Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upGRAVE privacy issue in Qubes DVMs #2389
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 22, 2016
Let's take a look at these dotfiles.
Unnecessary / dangerous / could come from /etc/skel:
[user@fedora-23-dvm x]$ tar xvmf /etc/dispvm*tbz
./
./.grl-bookmarks
./.spice-vdagent/
./.spice-vdagent/log
./.local/
./.local/share/
./.local/share/tracker/
./.local/share/tracker/data/
./.local/share/tracker/data/.meta.isrunning
./.local/share/tracker/data/tracker-store.journal
./.local/share/tracker/data/tracker-store.ontology.journal
./.local/share/recently-used.xbel
./.local/share/gsettings-data-convert
./.local/share/totem/
./.w3m/
./.w3m/history
./.dbus/
./.dbus/session-bus/
./.dbus/session-bus/52b0b9d7c267a2292bd377b500000002-0
./.gtk-bookmarks
./.grl-metadata-store
./.fontconfig/
./.fontconfig/3830d5c3ddfd5cd38a049b759396e72e-le64.cache-3
./.config/
./.config/tracker/
./.config/dconf/
./.config/dconf/user
./.config/libreoffice/
./.config/libreoffice/3/
./.config/libreoffice/3/user/
./.config/libreoffice/3/user/store/
./.config/libreoffice/3/user/autocorr/
./.config/libreoffice/3/user/extensions/
./.config/libreoffice/3/user/extensions/bundled/
./.config/libreoffice/3/user/extensions/bundled/lastsynchronized
./.config/libreoffice/3/user/extensions/bundled/extensions.db
./.config/libreoffice/3/user/extensions/bundled/registry/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/Linux_X86_64.rdb
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/Linux_X86_64rc
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/unorc
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/common.rdb
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/configmgr.ini
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/shared/
./.config/libreoffice/3/user/extensions/shared/lastsynchronized
./.config/libreoffice/3/user/extensions/shared/extensions.db
./.config/libreoffice/3/user/extensions/shared/registry/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/
./.config/libreoffice/3/user/extensions/shared/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/
./.config/libreoffice/3/user/basic/
./.config/libreoffice/3/user/basic/dialog.xlc
./.config/libreoffice/3/user/basic/script.xlc
./.config/libreoffice/3/user/basic/Standard/
./.config/libreoffice/3/user/basic/Standard/dialog.xlb
./.config/libreoffice/3/user/basic/Standard/script.xlb
./.config/libreoffice/3/user/basic/Standard/Module1.xba
./.config/libreoffice/3/user/wordbook/
./.config/libreoffice/3/user/autotext/
./.config/libreoffice/3/user/autotext/mytexts.bau
./.config/libreoffice/3/user/registrymodifications.xcu
./.config/libreoffice/3/user/uno_packages/
./.config/libreoffice/3/user/uno_packages/cache/
./.config/libreoffice/3/user/uno_packages/cache/uno_packages/
./.config/libreoffice/3/user/uno_packages/cache/registry/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/
./.config/libreoffice/3/user/uno_packages/cache/uno_packages.db
./.config/libreoffice/3/user/uno_packages/cache/log.txt
./.config/libreoffice/3/user/template/
./.config/libreoffice/3/user/config/
./.config/libreoffice/3/user/config/styles.sod
./.config/libreoffice/3/user/config/libreoffice.soc
./.config/libreoffice/3/user/config/javasettings_Linux_X86_64.xml
./.config/libreoffice/3/user/config/modern.sog
./.config/libreoffice/3/user/config/autotbl.fmt
./.config/libreoffice/3/user/config/arrowhd.soe
./.config/libreoffice/3/user/config/web.soc
./.config/libreoffice/3/user/config/soffice.cfg/
./.config/libreoffice/3/user/config/soffice.cfg/modules/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/images/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/images/Bitmaps/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/statusbar/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/toolbar/
./.config/libreoffice/3/user/config/soffice.cfg/modules/swriter/menubar/
./.config/libreoffice/3/user/config/standard.sob
./.config/libreoffice/3/user/config/palette.soc
./.config/libreoffice/3/user/config/standard.sod
./.config/libreoffice/3/user/config/hatching.soh
./.config/libreoffice/3/user/config/standard.soh
./.config/libreoffice/3/user/config/html.soc
./.config/libreoffice/3/user/config/standard.soc
./.config/libreoffice/3/user/config/standard.soe
./.config/libreoffice/3/user/config/classic.sog
./.config/libreoffice/3/user/config/scribus.soc
./.config/libreoffice/3/user/config/standard.sog
./.config/libreoffice/3/user/config/tango.soc
./.config/libreoffice/3/user/config/gallery.soc
./.config/libreoffice/3/user/config/cmyk.soc
./.config/libreoffice/3/user/gallery/
./.config/libreoffice/3/user/gallery/sg30.sdv
./.config/libreoffice/3/user/gallery/sg100.sdv
./.config/libreoffice/3/user/gallery/sg100.thm
./.config/libreoffice/3/user/gallery/sg30.thm
./.config/libreoffice/3/user/backup/
./.config/libreoffice/3/user/temp/
./.config/libreoffice/3/user/Scripts/
./.config/libreoffice/3/user/database/
./.config/libreoffice/3/user/database/biblio.odb
./.config/libreoffice/3/user/database/biblio/
./.config/libreoffice/3/user/database/biblio/biblio.dbf
./.config/libreoffice/3/user/database/biblio/biblio.dbt
./.config/libreoffice/3/user/database/evolocal.odb
./.config/libreoffice/3/user/psprint/
./.config/libreoffice/3/user/psprint/pspfontcache
./.config/libreoffice/3/user/psprint/driver/
./.config/libreoffice/3/user/psprint/fontmetric/
./.config/user-dirs.dirs
