There is now growing concern, partly due to current political developments, that the strong dependence of European and, in particular, German IT on non-European, especially American and Chinese, products may become a risk factor that can no longer be controlled.
As an open-source system with increased security, Qubes would definitely be an important building block for gradually freeing ourselves from the lock-ins of Microsoft and Apple. But first, you must know that the system exists and then know what you can achieve. I have therefore addressed the following points in the description:
Open source - availability and maintenance
Hardware requirements and installation
Operation by end users
Configuration and deployment
Administration during operation
Application scenarios
Use to strengthen digital sovereignty
I hope this is a little nudge to wake some people up!
I dont think it is possible to defeat state sponsored surveillance and other root kits embed within hardware. Why? Because even if you have the resources to match that of china theu are just going to pour more money as this is how they can monitor everything. The problem is even if you find a root kit in hardware wich is so hard because everything is written in low level, they will put another until the end of time. As of now there is no effective way to beat state sponsored surveillance in electronics in my opinion.
@Sks This is security nihilism. Even though hardware backdoors, if they exist, are almost impossible to detect or fix, they are also very, very hard to use against you, too.
You are right, but the capacities of state-sponsored actors are large but still limited. So, it comes down to whether you are of interest to them, meaning you have to build that question into your threat model. Suppose there is the possibility that you may be a target. In that case, your only hope is keeping everything valuable strictly separated from the internet, but, as Stuxnet has shown, even that may not be enough.
On the other hand, there are not only such adversaries. You still have to defend against simple criminal activities, greed, and such, i.e. against a lot of nasty operators sitting in the net. Here, anything that helps to further digital sovereignty might be helpful.
The best thing to do in my opinion is to somehow convince a government to support privacy(never going to happen) and funding an operation of searching for such root kits etc. The only way to defend against state sponsored attacks is by having state sponsored defence. But that could have problems as well since nobody trusts the government to protect them so it is always pros and cons.
Why? If you have a backdoor embedded in the hardware everything you do on that machine is vulnerable. But it all depends on who you are and what you have done. They wont waste such a good exploit on a random tax evader since they dont care. They are almost impossible to detect too because all the documentation of code is hidden from the public eye.
Fixing small time bugs or exploits is the best and only course of action. To protect less wanted people. However highly wanted people cant be protected.
Fixing small bugs won’t help if the system architecture is weak, like with Windows: You close one hole, but there are thousands of others. Building a system where such holes have less effect, like with Qubes, will improve your probabilities of survival, although they cannot guarantee it.
I totally agree with you here, they dont have unlimited exploits and back doors. If we close lots of them then the probability of an attack on an unimportant person is lower.
Either fix them or make them unimportant. This can guarantee a small time user decent security in this modern world.
Hi, I know the topic is software, but is there any interest in home grown open source CPUs and semiconductors in European countries? I think the ultimate digital sovereignty would be open source CPU cores like RiscV running on home grown FPGAs. America is making a big show of wanting to make chips on home soil once again. Looks like theater to me haha. I don’t trust the 5 eyes Taiwanese semis any more than I trust Chinas. I wonder what the German government thinks.
I’m afraid the German government has not really understood the problem. They tried to let Intel build a fab in Magdeburg, promising them a fund of 10.000.000.000 €. And now Intel seems to have canceled that project. Anyhow, such a fab would not have strengthened Germany’s digital sovereignty.
On the other hand, funding of Open Source projects first had been reduced to one-tenth of the original plans, and later canceled altogether. Instead, they are paying huge license fees to Microsoft, Oracle, and other big players, so the lock-in has even been increased.
The Indepence of any Political block will come when we return to the concept of locally produced - to avoid JIT problem highlighted during COVID
Moreover, there is the Legend (not for discussion) that Chinese chips could have a back-door for use by their government.
So owning a FULLY designed and produced computer / laptop / iot in Europe would be the only solution
Together with the software to make it usefull - sort of similar to the Chinese initiative of having their own brand of Linux.
@GWeck, good luck explaining that to the decision makers!
Following the current discussion on digital sovereignty, which has become quite intense in Europe, I created a short paper on Qubes as an excellent tool to move away from proprietary systems that may put us at the mercy of the big tech players - and perhaps even their political environment.
The paper is structured as follows:
1 The Sovereignty Imperative: Moving Beyond Monolithic Insecurity
2 The High Cost of Dependency: A Risk Analysis of the Status Quo
2.1 Technical and Architectural Vulnerabilities
2.2 Geopolitical and Economic Threats
3 The Qubes OS Architecture: Security Through Isolation
3.1 Core Philosophy and Foundation
3.2 The Virtual Machine Ecosystem
4 Deployment and Use Cases in Professional Environments
4.1 Hardware Requirements and Installation
4.2 High-Value Use Cases
5 Administration and Management Challenges
5.1 The Need for Specialized Expertise
5.2 Centralized Management and Automation
6 Conclusion: Qubes OS as a Strategic Enabler of Digital Sovereignty
If you are interested in this discussion, please have a look at the paper:
Currently, it has to be built manually, using SaltStack. The tools are there, but they still need a lot of work to apply them. I hope this will change sometime (soon???).
This should come with Qubes Air, and R4.3 already contains important parts of its implementation.
I see you guys going back and forth on how to implement Qubes across Europe and all the technical, hardware considerations, etc.
Aren’t you forgetting something?
The reason why Windows is practically irreplaceable in the short term is because they spend decades training multiple generations on using Windows from a very young age and you can’t dispute that it is a very user friendly OS.
Do you seriously think that the masses can adopt Qubes?!
Maye we should lower our expectation of the average person to become familiar with one of the most user-unfriendly OS?
How about starting with a plan to maybe replace public sector Windows PCs with Linux first, before we ask everyone to become a visualization guru?
