#QubesOS tip: If you're not daily driving the Whonix integration, you're not using it right
"The main way Qubes OS provides privacy is via its integration with #Whonix. Qubes does not claim to provide special privacy (as opposed to security) properties in non-Whonix qubes. This includes disposables."
#cybersecgirl #privacy #security #opsec #infosec
https://www.qubes-os.org/faq/#what-about-privacy-in-non-whonix-qubes
Have you seen an up to date guide about creating a #VPN qube that works like the #Whonix one? It'd be great to have #RiseupVPN come after #Tor so I can use sites run by wankers who think HTTP requests from Tor are a #CyberAttack
#infosec #privacy #cybersecurity #security
qubes switched from iptables to nftables in 4.2+ and most guides haven't been updated yet (spoke to the person at mullvad who will be doing the updated tutorial so that's coming) not sure about riseup but protonvpn gui works out of the box on a fedora qube (confirmed on 4.1 and 4.2). haven't tested debian or debian xfce.
super simple. install proton vpn in fedora template qube, make sys-vpn, sys-vpn-ch, etc. (however many simultaneous locations you want/need) based on that template, in settings choose sys-firewall as netvm, tick the provides network box and add network manager in services. then add sys-vpn (for example) to sys-whonix as its netvm
then just set the vm qubes and protonvpn apps to start on boot (they will ask for keyring password). you can then add the sys-vpn, sys-vpn-ch etc. proton vpn apps to a launcher on your taskbar for easy access
Thanks for the encouragement. I spent several hours trying to figure it out. After exhausting the guides on the internet about getting RiseUp to work with OpenVPN, I dug into the source code of their client to find the IP address of their snowflake server which hosts the client cert/key.
After that itn was smooth sailing... until I wanted to connect to the VPN over Tor. Eventually I figured out it was UDP that was screwing me over. Then I had to figure out how top trick network manager into allowing me to specify to use TCP.
In the end I emerged victorious and it's working exactly as intended. I also have notes in a private markdown file in case I need to do this again in the future. Maybe someday I'll publish it. Who knows?
On a side note, I'm glad I copied down the ID of your note, because my public bookmarks won't load in #Amythest. So I probably would have never been able to get back to this thread if it weren't for me copying the note ID to the VPN task.
I'll give it a go sometime later this week. I expected there would be some firewall rules required to forward packets for other machines.
Or spare it for select activities so you don't get flagged too soon by your ISP
Was just watching a brief tutorial on Qubes. Working on getting a laptop to put it on so I can continue the self-education process.
I appreciate the content/helpful info shared 🙏🏽
Yw 😊 Awesome! Here if you have questions. As of now, I literally couldn't imagine daily-driving anything else. It's good stuff for privacy and security.
Thanks!
I bet! On a personal and professional level, I want to get to that place. Specifically getting to a comfortability level where I am confident in managing my complete risk profile vs just a percentage of the risk. All forward motion, even if in small steps.
Awesome. Start with a strong enough, "why" and you can deal with almost any "how". This is the way 🤙🔥