./.config/gedit/
./.config/gedit/accels
./.config/totem/
./.config/totem/state.ini
./.config/user-dirs.locale
./Public/
./.viminfo
./.zshrc
./.gconf/
./.gconf/apps/
./.gconf/apps/gnome-terminal/
./.gconf/apps/gnome-terminal/%gconf.xml
./.gconf/apps/gnome-terminal/profiles/
./.gconf/apps/gnome-terminal/profiles/%gconf.xml
./.gconf/apps/gnome-terminal/profiles/Default/
./.gconf/apps/gnome-terminal/profiles/Default/%gconf.xml
./.gconf/apps/%gconf.xml
./.xsession-errors
./Music/
./.bash_logout
./.grl-podcasts
./.pulse-cookie
./.bash_profile
./Pictures/
./Videos/
./.cache/
./.cache/tracker/
./.cache/tracker/db-locale.txt
./.cache/tracker/db-version.txt
./.cache/tracker/meta.db-shm
./.cache/tracker/meta.db
./.cache/tracker/meta.db-wal
./.cache/tracker/ontologies.gvdb
./.cache/dconf/
./.cache/dconf/user
./.cache/keyring-RBXFag/
./.esd_auth
./.mozilla/
./.mozilla/extensions/
./.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/
./.mozilla/firefox/
./.mozilla/firefox/fij69w7s.default/
./.mozilla/firefox/fij69w7s.default/webappsstore.sqlite
./.mozilla/firefox/fij69w7s.default/places.sqlite
./.mozilla/firefox/fij69w7s.default/cert8.db
./.mozilla/firefox/fij69w7s.default/urlclassifierkey3.txt
./.mozilla/firefox/fij69w7s.default/formhistory.sqlite
./.mozilla/firefox/fij69w7s.default/permissions.sqlite
./.mozilla/firefox/fij69w7s.default/cookies.sqlite
./.mozilla/firefox/fij69w7s.default/.parentlock
./.mozilla/firefox/fij69w7s.default/urlclassifier3.sqlite
./.mozilla/firefox/fij69w7s.default/chromeappsstore.sqlite
./.mozilla/firefox/fij69w7s.default/extensions.ini
./.mozilla/firefox/fij69w7s.default/signons.sqlite
./.mozilla/firefox/fij69w7s.default/mozilla-media-cache/
./.mozilla/firefox/fij69w7s.default/content-prefs.sqlite
./.mozilla/firefox/fij69w7s.default/pluginreg.dat
./.mozilla/firefox/fij69w7s.default/startupCache/
./.mozilla/firefox/fij69w7s.default/startupCache/startupCache.8.little
./.mozilla/firefox/fij69w7s.default/localstore.rdf
./.mozilla/firefox/fij69w7s.default/webapps/
./.mozilla/firefox/fij69w7s.default/Cache/
./.mozilla/firefox/fij69w7s.default/Cache/3/
./.mozilla/firefox/fij69w7s.default/Cache/_CACHE_MAP_
./.mozilla/firefox/fij69w7s.default/Cache/0/
./.mozilla/firefox/fij69w7s.default/Cache/8/
./.mozilla/firefox/fij69w7s.default/Cache/8/69/
./.mozilla/firefox/fij69w7s.default/Cache/8/69/AE8B6d01
./.mozilla/firefox/fij69w7s.default/Cache/2/
./.mozilla/firefox/fij69w7s.default/Cache/2/31/
./.mozilla/firefox/fij69w7s.default/Cache/2/31/87467d01
./.mozilla/firefox/fij69w7s.default/Cache/C/
./.mozilla/firefox/fij69w7s.default/Cache/_CACHE_002_
./.mozilla/firefox/fij69w7s.default/Cache/F/
./.mozilla/firefox/fij69w7s.default/Cache/7/
./.mozilla/firefox/fij69w7s.default/Cache/E/
./.mozilla/firefox/fij69w7s.default/Cache/E/14/
./.mozilla/firefox/fij69w7s.default/Cache/E/14/333E2d01
./.mozilla/firefox/fij69w7s.default/Cache/E/D4/
./.mozilla/firefox/fij69w7s.default/Cache/E/D4/1CD3Cd01
./.mozilla/firefox/fij69w7s.default/Cache/A/
./.mozilla/firefox/fij69w7s.default/Cache/5/
./.mozilla/firefox/fij69w7s.default/Cache/5/1D/
./.mozilla/firefox/fij69w7s.default/Cache/5/1D/7CC8Cd01
./.mozilla/firefox/fij69w7s.default/Cache/1/
./.mozilla/firefox/fij69w7s.default/Cache/4/
./.mozilla/firefox/fij69w7s.default/Cache/4/92/
./.mozilla/firefox/fij69w7s.default/Cache/4/92/3CE61d01
./.mozilla/firefox/fij69w7s.default/Cache/9/
./.mozilla/firefox/fij69w7s.default/Cache/9/CE/
./.mozilla/firefox/fij69w7s.default/Cache/9/CE/C08CBd01
./.mozilla/firefox/fij69w7s.default/Cache/_CACHE_003_
./.mozilla/firefox/fij69w7s.default/Cache/_CACHE_001_
./.mozilla/firefox/fij69w7s.default/Cache/B/
./.mozilla/firefox/fij69w7s.default/Cache/B/88/
./.mozilla/firefox/fij69w7s.default/Cache/B/88/F0DA4d01
./.mozilla/firefox/fij69w7s.default/Cache/6/
./.mozilla/firefox/fij69w7s.default/Cache/D/
./.mozilla/firefox/fij69w7s.default/search.sqlite
./.mozilla/firefox/fij69w7s.default/sessionstore.js
./.mozilla/firefox/fij69w7s.default/compatibility.ini
./.mozilla/firefox/fij69w7s.default/key3.db
./.mozilla/firefox/fij69w7s.default/bookmarkbackups/
./.mozilla/firefox/fij69w7s.default/bookmarkbackups/bookmarks-2012-07-12.json
./.mozilla/firefox/fij69w7s.default/search.json
./.mozilla/firefox/fij69w7s.default/extensions.sqlite
./.mozilla/firefox/fij69w7s.default/secmod.db
./.mozilla/firefox/fij69w7s.default/minidumps/
./.mozilla/firefox/fij69w7s.default/urlclassifier.pset
./.mozilla/firefox/fij69w7s.default/mimeTypes.rdf
./.mozilla/firefox/profiles.ini
./.mozilla/firefox/Crash Reports/
./.mozilla/firefox/Crash Reports/InstallTime20120616215704
./Templates/
./.gvfs/
./Desktop/
./.bashrc
./Downloads/
./Documents/
./.imsettings.log
./.gstreamer-0.10/
./.gstreamer-0.10/registry.x86_64.bin
./.orc/
./.pulse/
./.pulse/52b0b9d7c267a2292bd377b500000002-runtime
./.pulse/52b0b9d7c267a2292bd377b500000002-device-volumes.tdb
./.pulse/52b0b9d7c267a2292bd377b500000002-card-database.tdb
./.pulse/52b0b9d7c267a2292bd377b500000002-stream-volumes.tdb
./.pulse/52b0b9d7c267a2292bd377b500000002-default-sink
./.pulse/52b0b9d7c267a2292bd377b500000002-default-source
./.gnome2/
./.gnome2/accels/
./.gnome2/keyrings/
./.gnome2/nautilus-scripts/
./.gnome2_private/
I do not know:
./.mozilla/firefox/fij69w7s.default/prefs.js
Can be done with /etc/skel:
./.gnome2/nautilus-scripts/Open in DisposableVM
./.gnome2/nautilus-scripts/Copy to other AppVM
./.gnome2/nautilus-scripts/.scripts_created
