCOTo7f%3DNtLxOa4khCZ%2B8Mw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: cognitive issues when default is to use tor

[Oleg Artemiev]

On Thu, Jul 6, 2017 at 5:25 AM, cooloutac  wrote:
> On Wednesday, July 5, 2017 at 10:24:32 PM UTC-4, cooloutac wrote:
>> On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
>> > On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
>> > > Hi.
>> > >
>> > > I'm not very glad w/ defaults provided in Qubes OS.
>> > > Are there any chances the situation 'll get fixed?
>> > >
>> > > Details:
>> > > I've no real trust to https - this is reputation scheme.
>> > > I've no real trust to tor - exit nodes sniff.
>> > >
>> > > I've installed new instance w/ tor as default.
>> > > I've two network VMs w/ diffrent networking defaults.
>> > >
>> > > I'm switching my work VM to get run w/o tor.
>> > > Ooops - my work VM has now no firewall VM attached.
>> > > This is bad default - isn't it?
>> > >
>> > > Why should I go via tor w/ work VM even when sitting in the office?
>> > > Tor exit nodes should not know anything about my work.
>> > > Also tor makes things run slower.
>> > >
>> > > Shouldn't we have have a trigger transparently applying firewall VM
>> > > when network VM has changed?
>> > >
>> > > --
>> > > Bye.Olli.
>> > > gpg --search-keys grey_olli , use key w/ fingerprint below:
>> > > Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
>> > > Blog keys (the blog is mostly in Russian): 
>> > > http://grey-olli.livejournal.com/tag/
>> >
>> > I agree I don't use tor for anything I type a password into.  I use tor 
>> > for random untrusted webpages only.  Sometimes I just use tor to compare a 
>> > key or cert,  a trick I learned from Qubes forums.
>>
>> also I should add,  they have new feature to update with tor.  but I also 
>> wonder how better that is because it seems to me tor is attacked with fake 
>> keys more then anything.  And all it takes is for the user to hit y one time.
>>
>> I can count dozens upon doznes of times i had to make sure i hit n.  and 
>> kept trying till I got a verified key. I've mean i posted so much about it 
>> on whonix I pissed the guy off.  not just wrong keys but servers going out.  
>>  But I can only count 1 or 2 times that happened through my regular 
>> connection.
>
> I don't let my family update dom0 anymore.
haha. Nice )

anyway - all defaults bound on idea of one netvm and one firewall vm.
This is not good for a custom scheme. I miss a network map feature.
Finally when I'm busy I giveup and leave defaults. I currently use tor
w/ whonix blindly trusting them made all right. This is damn slow.
This makes my google and yandex search engines (and lots of other
sites) ask me "you're not a robot". Very annoying. No easy GUI fall
back to non-tor defaults. Hrrm. Next time I'll start w/o Tor layer as
default - the setting finally makes me loose my time.


-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Pj2eKOtsK10HxKV%2BWave56nuN9NsZz1qX8qa2oODtkug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: cognitive issues when default is to use tor

[cooloutac]

On Wednesday, July 5, 2017 at 10:24:32 PM UTC-4, cooloutac wrote:
> On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
> > On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
> > > Hi.
> > > 
> > > I'm not very glad w/ defaults provided in Qubes OS.
> > > Are there any chances the situation 'll get fixed?
> > > 
> > > Details:
> > > I've no real trust to https - this is reputation scheme.
> > > I've no real trust to tor - exit nodes sniff.
> > > 
> > > I've installed new instance w/ tor as default.
> > > I've two network VMs w/ diffrent networking defaults.
> > > 
> > > I'm switching my work VM to get run w/o tor.
> > > Ooops - my work VM has now no firewall VM attached.
> > > This is bad default - isn't it?
> > > 
> > > Why should I go via tor w/ work VM even when sitting in the office?
> > > Tor exit nodes should not know anything about my work.
> > > Also tor makes things run slower.
> > > 
> > > Shouldn't we have have a trigger transparently applying firewall VM
> > > when network VM has changed?
> > > 
> > > -- 
> > > Bye.Olli.
> > > gpg --search-keys grey_olli , use key w/ fingerprint below:
> > > Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
> > > Blog keys (the blog is mostly in Russian): 
> > > http://grey-olli.livejournal.com/tag/
> > 
> > I agree I don't use tor for anything I type a password into.  I use tor for 
> > random untrusted webpages only.  Sometimes I just use tor to compare a key 
> > or cert,  a trick I learned from Qubes forums.
> 
> also I should add,  they have new feature to update with tor.  but I also 
> wonder how better that is because it seems to me tor is attacked with fake 
> keys more then anything.  And all it takes is for the user to hit y one time.
> 
> I can count dozens upon doznes of times i had to make sure i hit n.  and kept 
> trying till I got a verified key. I've mean i posted so much about it on 
> whonix I pissed the guy off.  not just wrong keys but servers going out.   
> But I can only count 1 or 2 times that happened through my regular connection.

