I need to use a personal account with untrusted computer which I don’t control the app and services that is installed, and for some reason and I can’t create a new account just for this case, it has to be the same account witch I also using unfortunately.
How can I improve the security? Using a virtual machine (like qemu) will help to increase security?
A virtual machine won’t improve security because the host is untrusted, so therefore any guest would also be untrusted. You basically can’t improve the security while considering the computer untrusted, that’s kind of an oxymoron.
I don’t know if this is your situation, but just in case, do NOT use a work-provided computer for personal things.
5 Likes
Can you be more precise about which accounts and what kind of data will be exposed ?
Why? I assumed that it is harder to read data (files, running process, tls network activity, apps and so on).
Unfortunately I need to use my personal WhatsApp and Telegram account in the work-provided computer
You could look into getting a phone number that you can use to sign up for accounts you will only use for work.
Services that let you do this sometimes have issues because they give you a VoIP number. Maybe something like https://www.smspool.net/ would be good?
*removed crypton.sh link since there are actually complaints about it not working/support not responding.
2 Likes
No.
The virtual machine is literally running as a guest, the host can reroute traffic, read the storage, do whatever it wants since it’s what controls the hypervisor the vm is running on.
Make new accounts for work.
2 Likes
I will check if I can make a new account for work, hoping they will allow it.
But why? If all the network communication is encrypted by the guest? is not like a man in the middle? so the host will be able to see only the encrypted data. And if the disk is encrypted? how can it read the storage?
I am assuming the host is installed with some app the read the traffic and disk but if everything related to the guest is encrypted how it can read it? unless the monitor software itself is connected to the hypervisor (is it even make sense?)