Summary
Transcript
Some of you may already know that there are cybersecurity benefits to using a virtual machine. In fact, that’s why some security versions of Linux like cubes and Hoonix uses virtual machines. But what most people don’t know are the specific advantages of using a virtual machine for privacy. There are some particular threats from the likes of the most evil platform, Facebook and meta in general that you cant completely beat unless you use a virtual machine.
In this video I will discuss six specific advantages to a virtual machine that makes this a privacy and security solution you cannot ignore. This is a moderately advanced topic since many of you may not have the wherewithal to install a virtual machine, but to educate the beginners, I will show you how to install a simple virtual machine. This particular solution is often overlooked as a privacy tool, and admittedly I don’t talk about it as much as I have introduced some less complex alternatives.
However, the alternatives do not solve all the problems while a virtual machine solution does. If you want to kick up your privacy skills up a notch by knowing this tip tech and how it can benefit you, stay right there to learn the six extra advantages of a virtual machine in this video I’m going to install a virtual machine on a laptop running windows eleven. The virtual machine software I will use is the free oracle VM virtualbox.
This same virtual machine can be installed on macOS and Linux. On Linux you also have the option of using the free software KVM to create virtual machines. I have a video on KVM and I do have an older video on installing VM virtualbox which is more detailed than what I will show here. And of course there are other options on Linux. Like to root, the main concept of virtualization is that you can run a child operating system under the host operating system.
The main operating system called the host is Windows eleven. In this example today it will make the child operating system which today will be Linux mint think it is running inside an actual intel machine. But really it will not be directly running under the intel machine. Rather it will be running in a virtual computer and the host OS will be in intermediary by providing access to hardware like the display, keyboard, mouse, memory and peripherals in modern computers.
The virtualization capability is built into the cpu now, so the host OS barely interferes in the speed of communications between the actual machine and the virtual machine. So a software tool like Oracle VM virtualbox using the virtualization features of the cpu will make the OS think it is really running inside a real machine. So here’s a quick demonstration of that here I’m running windows on my host machine.
It is the actual operating system. Then here using Virtualbox I have launched my pre installed instance of Linux Mint. So it’s like having multiple operating systems at my disposal. In this example, this virtual machine window is running a YouTube video. As you can see it’s pretty watchable. However, it’s probably not that great for use with 4k video, so it has limits. By the way, for better privacy it is best to install Linux on your virtual machines as I did in this example.
Linux will be the most privacy safe. As I’m showing here, the host system is Windows. Windows has a lot of spyware. Most can be turned off, but there are more being added by Microsoft constantly. Just recently Microsoft enabled Copilot on this computer, which is basically an AI that I can talk to and who knows what other surveillance it is doing on this machine. Now I haven’t had a chance to study this yet on macOS.
Aside from the continuous monitoring by Apple of data like location and usage statistics, macOS, just like iOS, are currently the main devices that support client side scanning, meaning the AI in the device can search your local content and report it to HQ if a match is found. Pretty invasive, but when you’re running inside a virtual machine, what you’re doing is not directly visible to the host os, so this should blunt any AI based content or usage scanning this is one benefit that I will tell you right now, but there are very specific things that will not be obvious that I’ll tell you about later.
So this is a bonus benefit. Now, before I get too deep, let’s begin by doing a quick install of a virtual machine. I won’t get into too much detail here and I will speed up the video just to give you a quick picture. I downloaded a couple of things in advance. First, I downloaded the latest version of Oracle VM Virtualbox, which as of the time of this video is seven 0.
14. Then I also downloaded an ISO image of Linux mint which I got from the Linux Mint website. I chose Linux mint in this example because it is a popular distro with beginners. Now in my experience it is problematic to have the files in some download folder because it causes permission errors in windows. So I found that the easiest way to avoid problems is to make a folder and put all the files we are going to install in there and you need to be logged in as the admin user.
So here it is in my case, I have the virtualbox files and the linux mint files ready to go. Now let’s do a quick install of virtualbox. This new version gives a warning message about python core which we are not going to care about since we are not running python. So just ignore that, just accept the defaults and continue the installation. Now when you are done and you run the virtualbox application, you will see this UI virtualbox.
What we are going to do is click on new then we will fill in the name and the folder where we will install the virtual machines and then we specify the linux mint ISO file we need. I’m just going to specify this as Linux 64 bit I did an unattended installation here. It took a while so I’m speeding up this portion of the install here quite a bit.
Next I will turn on the virtual machine by double clicking the one I want and this will boot the virtual machine into a child OS. This will basically start up linux mint again. Make sure to remember the user and password you’ve given to your Linux user. I won’t show this in the video, but I installed a chromium browser on the vm. I find that this is less buggy than the default Firefox browser and seems faster as well for watching videos.
I also adjusted the screen display size so it is larger. My host computer has Nvidia, so this VM may not be completely using the GPU features right now. After the install I will shut down the VM and adjust a few settings as you see here. I just want to check the amount of memory it allocated. You can play with this later. I have a lot of memory so I can give it a bunch.
I took a quick glance at the other resources given and they appeared to be fine. So here’s the final result. I have the host machine on the main screen and you can see the window in the middle which is running YouTube. This window is Linux mint in actual use. It can be seamless. You can run your normal stuff on Windows and then you also have the option to run a virtual machine for when you want privacy or security benefits.
Now that we have the tools we need, let me tell you why you would use a virtual machine and what the benefits are. I’m going to list cybersecurity and privacy benefits. Number one, have a safe OS copy. This will be important for later. You can clone your virtual machine that you have set up the way you like, and when you clone it you can easily restore it if and when your os gets infected with some malware.