I don't let my family update dom0 anymore.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11849a5c-ba9f-4b54-8f62-3bbab39bb13b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: cognitive issues when default is to use tor

[cooloutac]

On Wednesday, July 5, 2017 at 10:19:32 PM UTC-4, cooloutac wrote:
> On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
> > Hi.
> > 
> > I'm not very glad w/ defaults provided in Qubes OS.
> > Are there any chances the situation 'll get fixed?
> > 
> > Details:
> > I've no real trust to https - this is reputation scheme.
> > I've no real trust to tor - exit nodes sniff.
> > 
> > I've installed new instance w/ tor as default.
> > I've two network VMs w/ diffrent networking defaults.
> > 
> > I'm switching my work VM to get run w/o tor.
> > Ooops - my work VM has now no firewall VM attached.
> > This is bad default - isn't it?
> > 
> > Why should I go via tor w/ work VM even when sitting in the office?
> > Tor exit nodes should not know anything about my work.
> > Also tor makes things run slower.
> > 
> > Shouldn't we have have a trigger transparently applying firewall VM
> > when network VM has changed?
> > 
> > -- 
> > Bye.Olli.
> > gpg --search-keys grey_olli , use key w/ fingerprint below:
> > Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
> > Blog keys (the blog is mostly in Russian): 
> > http://grey-olli.livejournal.com/tag/
> 
> I agree I don't use tor for anything I type a password into.  I use tor for 
> random untrusted webpages only.  Sometimes I just use tor to compare a key or 
> cert,  a trick I learned from Qubes forums.

also I should add,  they have new feature to update with tor.  but I also 
wonder how better that is because it seems to me tor is attacked with fake keys 
more then anything.  And all it takes is for the user to hit y one time.

I can count dozens upon doznes of times i had to make sure i hit n.  and kept 
trying till I got a verified key. I've mean i posted so much about it on whonix 
I pissed the guy off.  not just wrong keys but servers going out.   But I can 
only count 1 or 2 times that happened through my regular connection.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/258d8e48-8e01-47b4-88cf-096e9974d7e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: cognitive issues when default is to use tor

[cooloutac]

On Tuesday, July 4, 2017 at 1:34:17 PM UTC-4, Oleg Artemiev wrote:
> Hi.
> 
> I'm not very glad w/ defaults provided in Qubes OS.
> Are there any chances the situation 'll get fixed?
> 
> Details:
> I've no real trust to https - this is reputation scheme.
> I've no real trust to tor - exit nodes sniff.
> 
> I've installed new instance w/ tor as default.
> I've two network VMs w/ diffrent networking defaults.
> 
> I'm switching my work VM to get run w/o tor.
> Ooops - my work VM has now no firewall VM attached.
> This is bad default - isn't it?
> 
> Why should I go via tor w/ work VM even when sitting in the office?
> Tor exit nodes should not know anything about my work.
> Also tor makes things run slower.
> 
> Shouldn't we have have a trigger transparently applying firewall VM
> when network VM has changed?
> 
> -- 
> Bye.Olli.
> gpg --search-keys grey_olli , use key w/ fingerprint below:
> Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
> Blog keys (the blog is mostly in Russian): 
> http://grey-olli.livejournal.com/tag/

I agree I don't use tor for anything I type a password into.  I use tor for 
random untrusted webpages only.  Sometimes I just use tor to compare a key or 
cert,  a trick I learned from Qubes forums.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7440cf9-088f-4bc3-b073-ea516ca446bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: cognitive issues when default is to use tor

[wordswithnemo]

My understanding is that you shouldn't be accessing Tor through anything but 
anon-whonix or a copy of that VM (this might be wrong). I'm not sure what 
metadata your work applications may leak that will compromise the anonymity of 
your Tor connection. You should do some reading up on whonix.

But if you don't trust Tor more than https, when are you using it?

If you want to create a secure connection to your office, I think the best tool 
to use is VPN.

I'm not sure what kind of trigger you're looking for, but I'm sure that you 
could write a script that will make it happen.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/732d15d1-7d44-4c15-85e6-bd8c716f2946%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.