Qubes for at-risk populations

I’d like to spark conversation and gather information on the current progress towards making Qubes usable for those who are more likely at risk - Human Rights workers and Investigative Journalists among others. It’s also stated this is one of the key target audiences on the Qubes website:

Made to support vulnerable users

Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefits of using multiple computing devices at a fraction of the cost and without the associated loss of usability. (in qubes-os.org/intro)

Great progress has been made thanks to the Qubes team and all contributors, but we know we’re still not at the point that a mac and windows users can simply do their work on Qubes with little more than some training (to adjust for the compartmentalization paradigm).

A past conversation on this topic happened on mailing-list but hopefully by bringing it also here, it can reach a wider audience (thanks to the usability of the forum)

Current Efforts

This is a list of current efforts towards bringing qubes to at-risk populations. Either in terms of training, custom software aimed at this population or training programes.

Qubes UX Team

Nina Alter is now officially part of the Qubes’ Team and will be spearheading UX improvements for the operating system with the help of the MOSS Mission Partners award.

300x300740×557 218 KB

300x300909×1082 223 KB

Securedrop Workstation

Securedrop is a project by the Freedom of Press Foundation (FPF) that aims to connect journalistic sources with journalists in a way that both are protected. Particularly, to safeguard the security of journalists the FPF team has been building a configuration of Qubes for opening documents safely and sharing them, even when they come from untrusted sources. Find more about the project here.

1920×1080 351 KB

Watch the video The Next Generation of SecureDrop: A Virtual Event by FPF

Qubes Trainings for Journalists (By FPF)

As part of FPF’s efforts to migrate their system for journalists to Qubes (see above) they will be doing trainings for journalists on the operating system. Not a lot of information is publicly available on this.

Other projects

What other projects are there? Is anyone developing a salt configuration for these populations?

If you know of another project, please do share them bellow.

I’d like to contribute towards this goal and connect with those who are also interested.

I’d like to help if at all possible.

Id love to help with anything in this space. There were a couple amazing talks about how folks from FPF were using qubes at hopecon this year.

The first one talks about personal use cases for qubes and also goes into orchestration. I think the value would be not deploying just qubes to an at risk user but deploying a preconfigured qubes setup that is reproducible.

https://archive.org/details/hopeconf2020/20200730_1600_QubesOS_for_Organizational_Security_Auditing.mp4

The second talk deals with secure drop architecture and use

https://archive.org/details/hopeconf2020/20200801_1700_The_SecureDrop_Journalist_Workstation.mp4

4 posts were split to a new topic: Is SaltStack Open Source?

I didn’t know about those! Thanks a lot @robstunkist! That’s exactly the sort of content sharing that created this thread in mind with.

I converted one of those talks into a post it the hopes it reaches some more people in the community:

this is awesome! thanks for doing this

thanks for creating this thread @deeplow. this topic is dear to me.

you may be interested in this old issue where we had tried to create some at-risk user personas, to more clearly commmunicate what Qubes functionality may be useful for them:

re: salt recipes, here is old issue discussing “recipe store” idea (probably not for R4.1 since last updated 2016):

and here is a gender and security manual from 2015 that discusses Qubes OS:

https://gendersec.tacticaltech.org/wiki/index.php/Step_1#Security_by_isolation:_Qubes_OS

It seems to be pretty outdated or it was never accurate. In particular, it claims that Tor cannot be installed on Qubes OS…

You’re welcome! It’s also very dear to me

yes, I think that issue should be re-ignited or be futther developed under: issue #3758. I’ve posted there some more inspiration material for creating these personas.

Yes, I’m aware That’s one of most complete guides out there. Too bad that these things get outdated so easily @427F11FD0FAA4B080123.

Thanks for bringing that to my attention. I think having that will be a huge stepping stone especially for organizational security (in newsrooms, or digisec trainers for example).

Deniable encryption, please!

what you mean?

This. I would say it is pretty crucial for at-risk populations.

the link is apparently down Details: 0xF2 — Introduction failed, which means that the descriptor was found but the service is no longer connected to the introduction point. It is likely that the service has changed its descriptor or that it is not running.

Also related:

it still work for me
it an tor link, if you not using tor, use tor browser to open that
edit: after reload the tor browser identity, the link won’t work anymore

4 posts were split to a new topic: When Will Qubes Have The new App Menu?

Is there any further information on the FPF training?

I think their trainings are mostly for news organizations that use SecureDrop at the moment and their Qubes software is still in pilot phase.