Qubes ready to install for Journalist-Human Rights workers

You covered quite a few (those for creating articles and transferring them). I would think some way to edit photos & video would be needed, both from cameras and phones. I use Gimp and Blender, but they’re probably unwieldy. Is there any sort of Qubes outreach with journalists? That might be a way to get some feedback and build a power user base.

Update: DeepLow’s post does mention that the Freedom of the Press Foundation (FPF) has been working with Qubes and also provides training to journalists.

Maybe you should try doing it only using Windows qubes, it would mean most people just have to learn to use qubes. Not having to recreate their entire work flow using new tools probably would be a huge advantage for anyone with average computer skills and no Linux experience.

Windows Qubes are especially painful, I would not recommend it to unprepared user

I got here running away from Windows. I don’t see a security advantage in using Windows on top of Xen. Might be the other Qubes don’t get infected.

I used to have some software which runs on Windows that might be useful. Dragon, “I Talk it Types.” Turn the internet connection to the Windows Qube off.

I will try to provide blocks of the different Qubes that should be in a Pre-Installed Qubes Journalist’s-Human Rights workers version of OS. From now on I will refer to this as a Journalists version of Pre-installed Qubes (or J), and omit the term Human Rights Worker. Just to keep the amount of text down. I deeply respect Human Rights workers. For now, I will presume the needs are the same.

My thought being that Journalists are not going to want to set up specific Qubes for specific tasks. AND. Journalists can not understand (Journalists have not spend hours reading all the websites pertaining to security that some of our Qubes experts hav). the consequences of doing some things with certain programs or Qubes set in different ways, or even in different orders of events.

That is, I want to create a work flow design to allow Journalists to keep within good security Work-Flow in spite of any lack of experience with Qubes, or dreary eyed work practices.

I will define J-Qubes (those Qubes I suggest we add) I will define according to logically need. The slant of that being, I will define Qubes according to; A set of Qubes for; Input; (bringing in information from Internet or USB). A set of Qubes for; Process, (Decryption, replying to, writing notes or a story. A set of Qubes for; Output (sending out on the Internet)

And of course the Qubes related to getting on Internet; Sys-net. sys-usb. sys-firewall. Qube to connect by way of VPN(s).

I feel sure someone will immediately chime in and say, you have duplicate Qubes, one for Input, and another for Output, that could be combined, just don’t open any file or thing you receive while online. I will just do it this way for now, in terms of overall Form. I realize it takes more RAM, has more performance problems to do it with different, but similar software for Qubes meant for input, and another for Output. Let’s just leave the overview as logical for now. There are other things to quibble about in the final version as well.

Right now, just the overview.

Feel free to critique what I write. I am surely not perfect, and I am feeling my way in the fog of my miss-understanding.

If split-gpg works then it should be pre-installed.
If split-usb works, then it should be pre-installed.

and in this scheme,the J version should be j-clones.

I am on the fence about using Thunderbird, as I suspect it comes with - new Features. Also using more than one email account inside the same Qubes. Too much potential of cross talk. Is Thunderbird better than - webmail? But, what do I know?

There’s been some great work done that could help you out:

DeepLow’s post on setting up a Provisioning Auditing Environment:

• VPN Proxy Qube: Deals with connectivity
• Analysis Qube: Analyze and compile all the data. Inter team communications on a vm
• Antarctica DispVM: Safe space for viewing sketchy stuff. Non networked disposable vm.
• Network Recon Cube: Use inter-qube communication to move recon data into Analysis Qube

Joshua Thayer’s work on the integrated SecureDrop Workstation (SDW), that includes using SplitGPS to download and transfer documents to an offline domain.

Freedom of the Press Foundation (Who’s partnered with Qubes) has developed “DangerZone” for converting worrisome documents (not sure if they were inspired by Top Gun or Archer on the name).

Veerrry interesting.

I will focus on creating a Work Flow logic.

Where the Work Flow guides our Intrepid Reporter to keep his computer, and him safe. Also Protecting his sources.

To keep the Journalist from making a mistake, without having to keep a hundred points in mind of what to do, when. What never to do. What is a danger flag. Keeping one eye on the Canary.

Work Flow should be like the Security Guard guiding the Journalist through the alleys of a destroyed country.

Still, keep posting knowledge. If we ever get the first stage off the ground. Then each of these ideas, implementations, Apps, programs can be given consideration.