./.gnome2/nautilus-scripts/.scripts_created2
Also, if the home user directory needs to be created, because it did not exist or something, just cp -R the stuff from /etc/skel instead of unpacking a buncha dotfiles!
Rudd-O
commented
Oct 22, 2016
|
Let's take a look at these dotfiles. Unnecessary / dangerous / could come from I do not know: Can be done with Also, if the home user directory needs to be created, because it did not exist or something, just |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 22, 2016
About the prefs.js file:
[user@fedora-user-tpl-dvm ~]$ cat .mozilla/firefox/fij69w7s.default/prefs.js
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1477119561);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1477119681);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1477119201);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1477119441);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1477119321);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1477119801);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.filesystem_reported", 1);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.frecency_experiment", 2);
user_pref("browser.download.importedFromSqlite", true);
user_pref("browser.download.panel.shown", true);
user_pref("browser.migration.version", 38);
user_pref("browser.newtabpage.enhanced", true);
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.places.smartBookmarksVersion", 8);
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1477119091324");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1477122691324");
user_pref("browser.search.region", "US");
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20160919122641");
user_pref("browser.startup.homepage_override.buildID", "20160919122641");
user_pref("browser.startup.homepage_override.mstone", "49.0");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"urlbar-container\",\"search-container\",\"bookmarks-menu-button\",\"downloads-button\",\"home-button\",\"pocket-button\",\"abp-toolbarbutton\",\"https-everywhere-button\",\"cookiemonster-status\",\"noscript-tbb\",\"action-button--firefoxghosterycom-ghostery-button\",\"action-button--jid1-avgcef1zovzmjajetpack-random-agent-spoofer\",\"action-button--jid1-5h9we5dytuz14qjetpack-qr-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"pocket-button\",\"abp-toolbarbutton\",\"developer-button\",\"action-button--firefoxghosterycom-ghostery-button\",\"action-button--jid1-avgcef1zovzmjajetpack-random-agent-spoofer\",\"action-button--jid1-5h9we5dytuz14qjetpack-qr-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":6,\"newElementCount\":0}");
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com firstdata.com firstdata.lv gfx.ms google.com googlevideo.com gstatic.com hotmail.com live.com live.net maps.googleapis.com mozilla.net netflix.com nflxext.com nflximg.com nflxvideo.net noscript.net outlook.com passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org securecode.com securesuite.net sfx.ms tinymce.cachefly.net wlxrs.com yahoo.com yahooapis.com yandex.st yimg.com youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:home about:memory about:neterror about:plugins about:pocket-saved about:pocket-signup about:preferences about:privatebrowsing about:sessionrestore about:srcdoc about:support blob: chrome: http://afx.ms http://bootstrapcdn.com http://firstdata.com http://firstdata.lv http://gfx.ms http://google.com http://googlevideo.com http://gstatic.com http://hotmail.com http://live.com http://live.net http://mozilla.net http://netflix.com http://nflxext.com http://nflximg.com http://nflxvideo.net http://noscript.net http://outlook.com http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://securecode.com http://securesuite.net http://sfx.ms http://wlxrs.com http://yahoo.com http://yahooapis.com http://yandex.st http://yimg.com http://youtube.com http://ytimg.com https://afx.ms https://bootstrapcdn.com https://firstdata.com https://firstdata.lv https://gfx.ms https://google.com https://googlevideo.com https://gstatic.com https://hotmail.com https://live.com https://live.net https://mozilla.net https://netflix.com https://nflxext.com https://nflximg.com https://nflxvideo.net https://noscript.net https://outlook.com https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://securecode.com https://securesuite.net https://sfx.ms https://wlxrs.com https://yahoo.com https://yahooapis.com https://yandex.st https://yimg.com https://youtube.com https://ytimg.com mediasource: moz-extension: moz-safe-about: resource:");
user_pref("datareporting.sessions.current.activeTicks", 102);
user_pref("datareporting.sessions.current.firstPaint", 7867);
user_pref("datareporting.sessions.current.main", 121);
user_pref("datareporting.sessions.current.sessionRestored", 2984);
user_pref("datareporting.sessions.current.startTime", "1477119079289");
user_pref("datareporting.sessions.current.totalTime", 2158);
user_pref("dom.apps.lastUpdate.buildID", "20160919122641");
user_pref("dom.apps.lastUpdate.mstone", "49.0");
user_pref("dom.apps.reset-permissions", true);
user_pref("e10s.rollout.cohort", "unsupportedChannel");
user_pref("experiments.activeExperiment", false);
user_pref("extensions.adblockplus.currentVersion", "2.7.2");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1477119140380,\"softExpiration\":1477211573145,\"hardExpiration\":1477291940671,\"data\":{\"notifications\":[],\"version\":\"201610220651\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":1}");
