First off thanks for all the help so far. Okay so on downloading secure packages/programs am I to understand the repositories are the safest way to go? It seems snap could contain malware correct?
Also could someone let me know how to know which repositories to trust if any outside the ones preinstalled. And is there a way to know what stuff is key verified to be safe? I am trying to make a beginners guide for whistle blower types and dissidents and I dont want to give bad advice. Also it will contain just the necessary stuff to make switching from windows as painless as possible.
Also are there any must do things to add security to Qubes that are low maintenance and beginner friendly? The reason I ask is because I dont care or need anything special but I would like to include any vital info and present a guide that will get people with potential nation states monitoring them enough time to sort things out on their own. Basically they need to know enough to be able to relatively safely do research to find their next move.
I really dont need to know this stuff so if someone wouldn’t mind giving me a rundown of the fundamentals I will learn just as much is as necessary to pass along. Tor does the trick for me, as I just want privacy from bill gates lol, but what should I look for for people that may have a government monitoring them for signs that they are looking to spill the beans or something like that or is tor enough anonymity for that also?
I am sorry to bother you folks with this stuff, I am just sort of in a hurry to get a tutorial filmed before I learn too much about linux and lose the ability to speak from a beginners frame of reference.
Oh and any suggestions on what secure communication packages would be best for a beginner would be appreciated. They will probably need a secureish way to make initial contact and then an encrypted way to communicate the documents/files.
I think maybe leave giving guides to whistleblowers and dissidents (Who are in very real danger if you misinform them, even accidentally) to people who know what they are doing. I don’t mean to gatekeep here but I don’t understand why you think you are best person to give this guides if you don’t know yourself what you are doing?
i dont know, imagine someones first time blowing whistle or dissenting against their 3rd world dictatorship and they come across this guide. Even if its not added to recommended guides people will still see it. I just dont understand the need of why people who arent qualified and dont know what they are talking about should make guides on that, instead of making it on things they understand?
Cause people want to help. This is part of the kind of an open-source project and I think it’s a good thing. And a guide from seeing as a beginner you can only write if you’re still a beginner.
The risk that a high-class whistleblower reads (only) this (unofficial) guide and nothing else and gets in trouble cause of that, is highly theoretical. But I think you’re free to write a better beginner guide for this type of whistleblower.
Or you could help to improve this guide, when it’s written.
Well dont you think the process of finding the people that know what they are doing on an insecure system could get people dead long before they ever find the right person?
Put yourself in a whistleblowers shoes for a minute.
They are probably a windows user. Their first thought might be that googling how to not get caught being a whistleblower might flag them in some NSA system for investigation. For many they might never get past this stage because that sounds too risky to most. So maybe they buy a burner phone to use for research, maybe they are just a janitor at the FDA who has never heard of linux. I can imagine millions of situations in which a simple step by step guide to getting a reasonably secure OC could be life saving.
I am not trying to make the end all be all security guide I am trying to help get people to a state where they could be comfortable to start looking for the “people that know what they are doing”.
The guide will probably never be used by a whistleblower but here I am, A political dissident and I have already made plenty of mistakes that could have gotten me killed. Lucky for me I am getting ahead of concentration camps and such. I get the to make mistakes because things are not too bad yet but should there come a time where it is a matter of life or death I would be damn proud to have made a guide that someone doesnt have to be a computer scientist to follow.
The guide for typical windows user to qubes user is already about finished, and when it is I will post it here for comments and fix any issues that are brought to my attention. Like I said above though I would appreciate any tips that I could look into.
I am also trying to solve the problems that were the biggest barrier to entry for me. This should give windows users and typical Apple users the best chance of surviving the Qubes/Linux on boarding process. More people using Qubes equals people using Qubes being less special which is good for everybody.
As to why I think I am the best person to do this well that is an easy one, because I am the only person doing it. I have watched every single qubes video I have found and not one is aimed at getting a windows user or non technical person to a state of a functioning Qubes system… It appears people may think that is what they are doing but they have been using Linux so long or have so little windows experience that they are not capable of explaining things to a layman.
I am because I just went thru it and I take great notes. I can take twenty hours of package management research and boil it down to the five minutes worth someone actually needs to know to get QUbes functioning.
Basically I am an expert at learning how to use Qubes with zero prior knowledge. Also If I had to learn all this while a government was looking for me I would have been long gone and I was not under any stress. Reading a lot of the technical documentation was painful, I would imagine it would have been impossible had my mind been split between jargon and worrying about my and my families safety…
Thanks for the advice and I will be sure to talk about tails as an option as well but I think a need for both exists. Tails seems great if you already know who you need to contact and what you need to do. Qubes has better persistence and allows you to have multiple tabs on separate VMs which makes research a lot easier. Tails is great for research as well but with Qubes you can also run Obsidian on a separate VM and use whonix/tor to get the benefits of a tails type OS while being able to congregate data to a folder on a vault VM. Also I might be wrong but tails would not be much help if someone needed to for example upload terabytes of leaked documents to wikileaks ect. Also Qubes is a security OS so it would probably throw up far less red flags for someone to research it as opposed to Tails which does not serve much of a purpose other than anonymity and leaving less of a trace for investigators.