I don’t want to dampen enthusiasm, but secure drop is developed by, and
for, journalists.
I think you would do much better to approach the FPF to work with them
rather than reinventing the wheel. You may have some insight that’s
valuable, or you may learn from them how your ideas are misguided.

At a minimum I would look at SecureDrop and learn from what they think
is valuable. They have already considered the same things you are
starting to think about.

Unman, I believe those who have high levels of expertise, such as yourself, what occurs to you off the top of your head, or feeling about a project, situation, is more important, will have more impact on a project than all my pretensions of effort.

I have read through some of the FPF. I have read about and used Secure Drop.

My respect for the likelihood that your opinions will have more impact than what I am considering is quite high. For the next week I will be doing some other things besides this project, anyway. and I will ruminate on what you have said.

That makes sense. I think catacombs has some great energy and ideas, especially in terms of creating a list of apps for journalists.

In addition to FPF & SecureDrop, DeepLow seemed like a good contact. Knowing what they’ve done, and their current objectives, would help you know where you could make your greatest contribution.

Long ago I worked for a fellow who had gray hair, and told me some stories about the Operating Systems for computers the size of very large rooms.

Usually the first version of an OS barely works. When some basic compilers gave trouble, the reply of the guys working on the OS said it was a problem with the compiler not working well. Complain to the software guys who build the Compiler and how they interface with the Loader.

About the fourth iteration of the OS. The OS would be mostly stable, and even work with some of the Compilers (read Application Software)

Then began the next phase of the OS development. People had all these ideas about some neatzy keen features to go with the OS. Some called this the Bells and Whistles stage.

As nice as some of the features could be envisioned to be with the implementation of these Bells and Whistles. It created ways to slow down the OS, sometimes crash user programs. Even cause unusual problems with OS.

Kind of like M$ sending out updates that crashed. Now it is feature updates, which don’t crash so much, but slows down OS, and to give me a feature I never knew I needed. and don’t use.

After three or so more levels of OS, some of that crashing would go away, and on site system engineers were never keen on installing any more cool Bells and Whistles. not at least until some other sites had implemented that feature and used it, successfully through at least one more upgrade of OS. Some on site System software types would not implement new updates at all. Sound familiar?

By then the Computer Company would announce a new piece of hardware was coming out, with greater speed and fantastic features in the OS. A lot of sites would say, “Uh, not now.” Basically what they had was finally working after years of frustration.

I fear my suggestions for a Qubes for Journalists is like 'Bells and Whistles.". A version of Qubes with essentially a trail guide to guide a journalist, rather than the Journalist trying to make decisions on which path to take -based on reading a lot of documentation.

and for the record. About backing up your computer. In the big room size OS environment. The computer company manufacturer OS experts always claimed the Back Up worked perfectly.

My experience was that ‘Back-Ups’ (then on large reel computer tape) never failed. However "Restores’ failed. Never the fault of those who wrote the Back Up Software.

So called ‘Interval Backups’ - backups based upon each night saving only the parts of the file system has changed -whatever the interval (day-week-Month) and whatever the terminology. Find Unique and creative ways to fail.

With a solid back up program. Save full clones of disks, multiple times., For a laptop that is an external drive. Then hide those discs. If you have friends like mine, they decided I was not using those external discs. so they kleptoed some.

Don’t trust one back up. I prefer to use a program from a disk manufacturer (like Seagate for Seagate,’ Western Digital’ drives) to clone. I don’t like Shrink images, compressed, or zip images of back up. Another great way for a restore to fail if just a few digits get messed up.

I guess none of this is about the Qubes back up system. But if one is going to re-install the OS, at least occasionally. To prepare to go through airports, or to upgrade OS, or, something just feels off. Then having multiple cloned back-ups (keep up with Passwords) works.
Backing up to the same device over and over, usually ends up with the last copy a corrupted copy. Or the device, or tape media just fail.

and put my really important personal information on a Flash drive, which now can hold so much data that the entire OS could be saved onto it as.

Hello. Human rights worker here. I wrote this article on how to use Qubes OS in the most basic form.

Journalists starting to use Qubes OS are better off using it in the most simple during the first 6 to 12 months, as I described in the article. That’s how I started. No compartimentalization. I also watched whatever videos available on YouTube. Back then, there were hardly any videos and this forum didn’t exist. Today, the entry barrier should be lower because of the availability of videos on Qubes in multiple languages. And because of this forum.