user_pref("extensions.agentSpoof.acceptDefault", true);
user_pref("extensions.agentSpoof.acceptEncoding", true);
user_pref("extensions.agentSpoof.acceptLang", true);
user_pref("extensions.agentSpoof.acceptLangChoice", "en-US");
user_pref("extensions.agentSpoof.authorization", false);
user_pref("extensions.agentSpoof.canvas", false);
user_pref("extensions.agentSpoof.colordepth", "24");
user_pref("extensions.agentSpoof.disableRef", false);
user_pref("extensions.agentSpoof.excludeList", "");
user_pref("extensions.agentSpoof.exclusionCount", "{\"desktop\":{\"total_count\":223,\"exclude_count\":0},\"mobile\":{\"total_count\":80,\"exclude_count\":0},\"other\":{\"total_count\":19,\"exclude_count\":0},\"random_0,0\":{\"total_count\":85,\"exclude_count\":0},\"random_0,1\":{\"total_count\":47,\"exclude_count\":0},\"random_0,2\":{\"total_count\":62,\"exclude_count\":0},\"random_0,3\":{\"total_count\":29,\"exclude_count\":0},\"random_1,0\":{\"total_count\":25,\"exclude_count\":0},\"random_1,1\":{\"total_count\":12,\"exclude_count\":0},\"random_1,2\":{\"total_count\":24,\"exclude_count\":0},\"random_1,3\":{\"total_count\":19,\"exclude_count\":0},\"random_2,0\":{\"total_count\":19,\"exclude_count\":0}}");
user_pref("extensions.agentSpoof.fullWhiteList", "[{\"url\": \"addons.mozilla.org\"}, {\"url\": \"play.google.com\"}, {\"url\": \"youtube.com\"}]");
user_pref("extensions.agentSpoof.ifnone", false);
user_pref("extensions.agentSpoof.limitTab", false);
user_pref("extensions.agentSpoof.pixeldepth", "24");
user_pref("extensions.agentSpoof.screenSize", "default");
user_pref("extensions.agentSpoof.screens", "800x600,1024x600,1024x768,1152x864,1280x720,1280x768,1280x800,1280x960,1280x1024,1360x768,1366x768,1440x900,1400x1050,1600x900,1600x1200,1680x1050,1920x1080,1920x1200,2048x1152,2560x1440,2560x1600");
user_pref("extensions.agentSpoof.scriptInjection", true);
user_pref("extensions.agentSpoof.siteWhiteList", "addons.mozilla.org, play.google.com, youtube.com");
user_pref("extensions.agentSpoof.timeInterval", "none");
user_pref("extensions.agentSpoof.tzOffset", "default");
user_pref("extensions.agentSpoof.uaChosen", "random_desktop");
user_pref("extensions.agentSpoof.via", false);
user_pref("extensions.agentSpoof.viadd", "random");
user_pref("extensions.agentSpoof.viaip", "1.1.1.1");
user_pref("extensions.agentSpoof.whiteListAccept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
user_pref("extensions.agentSpoof.whiteListAcceptEncoding", "gzip, deflate");
user_pref("extensions.agentSpoof.whiteListAcceptLanguage", "en-US,en;q=0.5");
user_pref("extensions.agentSpoof.whiteListAppCodeName", "Mozilla");
user_pref("extensions.agentSpoof.whiteListAppName", "Netscape");
user_pref("extensions.agentSpoof.whiteListAppVersion", "5.0 (Windows)");
user_pref("extensions.agentSpoof.whiteListDisabled", true);
user_pref("extensions.agentSpoof.whiteListOsCpu", "Windows NT 6.2; Win32");
user_pref("extensions.agentSpoof.whiteListPlatform", "Win32");
user_pref("extensions.agentSpoof.whiteListUserAgent", "Mozilla/5.0 (Windows NT 6.2; rv:43.0) Gecko/20100101 Firefox/43.0");
user_pref("extensions.agentSpoof.whiteListVendor", "");
user_pref("extensions.agentSpoof.whiteListVendorSub", "");
user_pref("extensions.agentSpoof.windowName", false);
user_pref("extensions.agentSpoof.xff", false);
user_pref("extensions.agentSpoof.xffdd", "random");
user_pref("extensions.agentSpoof.xffip", "1.1.1.1");
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.bootstrappedAddons", "{\"e10srollout@mozilla.org\":{\"version\":\"1.2\",\"type\":\"extension\",\"descriptor\":\"/usr/lib64/firefox/browser/features/e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"/usr/lib64/firefox/browser/features/webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.4\",\"type\":\"extension\",\"descriptor\":\"/usr/lib64/firefox/browser/features/firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@ghostery.com\":{\"version\":\"6.1.0\",\"type\":\"extension\",\"descriptor\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/firefox@ghostery.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"jid1-AVgCeF1zoVzMjA@jetpack\":{\"version\":\"0.9.5.5\",\"type\":\"extension\",\"descriptor\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/jid1-AVgCeF1zoVzMjA@jetpack.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.7.2\",\"type\":\"extension\",\"descriptor\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false},\"jid1-5h9We5DytuZ14Q@jetpack\":{\"version\":\"1.1.3\",\"type\":\"extension\",\"descriptor\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/jid1-5h9We5DytuZ14Q@jetpack.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false}}");
user_pref("extensions.cookiemonster.firstRunDone", true);
user_pref("extensions.databaseSchema", 17);
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10sBlockedByAddons", true);
user_pref("extensions.enabledAddons", "https-everywhere-eff%40eff.org:5.1.6,%7B45d8ff86-d909-11db-9705-005056c00008%7D:1.3.0.5,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.9.0.11,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0");
user_pref("extensions.firefox@ghostery.com.sdk.baseURI", "resource://firefox-at-ghostery-dot-com/");
user_pref("extensions.firefox@ghostery.com.sdk.domain", "firefox-at-ghostery-dot-com");
user_pref("extensions.firefox@ghostery.com.sdk.load.reason", "install");
