Open andrewdavidwong opened 7 years ago
scoped this to focus on local network, since "privacy solutions" include many things (browser fingerprinting, etc)
Yeah, local network = LAN/WLAN
I think adding the MAC randomization scripts into the Net-VM by default would be good in the short term. There are plenty of less exotic scenarios where it would provide additional anonymity.
@desmond-decker : Probably NetworkManager will be supplying MAC randomization since they have been working on it for months and now their 1.4.2 release can handle it as just another feature of running the NICs. The scripted approach was always rather spotty and the hardware address would keep returning with some NICs.
If you would like to have randomization working correctly now, I'd suggest reading this: https://groups.google.com/d/msgid/qubes-users/0300e698-0120-e9bb-65d4-b4bd0a3d54f1%40openmailbox.org
Recently interviewed a security trainer who said they desired MAC randomization when traveling in hostile regions.
This issue hasn't been active for several years... anything new with available tech/solutions to facilitate either MAC address randomization or something like it, in Qubes (that could be easily switched on/off in the GUI)?
@ninavizz @marmarek Mac rando was not pushed as default under 4.1 ?
@tlaurion There is a documented method in Community Docs, that the trainer used—and they were using 4.0. So, it is definitely possible, as VPN services are possible, but neither are easily discoverable nor easy to do without a not-insignificant cognitive burden. Which, for vulnerable folks in a pickle, can be dangerous.
yes i don't quite understand what happened re: MAC randomization as default and with the docs.
https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-320373353 proposed it as default. having some option at installation/first-boot would be great.
the docs to walk the user through implementing it used to be "first-party" docs hosted at: https://www.qubes-os.org/doc/anonymizing-your-mac-address/ but then seemed to have moved to "third-party"/community docs at https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md
would it be possible for us to confirm the walkthrough and make it official (and therefore easier for users to find)?
@andrewdavidwong
@ninavizz @marmarek Mac rando was not pushed as default under 4.1 ?
It is enabled by default in R4.1, based on links in https://github.com/QubesOS/qubes-issues/issues/938, since core-agent-linux v4.1.25.
the docs to walk the user through implementing it used to be "first-party" docs hosted at: https://www.qubes-os.org/doc/anonymizing-your-mac-address/ but then seemed to have moved to "third-party"/community docs at https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md
Yes, see https://github.com/QubesOS/qubes-issues/issues/4693.
would it be possible for us to confirm the walkthrough and make it official (and therefore easier for users to find)?
It's not just about about being easier to find. There's a lot more to it than that. Full explanation: https://www.qubes-os.org/doc/documentation-style-guide/#core-vs-external-documentation
Note that it's already linked directly from the table of contents (https://www.qubes-os.org/doc/), so it should already be pretty easy to find in that respect.
Note that it's already linked directly from the table of contents (https://www.qubes-os.org/doc/), so it should already be pretty easy to find in that respect.
@andrewdavidwong Unfortunately it is not, though. Users just don't scroll through a whole ToC to find things, and many users don't even know about the Linux-unique paradigm of "internal vs external" components. User behavior, regrettably, does not follow logic as often as we'd like. I even did this, when looking for MAC Address stuff in the docs.
THAT said, @mfc for #6835 one known need I will be making a recommendation on, will be adding sub-nav/sub-tabs to the website (via the least-effort-required means possible, that still allows for visual discovery in a desktop experience). Doing as much will surface to users and make more readily discoverable, a number of things currently being lost (such as paid support as an option), today. Because users just don't scroll through pages top-to-bottom.
For the Docs page, the sub-nav items I've been considering are: "Qubes Official" and "Community Created" and "Contributor"
Even with the above sub-nav schema, for users unfamiliar with FOSS conventions, the whole notion that there is such a thing as "Community Docs" as a separate artifact from "Official Docs" will be foreign and unknown... so qualifying the difference between the two at the very top of both tabs, and reflecting that qualification on the Support page, will be important.
Unfortunately it is not, though.
It is, just checked....
Users just don't scroll through a whole ToC to find things
I think we can expect a basic ability to read from the users. You don't even need to scroll the whole list, just use Ctrl+F (or however else you trigger "search" function in the browser) and enter any of "MAC", "privacy", or "anonymizing" there - any of those will get you to the right place. Seriously, if that is too hard for someone, they should not touch computers at all (or rather: learn basics first from appropriate place, Qubes documentation isn't it).
No disagreement w/ your sentiments @marmarek. Ctrl-F is actually how I eventually found it, hehe. :)
To mitigate saturation of support/community requests for things we put on pages, though, discoverability is a factor. That's where a lot of the balance needs enter the picture, from my own POV.
thanks all for the inputs -- that's really great to hear that R4.1 will have MAC randomization by default, definitely something we should trumpet in the release notes! (let's make sure to include :)
i understand the concept behind official vs community docs, i'm still not sure why this doc in particular moved from official to community. anyways i guess as we get closer to R4.1 we can update the existing documentation to reflect these changes.
i understand the concept behind official vs community docs, i'm still not sure why this doc in particular moved from official to community.
