Resetting my Qube lives

preface: new qubes users/new linux user

As I’m learning Qubes I realize I’m going to make a lot of mistakes along the way. Such as not compartmentalizing enough, using login’s in wrong qubes etc.


  1. lets say you use a login from a different persona in a wrong qube. Are those two logins forever “fingerprinted (not sure if I’m using this correctly)” together? basically linking those two personas.

  2. if you use email aliases as not to link the real email address to you using different aliases in each qubes. But you have a qube where you access that email (login to actually see the emails) doesn’t it all being in one inbox just link it all together anyways? wouldn’t you need totally separate accounts for each “persona” and only login to those accounts in the correct qube?

  3. lets say you have VPN’s setup on each qube you use. If you use a qube without the VPN connected but you’re not logged into anything from that persona just normal browsing does this still link it back to you? like if you use a VPN each time but then don’t one day for whatever reason is that persona/qube just toast?

  4. If I wanted a qube that I access personal social media or personal accounts should i still use a VPN on this qube or just leave it open. Does using a Qube for personal stuff compromise the system as a whole?

  5. lets say I mess it all up, how do I “reset” my qubes lives. Reinstall everything all new email accounts, all new user accounts for everything, etc?

I’m grasping certain parts of Qubes and other parts I’m struggling with like what the best practice is for everyday real use. If there’s any good writeups or docs on this please let me know. Maybe I just dont understand it fully but it seems like it only take a single slip up to basically destroy all the work, maybe that’s just part of Opsec you dont get to make mistakes.

It depends. If they are both using the same network, it’s unlikely this makes a difference from an outside point of view

Not really, you just need to be careful not mixing them. This also exposes the two mails to be linked in case the qube gets compromised.

It may be possible to someone to associate all your IP if you use their service, including when not using a VPN.

no, if you do something wrong, only the qube is compromised (from a security point of view)

destroy all the qubes and create them again and configure again.

Or make backups that you could restore later if needed :slight_smile:

In addition to the replies, I think you need to define a clear threat model because from what I’ve read, you mix a few things.

It seems you want Qubes OS more for privacy needs than security. The threat model is more complicated, but it also depends if you simply want to have some privacy or if there is a real life threat at stake. In the former case, it’s not a drama if you forgot to connect to your VPN once, while in the latter scenario it may be dangerous.

(I write privacy oriented technical guides for a living :sweat_smile: Don’t hesitate to ask)

1 Like

Appreciate the input, I’ve been learning a lot. You’re correct my threat model is mainly just privacy, I don’t have a target on my head and I’ve never done anything illegal I don’t even drink alcohol lol. I am however a proponent of privacy, freedom, etc. and these rights mean a lot to me and I know if I dont practice those rights I may one day lose them. Not to mention my small business is starting to grow and I also want to have less worries of identity theft and possible financial repercussions from just normal shithead attacks.

However when I set my mind to learn something I’m all in. So even though I don’t have a threat model where if I slip up the black helicopters show up I still want to learn what you would do if that was your model or at least learn what a more sophisticated/best practice use may be. To me it seems if you’re going to take the time to learn Qubes you shouldn’t half bake your everday SOP or why learn qubes in the first place. I’m just trying to be a sponge right now and soak it all in. So far this community has been very helpful seems like a small group of good people.

Making as many qubes as possible into disposables may help depending on the specific circumstances. Browsers would never have a cache or history that needs to be cleaned, except within that session of the browser. Make a mistake, close the browser and restart the VM.

See How does Qubes OS provide privacy?

and Can websites track me across different qubes?

1 Like

thank you for the links, some good reading there. “privacy” certainly seems more complicated then security.