user_pref("extensions.firefox@ghostery.com.sdk.rootURI", "jar:file:///usr/share/mozilla/extensions/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/firefox@ghostery.com.xpi!/");
user_pref("extensions.firefox@ghostery.com.sdk.version", "6.1.0");
user_pref("extensions.https_everywhere._observatory.clean_config", true);
user_pref("extensions.https_everywhere._observatory.popup_shown", true);
user_pref("extensions.https_everywhere.firstrun_context_menu", false);
user_pref("extensions.https_everywhere.prefs_version", 1);
user_pref("extensions.https_everywhere.toolbar_hint_shown", true);
user_pref("extensions.jid1-5h9We5DytuZ14Q@jetpack.sdk.baseURI", "resource://jid1-5h9we5dytuz14q-at-jetpack/");
user_pref("extensions.jid1-5h9We5DytuZ14Q@jetpack.sdk.domain", "jid1-5h9we5dytuz14q-at-jetpack");
user_pref("extensions.jid1-5h9We5DytuZ14Q@jetpack.sdk.load.reason", "install");
user_pref("extensions.jid1-5h9We5DytuZ14Q@jetpack.sdk.rootURI", "jar:file:///usr/share/mozilla/extensions/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/jid1-5h9We5DytuZ14Q@jetpack.xpi!/");
user_pref("extensions.jid1-5h9We5DytuZ14Q@jetpack.sdk.version", "1.1.3");
user_pref("extensions.jid1-AVgCeF1zoVzMjA@jetpack.sdk.baseURI", "resource://jid1-avgcef1zovzmja-at-jetpack/");
user_pref("extensions.jid1-AVgCeF1zoVzMjA@jetpack.sdk.domain", "jid1-avgcef1zovzmja-at-jetpack");
user_pref("extensions.jid1-AVgCeF1zoVzMjA@jetpack.sdk.load.reason", "install");
user_pref("extensions.jid1-AVgCeF1zoVzMjA@jetpack.sdk.rootURI", "jar:file:///usr/share/mozilla/extensions/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/jid1-AVgCeF1zoVzMjA@jetpack.xpi!/");
user_pref("extensions.jid1-AVgCeF1zoVzMjA@jetpack.sdk.version", "0.9.5.5");
user_pref("extensions.lastAppVersion", "49.0");
user_pref("extensions.lastPlatformVersion", "49.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.xpiState", "{\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"/usr/lib64/firefox/browser/features/e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.2\",\"st\":1474290535000},\"webcompat@mozilla.org\":{\"d\":\"/usr/lib64/firefox/browser/features/webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1474290535000},\"firefox@getpocket.com\":{\"d\":\"/usr/lib64/firefox/browser/features/firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.4\",\"st\":1474290535000}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"/usr/lib64/firefox/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"49.0\",\"st\":1474290535000}},\"app-system-share\":{\"https-everywhere-eff@eff.org\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/https-everywhere-eff@eff.org\",\"e\":true,\"v\":\"5.1.6\",\"st\":1461452009000,\"mt\":315532800000},\"{45d8ff86-d909-11db-9705-005056c00008}\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{45d8ff86-d909-11db-9705-005056c00008}.xpi\",\"e\":true,\"v\":\"1.3.0.5\",\"st\":1461451998000},\"{73a6fe31-595d-460b-a920-fcc0f8843232}\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi\",\"e\":true,\"v\":\"2.9.0.11\",\"st\":1461451994000},\"firefox@ghostery.com\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/firefox@ghostery.com.xpi\",\"e\":true,\"v\":\"6.1.0\",\"st\":1461452008000},\"jid1-AVgCeF1zoVzMjA@jetpack\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/jid1-AVgCeF1zoVzMjA@jetpack.xpi\",\"e\":true,\"v\":\"0.9.5.5\",\"st\":1461452002000},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.7.2\",\"st\":1461451990000},\"jid1-5h9We5DytuZ14Q@jetpack\":{\"d\":\"/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/jid1-5h9We5DytuZ14Q@jetpack.xpi\",\"e\":true,\"v\":\"1.1.3\",\"st\":1461452009000}}}");
user_pref("general.appname.override", "Netscape");
user_pref("general.appversion.override", "5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.125 Safari/537.36");
user_pref("general.buildID.override", "");
user_pref("general.oscpu.override", "");
user_pref("general.platform.override", "Win32");
user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.125 Safari/537.36");
user_pref("general.useragent.vendor", "Google Inc.");
user_pref("general.useragent.vendorsub", "");
user_pref("idle.lastDailyNotification", 1477119502);
user_pref("intl.accept_languages", "en-US,en;q=0.8");
user_pref("intl.charsetmenu.browser.cache", "UTF-8");
user_pref("media.gmp-manager.buildID", "20160919122641");
user_pref("media.gmp-manager.lastCheck", 1477119143);
user_pref("media.gmp.storage.version.observed", 1);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.http.accept-encoding", "gzip,deflate,sdch");
user_pref("network.http.accept.default", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
user_pref("network.http.use-cache", false);
user_pref("network.predictor.cleaned-up", true);
user_pref("noscript.ABE.migration", 1);
user_pref("noscript.gtemp", "");
user_pref("noscript.subscription.lastCheck", -346779097);
user_pref("noscript.temp", "");
user_pref("noscript.version", "2.9.0.11");
user_pref("noscript.visibleUIChecked", true);
user_pref("places.database.lastMaintenance", 1477119502);
user_pref("places.history.expiration.transient_current_max_pages", 20450);
user_pref("plugin.importedState", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("signon.importedFromSqlite", true);
user_pref("storage.vacuum.last.index", 0);
user_pref("storage.vacuum.last.places.sqlite", 1477119502);
user_pref("toolkit.startup.last_success", 1477119079);
