Does qubes support open discussion or believe in control/censorship? why was this post hidden?

In my understanding, Qubes can’t be responsible for development of every security feature. It’s using already established security features that are reasonable or create new ones if possible.
In the case that you want to discuss, the use of canaries is the only currently established way of protecting against law-enforced backdoors.
Qubes OS can’t be responsible for everything. Or are you going to say that Qubes OS needs to create an open hardware systems to use Qubes OS on by themselves as well?

The problem that you want to discuss is not Qubes OS specific, this problem concerns everyone.

I think it is absolutely expected such topics to be raised whenever something big is happening regarding security (concerns) that could or have global impact and I understand where it comes from. Quoted topics here also started after such or similar events.

Such sentence by moderators would also have probably better impact on users than cancelling them one way or another.You cancel one, you don’t know how much of them you raised a suspicion “if cancelled user was right, actually”. You don’t care, some day it’ll be late, no doubt and exception. We are all witnessing woke is broke.

Quoting myself from a reply in a similar thread:

I’m not sure why this cognitive bias regarding freedom of speech and censorship as applied to the forum seems to be so pervasive and persistent. Let me be very clear: Censorship is extremely bad when the government does it, and freedom of speech is extremely important as a legal right. However, neither of these things are applicable to private spaces like this discussion forum. It is not possible for us to censor anyone’s free speech, because we are not their government.

The reason it’s bad when a government censors its citizens is because that means the citizens aren’t allowed to speak about the censored topic anywhere in public without risking fines or imprisonment (or worse), but this doesn’t apply to a single-project internet discussion forum that no one is forced to use and to which everyone has nearly-limitless alternatives (in terms of places to “speak”). No one has a right to say whatever they want here. This is not the public square. This is the Qubes OS Forum. If we never “censored” anything here, the forum would be overrun with low-quality posts that contribute little-to-nothing to the project.

Also applies here:

please tell me if the people that made qubes os, know about there system or not. Better than anybody else or any other security analyst. because they built it, or they just assembled it with the not so secure parts hoping it would work. So whats the purpose of building qubes os at all, if it is just like every other os which has same problems. Isnt qubes trying to mitigate those risks or are dedicated towards it. Dont these people have technical know how. or just put some thing together they found? cannot they help us with possible exploits that can be used as backdoors if made to comply. and mitigate those risks.

If they themselves cant assure users of backdoor security, how will anyone trust the OS, and whats the use of using qubes os at all?

As per the recent news of telegram founder who got arrested for not introducing open source libraries in code, so that it can be exploited to introduce backdoors. Shouldnt the open source community be concerned about it. instead of allowing open discussion about it we are trying to suppress the discussion. Why?

Qubes OS is not created from scratch like some TempleOS, it’s based on other projects, that’s how big projects work:

It’s using these projects to create the reasonably secure designed OS by configuring them properly and creating interfaces to use them in a secure way.

There is no technical way to prove that there is no backdoor in the software. Or at least there is no publicly known way to do it right now.

Source?

Yes, it should, but once again, this is not a Qubes OS specific problem.

if we assume that everything is inherently made inscure and there is nothing we can do about it. so just do with whatever we have, hoping and praying that we are not attacked? And funny thing is we cant even tell if we have been compromised.

And why so much emphasis on making the os “reasonably secure”, leaving few doors open? or these doors can never be closed. or Known about?

What’s the impossibility, i just cant imagine.

If its all about being “reasonable secure”, cant the other oses out there be made “reasonably secure”. theres hardened linux, windows, open bsd, etcetra. Whats the different with qubes, just adding to the noise thats already there?

People think intentions are just to talk about some hypothetical threats that they should not even be concerned about. Here are few articles from reputed sources

The FBI Wanted a Backdoor to the iPhone. Tim Cook Said No

(The FBI Wanted a Backdoor to the iPhone. Tim Cook Said No | WIRED)

https://www.linuxjournal.com/content/allegations-openbsd-backdoors-may-be-true

are these some hypothetical threat that we are talking about?

telegram founder who got arrested for not introducing open source libraries in code

Source?

Elon Musk - Tweeted that video of telegram founder. Now is Elon Musk a loon conspiracy theorist? Doesnt he know about tech, he runs one of the biggest social media platform. One of the brightest mind of our times.

Shouldn’t we be securing ourselves from such threats or just turn a blind eye that it wont happen to us?

It may be helpful first to learn a bit about operating system architecture before discussing the value of a backdoor-free system and its necessity for being “reasonably secure”.

Qubes does not claim to be free from backdoors, and it cannot do that as long as it uses external, unproven software like Fedora, Debian, or Xen. Instead, the mechanism of compartmentalization helps to limit the amount of damage that can result from such a backdoor, if it exists. Systems like standard Linux or Windows, which do not support compartmentalization to the same extent and thoroughness as Qubes does will fall completely down as soon as they have such a backdoor and it is exploited. On the other hand, a backdoor in one of the AppVMs in Qubes magically disappears as soon as that AppVM is restarted, and a backdoor in a template is restricted to that template and the AppVMs based on it. How will you accomplish such a feature with, e.g. Windows?

