I use the built-in option of disposable sys-net, sys-firewall and sys-usb. I see value there.
Is there value in making the sys-mullvad disposable?
Mullvad names your connections, since they only give you five. Could a disposable even work in this context? Would it have to be a different set up like specific wireguard (not app) setup?
Everything could be compromised, you have to define a threat model to think about what is likely more likely to happen for you. Some people’lives may rely on a VPN not leaking, that’s why I mentioned that one has to be careful.
The best would be to make a mullvad vpn qube, and make it a disposable template, so it starts fresh everytime and you don’t need to reconfigure it at every boot.
As mentioned in another thread I have a salt based solution here which creates a
Mullvad proxy, as well as a disposable template, and is Debian based.
It’s packaged as a rpm, as discussed here, so you can simply
install the package and the template and qubes will be created.
The disposable has the Mullvad VPN GUI and the Mullvad browser. (You can
use the browser with the VPM or without.)
I do see value in using disposables here. (You can even use real
disposables running in RAM for the purpose.) If you would use a
disposable for the browser or other purposes, you can easily add in a
VPN connection.
There is no issue in using various Mullvad VPNs in different disposables
at the same time. If you forget to log out before closing the disposable,
when you hit the limit,(I thought six not five), you get a prompt
to kill one of the other connections. Works well.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.