user_pref("toolkit.telemetry.cachedClientID", "ff3ca828-f51f-4bae-8b61-be302410e857");
user_pref("toolkit.telemetry.previousBuildID", "20160919122641");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1344645259);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.36", "");
What's all these things doing here????????
Rudd-O
commented
Oct 22, 2016
|
About the What's all these things doing here???????? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 22, 2016
To mitigate:
- delete the /etc/dispvm*tbz file from your DispVM template
- delete all the *-dvm VMs
- recreate the DVM template with
qvm-create-default-dvm --default-template
Rudd-O
commented
Oct 22, 2016
|
To mitigate:
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 22, 2016
Why is the dotfilestbz needed to begin with? Nothing in that tarball is necessary for the DVM to run fine.
Rudd-O
commented
Oct 22, 2016
|
Why is the dotfilestbz needed to begin with? Nothing in that tarball is necessary for the DVM to run fine. |
andrewdavidwong
added
C: core
P: major
privacy
labels
Oct 22, 2016
andrewdavidwong
added this to the Release 3.2 milestone
Oct 22, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Oct 22, 2016
Member
It's mostly to speedup (first) DispVM startup, probably not needed anymore. It's a set of files created during first startup of application. Here is some history:
|
It's mostly to speedup (first) DispVM startup, probably not needed anymore. It's a set of files created during first startup of application. Here is some history: |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
unman
Oct 23, 2016
Member
@Rudd-O Is this really GRAVE? A default user will share the same cookies as every other default Qubes user. Any one who's concerned about privacy wouldn't be using the default browser in a standard template.
|
@Rudd-O Is this really GRAVE? A default user will share the same cookies as every other default Qubes user. Any one who's concerned about privacy wouldn't be using the default browser in a standard template. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
andrewdavidwong
Oct 23, 2016
Member
I don't mean to diminish the issue @Rudd-O has reported, but @unman raises a fair point: The point of integrating Whonix into Qubes is precisely to take care of situations like this. Everyone seeking privacy really should be using a Whonix-based (D)VM instead of one based on a standard template like Fedora or Debian.
Again, this isn't to diminish the issue. It's just to point out that Qubes users already have an excellent option for privacy (Whonix VMs), and this issue doesn't appear to affect that option.
|
I don't mean to diminish the issue @Rudd-O has reported, but @unman raises a fair point: The point of integrating Whonix into Qubes is precisely to take care of situations like this. Everyone seeking privacy really should be using a Whonix-based (D)VM instead of one based on a standard template like Fedora or Debian. Again, this isn't to diminish the issue. It's just to point out that Qubes users already have an excellent option for privacy (Whonix VMs), and this issue doesn't appear to affect that option. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 23, 2016
It's pretty grave, yes. The PREF cookie, which is a non-HTTPS cookie that has now been deprecated, was the primary selector that (we knew) NSA used to track the activity of people who had opened google.com at some point. There are two more cookies, of course, and at least one of them is served to many sites because webtrendslive.com is a rather popular tracker.
There are degrees of privacy. A VM which is intended to be disposable, but starts with a trifecta of cookies ready to be transmitted even before one has browsed a single site, is a pretty crappy degree of privacy — even lower than vanilla unhardened Firefox.
Rudd-O
commented
Oct 23, 2016
•
edited
Edited 1 time
-
Rudd-O
edited Oct 23, 2016 (most recent)
edited
Edited 1 time
-
Oct 23, 2016 (most recent)
|
It's pretty grave, yes. The PREF cookie, which is a non-HTTPS cookie that has now been deprecated, was the primary selector that (we knew) NSA used to track the activity of people who had opened google.com at some point. There are two more cookies, of course, and at least one of them is served to many sites because webtrendslive.com is a rather popular tracker. There are degrees of privacy. A VM which is intended to be disposable, but starts with a trifecta of cookies ready to be transmitted even before one has browsed a single site, is a pretty crappy degree of privacy — even lower than vanilla unhardened Firefox. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
commented
Oct 23, 2016
|
I will whip out a patch to remove this. |
Rudd-O
referenced this issue
in QubesOS/qubes-core-agent-linux
Oct 23, 2016
Merged
Clean up early initialization and setup of /rw #21
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
jpouellet
Oct 31, 2016
Contributor
I challenge your analysis of the impact here:
A VM which is intended to be disposable, but starts with a trifecta of cookies ready to be transmitted even before one has browsed a single site, is a pretty crappy degree of privacy
I propose the following logical argument:
Assumptions:
- Aprivacy: The measure of privacy we care about here is the size of one's anonymity set (set of people whom are indistinguishable by way of all attributes being indistinguishable).
