Re: [qubes-users] traveling - best practice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-07 05:09, haaber wrote: > Hello, I wonder how you behave when traveling, for example in > places with cameras all around. I feel uncomfortable to enter my > passwords in such situations. Of course I can simply not turn my > computer on. But sometimes you have several hours in an airport .. > I thought about 3 options. > > 0) Change all (disk / user) pwd before & after traveling (how do I > change the disk pwd?). > > 1) Pull out my tails usbkey and surf with that? > > 2) maybe it woud be nice to have an additional "single cube" > usr/password : when using this user name, one would get a single > disposable untrusted VM, no dom0 acces, no USB, and so forth. Is > that feasable / reasonable? > > how do you cope with that? Thank you, Bernhard > Right now, it's very difficult. I just try to be very careful when entering passphrases. If I have insufficient privacy, I don't enter them at all. Once per-VM encryption is implemented, it should help with many aspects of this problem: https://github.com/QubesOS/qubes-issues/issues/1293 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYm45hAAoJENtN07w5UDAwEuIP/2tYktkKEBzmPmUZo7Ewb9mR Pn3xMdF6kFHvrhK+cUTHYqC0+bejXuspV7jEtgLBJxhfkhhBtwhgMoR1cvcwRIAt heQl+3rhvc/5S8hNYhUGKce2rd1cNTgLwR8P9P1lqTLX0uwU9xaSRimlBssomr1r XWnrinxnzyXBfBivbDxxK66cwbgwcJBxoCRIwIfYgk9Mcshjr+LTC2ibE6kPhq50 FJQ3Tl9oMFyjtBGEWHijOal1S0oLZeainm/xXfz79X40BrzH2VtSWE44qw8XbWIE UwLnuxTc7rkEPK4udPfcqQ+fvQqTYNWlmaAD03q9v/pyulbZEARLOWt7DLlQbkpv k9FPx0Qq24NbqUhwqMHF9322I0+HZhu1BlBL9q/0sgCA392uAcS6dybWya3Xq/Bd 598YEbG1sW5Lvrcm96k1aJPcDiKHSBZwXJdOYcz2BFJwiw8cDL/GnvBOjqzbs3Du xQDGx8OpZpU2dPGzqfcabmixBQ+//FHI2amWhydsa4gK7+bBrtxLd/4G9y6Il7hO rPhEE3J3b0ulyutQlyj3f7MdHaimbkpG0G5iQHkYdA6BhBSpSGcTc43qBUaHnU7x aCYFzfxssrdh18KB8hkiEQWOIfBVd8s5NAyPSlbPOlwHpwUoNQ2rwNbztHRIMtuh teum5x/tlvZKTJEjugiv =T7+Z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a216af0e-023b-22c7-9578-5cd1326d031a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] traveling - best practice
> 2) maybe it woud be nice to have an additional "single cube" > usr/password : when using this user name, one would get a single > disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that > feasable / reasonable? I want something similar to this too, but there are several things which need to be implemented first in order for it to be able to be implemented securely, particularly splitting out the desktop environment / window manager / main gui out from dom0. https://github.com/QubesOS/qubes-issues/issues/833 Progress is being made, albeit rather slowly. More funding would accelerate this work ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_DUoWfv-Bs%3DWthuX4ns8QncxAHA3eoJopb5DRhL%3DbB-6A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] traveling - best practice
On 07/02/17 14:09, haaber wrote: Hello, I wonder how you behave when traveling, for example in places with cameras all around. I feel uncomfortable to enter my passwords in such situations. Of course I can simply not turn my computer on. But sometimes you have several hours in an airport .. I thought about 3 options. 0) Change all (disk / user) pwd before & after traveling (how do I change the disk pwd?). i already had the same question. I think a simple way to do this from dom0 would be nice (simple = one terminal call and not digging around in some config files) 1) Pull out my tails usbkey and surf with that? do you always allow booting from usb? (in my case the bios pw is required and i would not want to enter it) 2) maybe it woud be nice to have an additional "single cube" usr/password : when using this user name, one would get a single disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that feasable / reasonable? i think this would be a nice feature -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ca9cb6c-2f24-3bdb-14ff-377141036562%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] traveling - best practice
On 02/07/2017 03:36 PM, Jake wrote: On 02/07/2017 08:43 AM, Franz wrote: > > > On Tue, Feb 7, 2017 at 10:09 AM, haaber mailto:haa...@web.de>> > wrote: > > Hello, I wonder how you behave when traveling, for example in places > with cameras all around. I feel uncomfortable to enter my passwords in > such situations. Of course I can simply not turn my computer on. But > sometimes you have several hours in an airport .. I thought about 3 > options. > > 0) Change all (disk / user) pwd before & after traveling (how do I > change the disk pwd?). > > 1) Pull out my tails usbkey and surf with that? > > 2) maybe it woud be nice to have an additional "single cube" > usr/password : when using this user name, one would get a single > disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that > feasable / reasonable? > > how do you cope with that? Thank you, Bernhard > > > But is the resolution of these cameras high and fast enough to be able to read > the movements of my 10 fingers all working together and covering the whole > keyboard? > > I installed a high definition security ethernet camera in my home, but > resolution and speed are not that spectacular. > > There are mini-cameras that can be hidden, but resolution is worse. > > So cameras can be easily identified and I suppose it is enough to avoid > sitting down having a camera just over your shoulders. i am a strong proponent of entirely removing both microphones and cameras in all computing devices. even with a hardware switch, you can't know it's actually disabled, whereas when you remove the mics and cameras, you can be confident they are disabled. this can be done to pretty much any laptop, but it may void your warranty, so if you care about that kind of stuff, keep that in mind. it typically takes 1-2 hours to disassemble and reassemble a laptop when doing this. It doesn't void your warranty unless you damage something, the "warranty void if removed" stickers have no legal backing in most countries due to 1970's automobile repair laws in regards to the "authorized repair center" bullshit. It takes around 10 minutes for every laptop I have done it on, certainly not hours and hours. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0b69bbd-2ac4-f819-c438-eb4f5321b003%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] traveling - best practice
