Hacker News new | past | comments | ask | show | jobs | submit login

>Every step you take on the web, every site you visit, every page you view, is used to create and enhance a profile about you. Everything you do is carefully tracked and monitored.

* if you use traditional web browsers.

I've been moving more and more of my browsing over to Tor.

Both Reddit and HN can be browsed, though the former requires JS to fully function. (A persistent problem across the web)

I can't do all my browsing on Tor, but I can do a substantial chunk. Conversely, I can maintain "clean" profiles tied to my real name that seem to simply check email, read the news a bit, and check the weather.




Indeed!

I tried using QubesOS for my primary (desktop-ish) laptop. I7, .5TB ssd, 32GB ram for $500 on ebay. And I would have maintained using it if it hasn't been for research into SDRs.

I needed the performance from USB for SDRs, and the way Qubes does it sends all USB data to a USBvm to prevent against all sorts of bad USB attacks (badUSB, rubber duckys, usb-gsm gateways, etc).

But if I wasn't doing SDR work, you can bet on it that I'd be using Qubes.


I've been considering. My current machine is slow enough just running Quebes (which requires two VMSs - one gatway, one ) chokes so I stick to TBB.

It might be more economical to buy an old chromebook or something to repurpose for TAILS rather than buy a really souped up laptop for Qubes.

Then again, I'm not doing anything evil so, my threat model is a little looser. (I don't think they're out to get me specifically, but will happily siphon up whatver they can get)


A big problem I have with QubesOS, which is a good idea, isn't that it sacrifices performance in the name of security by default, but that it has no escape hatch for when you actually really need stuff to work... and its absurdly high resource requirements. It is fundamentally not a usable OS for any but a few niche use cases, in my opinion.


Will this protect you from JS fingerprinting? Will it protect your from software fingerprinting? (device id's and serial numbers, etc)


What do you mean by "JS fingerprinting"? If you use a Whonix VM on Tor, there's really two parts - a Gateway VM and a workstation. So even if JS "punches through" the workstation it literally cannot transmit or access your external IP.

If you do things like resize your window or install nonstandard applications, that could make you a unique Whonix user, but not reveal your true IP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: