Is it safe to use an Ubuntu VM on Windows 10 from a privacy perspective?
My question is basically in the title - We all know about the telemetry bullcrap that windows 10 comes with and about NSA spying on everyone. Considering all that stuff, is it (from a privacy perspective) safe to use a VM to use linux? Will windows be able to collect data from my VM or is it the same as basically having linux as the host OS?
This may seem very paranoid to you but I feel like this is something I have to ask to be sure. I cant just delete my Windows installation and go full-blown Linux because there is software I need to use on Windows. I also cant (better said: dont want to) use only Windows because I dont want to be spied on. So I thought I'd go the middle way.
I'm using Vmware and the newest Ubuntu, if that's relevant in any way.
Solution 1:
Your question is vague. Short answer is: it depends on what you want to protect. Long answer follows below.
A more detailed explanation: A few things pop to my mind that you would want to protect from Windows/microsoft in terms of privacy. There are also other dangers to privacy such as proprietary software, spyware etc. running on your system. But since you asked specifically about Windows/Microsoft, I will not address that.
1. Your local data
Problem: There is the virtual disk on which ubuntu is installed. Windows does not have native support for the EXT3 format, but who knows.
Solution: You could of course encrypt your ubuntu home directory or the entire "drive" during installation. That should prevent any software running on the host system to read data inside your VM. However, since the decryption key is theoretically also accessible by the host system, it would be possible to decrypt the data with full control of the host system and thus the decryption key. I would argue, that with encryption you can hide from automatic generation of statistics about your usage and your files, but a targeted attack against you/your computer by someone in control of the host operating system would render all encryption useless.
2. Your network traffic
Problem: You are most likely using Ubuntu to browse the web, access file servers, read your emails and so on. Some of these connections will be encrypted, some will not. Those that are not encrypted pass as plain-text through the VM host system (Windows 10). Theoretically, if there was software installed in your Windows 10 that monitors/sniffs network traffic, it would be able to at least read some of your web traffic. Moreover, encryption would not prevent the software to determine that you are communicating with someone and who that someone is. Encryption alone only hides the content.
Solution: As mentioned above, encrypted traffic is not easily readable by the host system as it is already encrypted inside the VM and only then travels through the host system's network interface. You could force such an encryption for all traffic from your VM by establishing a VPN connection to a server you trust for example. On a side note: this could also be the router in your network. But careful, the same targeted attacks using the encryption key residing in the host's memory as in Problem 1 would be possible here. Leaving targeted attacks aside, your web-browsing would not be automatically analyzed by Microsoft.
3. Data passing your USB ports
Problem: When you use USB devices for tasks inside the VM, such as printing a document, the data will have to go through the host system eventually as the VM does not have direct access to the physical USB ports. Therefore, the host system "sees" all information flowing to your USB devices. This also goes for input devices, namely your keyboard and mouse. So even when using Ubuntu, encryption and everything, Windows still registers every keystroke you make and can use that for "improving the user experience" or whatever is done with the data.
Solution: None. As long as the usb device does not support end-to-end encryption, I don't really see any solution.
4. Your hardware signature
Problem: Your hardware configuration is most likely very unique. The operating system has access to a lot of information from your hardware such as manufacturer, manufacturing date, model number, in cases of network interfaces the mac address and so on. Windows does actually calculate a fingerprint of your hardware and connects it to the windows key you use to install Windows. You can see the effect of that when changing hardware in your system and Windows prompts you to re-verify the installation. Because of that, from Microsoft's point of view, you will still be visible as a user when using Ubuntu in a VM.
Solution: There is not really one with Virtual Machines.
If you are serious about your privacy, open-source and Ubuntu, you should consider installing it at least on a separate partition/drive and dual-boot. That would remove all the problems I mentioned, except for the first one.
Solution 2:
In terms of VMs, no. Virtual machines are used in this context to isolate the guest from the host, not the other way around.
In the realm of just Windows spying on you, you'll be safe by just running in a VM. It's extremely unlikely that Windows will install an ext2
driver or similar to spy on your system, even less that it will do anything I describe below, but we're going to discuss theoretical risks because they're important to know, and because we can't trust that Microsoft won't, or even (technically) doesn't.
The host has complete access to any and all virtual machines it is operating, including raw memory (making encryption useless), the raw virtual hard drive, any raw network connections, etc. Because you don't trust the base framework you're running the VM on, you can't trust the VMs themselves to not be compromised.
The host has access to all VM memory. Therefore, the host can:
- Read any and all raw states from memory, including loaded file contents
- Encryption/decryption keys for anything, including HTTPS and the hard drive
- Read URIs, system states, and so on.
- Pull off DMA attacks and run arbitrary code
- Make your life just completely miserable.
While Windows itself is unlikely to go this far just for telemetry, it's still a possible threat that should be established and known. We're dealing with theoretical edge cases, so it's at least worth mentioning.
The best alternative is a dual boot, using LUKS to encrypt your data. This will allow Linux and Windows to run on the same bare-metal hardware, but not share resources. And as Linux's partition is encrypted, Windows couldn't do anything if it even wanted to. The catch to this is that you must reboot your system to change operating systems.
If this is a problem for you, consider using Windows inside a VM, but note the possibility of a virtual machine escape exploit (a la CVE-2016-7461), which may grant access to your Linux partition from the Windows VM.