I would assume that anyone in the US government for example with any type of security clearance is on a list in an automated system that flags them if they search for things like how to use tails. I could be wrong but it seems like qubes may be a safer topic to research.
I hope to make a guide that could be downloaded on a burner phone and contain everything someone would need to guide them thru getting a laptop that is not connected to their real identity and getting cubes functional with as little time spent researching qubes as possible. Every moment you are looking into qubes or tails is a moment someone could use to determine you are up to something.
Also I think there may be some confusion and its probably on me. I am not going to make a guide for whistleblowers and dissidents. I am going to make a beginners guide that aims at being easy to follow for any whistleblowers ect that have done their own research and decided to use QUbes.
For me I chose Qubes because of the compartmentalization. It makes things that would be too much of a hassle on tails relatively easy. My personal threat model is that I have a piece of information that will be easy to make disappear so I have one chance to find the right person that can make use of that information and also cares enough to put themselves in harm way to make it public. This is not an easy task and Qubes allows me to take my time and not have to stress so much about people figuring out who I am and what I have.
But yea my guide will be 95% just how to go from windows to qubes without losing your mind lol, and maybe 5% pointing people to specific topics of interest for people with an extraordinary threat model. Thats where this post comes in, it is hard to slog thru the details I dont really personally care about so I am asking for assistance in pointing me towards the specific stuff someone under threat would need to know.
I can learn everything there is to know about cyber security or some kind soul could just point me at the specific key terms that will save me from having to learn a bunch of information that will be useless to me.
But I see what you mean about splitting this into specific topics and if this thread doesnt provide answers I will get specific in others.
Thank you, I understand how to learn by reading hundreds of hours of posts and looking for the bits that are actually helpful. This thread is not about that, it is about helping someone that is trying to help others.
After my guide comes out I intend for the answer to someone asking the very questions I am asking to be as simple as pasting a link to my video.
I will continue to do my own research but any help in avoiding useless information or pointing towards useful information would be appreciated.
Excuse me? I provided you useful resources that you can use to begin conducting research before asking questions that have already been answered. If you can’t find the answers you’re looking for you’re welcome to click the plus button and open a new support ticket.
Like I said before, I’m simply replying to some of your statement, yet I have the impression that you’re asking us to provide you ready information that you then refuse because “it would take hundreds of hours”? A bit counterintuitive innit?
I’m afraid that if you’ll want to write something useful you’ll have to actually understand the topics of your guides, which will inevitably require research. But since you don’t seem to appreciate valid starting points, such as guides and quick answers (as provided in the links above), and instead labeling them as useless, you may have to re evaluate your goals.
I hope you find what you’re looking for, good day mate.
I am just unsure why you provided it in the first place. I believe I was somewhat clear in the thread I made. Also most should agree that the vast majority of information provided is useless for a typical PC users. Maybe an example would help as I am Autistic and expressing myself is not my strong suit.
I begin to install Qubes and reach the disk partitioning phase.
I then spend hours searching the forum for information, all of which is useless for a typical user just looking to install QUbes.
After hours and hours I find the one piece of information that is useful to me.
I was looking in the wrong place the entire time, the information that I needed coming from windows with no Linux experience was that Qubes uses the Anaconda Fedora installer.
I search Fedora installer on duck duck go and within minutes I have found what I needed and am back to instillation.
So no disrespect to the information on the forum, its just that a lot is coming from Linux wizards and coming from windows I did not even know what information I needed. How to partition a QUbes install has very little information online, how to install Fedora is very well documented in endless videos. So the information that was useful was being directed to the right place to look.
Same goes for XFCE, Hours and hours wasted looking for solutions to problems which were all solved in minutes after learning what XFCE was responsible for. I get it though because people that use Linux all know that the desktop environment handles all that stuff. People coming from windows or apple do not and it leads to loads of wasted time just to learn what you actually needed to research.
So I now will be able to explain what it took me hours to learn in a few minutes.
So what this thread is about it mostly my attempt to not need to read so much “useless” information and skip right to actually researching how to solve the problem.
I assume this is why the majority of windows/apple users would give up on Qubes and aim to help people avoid that. I understand that the documentation is fantastic, it is just written by master Linux users that probably dont know or have forgotten what it was like to read that sort of thing with no real knowledge of building Linux distros from source.
Doing that you probably learn what is responsible for what but to the vast majority of people on this planet the idea of a package manager being separate from the OS is an alien concept. To them a package manager issues is a Qubes issue. In fact the answer to a qube related package manager issue is not to learn everything their is to know about god knows how many package managers there are but to learn what package manager Qubes is using and learn how to solve problems specific to it.
So I hope this makes it a little more clear what I am after, My goal is to make a beginners guide and get it done before I too start to think from the perspective of a linux user. If this was not a concern I would have no problem wading thru the documentation myself.
|: This exactly the problem with Qubes and new users. Dm me take my course for free. Keep in mind it’s hacking with qubes os. So we will set up and harden the system from scratch. I do it live no BS. Make history with us and take the first ever hacking with qubes os course!