Hi , i’m user who has just come acroos qubes.
First of all i don’t have domain knowledge about security. and so far i’m trying to handle my threat model well with only superficial knowledge. For me security is my top priority when using Qubesos. However paradoxically i have to use claude code for work and even if i look into it a little i feel desperate and think “What should i do?”
The myriad of related packages that come with installing claude code(just looking at this alone makes me feel that the sweat and tears i have shed while setting up the Qubes Os so far are in vain) and my threat model includes big tech but even if i exclude it my inexperinced intuition shouts “i’d rather have a physically separate system!!” However it’s impossible to do so due to physical limitation (I can do carry only one backpack!!!)
Similary in the case of claude desktop mcp requires installation npm as well as MCP web server operation.
How did you build qubesos and how valudable is this threat? i don’t know but what is the best thing to do in this situation where you can’t avoid using it?
(How to creat Docker in Qube with Nasty VM and use Claude, I also considered it but i also remeber that Docker’s confidentiality was so bad the other day)
add) I wonder “How dangerous or vulnerable an i objectively making myself by using Claude Desktop and Claude Code?”
It is important to know what exactly you want to protect yourself from. Yes, Claude Code can in theory make one of your Qube unuseable (which would be the equivalent of what you sometimes read in the news that a coding agent wiped someone’s hard drive). However, everything is only limited to the specific Qube you are using Claude Code in and - dependending on your setup - the functionality of your Qube is harder to break as on an normal computer.
However, all your data inside your Qube is vulnerable to all the usual stuff you read online (eg. Prompt Injection). But again, it is limited to your Qube.
Dunno about “Claude” code, but qubes are like separate machines.
First, if you can, make separate network path - for example g5 modem just for that. Clone standard sys-net, remove from it all attached devices and attach this 5g modem. Then clone sys-firewall and attach it to this sys-claude.
Then make standalone qube for “claude” and use this separate network path as it’s network access.
Or, you can make sys-vpn just for “claude” and again standalone qube for llm.
If your laptop have 2 gfx card, and one have stronger ai engine, pass it to claude qube to use as accelerator and this with weaker ai engine use for display.
If you laptop have 1 gfx only then no love and you won’t have any hardware ai engine. GFX used for display can’t do anything else, not even 3D accel.
Thx to kindness reply andreasglashauser.
In other words, my current threat model considers two factors that are close to the top: 1. APT 2.bigtech I am worried about whether I am struggling to build up from the bottom in order to stay as far away from these two threats as possible. As I mentioned the threat model, my concern is not just data deletion kind things. The problem is that I can’t even assess the threat that will be added with my own knowledge right now.
When I think about the effort I put into building the system now, I want to get out of the situation of “I have to use Claude.” Can I elaborate on the question a bit more? Your advice is that most of the problems will disappear except for the contamination of the App Cube unless it is a zero-day attack on Xen or Qubes OS, but under my threat model, I am more worried that I should be a little more cautious. To my knowledge, I know the meticulousness of the ‘npm packages’ installed as dependencies, the internal ports that open when running the ‘mcp server’, and the meticulousness of the qubes developers, so I have experienced that most of them have been prepared after careful consideration and investigation.
Final Question: As I wrote in the text, can you once again ask me to make an objective risk assessment in my threat model situation? (That’s how I can grow and move on to the next level.)
I’m still trying to understand qubesos. So this is what i wonder parts,
-I saw some web guide said " if you need to max secure and privacy both you should use the right sys-vpn for each use"
But after readed guide i wondering, Even if i used each firewall and each vpn qubes for network but still my physical device belongs 1 sys-net is it truely effectable?
I would like to ask if it is a useless strategy unless you add a physical nic as you advised.
However paradoxically i have to use claude code for work and even if i
look into it a little i feel desperate and think “What should i do?”
The myriad of related packages that come with installing claude
code(just looking at this alone makes me feel that the sweat and tears
i have shed while setting up the Qubes Os so far are in vain) and my
threat model includes big tech but even if i exclude it my
inexperinced intuition shouts “i’d rather have a physically separate
system!!” However it’s impossible to do so due to physical limitation
(I can do carry only one backpack!!!)
Similary in the case of claude desktop mcp requires installation npm as well as MCP web server operation.
How did you build qubesos and how valudable is this threat? i don’t know but what is the best thing to do in this situation where you can’t avoid using it?
Just create a separate TemplateVM. Install whatever you need to install
to use the Claude Code onto the TemplateVM. And use that qube based on
that TemplateVM.
Alternatively, you can take a look at services like nano-gpt[1] which
give you access to frontier models via API. You can even pay with
digital cash, Monero, without losing your financial privacy.