The short answer is that Tails is primarily focused on privacy and anti-forensics, whereas Qubes-Whonix is primarily focused on privacy and security. Tails is still a monolithic operating system. Within a single Tails session, everything happens in the same OS environment. There is no compartmentalization within that session compared to using different VMs in Qubes. So, you get privacy either way. Now you have to ask yourself whether you care more about security or anti-forensics. (Disclaimer: This is a highly simplified answer. I encourage you to do your own research and dive into the nitty-gritty details for a more complete and nuanced answer.)
I’m not so sure about that. Encrypting data on pen-and-paper is rather difficult and cumbersome, and plaintext data written on paper is highly vulnerable to eyeballs and cameras. It also takes a very long time to transmit data back and forth around the world that way.
Interesting… sounds a LOT like Qubes. I wonder why they decided not to just work with the Qubes team? I would rather them work together and make one awesome security/privacy OS then have several different offshoots. If it ends up being a better version but basically acting like Qubes what does that do to Qubes…
Summary: the benefit of using a DispVM is that it gets destroyed when you shut it down. When you start it “again”, you’re actually getting a new one every time.
Example to illustrate, please bear with the details and adapt to whatever makes more sense to you, it’s a made up example: I browse to a website to read the news.That website for whatever reason serves me a keylogger. I shut off my AppVM. Next day I start my AppVM to visit my bank’s website and log in. The keylogger sends my credentials to whoever was on the other side. Sad times follow.
With a DispVM: I browse to a website to read the news.That website for whatever reason serves me a keylogger. So far I’m in the same situation as before. If I got to my bank now, the keylogger will see my credentials. I shut off my DispVM, which gets destroyed because it’s disposable. Next day I start my DispVM. Because it’s a DispVM, that’s not the same as before, but a new one, with no keylogger. I visit my bank’s website and log in. This time I don’t get bad surprises. The trade-off is that I had to take the time to destroy and re-create the VM every time (but with Qubes OS DispVMs most of it is automatic, you it’s mostly time you’re waiting, and not that much effort that you need to make.)
Every software involves “r”. Otherwise you would not be able to access it.
As for “w”: The ram-qube script creates an AppVM in RAM but that does not remove writes related to:
qubes DB in dom0
logs in dom0 (the cleanup phase of the script removes some of them but it cannot remove the lines from global logs)
maybe something else (maybe not, just a disclaimer, as I am not familiar with all the intricacies of Qubes OS)
The ram-qube script is not intended to improve anonymity or to provide anti-forensics. It may help with that to an extent but it is rather an additional unintended side effect, rather than a goal. My actual goal was to have a way to reduce SSD writes and use available RAM to work faster on temporary stuff. E.g. it is very convenient for downloading video from torrent, watching it and throwing it away.
The most conservative potential solution for achieving high security(QubesOS), anonimity(Whonix) and anti-forensics (TailsOS) seems to be a HiddenQubes VM installed on a veracrypt volume on TailsOS. This is still in active research.
But if you want this setup on QubesOS, you need to install the veracrypt volume with Whonix
or QubesOS inside. You also need a machine with lots of RAM because TailsOS runs completely
in RAM.
I answered your question linking to the RAM-based qubes script because I authored that other thread and I received a notification when you linked to it. I can’t answer your main question.