Hi,
I just read through the docs (gonna read it at least one more time, because there are very much information to think about (in a positive way, this is by way the best docu in general about privacy, security & anonymity. great work!) & I have a few questions / thoughts that need clarifications.
(ps: i use qubes)
So from my understanding: Stream isolation aims that e.g. the Tor Browser has another Entry Guard (or overall circuit) than e.g. when I am updating my system with apt?
If yes, what kind of applications / group of applications get their own circuit?
If my thoughts are right then I would be able to login to my normal accounts via one qube because my whonix-workstations have different ip’s, right?
Now a question about cold boot attacks. These are only important to me if I have a thread model where the government could come and take my stuff but manages that my computer is still running when they take it? But as long as my computer is shut down & I have luks with a good password then everything is fine?
“Using a VPN or SSH does not provide a strong guarantee of hiding Tor use from the ISP either. [3] VPNs and SSHs are vulnerable to an attack called website traffic fingerprinting. [4]”
(http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Hide_Tor_from_your_Internet_Service_Provider)
Could somebody explain to me why tor over vpn doesn’t hide the usage from the isp? (I guess that explanation will suit to both vpn’s and obfs4?)
In the section Epheral Wohnix Gateway ProxyVMs it says that entry guards are rotated every few months. But how often? When does this really happen? What’s the trigger for that? http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Disposables#Warnings
This section tells about IDN Homographs attacks: Social Engineering and (Spear) Phishing. I tried it myself and it seems like idn homograph attacks aren’t possible anymore. Should I propose an edit or did I miss something?
“Default to Debian’s official package manager apt for installing software, and avoid third party package managers”. So I shouldn’t use snapd / flathub? Isn’t snapd / flathub the best option if the application isn’t in the standard repo of a distribution? http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/System_Hardening_Checklist#Disabling_and_Minimizing_Hardware_Risks
Thanks.