How are you using qubes-os?

ConoRZ · September 9, 2021, 10:52am

hey,
i already read some threads in reddit how people use qubes-os but i guess not everyone of this forum is taking a look at reddit so i thought we collect here some inspirations of other people how they using qubes-os

i guess my configuration of my qubes arent anything “special” but heres mine:
untrusted disposable qube based on fedora to surf via brave browser (connected to sys-whonix)
iso+keepass qube with no internet access
mails qube - using with thunderbird and protonmail bridge with severall alias configured with imap (sadly, because i have to switch pretty much between devices so… i wish i could use pop3) connected to my vpn qube which is using protonvpn (i know this wouldnt make that much sense because same company but… im also running my gmail with it… so maybe its a bit better with protonvpn)
multimedia qube: configured like here:

github.com

Qubes-Community/Contents/blob/master/docs/configuration/multimedia.md


How to Make a Multimedia TemplateVM
===================================

Note: This Howto has been written and was tested under Qubes 4rc4

You can consolidate most of your media streaming tasks into one "multimedia" App-VM. This howto explains how to create a multimedia template which can be used to play multimedia content.
This includes:

- Spotify
- Amazon Prime
- Netflix
- DVDs

Installation
------------

Start by cloning the default debian template in dom0.
Hint:
t-multimedia is just the template VM where we will install all packages.

This file has been truncated. show original

based on debian with brave browser and using vpn template again
programming qube: just installed applications like clion, atom etc. also based on debian, its just connected to my sys-firewall
social-media qube: got signal on it etc. again debian and sys-whonix
untrusted: based on fedora, installed brave again and using sys-whonix and vpn qube (depends on what i want to surf)

thats it
for every app-vm i told you here i created a own template because i wasnt sure if the appvm got compromised if the template-vm would be also compromised

if there would be the question: hey, why are you using brave to browse
im using brave because daniel micay (lead dev. of graphene) isnt recommend firefox because isolating tabs arent theyr best
and before i was reading it i was also using brave because im still testing my browser here:

and i got best results till now with the brave browser, i tried to make my firefox a bit better but it seems like brave would be the best atm
oh and i got the feeling brave browser is one of the best if its about configuring it, i set them all up like they should delete all cookies and caches if i close my browser
and cookies are only allowed within a tab (if this make sense)
there would be also vivaldi but it seems like they arent trustfully as much i read and brave is also open source if i remembering correctly

i guess my networking isnt that secure here, but maybe i got some inspirations also here how to make it more secure
i was also thinking about to do more sys-whonix templates so i would get more identities and that would do it also a bit more safer to get tracked

51lieal · September 9, 2021, 11:11am

Hey, thanks for sharing.

You may look at how joana partitioning “digital life” in here The Invisible Things Lab’s blog: Partitioning my digital life into security domains

Would be good if i can see a “data flow diagram”.

unman · September 9, 2021, 1:39pm

It’s not as if there haven’t been numerous such threads already.
I shouldn’t dampen your enthusiasm, but you might like to look
back at “Now You’re Thinking with Qubes”, “What’s your system layout
like?”, and other discussions.

A major problem with this sort of thread is that I suspect that the
more security/privacy oriented users will be reluctant to give anything
except fairly generic details.

I use multiple templates, most based on debian-minimal: I use a caching
proxy to ease updates.
I use disposables heavily: my storage qubes are minimal with no installed
reader/viewer programs.
I use split-ssh, split-gpg, and split-mail.
I use BSD for one sys-net.
I use Tor, but not Whonix.
I salt everything.

51lieal · September 9, 2021, 1:58pm

Would be good “if” we have an archieve of something like “how qubes work to you”, I like reading those review or sharing. It’s made me think how small my build and moved to think like them.

For busy people these kind of threads aren’t usefull, but as learning user, student, searching for idea, it does.

Rather than “a quote about what the experts are saying” in landpage, using “how qubes work story” from an expert can attract more attention.

ConoRZ · September 9, 2021, 2:22pm

oh sorry, i didnt saw that, i searched for “use qubes” because i thought find threads like this but i saw i also cant find my thread if im searching for “use qubes”
but i’ll link now for other people the threads that are existing atm and would edit this post if i find other threads like this:

do you think so? i think to post a qubes layout wouldnt affect your security? also because we all dont know each other.

fsflover · September 9, 2021, 2:49pm

If an attacker knows your configuration, it may be easier for them to attack you. But this is true for really targeted attacks, which is not in the threat model of everyone.

By the way, I was always saying that title “What’s your layout” is not something users can ever find.