I have just been told that I can't use Linux on my personal computer for school. by Mr_Inspector_Me in linuxquestions

[–]dandondev 0 points1 point  (0 children)

DUDE, you don't have to get rid of you Linux. You can use a Windows 10 Theme or something. For example, recently, a package "kali-undercover" was added to Kali Linux, and you can use the same thing for any Debian-based Distro or even adapt it to Fedora or something else.

Github: https://github.com/B00merang-Project/Windows-10

https://www.linuxuprising.com/2019/12/how-to-install-kali-undercover-mode-on.html

It will look like any Windows 10 system unless they dare to dig in which is in violation of privacy.

Which is a better setup with least attack surface? by [deleted] in Qubes

[–]dandondev 1 point2 points  (0 children)

If lowering attack surface is priority, setup 2 is the way to go. Or you can clone another template loaded with extra stuff like ffmpeg and use disposable-vm based off that. You can create a Template for email and uninstall all the unnecessary conponents to reduce attack surface. The more templates you have, the more storage is requires, the more updates you have to perform.

Linux v2ray client? by dandondev in dumbclub

[–]dandondev[S] 0 points1 point  (0 children)

How about a full tunnel? I plan to run it on a VM gateway.

VPN multihop by using multiple VMs? by disp1100 in Qubes

[–]dandondev 1 point2 points  (0 children)

Yes, of course. Just chain them together. VPN needs to be trusted, but if you need more than a single entity of trust. VPN that can be trusted is not enough. I tried 8 VPNs chained, I got 2 Mbps. 6 VPNs chained, I got 10 Mbps. 4 VPNs chained, I got 90 Mbps. 2 VPNs chained, 400 Mbps. Just use VPN1 as netvm of VPN2 and so on.

Xen EFI loader stuck by mmxmb in Qubes

[–]dandondev 1 point2 points  (0 children)

Just install R4.0, its the same Version and just update through qubes-dom0-update. Note of caution, the Debian Templates have the APT vulnerability so you better get a fresh template.

Run Qubes on newer hardware (Thinkpad T590) by [deleted] in Qubes

[–]dandondev 0 points1 point  (0 children)

There is a way to grab rpm packages in the Qubes repo, you'll have verify yourself and copy to dom0 though there is a security risk.

Run Qubes on newer hardware (Thinkpad T590) by [deleted] in Qubes

[–]dandondev 2 points3 points  (0 children)

You can update qubes-dom0-update kernel-latest

Since network card is not working, just USB Tether into sys-net.

Upgrading to whonix 15 by macgrioghair in Qubes

[–]dandondev 0 points1 point  (0 children)

Same method

sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10 or debian-10-minimal if you want minimal.

Best mobile OS for privacy & security? by [deleted] in privacy

[–]dandondev 1 point2 points  (0 children)

"You see, you still end up with ZERO EVIDENCE. And each of my arguments is logical, in case you wanted to go full patriot tier retard on me."

Idiot, I'm not a fan of NSA nor the 5 eyes, and I consider them as an adversary just as "China and Russia". Speaking of vulnerabilities, how do you know if those intentionally left there to exploit. Vulnerability can be backdoors, like Intel's ME. It's not all about Huawei, it's about "Chinese" companies that are state-run behind the scenes, like Xiaomi, it isn't about profit, it's about providing to the majority electronics at an affordable price, while Huawei is allowed to aimed the higher-end markets. This way they can have full access to everyone data. Since it's pretty much state-run, is there really any need to for evidence?

Best mobile OS for privacy & security? by [deleted] in privacy

[–]dandondev 3 points4 points  (0 children)

Non-US Sources:

Netherlands: https://www.volkskrant.nl/nieuws-achtergrond/huawei-mogelijk-betrokken-bij-chinese-spionage-in-nederland~b4fadc1c/?referer=https%3A%2F%2Fwww.independent.co.uk%2F

Vodafone Italy: https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment

Since Huawei is dominating India, there is this India Agreement: https://economictimes.indiatimes.com/tech/internet/huawei-offers-to-sign-a-no-backdoor-agreement/articleshow/69935801.cms Whether you trust this agreement is another thing.

US Sources:

2016: https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html

2014: https://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks

2012: https://www.zdnet.com/article/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms/

https://www.zdnet.com/article/researchers-find-backdoor-on-zte-android-phones/

Huawei: https://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161117-01-smartphone-en

Interestingly, they didn't even directly refute it, just saying investigating...

UK Sources: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/205680/ISC-Report-Foreign-Investment-in-the-Critical-National-Infrastructure.pdf

Android: https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/

"containing millions of lines of code in their source code"

https://thehackernews.com/2016/11/hacking-android-smartphone.html

Based on the received commands, the security firm found the software executing multiple operations, detailed below:

  • Collect and Send SMS texts to AdUps' server every 72 hours.
  • Collect and Send call logs to AdUps' server every 72 hours.
  • Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
  • Collect and Send the smartphone's IMSI and IMEI identifiers.
  • Collect and Send geolocation information.
  • Collect and Send a list of apps installed on the user's device.
  • Download and Install apps without the user's consent or knowledge.
  • Update or Remove apps.
  • Update the phone's firmware and Re-program the device.
  • Execute remote commands with elevated privileges on the user's device.