- Aattrib: Having a particular observable attribute restricts your anonymity set to those with the same observable attribute.
- Asame: All Qubes users' DVMs start with identical values for the above mentioned cookies.
- Aqubesfp: There are already plenty of ways to fingerprint the fact that someone is using Qubes vs not-Qubes.
Conclusions:
- C1: By Aattrib, a Qubes user with a given cookies has anonymity set bounded by the set of all people with identical cookies.
- C2: By C1 and Asame, the anonymity set of people with these cookies is equal to the set of all Qubes users.
- C3: By C1, C2, and Aqubesfp, these presence of these universally-identical cookies do not reduce the size of Qubes users' anonymity set.
- C4: By C3 and Aprivacy, these cookies have no impact on privacy.
The same argument can be extended from cookies to any attribute applied to all Qubes users' via /etc/dispvm-dotfiles.tbz, /etc/skel, or otherwise.
There exist attributes which violate these assumptions, but I believe the cookies in question do not.
For example, even if you never install custom software, Asame is violated by the filesystem timestamps from when you perform updates, which are unique for every user unless they never perform updates. Given this, you become uniquely fingerprintable by any adversary who can observe your filesystem (not a high bar).
@adrelanos AFAIK the update-timestamp problem in particular is unaddressed in the Whonix VMs as implemented in Qubes.
jpouellet
commented
Oct 31, 2016
•
edited
Edited 1 time
-
jpouellet
edited Oct 31, 2016 (most recent)
edited
Edited 1 time
-
Oct 31, 2016 (most recent)
|
I challenge your analysis of the impact here:
I propose the following logical argument: Assumptions:
Conclusions:
The same argument can be extended from cookies to any attribute applied to all Qubes users' via There exist attributes which violate these assumptions, but I believe the cookies in question do not. For example, even if you never install custom software, Asame is violated by the filesystem timestamps from when you perform updates, which are unique for every user unless they never perform updates. Given this, you become uniquely fingerprintable by any adversary who can observe your filesystem (not a high bar). @adrelanos AFAIK the update-timestamp problem in particular is unaddressed in the Whonix VMs as implemented in Qubes. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
Rudd-O
Oct 31, 2016
On 10/31/2016 08:17 PM, Jean-Philippe Ouellet wrote:
I challenge your analysis of the impact here:
A VM which is intended to be disposable, but starts with a trifecta of cookies ready to be transmitted even before one has browsed a single site, is a pretty crappy degree of privacyI propose the following logical argument:
Assumptions:
- A_privacy : The measure of privacy we care about here is the size
of one's anonymity set (set of people whom are indistinguishable
by way of all attributes being indistinguishable).- A_attrib : Having a particular observable attribute restricts your
anonymity set to those with the same observable attribute.- A_same : All Qubes users' DVMs start with identical values for the
above mentioned cookies.- A_qubesfp : There are already plenty of ways to fingerprint the
fact that someone is using Qubes vs not-Qubes.Conclusions:
- C_1 : By A_attrib , a Qubes user with a given cookies has
anonymity set bounded by the set of all people with identical cookies.- C_2 : By C_1 and A_same , the anonymity set of people with these
cookies is equal to the set of all Qubes users.- C_3 : By C_1 , C_2 , and A, these presence of these
universally-identical cookies do not reduce the size of Qubes
users' anonymity set.- C_4 : By C_3 and A_privacy , these cookies have no impact on privacy.
The same argument can be extended from cookies to any attribute
applied to all Qubes users' via |/etc/dispvm-dotfiles.tbz|,
|/etc/skel|, or otherwise.There exist attributes which violate these assumptions, but the
cookies in question do not.For example, even if you never install custom software, A_same is
violated by the filesystem timestamps from when you perform updates,
which are unique for every user unless they never perform updates.
Given this, you become uniquely fingerprintable by any adversary who
can observe your filesystem (not a high bar).@adrelanos https://github.com/adrelanos AFAIK the update-timestamp
problem in particular is unaddressed in the Whonix VMs as implemented
in Qubes.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#2389 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAVIwq-xUkgn5c2sq6wdxa-2d7rufqCdks5q5kzCgaJpZM4KdyVY.
This analysis is frivolous because the question is (a) whether the
anonymity set of the tainted Qubes DVM Firefox is greater than the
anonymity set of Firefox starting afresh, and you have resoundingly
ignored that question (b) the expectation of the Qubes users about
starting a fresh DVM to actually start afresh is being violated, which
you also resoundingly ignore here (c) you ignore the detectability of
the PREF cookie, which is far more detectable by intermediate attackers
because it ships over plain HTTP.
It's not quite a betrayal of user trust— it's more an oversight — to
embed the PREF cookie in every Qubes OS DVM (a cookie which we at Google
worked so hard to deprecate, precisely because it is literally used as
an NSA selector and it's transferred via plain HTTP), but it is
certainly a betrayal of the spirit and mission of Qubes OS to use
sophist math to deny that it's a problem to embed that cookie in DVMs,
or to minimize that problem.
Spare me your horse blinders math.
