Is Whonix template considered trusted?

I’m fairly new to Qubes, only using it since 4.0. Looks like a lot of documentation is outdated/incomplete, so I figured I’d ask here about it:

Are the Whonix templates bundled with the default Qubes Iso considered to be trusted? I’d say obviously yes, since they are included with the ISO :slight_smile: however docs ( http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/templates/ ) say:

Whonix is listed as one of the community templates. Should I consider it trusted (as trusted as Qubes and its official templates anyway)?

1 Like

Hi @billystonka,

Let me start answering your question with another question: trusted by whom and trusted for what purpose?

Trust is an individual matter, it depends on your circumstances and goals. I certainly know and trust people that you neither know or trust. You probably know someone you’d trust to keep your lunch for you until noon, but not your unlocked phone. Does this make sense?

As you correctly quote from the documentation, the community templates are maintained by community members, and the Qubes OS team doesn’t test them. That means that you can trust those templates if you trust the community members that maintain them. No-one can make that decision for you, and the fact that you trust the Qubes OS team doesn’t make it safe to assume that you trust “these other people”.

So why are those templates in the Qubes OS ISO in the first place?

Some community templates are made available to you in the Qubes OS ISO for convenience, but they are not installed by default. You must decide if you trust them before installing and using them.

As with any trust, there can be nuance: you may, for example, trust qubes based on a community template for your “news reading” activities but not “banking”. It is up to you to evaluate what you’re protecting, from whom, how much convenience you’re ready to give up in order to protect it and what would be the consequences if you trusted the wrong people.

That process is sometimes referred to as security planning or more often as threat modelling. The Electronic Frontier Foundation (EFF) publishes a guide that you may find useful to get started:

Does this start answering your question? :slightly_smiling_face:


I’ll be honest, I don’t remember even asking this question and I don’t know why would I ask something so dumb. That said:

answers that dumb question (and probably is the only right answer). I can’t seem to be able to mark your reply as a solution at the moment for some reason.

I don’t like this guide. I feel it’s so vague it can only serve as a starting point for complete beginners, but at the same time it’d teach them to think about their data (“assets”) as of physical, tangible things which is so counterproductive. Please don’t take that personally, I appreciate you taking your time trying to help, just disappointed at EFF here. Most likely I’m missing a bigger picture.

This is the #general-discussion. Marking posts as “solutions” is only available on #user-support.

1 Like

Fair enough @billystonka! I also believe the guide is aimed at being an introduction to the topic and surely explaining something as nuanced and complex as threat modelling requires to make some compromises.

That compromises may seem or not appropriate seems not only fair to me, but indeed the reason why learning from a diversity of sources is important!

Everyone draws the line differently based on their personal circumstances, explains things differently and makes different compromises. By learning from multiple sources and diverse groups of people, we not only learn about what is essential, but also what are the different trade-offs to keep in mind when forming our own opinion. Finally, being aware of those trade-offs helps understanding the position of people who rely on Qubes OS while carrying different perspectives and needs, which is ultimately what makes a great community!

Long story short: thank you for sharing what you see as a shortcoming of this guide, I’m sure that will give useful context for anyone coming next to reflect on what they read!

Very seriously speaking, though, and in line with my thoughts above, I’m absolutely convinced there are no such questions! I think the question was on topic for this forum, and as such it was worth discussing.

If not now, it will eventually be useful to someone else who may know many things but also may need help understanding the relationship between the Qubes OS project and its community components.

To me, this was a fundamental question. As such, many of us have thought about it (a lot!?) already. But surely not everyone will always have thought about it as we expand what “us” means.

Taking a step back, I think that making Qubes OS accessible to everyone who needs it is a goal we can agree on as a community. (I think? :wink:) Yet unless we’re ready to re-visit the fundamental questions once and again, Qubes OS won’t be able to reach everybody who may need it (sometimes urgently) and, as a project, Qubes OS won’t get the input it needs to evolve and mitigate real-world threats.

As you well know, security involves trade-offs, and we can’t make good decisions without understanding how and in which context different people use the tools we contribute to building.

Long story short (again!):

I am convinved that bringing our diverse set of perspectives together to answer fundamental questions is one of the ways we contribute to making Qubes OS better; asking and welcoming those fundamental questions are essential first steps!