On 02/07/2017 08:43 AM, Franz wrote: On Tue, Feb 7, 2017 at 10:09 AM, haaberwrote: Hello, I wonder how you behave when traveling, for example in places with cameras all around. I feel uncomfortable to enter my passwords in such situations. Of course I can simply not turn my computer on. But sometimes you have several hours in an airport .. I thought about 3 options. 0) Change all (disk / user) pwd before & after traveling (how do I change the disk pwd?). 1) Pull out my tails usbkey and surf with that? 2) maybe it woud be nice to have an additional "single cube" usr/password : when using this user name, one would get a single disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that feasable / reasonable? how do you cope with that? Thank you, Bernhard But is the resolution of these cameras high and fast enough to be able to read the movements of my 10 fingers all working together and covering the whole keyboard? I installed a high definition security ethernet camera in my home, but resolution and speed are not that spectacular. There are mini-cameras that can be hidden, but resolution is worse. So cameras can be easily identified and I suppose it is enough to avoid sitting down having a camera just over your shoulders. i am a strong proponent of entirely removing both microphones and cameras in all computing devices. even with a hardware switch, you can't know it's actually disabled, whereas when you remove the mics and cameras, you can be confident they are disabled. this can be done to pretty much any laptop, but it may void your warranty, so if you care about that kind of stuff, keep that in mind. it typically takes 1-2 hours to disassemble and reassemble a laptop when doing this. Best Fran -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAizi%2B%2BkUxeCpwiZvT%3DgvEFVPHaDhqDQGWb1AqC2FGjBQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b4d8801-05d7-5c08-11e7-be6a896f507f%40companyzero.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] traveling - best practice
if you're afraid of cameras, just cover it all when entering sensitive information like citizen four did. don't ever enter LUKS passphrase if someone else had an opportunity to boot your laptop without your direct supervision.in that case yes, a live USB drive is your friend until it is safe to confirm that boot sequence wasn't altered and you can trust the bootloader, kernel etc. I am not that paranoid, so just use a yubikey as a second factor for crowded places and under cameras. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2fa85933-7a19-4a24-8aa0-8c1a9a534d57%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] traveling - best practice
if you're afraid of cameras, just cover it all when entering sensitive information like citizen four did. don't ever enter LUKS passphrase if someone else had an opportunity to boot your laptop without your direct supervision.in that case yes, a live USB drive is your friend until it is safe to confirm that boot sequence wasn't altered and you can trust the bootloader, kernel etc. I am not that paranoid, so just use a yubikey as a second factor for crowded places and under cameras. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df582865-94b2-43d3-af6c-77e0d6be401b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] traveling - best practice
On Tue, Feb 7, 2017 at 10:09 AM, haaber wrote: > Hello, I wonder how you behave when traveling, for example in places > with cameras all around. I feel uncomfortable to enter my passwords in > such situations. Of course I can simply not turn my computer on. But > sometimes you have several hours in an airport .. I thought about 3 > options. > > 0) Change all (disk / user) pwd before & after traveling (how do I > change the disk pwd?). > > 1) Pull out my tails usbkey and surf with that? > > 2) maybe it woud be nice to have an additional "single cube" > usr/password : when using this user name, one would get a single > disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that > feasable / reasonable? > > how do you cope with that? Thank you, Bernhard > > But is the resolution of these cameras high and fast enough to be able to read the movements of my 10 fingers all working together and covering the whole keyboard? I installed a high definition security ethernet camera in my home, but resolution and speed are not that spectacular. There are mini-cameras that can be hidden, but resolution is worse. So cameras can be easily identified and I suppose it is enough to avoid sitting down having a camera just over your shoulders. Best Fran > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAizi%2B%2BkUxeCpwiZvT%3DgvEFVPHaDhqDQGWb1AqC2FGjBQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] traveling - best practice
Hello, I wonder how you behave when traveling, for example in places with cameras all around. I feel uncomfortable to enter my passwords in such situations. Of course I can simply not turn my computer on. But sometimes you have several hours in an airport .. I thought about 3 options. 0) Change all (disk / user) pwd before & after traveling (how do I change the disk pwd?). 1) Pull out my tails usbkey and surf with that? 2) maybe it woud be nice to have an additional "single cube" usr/password : when using this user name, one would get a single disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that feasable / reasonable? how do you cope with that? Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8966eb59-45e3-e8d5-9ece-cae31d719f90%40web.de. For more options, visit https://groups.google.com/d/optout.