6 to 12 months in, journalists / human rights worker can start using compartimentization.

If only major cities around the world had Qubes OS experts or IT non-profit or human rights non-profit that people can go to for the initial Qubes phase in. That would have made my life easier when I started running Qubes.

@Wissam, just out of curiosity:

• In the human rights industry (I’m sorry, I don’t actually know what it’s officially called, but I have the utmost respect for everyone in it!), do individuals usually get to choose their work machine, or is it usually given to them pre-configured?

• Is there any training provided by employers about this sort of stuff (and is it any good?), or is it mostly self-taught?

CONTEXT: Most University courses will only teach software provided by companies who FUND their research (hence why you don’t see much FOSS software being taught). I’m trying to get a feel for whether any situation like that exists. I’m also trying to get a feel for how much effort people in the industry are prepared to put in to “learn new things”.

• Any chance you could give us some examples of “dumb things” that seem to occur in the industry?

CONTEXT: *Self-pwnage, bad OpSec, etc. For example, someone receiving images that have had the metadata cleaned, and then taking a screenshot of the cleaned image, thereby putting the metadata back in. Posting on social media while “on the job”, or other things of that nature (please don’t say anything that could compromise anyone )

I’m asking because if there are things that enough people in the industry do that they probably shouldn’t, then there is potential for safeguards to be put in place in Qubes OS to stop it. *

——-

Absolutely loved your article, by the way. Detailed but also succinct and to the point

In my opinion the development of guided tutorials as championed by deeplow & others would be a significant step forward in broadening the usability of Qubes for journalists & other at-risk persons.

An intuitive walk-through guide to performing basic Qubes operations that can be ‘unticked’ at the installation menu, and on first boot brings you in to the tutorial environment and perhaps can be picked back up at a later stage.

Something like this covering the basics I think would do wonders for on-boarding. I’m not able to program but if anyone needs help with working on the structure / bouncing ideas off of for such an effort, message me.

If only major cities around the world had Qubes OS experts or IT non-profit or human rights non-profit that people can go to for the initial Qubes phase in. That would have made my life easier when I started running Qubes.

This is what such a feature could begin to bridge the gap on. I really wish I had more skills to develop it technically. Many non-technical users are intimidated by the documentation and the conceptual leap to really using Qubes as it is intended. This of course can’t be eliminated, but perhaps the interactive guidance through steps will help to keep people engaged and feeling like they are progressing, rather than studying for a test in a ‘language’ they don’t understand.

As I said, only so much of the ‘edge’ of Qubes can be rounded.

I consider: While I say Journalist and imply Human Rights worker as well. Much of the information today regarding Human Rights abuses comes from individuals, who happen to see something.

One of the first people in China who talked about a disease that other Optometrists should watch out for, posted the information. For which the government told him to shut up. Put him in jail. Events showed he was correct, he was released from jail. He caught COVID, and died.

A person, in Wuhan, whose apartment window overlooked a place where the dead bodies where taken, reported that the number of dead being reported by the government, was obviously way off. Reporting by way of Media like Facebook, is likely to invite a visit by government security services.

I know a fellow, who married a woman from Russia, who lived in the time of the old Soviet Union. She said the people expected the government to lie to them. That is, the Soviet Union was in a battle for their country, and if lies benefited that effort, the average people supported it.

Truth is a relative term for Journalists/Human Rights workers.

I envision someone trying to take up Qubes, is not in a good position to spend hours reading notes online. Not only terms of the time in their personal life, but that time online to Qubes sites, and github. increases the probability that they incur the interest of the government watchers.

If we also put a lot of documentation inside Qubes, makes the download a bit bigger, but less time online later.

I think of what I am trying to accomplish is like a ‘Trail Guide,’ built inside the software. The possible options to a newcomer is like a valley filled with lots of paths. The “Trail Guide” is to show the way to using Qubes without risk. I am afraid my project is becoming more like a Microsoft Feature, slows things up.

If we finish the project I see a big group who might pick up Qubes will be business travelers.

First of all I don’t think the idea that computer amateurs are both in a position where they can stumble upon Qubes OS Journalists edition and not trip up a hypothetical red flag from a threat, but their reading the documentation would do so adds up.

