Qube Organization

I have a qube called “library” where i store… basically everything. Videos, documents, potentially untrusted stuff as well of course.
I also have a vault qube for only my passwords.

The reason being, that:

  1. I have some software installed in my normal library to make my life a bit easier. Some fonts, custom command prompts, some system utilities, …This is attack surface
  2. Should i somehow open a malicious file, i really don’t want to do that anywhere near my passwords.

The latter can be omitted by not having vlc, libreoffice or other high risk parsers on the library, however for limiting the number of templates i need to handle, i think i have those installed. I try to open everything in disps, but i may fuck up.

So this is my reasoning for having a special vault vm. Also it makes backups a bit more easy imo.

For browsing i use whonix-ws-disps. Sometimes i need to do stuff in clearnet, for this i use clearnet-disps. However i do have a netflix qube that i only use for netflix for the convenience of not needing to log in.

If by separate you mean really separated, or separated due to missing persistence as with disps, yes, not having to have cookies from other stuff i did. That is why i use disps 99% of the time.

I personally would not trust the browser to do this 100% perfect, so i just reside to the most safest approach of using a vanilla, never used browser from disp vms.

I have those too. Not necessary, but makes things a bit more tidy if i know that anything related to projectA is in this qube and only there.

Another thing that you did not mention, are other “app related” qubes. I have those for some docker stuff, like drawio and such like, or high risk applications like messenger- and communication qubes.

In the end everybody has to figure out how much compartmentalization one needs or wants. Everything is possible between using one singular qube, and having thousands. Somewhere in between usually is the sweet spot, but that depends on use case. I for example have some use case related qubes for high CPU or RAM usage tasks, some bound to specific projects and other with specific services that other people probably don’t need.

1 Like

@BEBF738VD Such approach is not reliable: Can websites track me across different qubes?. See also: How does Qubes OS provide privacy? Only Whonix is reliable in providing privacy.

See this: Why Use Minimal Templates?

In particular:

Of course, I agree, but I was specifically only referring to cookies. Maybe I wasn’t clear enough.

1 Like

What’s the point of fighting with cookies if you still can be tracked via fingerprinting? Well, I use disposables for browsing anyway, but I do not expect to be anonymous unless I open websites in anon-whonix.

Maybe you want to log into multiple accounts for the same website and you don’t care about correlation: ie personal and corporate google drive. Using that as an easy example, I know google handles multiple accounts but again. just an example.

Not necessarily:

See also:

Here is a nice example of a very compartmentalized setup: Best Way To Setup A Global Share Folder? - #63 by unman, hopefully making it more clear.

3 Likes

I like that idea from a security standpoint, though that would be overkill for my use case. I also need more experimentation with minimals before using them.

ease of managing bookmarks mainly, but it is something I’ve considered.

Is this more secure than keeping that data on a separate encrypted data drive?

you wouldn’t happen to know of a list of other high risk applications?

Point taken. If privacy is what I’m concerned about, that’s what whonix is for.

I’ve tried that before on pixelplanet. I got mixed results.

In default setup no qube (template) except dom0 is truly offline. Any template can still contact repositories over qrexec - and that is not offline, so installing software in a template for common purposes increases surface attack significantly. I knew this was coming, and that is why docs recently changed to my suggestion.

2 Likes

Actually, by fighting with cookies, you make it harder (but not impossible) to track you. It might be a goal in itself, too.

Another probably relevant discussion:

2 Likes

Do you have a lot of saved bookmarks? You didn’t mention that.

I’m personally evolving towards more and more named disposables to do things. Storage is offline (on a NAS in fact), compartmentalized by topic (not so much by which app it’s for), and attachable to the disposables on an ad-hoc basis. And I’m working on converting to unnamed disposables in places–at least they shut down automatically when I’m done with them. (The disadvantage is, I can’t necessarily tell what a window is for when its title reads disp4321, especially if it’s a file manager.) [As I write this I’m thinking of ways to get a named disposable to shut down once I disconnect from offline storage and close the app I wrote to manage those connections.]

A case in point; I have a VM that has LibreOffice installed. It’s offline. I realized the other day that I have exactly three documents stored in that qube. It’s a ripe candidate for being turned into a named disposable, at the very least. I’ve got two or three other qubes like that–candidates for DVMing.

I never would have imagined I would be heading down that particular path back in June when I first installed Qubes, but every step along the way has been logical.

The next possible step (now that someone here has put the idea into my head) is to create one-app disposables and access them from the disposable that has the storage attached to it, for viewing (as opposed to modifying) things, rather than having a small suite of software in that qube.

1 Like

Can you explain what you mean by this?

By that reasoning dom0 is not offline since it is trivial to set up a two
way interaction from dom0.

There’s a good argument for locking down what the proxy can be used for.
tinyproxy used to be restricted, but was opened up for convenience.
I restrict use of apt-cacher-ng to named sites.
We’ve discussed this before.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

1 Like

I was specific

In the default setup, dom0 can easily go online, if you enter the right one-liner.

Ok, good to know that when you change something, it is still considered to be default.

Do you “change something”, when dom0 is updated?

By the way, snarks are unproductive, so it would help if you could avoid them.

1 Like

Ok

For context, I was discussing converting more and more of my daily use qubes to be named disposables rather than being “regular” AppVMs with persistent data on them. [For anyone else reading this, the steps are, in outline: 1) Make sure there’s nothing on the appvm you need to save (if there is it will likely be in the Documents or Downloads folders). 2) rebuild the AppVM and make sure the app is set up the way you like it 3) set the template for dispvm flag 4) Create a dispsoable VM based on the VM, with a name. 5) Set up desktop shortcuts, menus, etc. to point to the new disposable, not the old AppVM serving as a template.]

There are people here who have talked about having almost everything be like that (in one case I believe s/he said vault was the only regular AppVM they still had). When I started with qubes (wow, only about six months ago) I never would have imagined I’d be doing that, but over time I have indeed been becoming more and more like that. As of right now about half of my regular user VMs (as opposed to ones I use to tinker with the system itself) are really named DVMs, and there are maybe two or three more that I could change very soon. The one that runs LibreOffice is one of those, but I actually have a very small number of documents in its documents folder. Those can’t stay there on a DVM. So, I was saying I need to move them before I do that.

I hope that’s responsive to your question…if not, then I probably didn’t understand your question.

2 Likes

A post was merged into an existing topic: Moderation policies