How do you Deal with Notifications on Qubes OS?

General Discussion
#1

As we compartmentalize more, it becomes a challenge to manage notifications.

I’ll give an example: if we have two qubes (work and personal) and signal client (or email or whatever) in each, you’ll need to have them always running in the background so you receive notifications. But this quickly becomes unmanageable if you have 3 or 4 notification qubes in a mid-powered laptop.

So my question to you all is how do you manage your notifications? Do you only check them periodically? Comprimized by having all the notifications-realted applications in the same qube. Or something else?

Note: the same issues also happens in GrapheneOS

when one uses profiles to compartmentalize:

#2

I check them periodically or instantly when it appears on screen. Most of my apps add an indicator in their tray icons so I know when I have to check them if I was away for example.

1 Like
#3

Whether or not to compartmentalize is a decision in the quadrant of

  1. computer resource limitations
  2. security needs
  3. privacy needs
  4. usability

Personally I chose not to compartmentalize my “casual chat” applications as it impacts 1 & 4 at little gain of 2 & 3 for me.
In fact I even put all my casual chat apps into a single one via matrix.

I also tend to pull messages only when I decide to and barely use notifications.

2 Likes
#4

For push notifications (text messages, emails) that can contain a mix of untrusted input (attachments from anybody) and sensitive data (password reset links, 2FA codes), I think ideally you’d have a VM that can receive but not send anything out. Then I think you could safely aggregate push notifications across idenfities/VMs into one (always-running) VM.

For example, for email, an offline mail VM can be configured to connect out only via an IMAP proxy that runs in another VM, which enforces connecting to your IMAP account only. Forward all emails to this IMAP account.

I don’t know how to do it for other types of notifications, though.

#5

Minimal based qubes might be a solution for you, in my case:

  • mail (500 MB)
  • work-mail (500 MB)
  • signal (500 MB)
  • element (400 MB)
  • teams (1600 MB) … includes also Chrome for WebEx meetings

The mail qubes use Thunderbird (and really need 700 MB to run smooth in all situations, with 500 MB you might sometimes have to wait 1 second for the UI to refresh due to swapping).

1 Like
#6

Interesting approach, I’ve heard of people having a similar setup. Essentially they run bridges to connect all of their notification thingys to their own matrix instace and just run matrix to get them all.

Is this what you’re referring to?

1 Like