That doesn’t really stack up to me. If someone is a computer amateur who as you said originally isn’t even aware of how their OS puts them at risk, they are going to likely be diving through searches of ‘best privacy ****’ this & that on youtube and google which will land them on someone suggesting Qubes.

If there was any kind of tripwire of authorities paying attention to their activity that could be done so by reading Qubes documentation, accessing whatever lead them to the suggestion to use this Journalists Qubes & the subsequent downloading etc. will do that anyway.

I like your enthusiasm but I find this thread a bit confused.

Having a tutorial like Deeplow said for beginners on their first boot is a good step, but I don’t think splitting off a Journalists version of Qubes is worth the effort & solves problems, more likely to create problems.

You’re better off creating guides like Wissam did informing people in the simplest terms what their current threats are, and how those are mitigated by Qubes.

@Wissam I read & thought you did a great job on that article.

Thank you @alzer89 and @KarlinQubes for your replies and for your feedback to my article. I will reply to your questions ASAP. I need some time to write the answer.

As for the following:

Indeed, the people I work with do not have time to read lengthy guides. I disagree with @KarlinQubes that “the development of guided tutorials as championed by @deeplow & others would be a significant step forward in broadening the usability of Qubes for journalists & other at-risk persons.” An abundance of information is paramount. Video tutorials, written tutorials, forums, etc. Very important. But are insufficient for human rights advocates.

I will expand on this in a later reply.

For now, I have one major question that Human Rights Defenders ask: Will installing and using Qubes be detected by my government? Governments are increasingly able to fingerprint devices within their network. Catacombs wrote:

To compare, Graphene OS does not emit signals other than the update request. And that can be disabled (and enabled momentarily when updates are available). I was at training where the trainers had monitored the connections coming out of Graphene OS for a week to confirm this. In addition, the Internet Connectivity Check can be disabled or sett to Standard Google. PSDS server can be set to Standard Google. Wifi Mac address is randomized. This makes the phone much harder to locate.

So I can recommend Graphene OS to some people in specific environments. But what about Qubes OS? This may have already been answered on this forum so I apologize for asking again.

I’m looking forward to reading this reply.

I cannot imagine that there is a passive system for alerting to use of Qubes. There shouldn’t be any information that belies Qubes use leaking.

There are artifacts that if someone hacked your system could suggest you are running on top of a hypervisor, but those are if you are already hacked and someone is figuratively searching through your trash. The above discusses some of these artifacts in the context of linking two VM’s to the same user.

With a more authoritative confirmation from another user, you should I imagine be able to confidently assure people that simply using Qubes (and not when we start to talk about Tor use etc.) will not be detected by government unless they flag you visiting the site & then look in to you further.

I’d love for someone more knowledgeable to comment, but to the best of my understanding I cannot see what possible fingerprinting could be done in a passive way to alert that a device is connecting using Qubes.

What I want to show in part of the “Trail Guide,”
Options the user should first do in which order.
Login.
Update being the goal;

(Option; How to start a Jqube that has Open VPN installed, to allow them to enter login to VPN provider. Tell the user where to look for an option on the screen. Which option to choose. To get into Qube for VPN.) Need a setting made to use VPN for Update. Where is point to click. How.

Where to look for “Update Icon” , What to expect after Update starts.

I start with the idea of a rigid path for first time users.
Get Online.
Update.
Start Jdisp to get needed information from other places on Internet, email/web pages.
Copy that needed information over to a JQubes app, (probably based Work Qubes. This Qube Offline always, which has software added to facilitate effort. I have a list, but anyone want to build the list,

Someplace in there must be decryption and encryption software. Whether Split-GPG. or just do it. Things outgoing onto Internet or a USB. Like put all the outgoing into one folder, copy it all over to the Outgoing Jqubes. Which is a disp.

The there is having a Vault, copying things into Vault.

Documentation at the point in time where it is needed.

I could be off base, but it seems like much of what you’re proposing is to make the installation and use of Qubes OS a “seamless experience” experience for journalists. That seems like a good thing.

As a rough example, if the journalist needs to lauch a specific qube, why call it qube? Just have a button on the desktop for “Research / Download” and the others activities the journalist performs. The button would link to necessary qube, which could be set up at installation with installation manager interface with drop-downs.