That is already explained here: https://www.qubes-os.org/doc/documentation-style-guide/#core-vs-external-documentation
If there is some specific part that is unclear or that you disagree with, please quote it, and I'll be happy to discuss it further.
Users just don't scroll through a whole ToC to find things
User behavior, regrettably, does not follow logic as often as we'd like.
Because users just don't scroll through pages top-to-bottom.
Out of curiosity, how do these people read books? You know, the kind printed on paper with tables of contents on pages near the beginning.
How did they manage to use instruction manuals for software that used to come in little printed booklets with the physical software media?
Anyway, I don't see that anyone here has made these assumptions. We assume that people have access to search engines and Crtl+F.
Out of curiosity, how do these people read books? You know, the kind printed on paper with tables of contents on pages near the beginning.
How did they manage to use instruction manuals for software that used to come in little printed booklets with the physical software media?
I'm really glad you asked! Choosing to sit down to read a book because you enjoy reading, is a completely different behavioral experience than looking a thing up in documentation such that you can be enabled to do a thing elsewhere.
When a person sits down to read a book, that is the experience they signed-up for: reading a book. Their need and emotional desire in that moment, is consuming the information on the pages of that book. When a person sits down to read a book in support of another task, however, things change completely. That task could be doing homework (so, assigned reading) or fixing something.
Per the above, I always struggled with homework reading assignments for required coursework in school (so, topics and professors I was not naturally drawn into, but had to pass classes with to get my degree), because my heart was never in them; I did not have an inner need/desire to consume that content. I was consuming it to fulfill an external need, to finish a homework assignment and not sound like a jackass when called upon in class, the next day.
When a person sits down to read an instruction manual, they do so in support of a task they need answers in response to. Both of the above, are not-insignificant differences, and are at the crux of most UX work: learning how to meet the needs and desires of users, when and where they are with things. Emotional mindsets matter a ton, with regards to guiding how easy or hard it is to find and retain information. That may sound bratty, or like spoon-feeding is a goal... but it is an honest reality with how our brains work. With brains impacted by ADHD, autism, anxiety, or OCD; or situational things like stress or anxiety in a moment, that emotional impact is much more significant.
Example: I sat down to read the manual for my washing machine, 2 days ago, because it wouldn't work. My "need and desire" was to un-break my washer, not to learn about my washer. I have zero natural curiosity to learn how my washing machine works. I needed to learn just enough about my washer, to un-break it. How the book was set-up to navigate a user with a specific problem they needed to troubleshoot, mattered a lot. If I were sitting down to just read the manual cover to cover for the sake of learning about how my front loader washer worked, that would have been a totally different experience; and the content's structuring would have needed to be totally different.
Emotional needs and desires, and helping users meet their goals in executing tasks, is what drives most UX work. Hence, we're always pushing to make things easier to discover, with less "work" involved in that discovery. Make sense?
@andrewdavidwong Also, fwiw—as a student of Philosophy, you are probably among a less-than-1% bucket of the human population, with regards to both your attention span and your hunger to learn—and your personal willingness to take the time required to do that learning, well. Just like I'm in a less-than-1% bucket of the human population, that will notice shitty letter-spacing in signage. All humans are different, and most just do not have the willingness nor the ability to carefully attain knowledge through literature, that you do. I wish that more did—and, tbh, I wish that I did.
The above is also why many folks learn more efficiently/effectively, by "learning through doing," vs trying to learn stuff outside of the context of needing to execute a specific task. If there's not something you need to do, that lack of an emotional need tied specific task outcomes, makes it harder for a person's brain to process/retain information. "Learning Qubes OS" is not a specific task outcome. "Moving a file to another VM" or "Setting up MAC address rotation," conversely, is.
Out of curiosity, how do these people read books?
My guess is: they don't
-- public key: https://www.svensemmler.org/2A632C537D744BC7.asc fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7
Guys, we're not helping users by judging them. Which I know y'all aren't trying to do. I also get that the efforts of others that fall short of a 100% all-in effort to make use of what you've both spent so much time carefully crafting, is frustrating. I'd put money down, though, that you've both made the same mistakes in the context of tackling tasks outside your "sweet spots" of focus: maybe cooking, working on a car... (and then my brain just stops, trying to think of anything either of you would try to tackle w/o 100% intellectual vigor and intent). Hairstyling?
In our issue on MAC randomization (#938), @adrelanos shared a recent research paper by Vanhoef et al., "Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms."
@tasket then recommended that a new issue be created for the problem raised by this research.
Abstract: