That’s a good point. I would think a journalist would be able to accomplish most, if not all, of their workflow with a Lenovo T430. Providing a community driven solution like Qubes OS must be a challenge, and if a workable solution with the least amount of headaches involves Ivy Bridge architecure, then so be it.
Let us see if we can press forward on a design for a Journalists version of Qubes. In designing the system, I start with leaving every thing that is already there, alone. Let us Define a work flow, what should be done online, and offline. Which software should be installed in which Cloned Qubes. Which comments should be left for the Journalists at which points for warning.
Presuming a Journalist has no knowledge when first starting Qubes. We need to take them along a path of safety in using Qubes.
First, a list of software needed, to be installed in different Qubes.
Text Writer. I am unclear of the risk for the simple text writer.
package of office software. In offline Qube.
VPN
Nautilus
KeepPassxc - Key manager. In Offline qube.
One Qube with Firefox with all the Privacy - security addons. What else is in this Qube, Yes I know it allows for fingerprinting of browser.
Thunderbird. Which Qube. Is there a way to accept messages. then move them to another Qube for reading, decrypting. Not sure how to set that up myself. I guess it is in documentation. It seems an important security feature.
If Split PGP works, install that. For some reason or the other, I got an error message. Perhaps updates would fix it? I am guessing I will end up accomplisihing same thing by copying back and forth from an online Qube to one not online.
Receiving information online. Qube with internet connection. Copy and transfer to app Clone of Work? Do not open any files. One must either receive emails by browser or Thunderbird. Not sure of all the potential ways to mess that up. Also I presume it is typical to have more than one email address.
A Qube with Nautilus which can be used to download and verify public keys. Therefore has internet connection.
A qube with Nautilus to encrypt and decrypt files. Off Line. Which Qube should this be based on–Work? Or Vault? This Qube would have word Processing, Open Excel Files.
Create a sys-net Qube To allow for easy install of VPN. Warn user that VPN is not anonymous.
The relevant hardware warnings are - I have read some think -that - some wireless adapters are inherently insecure. but I do not have a list? Or an auto Checker Program to verify that the Wireless adapter is on that list. Or have I been reading some one else’s nonsense?
I understand that the Qubes Developers have good reason to not make some parts of getting information from the Net online point? Like whether there is flow of data, how fast is occurring. and some other details.
Avoid using USB. I have to believe that if I shut down Qubes. When I power it back up, the USB Firmware is renewed-reinstalled. Or am I wrong?
I suggested having a GUI to pass information-files to different Qubes, one that will do so easily if the file is going from a disp to a never online Qube.
A can’t mess it up design feature is what I am thinking on. Where else can we install this concept, use this, and you can not mess up your security?
Can I read of some of you folks ideas of additional Software -Installed in which Qubes (well Qubes Clone). What to name the Qubes Clone, as I think it wise to leave the existing Qubes as the developers put it out. Makes it easier for the Journalists version to be modified.
Work Flow Suggestions? Which Qube a Journalist would open in which order. guessing the first thing they do is check their emails. Public stories. Do Decryption. Prepare replies - articles. Encrypt where needed. Transfer their replies to the Qubes which are online, and send them off.
4 Likes
You covered quite a few (those for creating articles and transferring them). I would think some way to edit photos & video would be needed, both from cameras and phones. I use Gimp and Blender, but they’re probably unwieldy. Is there any sort of Qubes outreach with journalists? That might be a way to get some feedback and build a power user base.
Update: DeepLow’s post does mention that the Freedom of the Press Foundation (FPF) has been working with Qubes and also provides training to journalists.
Maybe you should try doing it only using Windows qubes, it would mean most people just have to learn to use qubes. Not having to recreate their entire work flow using new tools probably would be a huge advantage for anyone with average computer skills and no Linux experience.
1 Like
Windows Qubes are especially painful, I would not recommend it to unprepared user 
2 Likes
I got here running away from Windows. I don’t see a security advantage in using Windows on top of Xen. Might be the other Qubes don’t get infected.
I used to have some software which runs on Windows that might be useful. Dragon, “I Talk it Types.” Turn the internet connection to the Windows Qube off.
I will try to provide blocks of the different Qubes that should be in a Pre-Installed Qubes Journalist’s-Human Rights workers version of OS. From now on I will refer to this as a Journalists version of Pre-installed Qubes (or J), and omit the term Human Rights Worker. Just to keep the amount of text down. I deeply respect Human Rights workers. For now, I will presume the needs are the same.
My thought being that Journalists are not going to want to set up specific Qubes for specific tasks. AND. Journalists can not understand (Journalists have not spend hours reading all the websites pertaining to security that some of our Qubes experts hav). the consequences of doing some things with certain programs or Qubes set in different ways, or even in different orders of events.
That is, I want to create a work flow design to allow Journalists to keep within good security Work-Flow in spite of any lack of experience with Qubes, or dreary eyed work practices.
I will define J-Qubes (those Qubes I suggest we add) I will define according to logically need. The slant of that being, I will define Qubes according to; A set of Qubes for; Input; (bringing in information from Internet or USB). A set of Qubes for; Process, (Decryption, replying to, writing notes or a story. A set of Qubes for; Output (sending out on the Internet)
And of course the Qubes related to getting on Internet; Sys-net. sys-usb. sys-firewall. Qube to connect by way of VPN(s).
I feel sure someone will immediately chime in and say, you have duplicate Qubes, one for Input, and another for Output, that could be combined, just don’t open any file or thing you receive while online. I will just do it this way for now, in terms of overall Form. I realize it takes more RAM, has more performance problems to do it with different, but similar software for Qubes meant for input, and another for Output. Let’s just leave the overview as logical for now. There are other things to quibble about in the final version as well.
Right now, just the overview.
Feel free to critique what I write. I am surely not perfect, and I am feeling my way in the fog of my miss-understanding.
If split-gpg works then it should be pre-installed.
If split-usb works, then it should be pre-installed.
and in this scheme,the J version should be j-clones.
I am on the fence about using Thunderbird, as I suspect it comes with - new Features. Also using more than one email account inside the same Qubes. Too much potential of cross talk. Is Thunderbird better than - webmail? But, what do I know?
There’s been some great work done that could help you out:
DeepLow’s post on setting up a Provisioning Auditing Environment:
- VPN Proxy Qube: Deals with connectivity
- Analysis Qube: Analyze and compile all the data. Inter team communications on a vm
- Antarctica DispVM: Safe space for viewing sketchy stuff. Non networked disposable vm.
- Network Recon Cube: Use inter-qube communication to move recon data into Analysis Qube
Joshua Thayer’s work on the integrated SecureDrop Workstation (SDW), that includes using SplitGPS to download and transfer documents to an offline domain.
Freedom of the Press Foundation (Who’s partnered with Qubes) has developed “DangerZone” for converting worrisome documents (not sure if they were inspired by Top Gun or Archer on the name).
2 Likes
Veerrry interesting.
I will focus on creating a Work Flow logic.
Where the Work Flow guides our Intrepid Reporter to keep his computer, and him safe. Also Protecting his sources.
To keep the Journalist from making a mistake, without having to keep a hundred points in mind of what to do, when. What never to do. What is a danger flag. Keeping one eye on the Canary.
Work Flow should be like the Security Guard guiding the Journalist through the alleys of a destroyed country.
Still, keep posting knowledge. If we ever get the first stage off the ground. Then each of these ideas, implementations, Apps, programs can be given consideration.
I don’t want to dampen enthusiasm, but secure drop is developed by, and
for, journalists.
I think you would do much better to approach the FPF to work with them
rather than reinventing the wheel. You may have some insight that’s
valuable, or you may learn from them how your ideas are misguided.
At a minimum I would look at SecureDrop and learn from what they think
is valuable. They have already considered the same things you are
starting to think about.
When I comment in the Forum or in the mailing lists I speak for myself.
3 Likes
Unman, I believe those who have high levels of expertise, such as yourself, what occurs to you off the top of your head, or feeling about a project, situation, is more important, will have more impact on a project than all my pretensions of effort.
I have read through some of the FPF. I have read about and used Secure Drop.
My respect for the likelihood that your opinions will have more impact than what I am considering is quite high. For the next week I will be doing some other things besides this project, anyway. and I will ruminate on what you have said.
1 Like
That makes sense. I think catacombs has some great energy and ideas, especially in terms of creating a list of apps for journalists.
In addition to FPF & SecureDrop, DeepLow seemed like a good contact. Knowing what they’ve done, and their current objectives, would help you know where you could make your greatest contribution.
1 Like
Long ago I worked for a fellow who had gray hair, and told me some stories about the Operating Systems for computers the size of very large rooms.
Usually the first version of an OS barely works. When some basic compilers gave trouble, the reply of the guys working on the OS said it was a problem with the compiler not working well. Complain to the software guys who build the Compiler and how they interface with the Loader.
About the fourth iteration of the OS. The OS would be mostly stable, and even work with some of the Compilers (read Application Software)
Then began the next phase of the OS development. People had all these ideas about some neatzy keen features to go with the OS. Some called this the Bells and Whistles stage.
As nice as some of the features could be envisioned to be with the implementation of these Bells and Whistles. It created ways to slow down the OS, sometimes crash user programs. Even cause unusual problems with OS.
Kind of like M$ sending out updates that crashed. Now it is feature updates, which don’t crash so much, but slows down OS, and to give me a feature I never knew I needed. and don’t use.
After three or so more levels of OS, some of that crashing would go away, and on site system engineers were never keen on installing any more cool Bells and Whistles. not at least until some other sites had implemented that feature and used it, successfully through at least one more upgrade of OS. Some on site System software types would not implement new updates at all. Sound familiar?
By then the Computer Company would announce a new piece of hardware was coming out, with greater speed and fantastic features in the OS. A lot of sites would say, “Uh, not now.” Basically what they had was finally working after years of frustration.
I fear my suggestions for a Qubes for Journalists is like 'Bells and Whistles.". A version of Qubes with essentially a trail guide to guide a journalist, rather than the Journalist trying to make decisions on which path to take -based on reading a lot of documentation.
and for the record. About backing up your computer. In the big room size OS environment. The computer company manufacturer OS experts always claimed the Back Up worked perfectly.
My experience was that ‘Back-Ups’ (then on large reel computer tape) never failed. However "Restores’ failed. Never the fault of those who wrote the Back Up Software.
So called ‘Interval Backups’ - backups based upon each night saving only the parts of the file system has changed -whatever the interval (day-week-Month) and whatever the terminology. Find Unique and creative ways to fail.
With a solid back up program. Save full clones of disks, multiple times., For a laptop that is an external drive. Then hide those discs. If you have friends like mine, they decided I was not using those external discs. so they kleptoed some.
Don’t trust one back up. I prefer to use a program from a disk manufacturer (like Seagate for Seagate,’ Western Digital’ drives) to clone. I don’t like Shrink images, compressed, or zip images of back up. Another great way for a restore to fail if just a few digits get messed up.
I guess none of this is about the Qubes back up system. But if one is going to re-install the OS, at least occasionally. To prepare to go through airports, or to upgrade OS, or, something just feels off. Then having multiple cloned back-ups (keep up with Passwords) works.
Backing up to the same device over and over, usually ends up with the last copy a corrupted copy. Or the device, or tape media just fail.
and put my really important personal information on a Flash drive, which now can hold so much data that the entire OS could be saved onto it as.
Hello. Human rights worker here. I wrote this article on how to use Qubes OS in the most basic form.
Journalists starting to use Qubes OS are better off using it in the most simple during the first 6 to 12 months, as I described in the article. That’s how I started. No compartimentalization. I also watched whatever videos available on YouTube. Back then, there were hardly any videos and this forum didn’t exist. Today, the entry barrier should be lower because of the availability of videos on Qubes in multiple languages. And because of this forum.
6 to 12 months in, journalists / human rights worker can start using compartimentization.
If only major cities around the world had Qubes OS experts or IT non-profit or human rights non-profit that people can go to for the initial Qubes phase in. That would have made my life easier when I started running Qubes.
7 Likes
@Wissam, just out of curiosity:
-
In the human rights industry (I’m sorry, I don’t actually know what it’s officially called, but I have the utmost respect for everyone in it!), do individuals usually get to choose their work machine, or is it usually given to them pre-configured?
-
Is there any training provided by employers about this sort of stuff (and is it any good?), or is it mostly self-taught?
CONTEXT: Most University courses will only teach software provided by companies who FUND their research (hence why you don’t see much FOSS software being taught). I’m trying to get a feel for whether any situation like that exists. I’m also trying to get a feel for how much effort people in the industry are prepared to put in to “learn new things”.
- Any chance you could give us some examples of “dumb things” that seem to occur in the industry?
CONTEXT: *Self-pwnage, bad OpSec, etc. For example, someone receiving images that have had the metadata cleaned, and then taking a screenshot of the cleaned image, thereby putting the metadata back in. Posting on social media while “on the job”, or other things of that nature (please don’t say anything that could compromise anyone 
)
I’m asking because if there are things that enough people in the industry do that they probably shouldn’t, then there is potential for safeguards to be put in place in Qubes OS to stop it. *
——-
Absolutely loved your article, by the way. Detailed but also succinct and to the point
1 Like
In my opinion the development of guided tutorials as championed by deeplow & others would be a significant step forward in broadening the usability of Qubes for journalists & other at-risk persons.
An intuitive walk-through guide to performing basic Qubes operations that can be ‘unticked’ at the installation menu, and on first boot brings you in to the tutorial environment and perhaps can be picked back up at a later stage.
Something like this covering the basics I think would do wonders for on-boarding. I’m not able to program but if anyone needs help with working on the structure / bouncing ideas off of for such an effort, message me.
If only major cities around the world had Qubes OS experts or IT non-profit or human rights non-profit that people can go to for the initial Qubes phase in. That would have made my life easier when I started running Qubes.
This is what such a feature could begin to bridge the gap on. I really wish I had more skills to develop it technically. Many non-technical users are intimidated by the documentation and the conceptual leap to really using Qubes as it is intended. This of course can’t be eliminated, but perhaps the interactive guidance through steps will help to keep people engaged and feeling like they are progressing, rather than studying for a test in a ‘language’ they don’t understand.
