How to pitch Qubes OS?

That was incredibly deep. You’re absolutely right about abstractification.

If I’m having a conversation with someone about “online privacy”, and they bring up the old “I’m not doing anything illegal, and I’ve got nothing to hide”, I usually will grab their bag/wallet/whatever is in their pockets, open it up and start digging through it (without asking them, obviously). Then, when they ask “what the #$% are you doing!!!”, I just say “You just said you have nothing to hide. I’m confused…”

If I’m in their house, I might even go to their fridge and start eating their food. Just something that will “overstep social etiquette” and make them liken online privacy to privacy in real life.

It usually makes them realise that privacy isn’t about having something to hide. It’s about the fact that nobody likes nosey people (stickybeaks), and once they realise that the overwhelming majority of software these days is insanely nosey, they usually get the picture

Qubes OS is about letting people see only the parts of you (and your computer) that you PERMIT them to see. It’s also about ensuring that they cannot see anything without your knowledge. It means that you can be online (which is essentially, accessing someone else’s computer using someone else’s wires) on YOUR terms.

It’s obviously about so much more than that, though. I deploy it on all my company’s work laptops as standard, and it allows my staff to use their work laptop as a personal laptop. Our work laptops are used for AI, computer vision, image rendering, compiling, etc., so they’re very VERY well-resourced, and I hate the idea of all that raw power going to waste. Most employees are shocked that I’m cool with them gaming and looking up p$#n on work laptops (provided they’re not done in the Work Qube ), and it helps them be more productive.

A lot of them have actually deployed live malware inside disposable Whonix VMs, just to see what they do, which I think is kind of cool (I have HEAVILY restricted their Work Qube). It desensitises them to threats, and makes them think rationally, instead of thinking that anyone opening a terminal is “hacking”…

This is missing the point of privacy. Surveillance harms journalism and activism, making the government too powerful and not accountable. If only activists and journalists will try to have the privacy, it will be much easier to target them. Everyone should have privacy to protect them. It’s sort of like freedom of speech is necessary not just for journalists, but for everyone, even if you have nothing to say.

This. I tried to explain that to some people and they indeed get interested in Qubes after that.

Sounds like the perfect plot for a Mr. Bean sketch stumbling over the whole equipment and tearing off all the cables while performing this.
(Unfortunately Mr. Atkinsons hourly fees are not that affordable. )

Well, that too, for sure. I was making an example that was likely to appeal more to the “everyday” person who isn’t being targeted by the Lazarus Group

hello

I did something similar, mostly with good success. But recently, I got the objection: “That’s just nice for a private person trying to get a secure system. But I have to work in a complex buisness environment, and so this is not relevant / feasible for me!” Complex business environment probably meaning a full-blown Windows environment with Exchange, Sharepoint and all the other nice things locking customers in.

For now, I am trying an argumentation in the direction of “analyze your environment - find its weaknesses - find alternatives for selected / all pain points - and then switch to a reasonable alternative”. (Isn’t Ques a "reasonably secure operating system???) Let’s see how this works out.

If nothing else works, I have a plan B in my presentation: “Put a lot of money back to pay ransomware or finance longer outages - or look for a different employer.” There are always alternatives on different levels.

Ah, you’ve seen me do this.

A follow up from my previous post in this thread.

While Free software and proprietary software are usually at odds, and while Qubes and Mac would seem to be at odds, what Qubes and Mac can symbolize for people is very similar. In other words, people who use only Free software are behaving towards technology in the same underlying manner that people who don’t care about Free software behave towards technology.

For example, at the extremes of Free software advocacy, you’ll find those who only use 100% free software. They’ll get a computer with no Intel ME, flash Libreboot, and install a GNU approved OS. This “software purity” (emplified by the “Purism” company and their literal “PureOS”) is the same type of purity with which Mac users conceive of themselves in relation to Windows, and with which iOS users conceive of themselves in relation to Android.

We all know the stereotypes and memes. Macs are sleek, thin, without bloatware— clean. Windows is non-intuitive, operates on cathode-ray tube monitors, and is filled with bloatware— dirty. The same goes for iOS vs Android, and I would include PC vs xBox.

The stereotype (somewhat real, because Macs are less bloated), of Mac users’ purity is rooted in the same phenomenon that gives rise to the meme of Arch users’ purity, where Arch can become so pure due to the high level of control that users have over their system, where Arch users can remove anything they don’t like and that they don’t control. And just like Mac has Windows, Arch has Ubuntu, the bloated, normie, corporate distro tainted by Amazon.