So if you’re in doubt as to the safety of a prior action, you can stop immediately and restore the latest clone copy of your os. This will wipe out any malware immediately. Number two, sandbox your email. You can install your email client inside the virtual machine and not install it on your host machine. This is a fact that the average person doesn’t know. Probably 90% of all malware comes from attachments in email.
The biggest source of attacks is when, through social engineering, some attacker makes you click an attachment and in this process infect your device with malware. Fortunately, if your email is inside the virtual machine, it cannot infect your host machine. All you have to do is restore your clone copy of the virtual machine and you are assured that your os is clean once again. Number three, isolate your data in the vm.
If we have to worry about the AI in Windows or Mac OS looking at our content, then the best way to prevent this AI scan scanning is to put your content inside the virtual machine. This would be important if you’re a whistleblower, a journalist, or maybe an activist of some sort. This type of isolation keeps your content away from malicious spying. Usually the OS will give you the option to encrypt your VM hard disk.
So if this is a concern in your particular instance, then this is how you handle that. By the way, I don’t usually worry about any AI scanning if my host system is Linux. Linux is open source and very safe, but the proprietary oses from Microsoft and Apple do unknown things. However, sometimes we have no choice but to install Windows on our devices, or we have a MacBook, in which case it will be running macOS.
The good news is that we can always install a virtual machine, even in these cases. Number four, Mac address collection. Let me tell you about a surveillance scheme used by meta. It’s specified in the data policy of Facebook. So this is something I’ve always known about. A Facebook app, if you use an app, will run ArP address resolution protocol, which is a command. I will demonstrate here on the command line.
If I go to a command line on Windows and run Arp, it will actually show all the devices on your network and all the Mac addresses. Well, these Mac addresses are unique identifiers and they are assigned to your specific devices. If ArP detects your mobile devices, Facebook, Instagram, and WhatsApp will actually identify your presence near a group of either other meta users simply by the Mac address announcements.
In any other network you happen to be in, this is a huge privacy invasion. Danger from the most dangerous app ever. Now let me show you what happens when you run ArP in a virtual machine. Look at this, because the virtual machine network is isolated, it acts as its own network subnet and thus other devices will not be visible on the host network. This is also very important because if some app runs Arp on your network, finding the same combinations of Mac addresses is like a fingerprint and it will match each and every one of you in the network as part of a set.
This will allow identification even if you’re using a VPN. At the moment, the only party that states they are usingRob Braxman Tech this tech is meta. But obviously anyone can do this without telling you. Number five computer identity this is a problem on Windows and macOS. Any app can find some unique identifier on your device. This is equivalent to iOS or Android reading the IMEi on your phone. I will specifically demonstrate this on Windows.
Let me show you the most obvious identifier on Windows and this is the unique thing on your device, which is the Windows product id. Any app can read this data in the Windows registry. To demonstrate this, I will go to the command line and run regedit. Then going through the indices hkey local machine software Microsoft Windows nt current version you can see these digital product id digital product id 64 product id but these ones I’m showing you are pretty obvious, and I will be frank with you.
I have personally programmed apps that read these identifiers to check software licenses to apps I’ve made. This match to. The product Id is unique. Now, since any app can capture this product Id easily, as you can see here, then it’s very easy to capture the device identity at all times. However, if you’re running Linux, as we are demonstrating in our virtual machine example, then you do not have a unique identifier in Linux.
Certainly nothing as permanent as a Microsoft product id. This is a huge advantage with privacy. Using a virtual machine you can protect the device identity. I’m actually concerned if Chrome or other browsers read these identifiers, so understand that they can. Whether they do or not, I don’t know, but better be safe than sorry. Number six, Microsoft ID or Apple ID there are other identifiers in the registry that I’ve demonstrated in other videos.
For example, you can see the product name and registered owner here. Now I’ve cleansed my system as I explained in a video last year, so I removed all references to registered owner, which is the Microsoft ID in this case. But again, realize that this data can be captured. Again, we show the advantage of a virtual machine here, even if your host machine is running Windows. But whatever you deem could be a spying app like a chrome browser, for example, will be sandboxed in Linux and will not be able to acquire the Microsoft ID, your name, and other little goodies in the Windows registry.
And of course the equivalent Apple ID will not exist in a virtual machine running Linux. Just to make this little discussion complete, if you’re on a home network, you need to run a VPN on the host OS or use a VPN router like Brax router in your network. Then the virtual machine will also use the VPN since it gets its Internet access from the host machine. There are more sophisticated techniques for connecting the virtual machine to another network in the cloud.
I haven’t tried that yet, but I can see that as an available feature on Virtualbox. The reason I’ve not been promoting the use of a virtual machine too much, even though I’ve made several videos on it, is that I’ve been talking about the simpler solution, which I call browser isolation. Use multiple browsers and partition your activities into Google and non Google using these browsers. This will isolate the Google ID and prevent your activities outside of Google from being tracked.
However, this is not foolproof since some of the identifiers I mentioned here can be captured by rogue apps, specifically like Facebook. So if you persist in using Facebook, the only solution I can offer you is to isolate that use in a virtual machine. It is not necessary to use a virtual machine for every activity, but isolating email, Facebook and Google in separate virtual machines is a very sophisticated protection method and will protect you both from cybersecurity and privacy threats.
I hope this information has been helpful folks. I have a company that creates products made to protect your privacy. This is available through my privacy focused social media site, Braxme. We have now exceeded 100,000 active users, so join us there. Our store there features products like the Google phones, the Brax, virtual phone bytes, VPN, Braxmail, Braxrouters, and more. I’ve created most of these products myself and you can discuss them with the community over at Braxme.
Those are the actual users of these products so they will be honest with you. Thank you for watching and see you next time. .