As I said, only so much of the ‘edge’ of Qubes can be rounded.
2 Likes
I consider: While I say Journalist and imply Human Rights worker as well. Much of the information today regarding Human Rights abuses comes from individuals, who happen to see something.
One of the first people in China who talked about a disease that other Optometrists should watch out for, posted the information. For which the government told him to shut up. Put him in jail. Events showed he was correct, he was released from jail. He caught COVID, and died.
A person, in Wuhan, whose apartment window overlooked a place where the dead bodies where taken, reported that the number of dead being reported by the government, was obviously way off. Reporting by way of Media like Facebook, is likely to invite a visit by government security services.
I know a fellow, who married a woman from Russia, who lived in the time of the old Soviet Union. She said the people expected the government to lie to them. That is, the Soviet Union was in a battle for their country, and if lies benefited that effort, the average people supported it.
Truth is a relative term for Journalists/Human Rights workers.
I envision someone trying to take up Qubes, is not in a good position to spend hours reading notes online. Not only terms of the time in their personal life, but that time online to Qubes sites, and github. increases the probability that they incur the interest of the government watchers.
If we also put a lot of documentation inside Qubes, makes the download a bit bigger, but less time online later.
I think of what I am trying to accomplish is like a ‘Trail Guide,’ built inside the software. The possible options to a newcomer is like a valley filled with lots of paths. The “Trail Guide” is to show the way to using Qubes without risk. I am afraid my project is becoming more like a Microsoft Feature, slows things up.
If we finish the project I see a big group who might pick up Qubes will be business travelers.
First of all I don’t think the idea that computer amateurs are both in a position where they can stumble upon Qubes OS Journalists edition and not trip up a hypothetical red flag from a threat, but their reading the documentation would do so adds up.
That doesn’t really stack up to me. If someone is a computer amateur who as you said originally isn’t even aware of how their OS puts them at risk, they are going to likely be diving through searches of ‘best privacy ****’ this & that on youtube and google which will land them on someone suggesting Qubes.
If there was any kind of tripwire of authorities paying attention to their activity that could be done so by reading Qubes documentation, accessing whatever lead them to the suggestion to use this Journalists Qubes & the subsequent downloading etc. will do that anyway.
I like your enthusiasm but I find this thread a bit confused.
Having a tutorial like Deeplow said for beginners on their first boot is a good step, but I don’t think splitting off a Journalists version of Qubes is worth the effort & solves problems, more likely to create problems.
You’re better off creating guides like Wissam did informing people in the simplest terms what their current threats are, and how those are mitigated by Qubes.
@Wissam I read & thought you did a great job on that article.
Thank you @alzer89 and @KarlinQubes for your replies and for your feedback to my article. I will reply to your questions ASAP. I need some time to write the answer.
As for the following:
Indeed, the people I work with do not have time to read lengthy guides. I disagree with @KarlinQubes that “the development of guided tutorials as championed by @deeplow & others would be a significant step forward in broadening the usability of Qubes for journalists & other at-risk persons.” An abundance of information is paramount. Video tutorials, written tutorials, forums, etc. Very important. But are insufficient for human rights advocates.
I will expand on this in a later reply.
For now, I have one major question that Human Rights Defenders ask: Will installing and using Qubes be detected by my government? Governments are increasingly able to fingerprint devices within their network. Catacombs wrote:
To compare, Graphene OS does not emit signals other than the update request. And that can be disabled (and enabled momentarily when updates are available). I was at training where the trainers had monitored the connections coming out of Graphene OS for a week to confirm this. In addition, the Internet Connectivity Check can be disabled or sett to Standard Google. PSDS server can be set to Standard Google. Wifi Mac address is randomized. This makes the phone much harder to locate.
So I can recommend Graphene OS to some people in specific environments. But what about Qubes OS? This may have already been answered on this forum so I apologize for asking again.
2 Likes
I’m looking forward to reading this reply.
I cannot imagine that there is a passive system for alerting to use of Qubes. There shouldn’t be any information that belies Qubes use leaking.
There are artifacts that if someone hacked your system could suggest you are running on top of a hypervisor, but those are if you are already hacked and someone is figuratively searching through your trash. The above discusses some of these artifacts in the context of linking two VM’s to the same user.
With a more authoritative confirmation from another user, you should I imagine be able to confidently assure people that simply using Qubes (and not when we start to talk about Tor use etc.) will not be detected by government unless they flag you visiting the site & then look in to you further.
I’d love for someone more knowledgeable to comment, but to the best of my understanding I cannot see what possible fingerprinting could be done in a passive way to alert that a device is connecting using Qubes.