Qubes already mimics the intense need for technological purity and control which Arch, Mac, and 100% Free users enjoy (nothing wrong with this at all, by the way). Qubes offers fine grained control over your apps, and is built upon the delight of modern consumers: a customizable, neatly packaged, compartmentalized workflow. Qubes also is very clean: templates remain untouched, as well as dom0, with the dirty things left to DispVMs, so ephemeral that they can be deleted with one click.

If need for control and purity leads people to technologies— like Mac, but also to things like voice assistants, which allegedly offer micromanagement capabilities, and micro-fiber cloths to prevent people feeling repulsed at a dusty screen— then the big question becomes, how do you get people to shift the things that they symbolize as pure? If we can shift people’s ideal of purity from the expensive, thin-bezelled, always-connected modern smartphone to the open, (relatively) minimalist, user-controlled distro, then GNU/Linux and Qubes OS would see more widespread adoption, because modern culture and modern people rely on the pure/dirty dichotomy (see: racism; rich and dirty cities; the poorer classes doing the literal “dirty work”; the gold toilet), and if their ideal of purity shifted to Qubes, they would follow it to Qubes.

My own experience with this shift from enjoying Mac to becoming disgusted with “proprietary trash” arose out of my becoming more aware about all the privacy invasions and horrible security in current technology. Crucial to my shift in symbols of purity was my anger at the institutions who created this technology and my anger at my inability to do anything meaningful about it.

So a longer-term process for getting people to use Linux and then Qubes would be to reveal to them things that would make them angry about modern technology. This would differ for each person, but it would be good to come up with an average list of things, like many of the security gaps found in normal OSes as mentioned in this thread.

Getting people to use Linux thus wouldn’t be an elevator pitch, but more like a moving airport carpet pitch. It would take a while, and you’d want to introduce people to the privacy violations, BadUSB mods, and other dangers of modern technology in a steady enough stream to keep slowly developing their anger. Most of us love technology, so people will not realize their anger consciously at first. But find something that someone really cares about, and they will get angry enough. My privacy journey started when I was shocked by the fact that the New York Times was able to buy location data of the President, and track him very precisely through Mar-a-Lago. Regardless of politics, this should not be allowed to happen, but especially not for average citizens. Someone’s newfound anger probably won’t manifest very directly, but will remain underlying. Once a person is angry enough, and will thus seek control, one needs to introduce them to Linux, Free software, and Qubes, showing them how these tools help solve the dangers of proprietary software.

In sum, modern technology is heavily tied to symbols of purity vs dirt. If you can switch people to symbols of purity that revolve around Free software, the GNU ecosystem, etc— by making them sufficiently angry about a (proprietary) technology problem that is solved by the Free ecosystem— then they will inevitably move towards using GNU/Linux distros.

@qubes-kernel-5.8 I agree with what you are saying. It is important to explain to people what is happening and make them “angry” about the state of things.

However, there are already a lot of people who are “angry enough” and seek control, even if unconsciously. For those people, we need short and precise elevator pitches about Qubes OS, such as those I suggested above. If we can get those people on board, Qubes OS community will grow much larger and stronger, so this is an important thing to do, too.

I agree with what you are saying for technical people, for whom you can already observe a certain movement from the “dirty” Windows world to a purer open source world. But I also observe that many of them complain that they only will and can do this move in their private environment. On the other hand, their - probably non-technical - employer does not understand this situation at all and forces them to continue to use bad, proprietary systems.

For me, the question arises: How could we reach these non-technical, possibly ignorant, decision makers in business companies= For this, we need a different class of arguments - but what???

Perhaps I would use the same arguments but in the business wrapping: “Look how many companies suffer from ransomware”, “look how huge the fees for loosing personal data are”, “look how much it costs to recover from a broken update/software-install on the example of [whoever had that]”.

Another idea would be a series of everyday use cases. Things that almost
everybody knows are dangerous – because they are getting told all the
time…

1. Opening an email attachment (in a disposable offline qube)
2. Opening a link (in a disposable online qube)
3. Worry about your webcam / mic and whether some creep is monitoring
   you (and how this just can’t happen unless you actively assign one of
   these devices to a qube)

Absolutely amazing thread. I’ve been skimmimg through the awesome replies but haven’t found the time yet to contribute to the discussion. But I’m super interested in it

Bolt of inspiration after reading this:

Dramatic intro noise (low)

“You wouldn’t touch a railing without disposable gloves.”

Cut briefly to a bare hand grabbing a railing, then fade to black

“You wouldn’t go partying without a disposable mask.”

Cut briefly to maskless partygoers dancing in a claustrophic space, then fade to black

“You wouldn’t get intimate without disposable protection.”

Cut briefly to tastefully framed intimacy, then fade to black.

“But your typical OS isn’t disposable–you’re doing all of those things, every day, with the same pair of gloves, the same mask, the same protection.”

Imagery optional. Filthy gloves, filthy masks?