Rudd-O
http://rudd-o.com/
Rudd-O
commented
Oct 31, 2016
|
On 10/31/2016 08:17 PM, Jean-Philippe Ouellet wrote:
This analysis is frivolous because the question is (a) whether the It's not quite a betrayal of user trust— it's more an oversight — to Spare me your horse blinders math. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
jpouellet
Oct 31, 2016
Contributor
This analysis is frivolous because the question is (a) whether the anonymity set of the tainted Qubes DVM Firefox is greater than the anonymity set of Firefox starting afresh
Which in the case of identical cookies shared between every Qubes user, who can already be fingerprinted as a Qubes user, does not provide any narrowing of possible identities.
(b) the expectation of the Qubes users about starting a fresh DVM to actually start afresh is being violated, which you also resoundingly ignore here
Fair point. I agree.
(c) you ignore the detectability of the PREF cookie, which is far more detectable by intermediate attackers because it ships over plain HTTP.
Oh, I may have missed a point there. Are you saying that updated values of said cookie would be observable to a passive adversary, and that without the copy in the DVM init tarball it would either never be created or be HTTPS-only? In that case I would agree with you.
but it is certainly a betrayal of the spirit and mission of Qubes OS to use sophist math to deny that it's a problem to embed that cookie in DVMs, or to minimize that problem.
Right. Not disagreeing that it should be removed, just found your claim about it being GRAVE somewhat alarmist. I think I see now why you may be right though.
jpouellet
commented
Oct 31, 2016
•
edited
Edited 1 time
-
jpouellet
edited
Oct 31, 2016 (most recent)
edited
Edited 1 time
-
Oct 31, 2016 (most recent)
Which in the case of identical cookies shared between every Qubes user, who can already be fingerprinted as a Qubes user, does not provide any narrowing of possible identities.
Fair point. I agree.
Oh, I may have missed a point there. Are you saying that updated values of said cookie would be observable to a passive adversary, and that without the copy in the DVM init tarball it would either never be created or be HTTPS-only? In that case I would agree with you.
Right. Not disagreeing that it should be removed, just found your claim about it being GRAVE somewhat alarmist. I think I see now why you may be right though. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
adrelanos
Nov 1, 2016
Member
Jean-Philippe Ouellet:
@adrelanos AFAIK the update-timestamp problem in particular is unaddressed in the Whonix VMs as implemented in Qubes.
Filesystem timestamps are not transmitted over the network.
Or did you assume local compromise? In case of local compromise a VM
will always be unique from other compromised VMs so killing file
timestamps would not help.
|
Jean-Philippe Ouellet:
Filesystem timestamps are not transmitted over the network. Or did you assume local compromise? In case of local compromise a VM |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
jpouellet
Nov 2, 2016
Contributor
In case of local compromise a VM will always be unique from other compromised VMs so killing file timestamps would not help.
@adrelanos Are you aware of an attempt to enumerate a list of such observable unique attributes anywhere?
EDIT: I mean attributes which are unique per host machine and observable to a VM.
I suppose perhaps this question is really more relevant to Whonix than Qubes...
jpouellet
commented
Nov 2, 2016
•
edited
Edited 1 time
-
jpouellet
edited
Nov 2, 2016 (most recent)
edited
Edited 1 time
-
Nov 2, 2016 (most recent)
@adrelanos Are you aware of an attempt to enumerate a list of such observable unique attributes anywhere? EDIT: I mean attributes which are unique per host machine and observable to a VM. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
adrelanos
Nov 5, 2016
Member
Jean-Philippe Ouellet:
In case of local compromise a VM will always be unique from other compromised VMs so killing file timestamps would not help.
@adrelanos Are you aware of an attempt to enumerate a list of such observable unique attributes anywhere?
No. First things coming to my mind:
- any file that is not deterministic in either in private image (home
folder) - Qubes random seed
- content of /dev/random
- once compromised, the malware can just store a file with a unique id
- any timestamp of any file
- any timestamp in any log
- pids will differ
- differences caused by the user
- probably much more
|
Jean-Philippe Ouellet:
No. First things coming to my mind:
|
marmarek
modified the milestones:
Release 3.2,
Release 3.2 updates
Nov 19, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Nov 25, 2016
Member
QubesOS/qubes-core-agent-linux#21 is already merged, dispvm-dotfiles.tbz is gone.
|
QubesOS/qubes-core-agent-linux#21 is already merged, dispvm-dotfiles.tbz is gone. |
marmarek
closed this
Nov 25, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rudd-O commentedOct 22, 2016
•
edited
Edited 1 time
-
Rudd-O
edited Oct 22, 2016 (most recent)
In any Qubes OS VM that unpacks
/etc/dispvm-dotfiles.tbz(to my verification, any DVM whose template is the Fedora one, and whose owner has not told that the/homeis customized with/home/user/.qubes-dispvm-customized) the Mozilla profiles directory is unpacked into/homeprior to launching any disposable apps.This profiles directory contains a Google tracking cookie called
PREF. This cookie is well-known to be the cookie that NSA was using to track users uniquely using their mass surveillance selectors, but now the cookie has been deprecated.Two other sites have left cookies in that surprise Firefox profile:
stats.webtrendslive.comandmozilla.org. The cookies are marked to be transmitted over plain HTTP.The Firefox cache is also not empty.
Finally, there are a number of settings and other SQLite databases there. I am pretty sure they have not been vacuumed, so whichever browser cache and history that was when the
tbzfile was constructed, that exact same profile has been the profile that everyone using Qubes DispVM uses.There are numerous other personal dotfile settings that are stored in the
tbzfile in question.Frankly, I do not know how
/etc/dispvm-dotfiles.tbzcame to be, but I am shocked to have discovered this. The DispVM ought to boot with exactly zero customizations from a/etc/skelhome directory.I find no rationale for the contents of the
tbzfile anywhere.I donno what to think.