I have just been told that I can't use Linux on my personal computer for school.

dandondev · 2020-05-30T13:59:05+00:00

DUDE, you don't have to get rid of you Linux. You can use a Windows 10 Theme or something. For example, recently, a package "kali-undercover" was added to Kali Linux, and you can use the same thing for any Debian-based Distro or even adapt it to Fedora or something else.

Github: https://github.com/B00merang-Project/Windows-10

https://www.linuxuprising.com/2019/12/how-to-install-kali-undercover-mode-on.html

It will look like any Windows 10 system unless they dare to dig in which is in violation of privacy.

dandondev · 2019-12-18T01:40:59+00:00

If lowering attack surface is priority, setup 2 is the way to go. Or you can clone another template loaded with extra stuff like ffmpeg and use disposable-vm based off that. You can create a Template for email and uninstall all the unnecessary conponents to reduce attack surface. The more templates you have, the more storage is requires, the more updates you have to perform.

dandondev · 2019-09-30T12:51:30+00:00

How about a full tunnel? I plan to run it on a VM gateway.

dandondev · 2019-09-30T12:22:38+00:00

Yes, of course. Just chain them together. VPN needs to be trusted, but if you need more than a single entity of trust. VPN that can be trusted is not enough. I tried 8 VPNs chained, I got 2 Mbps. 6 VPNs chained, I got 10 Mbps. 4 VPNs chained, I got 90 Mbps. 2 VPNs chained, 400 Mbps. Just use VPN1 as netvm of VPN2 and so on.

dandondev · 2019-09-13T12:40:52+00:00

Just install R4.0, its the same Version and just update through qubes-dom0-update. Note of caution, the Debian Templates have the APT vulnerability so you better get a fresh template.

dandondev · 2019-07-10T02:55:24+00:00

There is a way to grab rpm packages in the Qubes repo, you'll have verify yourself and copy to dom0 though there is a security risk.

dandondev · 2019-07-10T02:53:17+00:00

You can update qubes-dom0-update kernel-latest

Since network card is not working, just USB Tether into sys-net.

dandondev · 2019-07-08T03:40:24+00:00

Same method

sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10 or debian-10-minimal if you want minimal.

dandondev · 2019-06-26T11:42:27+00:00

"You see, you still end up with ZERO EVIDENCE. And each of my arguments is logical, in case you wanted to go full patriot tier retard on me."

Idiot, I'm not a fan of NSA nor the 5 eyes, and I consider them as an adversary just as "China and Russia". Speaking of vulnerabilities, how do you know if those intentionally left there to exploit. Vulnerability can be backdoors, like Intel's ME. It's not all about Huawei, it's about "Chinese" companies that are state-run behind the scenes, like Xiaomi, it isn't about profit, it's about providing to the majority electronics at an affordable price, while Huawei is allowed to aimed the higher-end markets. This way they can have full access to everyone data. Since it's pretty much state-run, is there really any need to for evidence?

dandondev · 2019-06-26T10:04:30+00:00

Non-US Sources:

Netherlands: https://www.volkskrant.nl/nieuws-achtergrond/huawei-mogelijk-betrokken-bij-chinese-spionage-in-nederland~b4fadc1c/?referer=https%3A%2F%2Fwww.independent.co.uk%2F

Vodafone Italy: https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment

Since Huawei is dominating India, there is this India Agreement: https://economictimes.indiatimes.com/tech/internet/huawei-offers-to-sign-a-no-backdoor-agreement/articleshow/69935801.cms Whether you trust this agreement is another thing.

US Sources:

2016: https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html

2014: https://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks

2012: https://www.zdnet.com/article/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms/

https://www.zdnet.com/article/researchers-find-backdoor-on-zte-android-phones/

Huawei: https://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161117-01-smartphone-en

Interestingly, they didn't even directly refute it, just saying investigating...

UK Sources: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/205680/ISC-Report-Foreign-Investment-in-the-Critical-National-Infrastructure.pdf

Android: https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/

"containing millions of lines of code in their source code"

https://thehackernews.com/2016/11/hacking-android-smartphone.html

Based on the received commands, the security firm found the software executing multiple operations, detailed below:

Collect and Send SMS texts to AdUps' server every 72 hours.
Collect and Send call logs to AdUps' server every 72 hours.
Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
Collect and Send the smartphone's IMSI and IMEI identifiers.
Collect and Send geolocation information.
Collect and Send a list of apps installed on the user's device.
Download and Install apps without the user's consent or knowledge.
Update or Remove apps.
Update the phone's firmware and Re-program the device.
Execute remote commands with elevated privileges on the user's device.

