• General
  • USB data tethering to laptop. Safe, stupid, unknowable?

Answers for both direct to USB port of laptop, and for USB-C to Ethernet adaptor entry please, if it makes a conceivable difference. I feel like there's less chance of collateral data sharing via Ethernet port?

To clarify, this is using your LTE only phone as a tethered router. The data connection relies solely on a sim.

Laptop system is qubesOS, so there's quite a few levels of separation between browser and network. And it would only be used for anonymous disposable browsing or otherwise 'unimportant' sign-ins like Netflix, and even then, through laptop VPN.

Would you trust direct tether to your GOS device?

These all happen on different network layers right? The phone OS shouldn't meet with the transport of data from the laptop (encrypted before leaving the laptop because it won't inherit any GOS VPNs)

I'm preferring GOS overall since adopting it. And I have faith in the sandboxing, but I miss the comfort of spinning up a disposable VM.

    Toomanyuserprofiles let's add something to the mix. Previously connected to semi-hostile WiFi network for a long time.

    No physical access to the laptop particularly likely. And IME attacks aint all that likely but do make me uneasy.

    Not concerned with remote viewing of activities on laptop, but I am concerned with safeguarding GOS, as that's where my life admin takes place.

    Also specifically wary of location data exfil related to the sim. What do you think?

      Toomanyuserprofiles And finally, which NextDNS settings would you apply, and which apps would you fully disable in the owner/admin profile whilst tethering to ensure that only the transported layer of traffic could reach the outside world, and that it wouldn't be able to exfiltrate any unsolicited data with it?

      Thanks!

      Get a burner phone/SIM to use as a hotspot/router in semi-hostile environments

      You're asking if it's a good idea to knowingly put your most trusted layer, connected multiple ways, into known hostile environments .. Just to save a couple hundred bucks?

      Lots of potential for loss there, even down to the physical data transport of cables : https://shop.hak5.org/products/omg-cable

      Get an old used pixel, load Graphene, and use it on untrusted networks. If you ever suspect a comprise, easy to burn it down, toss the sim, and flash fresh with attestation.... Knowing your personal, trusted admin device was always air-gapped from the unknown/hostile networks/devices