On the other hand, it is clear and was never disputed that a backdoor in Xen means “Game over”.

So, please, stay on the ground with that discussion!!!

please adopt little civility first. is that a civil way of having discussion?

Please check the likes on your messages and messages against your point.
It’s clear that people made their decision (exactly as you wanted): they think moderator is right, and you are not. I hope you are satisfied.

I also think that people who do not know how to talk politely, are not welcome here. My full support to moderators because they need to deal with such people and stay calm.

If likes decide how you should approach an Operating System security, then good luck coz thats the only thing that would secure such an OS.

and see you were afraid for no reason, trying to hide my post. This post brought a lot of good to this forum, it will encourage culture of open discussion which seems to be missing from here. At least people will refrain from threatening to ban and hide post of the forum participants.

No not satisfied, as there has been no satisfactory answer addressing the main concern of the topic.

Qubes cannot claim to be free from backdoors, as long as it uses external, unproven software like Fedora, Debian, or Xen. - Learned Security Analyst

Whole qubes user base needs to learn this or atleast have the knowledge of.

meaning you might loose your limbs but you will not die.

This is an interesting topic but it’s not Qubes specific.

No one who takes security seriously believes Telegram is secure. There are many groups that lack encryption and because the code is closed-source no one knows if the server contents are really secure and people are putting trust into servers and code based on developer promises.

It’s not the same as a “Facebook has problems and people in government is upset” post, but it’s not that different.

Also @unman is not Qubes, but unman is very close to what Qubes is about. He does custom templates and things like that and has repositories. If you value Qubes it would be nicer to be more in admiration of unman who is very great intelligent and knowledgeable and does a lot for Qubes. Even if you disagree with unman that’s someone who does so much for Qubes users.

As per the recent news of telegram founder who got arrested for not introducing open source libraries in code, so that it can be exploited to introduce backdoors. Shouldnt the open source community be concerned about it. instead of allowing open discussion about it we are trying to suppress the discussion. Why?

This is more interesting because someone tried to get a backdoor into ssh through an xzutils package.

The reason this is not really a good topic to discuss is that software is either open source or closed source. If it’s closed source like Kodachi, you have to trust the developer completely and it could be very good or a honeypot and you just don’t know since no one can read the code. If you are using a public company’s closed source code and company follows government rules then government is allowed to order company to put in backdoor.

Qubes is open source. There’s no go back. Should Qubes not publish it’s code from now on? Most who know about open or closed source code believe it’s better to use open source code. Most serious computer security researchers know that at best you can discuss mitigating being hacked instead of stopping it if you are a big target. If you are afraid of open-source code being targeted you are left with Kodachi. Using a closed source operating system to hide attack vectors, but place all trust in a developer who could be compromised, is very risk.

It is obvious, isn’t it?

If you read OS docs, you will find out that Qubes OS inevitably relies on a lot of third-party software (FLOSS mostly), including Xen, Linux kernel, a lot of packages from Fedora and etc. All of those can have backdoors in theory. In docs you can also find the information about architecture and a lot more.

Once again, as @apparatus correctly said above, there are topics to discuss this already.

This bold assumption that moderator or users are afraid of you revealing some “secrets” about Qubes OS is funny and almost made me laugh, no offense

Living - and using computers - means you are exposed to risks, and if you are free enough, it is your possibility and responsibility to evaluate these risks and act accordingly.

When Qubes claims to be “reasonably secure”, this is no promise to be a secure system, in the sense of “absolutely secure”. Instead, as the documentation clearly shows, there are benefits to this architecture, but there are also drawbacks and limitations, like with any other system.

As a user, you have certain needs and are faced with a certain threat model, and you simply have to - and if you are not working in a corporate environment are able to - decide, based on available information, whether a certain system is suitable for your specific requirements.

So, if your main concern is to protect yourself from the general kind of hackers, Qubes may be the best alternative available today, but if your main concern is to get a backdoor-free system, you should probably look for something else, like e.g. OpenBSD, SINA Workstation or OIpenVMS. It’s simply your choice, and you have to live with the consequences.

But in any case, if you move from one alternative to another, make sure that the new one is better at mitigating your risks. If you decide to drink ten beers, get into your car, drive, and cause a car crash, then probably you made a wrong decision. On the other hand, if you decide instead to drink the same amount of coffee and get a heart attack, it was also your decision, and you have to bear the consequences. Anyhow, whatever you do, life is not without risks, and the art is to find that mix which is best for you - you and only you can decide that.

Moderation note

The topic of the effect that open-source packages backdoors may have in the security of Qubes OS has been discussed at length in this forum.

The topic of this thread is a (trolling) question about censorship on the forum (hint: category Forum Feedback). This isn’t the right category to discuss the other topic, so please everyone move the conversation to the appropriate thread(s) that have been linked above.

Closing this topic now.

As a personal and general reminder for everyone: engaging with trolling behavior only makes it more common. It is your choices that make the forum what it is and what it isn’t.