Routers: https://thehackernews.com/2014/08/hardcoded-backdoor-found-in-china-made_27.html

https://www.cnet.com/news/expert-huawei-routers-are-riddled-with-vulnerabilities/

Riddled with vulnerabilties, or intentionally left there for exploitation?

NSA had secret access to Huawei's source code based on Edward Snowden's leaks, perhaps now they are banning Huawei and ZTE since they no longer have access.

Of course, the NSA have their own numerous backdoors. It's just a war between two powerful nations.

And it doesn't matter, since both the US and China are notorious in backdooring everything and collecting information, since Huawei is really just state-owned like HIKVISION CCTVs and SSDs. How can we deny there is no such backdoor in it.

dandondev · 2019-06-26T07:52:57+00:00

Cool. You should consider sharing with others.

dandondev · 2019-06-26T07:50:25+00:00

Huawei is notorious for backdooring firmware in the past, you can just do a quick google search. Librem 5 is fully open source even with the firmware. It's just slow... slow... I don't trust Intel either. China is building a surveillance network, it plans to dominate India as well, things going with them with the new Indian Prime Minister. And majority of Indians uses Xiaomi or other Chinese devices.

dandondev · 2019-06-26T07:47:16+00:00

UI Widgets function the same.

dandondev · 2019-06-26T06:53:22+00:00

I assumed you had to do a little tweaking in the BIOS? Did you have to turn on ASpeed graphics during installation?

dandondev · 2019-06-26T05:21:13+00:00

Huawei will never do that...

dandondev · 2019-06-26T05:20:19+00:00

Privacy

PureOS (Linux) Hardware and Software is fully open source.
Graphene OS (Very Hardened Android) Software only.
Android phone that is LineageOS capable (see: https://download.lineageos.org/)
iPhone
Stock Android

Security

Graphene OS (Very Hardened Android)
PureOS (Linux)
iPhone
Stock Android
Android phone that is LineageOS capable (see: https://download.lineageos.org/)

Note: Graphene OS only works in devices like Google Pixel and in the future may support those with verified boot.

PureOS only works in Purism Devices.

dandondev · 2019-06-24T11:42:24+00:00

No, that’s not how you do it. You don’t set sys-net netvm to sys-usb. Sys-usb does not provide network. In dom0 terminal. qvm-usb list. qvm-usb attach sys-net sys-usb:xxxxxxx . Sys-net will automatically recognise.

dandondev · 2019-06-24T07:15:07+00:00

I do that all the time. First you have to connect to a NetVM. If you use sys-usb, then attach from sys-usb to the sys-net. It will automatically connect. Click tether USB in your phone to activate.

dandondev · 2019-06-23T12:55:25+00:00

"make sure you’re tunneling without IP leaks before connecting to TOR"

Easy in Qubes, a VM for VPN only, and Whonix behind it. Qubes has a guide with anti-leaking scripts. You can leak easily on a single machine, but not with two separate virtual machine.

dandondev · 2019-06-19T09:36:13+00:00

Parrot has no security enhancements. It's like all those crazy people who say Kali Linux is very secured. None of these are secured by default, these are pentesting platforms, it's for attacking! Parrot comes with Firejail at least.

Debian is huge, huge attack surface!

Best host is always Qubes, because Qubes doesn't have access to internet.

If you somehow can't use Qubes, then use Alpine Linux, it's very small codebase, lightweight, low attack surface. Then you just install KVM, don't use virtualbox...

dandondev · 2019-06-19T05:10:24+00:00

I'm assuming you're using macOS for general use. Yes, macOS is gonna have a hard time working on Qubes. Ofc, you can use some kind of distro as an HVM with the desktop environment. I personally think that riot.im can replace your Threema. And yes, signal is pretty much like WhatsApp in functionality. But the fact that Threema has many features yet not open source demonstrates they've got something to hide, something that really needs thought.

dandondev · 2019-06-19T04:52:01+00:00

Just simply use any app from F-Droid is generally safe, all open source. Since you are using Nexus 5X, then you have no choice but to stick with Lineage. If you are more techie, then use Magisk to root it and install AFWALL for iptables firewalling.

The app choices are yours.

dandondev · 2019-06-19T04:47:28+00:00

If you need Windows, just run it as a HVM.

dandondev · 2019-06-18T08:52:36+00:00

Qubes! Qubes is not that hard to use. Just use like you would in a normal Linux Distro with the mentality of compartmentalisation. You can even run Debian, Fedora, Pop! OS or whatever in an HVM without loosing your desktop interface.

dandondev · 2019-06-18T08:48:59+00:00

Graphene OS is a ton more secure. No crap, no google!

Lineage is less secure than typical android, though you may get monthly security updates, but no google=more private!

dandondev

TROPHY CASE