Historic decision on Label colors for sys-net, sys-firewall, sys-usb & sys-whonix

I am looking at the current Salt Sates for sys-net, sys-firewall, sys-usb & sys-whonix.

The current default label color selection for the above sys-vms are as follow

sys-net: red
sys-firewall: green
sys-usb: red
sys-whonix: black

Considering that most modems or network gear use Green LEDs as visual indicators, Firewall usually implies fire and red color, USB generic logo has blue colors (and some USB ports are also blue). And while Whonix logo is in blue and black, Tor logo is somewhat purple-ish. Which is a nice color to distinguish it from the other.

The above logic is how my brain works. There is no right or wrong here.

I wonder about the historic decision & rationale on the default colors for the said sys-vms (or the new ones which will come).

1 Like

I think the logic was based on trust levels:
sys-net/sys-usb - red - untrusted, HVMs with PCI devices
sys-firewall - green - trusted
sys-whonix - black - ultimately trusted by the referenced doc below? But I’d say it’d be closer to something different that is not trusted but not untrusted as well? Just different color to show the Tor usage?

Most Qubes users associate red with what’s untrusted and dangerous (like a red light: stop! danger!), green with what’s safe and trusted, and yellow and orange with things in the middle. This color scheme also extends to include blue and black, which are usually interpreted as indicating progressively more trusted domains than green, with black being ultimately trusted. Color and associated meanings are ultimately up to you, however. The system itself does not treat the colors differently. If you create two identical qubes — black and red, say — they’ll be the same until you start using them differently. Feel free to use the colors in whatever way is most useful to you. For example, you might decide to use three or four qubes for work activities and give them all the same color — or all different colors. It’s entirely up to you.


As I recall, Joanna’s reasoning for choosing black for sys-whonix is that sys-whonix is critically important for the user’s [ano|pseudo]nymity/privacy. If it were to be compromised, the user would be de[ano|pseudo]nymized, so it was assigned black along with templates.