I’ve been driving with things compartmentalized based on Whonix Anonymity Modes, which I wrote a bit about here: Automated Qubes AppVMs based on Whonix Anonymity Modes | All things are for all.
It’s been good so far!
Interesting read. That post alone deserves its own topic, no?
2 Likes
Very interesting read @rooneymcnibnug, thank you for writing and sharing!
Have you thought of creating TemplateVMs based on those modes?
Where my question comes from: I was recently reading through Project Wildland’s The Why, What, and How paper [1], which talks about data and information containers. (Another very intereting read by the way.) Specifically, your text reminded me of this quote:
Qubes OS has been, in fact, promoting thinking about its “qubes” (or VMs) as data-focused containers, rather than code-focused “microservices” for many years. (source (PDF) - footnote 4 in section 3.1.1)
I’ve myself been thinking about most of my AppVMs in terms of which data they contain. And for me, different data also calls for different programs to handle it - more sensitive data calls, in my opinion, for being handled by a limited set of more trusted programs. So there are two intimately related aspects to each qube: the data/information, and what I do with it.
I find the process you present is one very interesting way to think about the second bit. When thinking about what I do with the data/information in my qubes, my own thinking goes to TemplateVMs because that’s where programs are typically installed. Also, I can easily imagine cases of different sets of data or metadata from distinct activities --distinct AppVMs, if you follow my thoughts-- falling under the same modes when it comes to public sharing --same tools, same TemplateVM. 
[1] A pointer to the Project Wildland was shared by @deeplow on this forum). Wildland is not directly related to Qubes OS, but both projects share people and ideas. More on that thread.
3 Likes
Just split it into a new topic 
2 Likes
This reminds me of security in the military to gain access to sensitive information, but a Qubesos version of it. It was an old DOD saying: “You must have both the right to know and the need to know.” Explained as “A security clearance (Top Secret/Secret), which authorizes who has the right to know, plus a demonstration for a need to know (have orders or a good reason).”