“And with your typical OS, everything is stored… together.”

Imagery very optional

Dramatic pause to let the implications sink in

“Wouldn’t it be great if you could have…”

“A new pair of gloves for every handshake?”

Business-like people shaking hands, then tossing gloves

“A new mask at the end of every sentence?”

Two people talking, with lengths of mask material slowly rotating over their mouths

“Fresh protection, for every press of a button?”

A protected finger pressing an elevator button

“With Qubes, you bring the factory with you.”

Cut to show the business people standing next to a machine churning out disposable gloves

Cut to the two people talking, then zoom out to show them actually standing next to a machine churning out mask material

Cut to the man in the elevator, then zoom out to show the Durex mascot holding a crate of condoms, shaking his head disapprovingly while staring at the man

“And you can even store equipment you do want to keep, in their own containers.”

Do you think that people are actually aware that they actually have this choice?
I run internships for university engineering students in computer science. To them, Linux is merely “something that runs on a Raspberry Pi”, and they all come with their Windows 10 laptops. Whilst it’s fun to playfully pwn them from time to time (“here’s the file on this flash drive, just plug it into your computer ”), when I ask them why they run Windows, most of them just never gave it much thought. One even said “computers just run Windows” (this intern was subsequently fired immediately, by the way).

I run my own servers, and I show them the logs, and most of them are shocked by the level of detail of the information stored in those logs. I have given Qubes ISOs to all of them, and yet none of them have decided to actually install them.

I do know that most of them were casual gamers, and Qubes would be a massive disappointment for them unless they were running it on extremely resourced hardware. But even more concerning for me, Windows 10 and MacOS Big Sur (particularly newer versions of MacOS) do a scarily good job of hiding things from the end user. Even when someone who actually knows what to look for does a bit of investigating, they will constantly reassure the user that everything is fine, and that they don’t need to know the details.

What’s even more concerning is that computer science students seem to be ok with being told by software that they don’t need to know the details!
(to make sure that anyone reading fully understands the gravity of the situation, these interns are CODING as part of their internship!)

I like it. Little YouTube 5-30 second ads.

“WAIT! * grabs USB stick and thrusts it into my laptop * Let me DispVM it first”

“You know those ‘never run these Linux terminal commands’? Want to see why? * opens disposable VM *”

“That sketchy looking PDF? Yeah, I opened it. In a disposable VM. I am not a moron!”

“Check it out. Windows, MacOS, Fedora, Debian, Android x86, FreeBSD, BeOS, and TempleOS, all running side by side. * Emperor Palpatine * UNLIMITED POWER!!”

“Yeah…your software crashed. Lucky it didn’t get my whole computer. Just the Qube it was running in. It’s nice not having to worry about stuff I can’t control”

“You ever seen the movie Catch me if you can? Yeah, that’s pretty much Qubes OS…”

“What did you just have me install? You’re lucky that I DispVMed it, because it just copied the clipboard and sent data packets out to the outside world. Lucky for Qubes OS’s robust firewall settings and Whonix. Phew! Who wants cake?”

“I like Qubes OS because I can give my laptop to my kids knowing that no important parts of my laptop are even accessible by anything they could ever do, knowingly or unwittingly. They also can’t touch the microphone or webcam, and neither can the websites they visit, because they technically ‘don’t exist’.”

“Qubes OS. It’s hip to be square”

“Qubes OS. Noseys unwelcome.”

“Oh, something nasty got in. Better restart the Qube…”
“Wait, that’s all you need to do? Aren’t you-?”
“Nope. It’s all good.”