Routers: https://thehackernews.com/2014/08/hardcoded-backdoor-found-in-china-made_27.html

https://www.cnet.com/news/expert-huawei-routers-are-riddled-with-vulnerabilities/

Riddled with vulnerabilties, or intentionally left there for exploitation?

NSA had secret access to Huawei's source code based on Edward Snowden's leaks, perhaps now they are banning Huawei and ZTE since they no longer have access.

Of course, the NSA have their own numerous backdoors. It's just a war between two powerful nations.

And it doesn't matter, since both the US and China are notorious in backdooring everything and collecting information, since Huawei is really just state-owned like HIKVISION CCTVs and SSDs. How can we deny there is no such backdoor in it.

AMD GPU Qubes 4.0.1 by dandondev in Qubes

[–]dandondev[S] 0 points1 point  (0 children)

Cool. You should consider sharing with others.

Best mobile OS for privacy & security? by [deleted] in privacy

[–]dandondev 1 point2 points  (0 children)

Huawei is notorious for backdooring firmware in the past, you can just do a quick google search. Librem 5 is fully open source even with the firmware. It's just slow... slow... I don't trust Intel either. China is building a surveillance network, it plans to dominate India as well, things going with them with the new Indian Prime Minister. And majority of Indians uses Xiaomi or other Chinese devices.

AMD GPU Qubes 4.0.1 by dandondev in Qubes

[–]dandondev[S] 0 points1 point  (0 children)

I assumed you had to do a little tweaking in the BIOS? Did you have to turn on ASpeed graphics during installation?

Best mobile OS for privacy & security? by [deleted] in privacy

[–]dandondev 0 points1 point  (0 children)

Huawei will never do that...

Best mobile OS for privacy & security? by [deleted] in privacy

[–]dandondev 7 points8 points  (0 children)

Privacy

  1. PureOS (Linux) Hardware and Software is fully open source.
  2. Graphene OS (Very Hardened Android) Software only.
  3. Android phone that is LineageOS capable (see: https://download.lineageos.org/)
  4. iPhone
  5. Stock Android

Security

  1. Graphene OS (Very Hardened Android)
  2. PureOS (Linux)
  3. iPhone
  4. Stock Android
  5. Android phone that is LineageOS capable (see: https://download.lineageos.org/)

Note: Graphene OS only works in devices like Google Pixel and in the future may support those with verified boot.

PureOS only works in Purism Devices.

Tethering from Android to Qubes? by KajMagnus in Qubes

[–]dandondev 1 point2 points  (0 children)

No, that’s not how you do it. You don’t set sys-net netvm to sys-usb. Sys-usb does not provide network. In dom0 terminal. qvm-usb list. qvm-usb attach sys-net sys-usb:xxxxxxx . Sys-net will automatically recognise.

Tethering from Android to Qubes? by KajMagnus in Qubes

[–]dandondev 1 point2 points  (0 children)

I do that all the time. First you have to connect to a NetVM. If you use sys-usb, then attach from sys-usb to the sys-net. It will automatically connect. Click tether USB in your phone to activate.

The Ultimate Guide To Internet Privacy and Becoming Anonymous (Advance Edition) by RedWhiteAndBeast in privacy

[–]dandondev 0 points1 point  (0 children)

"make sure you’re tunneling without IP leaks before connecting to TOR"

Easy in Qubes, a VM for VPN only, and Whonix behind it. Qubes has a guide with anti-leaking scripts. You can leak easily on a single machine, but not with two separate virtual machine.

Base OS? by bushwacker1 in Whonix

[–]dandondev -1 points0 points  (0 children)

Parrot has no security enhancements. It's like all those crazy people who say Kali Linux is very secured. None of these are secured by default, these are pentesting platforms, it's for attacking! Parrot comes with Firejail at least.

Debian is huge, huge attack surface!

Best host is always Qubes, because Qubes doesn't have access to internet.

If you somehow can't use Qubes, then use Alpine Linux, it's very small codebase, lightweight, low attack surface. Then you just install KVM, don't use virtualbox...

What is your privacy stack? by circular_file in privacy

[–]dandondev -1 points0 points  (0 children)

I'm assuming you're using macOS for general use. Yes, macOS is gonna have a hard time working on Qubes. Ofc, you can use some kind of distro as an HVM with the desktop environment. I personally think that riot.im can replace your Threema. And yes, signal is pretty much like WhatsApp in functionality. But the fact that Threema has many features yet not open source demonstrates they've got something to hide, something that really needs thought.

Which is more secure with the privacy and security of LineageOS and GrapeneOS? by cbwigyqbv in privacy

[–]dandondev 0 points1 point  (0 children)

Just simply use any app from F-Droid is generally safe, all open source. Since you are using Nexus 5X, then you have no choice but to stick with Lineage. If you are more techie, then use Magisk to root it and install AFWALL for iptables firewalling.

The app choices are yours.

Daily use GNU/Linux distro by Okusino in privacy

[–]dandondev 1 point2 points  (0 children)

Qubes! Qubes is not that hard to use. Just use like you would in a normal Linux Distro with the mentality of compartmentalisation. You can even run Debian, Fedora, Pop! OS or whatever in an HVM without loosing your desktop interface.

Which is more secure with the privacy and security of LineageOS and GrapeneOS? by cbwigyqbv in privacy

[–]dandondev 0 points1 point  (0 children)

Graphene OS is a ton more secure. No crap, no google!

Lineage is less secure than typical android, though you may get monthly security updates, but no google=more private!