Basically open-source software can be vulnerable to supply-chain attacks… so, when it comes to QubesOS you want to watch out for backdoors in Fedora, Xen and Qube-tools. Debian, Whonix and community provided distros are less critical as long as an attacker does not have a zero-day for Xen. For HVMs qemu increases the attack surface.
When you decide to download Tails your IP might be recorded without the tails-maintainer knowing.
Anyway… check your traffic with wireshark and let us know who talks to your backdoor or your backdoor is talking to.
Anything can be a honeypot if one doesn’t know what a secure version of a honeypot looks or acts like or what to look for but the only danger I can see would be to those who know nothing about what a secure OS and network connection looks and acts like but that would apply to any network security measure one might apply on a whim.
“Bad actors” don’t need honeypots because there are more than enough…shall we say, less-than-intelligent people(?) to satisfy any number of crooks.
Qubes-OS is currently and sociopolitically “popular” for reasons that have nothing to do with network security. As it is, it appears pretty secure but doesn’t qualify as a daily driver for me. At least, not yet. On the other hand, it could be useful, (though not necessary) along with other tools, if something should happen and I find myself in need of some sort of long-distance, snail-mail level privacy for something so I’ve installed it on a USB stick and will keep it up to date.
Traffic lights and crosswalk are given to you to securely cross the street. But you cannot ask from the givers to guarantee no car will hit you when crossing the street there. It’s up to you to ensure safe crossing.
Same with Qubes.