Hi there. I follow up this discussion and I think it can be helpful for you to have the point of view of a windows user in order to understand which are the reasons that could drive a person like me to change to Qubes os. And… Also the reasons why I am still stucked to my windows laptop instead of getting ahead with Qubes. Mainly the first reasons I have chosen to get to Qubes are privacy, security and anonymity. I worked for decades as a paramedic and I am deeply involved in health concerned topics. From 2013 I decided to become an instructor for health related purposes and I cover a lot of topics mainly for nurses. As you certainly knows, there are differents ways of teaching. the first one is to stick to government and system requisite and speak about the general point of view which in some points is far away from real job. My students often ask me to speak “true” not to speak system… Keeping the line in this environment is sometimes like to acting undercovered. The second aspect of my life is that I am an ecology and environment activist, implied in topics in relation with health concerns. the 3rd aspect of my life is that i am christian definitely. and as you can imagine, these 3 aspects of my life need to be separated hence I would get fired which has already occured. So I began to search for ways to separate, compartimenting my digital life. And digging the web, Qubes os seems to be the best option,no doubt about it. Some recent events occured in my life y the way. I realized, digging deeper that I would have to enhance a lot my privacy. When I went on digging deeper on some health related topics in order to get some valuable scientific piece of truth, I realized that main web stream was far deeper from truth than I really thought it was and i get caught and surprized to see how fast you can be analyzed and categorized and decided to get ahead. By acting this way, I get time after time some evidences that I was somehow tracked and spied in a windows classic environment. anonymity is not a real option but a real concern… On the same time, and in order to enhance the consistency of my courses, I decided to create my own training center from scratch and begun to learn how to develop web apps and online courses. And my first misinterpretation was to think it would be simple with Qubes os. I followed the recommendations, bought a Nitrokey X230 lenovo laptop and… realized very rapidly some important things. I had no linux prio experience and, sorry for this but coming from windows to linux, and especially to Qubes is like passing from air to water, becoming a fish when you were a bird ! 2 worlds looking at each other with so little communication between them ! I mean… After 2 days, trying to understand how things could work I get the strong impression that using Qubes os on a daily base would require a master degree in computing… And I will explain you why. The first thing which is very hard to understand is that, for a large majority of configurations there is no GUI… This, is very confusing at the beginning. A normal windowsian is used to configure out some stuffs by answering questions, downloading some additionnal softwares which would keep on asking me to make some choices. He is hardly concerned by the way things works inside and except for some specific profiles will not have a programming vision of things. I hardly ever thought about a certain strategy, considering options… I simply downloaded softwares one after the other that I thought thry could handle th job for me. So working with command lines… Tricky job ! But after all why not ? So I decided to go ahead. After all i am not stupid and with the help of tutorials, documentation, it will be ok. But it’s not ok at all ! There are, as far as i know nothing very interesting after the “unboxing and install” lectures and videos you can find around. By not very interesting, i mean concrete and useful for a newbe. The official documentation is too genric in some consideration and the other supports I could see are too technical and somehow too hard to understand when you know nothing about linux and or Qubes and when you harly understand how things works. I leave you some questions that I faced. For some reasons, Nitrokey configured my qubes version in english while i am a french speaking person… How could I change the settings once installed ? I have a printer… How can I configure it out for it can simply print and scan documents ? These only “details” can really take you hours when you have never configured it ! Then come the other problems… General configuration… I mean… Using pgp ! yes ! I would love it ! Using SSh! yes great ! euh… Where is the button ? I joke ut felt really frightened so see how much I was out of reality… Configuring a network without even knowing what I was doing was my reality in a windows environment. “And now you have to QVMpref …” Yes, of course ! But what is QVMpref ? During 2 nights I tried out. Both on my template vm and my appvm. Until I realised i had to go to dom0… Ok ! Now let’s install some useful softwares… first get the official pgp signature… oups ! there seems to, before doing this, making a pgp split. All right. Seems working… So, now, let’s go ahead. get the pgp signature from the soft provider , allow the trust and then store it… Ok but where and how ? Another night upon this… Ok, seems it is done, and now, to install the soft, type snap install… Does not work on template vm since it is not connected to the internet and so can ot retrieve the package. Ok, let’s try with the appvm. Good it works ! time to go to sleep. log off and the next day… modifications disappeared ! And these are only few of configuration issues I had to face lacking of basic knowledge… As far as now, to tell you the truth, Qubes os is still under construction on the laptop while it should be everyday’s operating system and i am disappointed about this… So… What could we do to avoid this kind of disappointment ? From the user side, doc and step by steps tutorials should be extended to newbees level of knowledge. From the instructor side it is a very challenging job to work on this. If somebody could explain me things in a comprehensive way, I could then transform it into comprehensive and progressive courses. And if we can propose online video trainings, we would have gone a big step away from a windowsian point of view. So, if some of are interesting in a long lasting, challenging and not paid work, please consider i could be of help on this.
Good evening to you all and don’t hesitate to contact.

Thank you @striker for very interesting point of view!

This community can help you with any problems. I wonder why you needed the command line and what did not work for you. Depending on your use case, customization can indeed be hard to do without experience.

Qubes OS is a huge thing developed by a very tiny team, so it will hardly ever be as user-friendly as Windows. But the developers are still trying hard. I suggest that you create a separate topic on this forum for each of your problems where we people can help you with your problems.

P.S. If you split your text into several paragraphs, it would greatly simplify reading.

These things can be complicated even without Qubes, so you should not be too quick to get to the highest security level. Start with small steps… As a person using Qubes OS as a daily driver for years, I still do not really use GPG yet (shame on me!).

Knowledge of Qubes OS design is (unfortunately) necessary to benefit from its security. You should learn (also by asking here!) that dom0 manages everything in the system and has infinite powers, whereas Templates only provide software to AppVMs. The latter are used to do your actual job and have much smaller power in the system.