QubesOS recommendations for X app

(NOTE: yes this is a Qubes related topic, skip to bottom to see cited source is a PDF explaining the architecture and OpSec of QubesOS within the context of X app surprisingly enough)

I was hoping to enjoy full unfettered access again on X app, by merely spinning up a VM in my new QubesOS setup — however according to this I was ill informed as to the intricacies of how X is exploitable within most if not all browsers even with such isolated compartmentalization and use of disposable qube VMs.

It sounds to me, it is safer to “admin” one’s X app account sparely only when needed in a desktop environment while remaining on the mobile app for the bulk of X app activities conducted.

This is problematic for me as I really need to be able to return fully on X Twitter Spaces as I have 2 journalists who wish to interview me there once I am back on my digital feet — and in doing so might help fundraise to recoup financially. However, I am too scared to use a mobile device for Twitter Spaces due to the IP Address and device info leaking when participating in Twitter Spaces. Thus, I was under the impression that I could spin up a disposable qube VM. Though this PDF document is making me reconsider if my assumed conclusions were accurate or not. Will I be “safe” if I participate in Twitter Spaces in a disposable qube VM then?

Keep in mind I have to allow access to the microphone, in the VM; which to my knowledge should be fine safety wise in security — it is the leaking of my device info and IP Address while on Twitter Spaces that concerns me as to why I thought doing it using QubesOS on desktop would be best rather than a leaky mobile device.

Further insight and/or suggestions welcomed, thanks!

source page 9 to 10 screenshotted in above image (under the sub-header Securing Twitter Account):

Qubes OS is not focused on privacy, it is focused in security. While you may achieve your privacy goals while using Qubes OS, it is likely that’ll be significantly harder and more error-prone than using sytems that are designed for preserving privacy.


Good point, I do keep forgetting this as I tend to lump both security and privacy planning together.

I will think more on this with your insight in mind, thank you

Personally I wouldnt touch X, on privacy and security grounds.
Given the level of attack you say you are under I am surprised that you
find the risk acceptable.

1 Like

There’s a twitter app for desktop…? That’s new.

Oh, you’re famous then? And you’re hiding? Maybe tell the journalists to use proper private communications tools. Session Messenger comes to mind. Twitter is clearnet normie turf, and as such is ridden with glowies and other bad actors (probably aliens).

May the Force (of privacy) be with you.

1 Like

It is a public live interview (hence Twitter Spaces) … and one of the 2 journalists are newly up and coming but I will discuss with her

And no, I have only ever been micro-famous but since 2011 after OWS the censorship has been heavy (this is a different issue and has no relation to the attack I am currently facing btw), so I am now only micro-famous in memory and history lol

Outside of Twitter Spaces for an interview, I need to be back on Twitter as it is one of the main Social Media sites that I am able to attempt to gain an income through business networking for opportunities of paid labor for myself and/or marketing any bootstrapped business idea to test product-market fit.

Not to mention it is the number one place to market my NFT project which I have to salvage once I am back up and running fully online again. Regardless if it gets success or not I have to upkeep it for the current holders as they have supported me throughout this nightmare ordeal I am still trying to get out of, and plus I have to comply with US regulations such as FTC and SEC by not abandoning the project.