You are not logged in.
- Topics: Active | Unanswered
#1 2022-08-12 16:50:38
- virtualnux
- Member
- Registered: 2022-08-12
- Posts: 2
Performant and secure virtualization softwar that doesn't phone home?
I take privacy and security very seriously whether or not I have reasons for it. My data is mine so I never use anything that phones home unless there is no alternative and nothing open-source.
I want to start using virtual machines so I tried QEMU+KVM, which disappointed me. It's capped at around 30hz (I run host and guest on the same PC and the same screen) which is a big issue. I found a way to recompile it to 60 but more than that seems to glitch, I want to take full advantage of my 120hz display. 60 is still a lot better but not when it also requires me to have additional software and libraries on my host machine - it increases attack surface and still doesn't solve the problem (I need 120hz VM window)
Then there is Pararrels, VMWare and VirtualBox.
VirtualBox has proprietary drivers which I believe are necessary for okay graphics performance for youtube and browsing. For some reason they are not open source which makes me wonder if they have backdoors or phone home. Additionally it's a level 2 hypervizor which I've read is less secure regarding a potential VM-breakout.
The other two are not open source at all which makes me have the same worries. Considering Microsoft, Apple and Google legitimately have backdoors since long ago (accompanied by a few news stories) I do not trust any corporation unless it's been vetted by credible and knowledgeable people who cannot be gag-ordered or NDAd - since backdoors seems to be a legitimate and widespread practice.
Phoning home to me means sending any data at all anywhere at all for whatever reason. The only data my guests or VM software is supposed to send is the data coming from inside of the guest machines by the system that I install and use myself. Not debug info, crash info, usage statistics, etc.
What do you recommend for my use-case?
In case someone has a way to make QEMU window work on 120hz without the stupid limitation, please guide me, that will solve all my issues.
Offline
#2 2022-08-12 18:09:45
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Re: Performant and secure virtualization softwar that doesn't phone home?
What investigation have you done to make you think that any of your listed solutions 'phone-home'?
Offline
#3 2022-08-12 18:22:51
- virtualnux
- Member
- Registered: 2022-08-12
- Posts: 2
Re: Performant and secure virtualization softwar that doesn't phone home?
What investigation have you done to make you think that any of your listed solutions 'phone-home'?
I haven't done any, I'm not skilled enough to trust my own findings to the extend to say that it's safe, private and secure software. I also didn't say that they are indeed phoning home, I'm guessing that it's likely that they are and I'm hoping that someone who has done some investigation and has more skill and knowledge than I do will see this thread and has time to respond. I'm basing my guess only on them being corporations in similar importance as Microsoft in anything that involves virtualization.
You would suppose that Windows is a secure system and that your data is yours, but depending on your settings, your every keystroke, file and picture will go to Microsoft's servers sometime, and I don't think I have to mention the legally-installed backdoors (including BitLocker), which is a huge security risk, not to mention that I am just not okay using anything that sends any data anywhere except for what I allow it to send and I will never knowingly allow anything to send anything anywhere that I have no personal need for. I do not have any need for sharing anything from, of or about my system in or out with anybody or any company, for example.
My point here is that I do not trust any company with anything that has the possibility to connect to the internet unless credibly proven otherwise. Which means internal code auditing is meaningless for me as an example. So naturally I have to question every company and software, especially if they are not open-source. I'm sure that out of 8b people I'm not alone, which means that someone went the extra mile and did a full investigation and made meaningful conclusions based on concrete evidence (not the lack of evidence)
Offline