Should I use Qubes?

Hi everyone,

I’m just an average person with no clear threats, but I am looking to avoid government surveillance, censorship in my country, and the data collection practices of companies like Google (i.e., “de-googling”). I’m looking to strike a balance between anonymity and privacy, but being as secure as possible just in case so I don’t have to worry about getting infected whit malicious downloads or USBs and my passwords or finances being stolen.

That being said, I recently discovered Qubes OS and have been learning more about it. I like the fact that each process runs its own VM, making it difficult for an adversary to infect the entire system. I found interesting in the Qubes + Whonix setup for web browsing. The thing is that I’ve heard some people say that this OS can significantly slow down your experience. So, my question is: do you think Qubes is really necessary for my needs? Or would a simpler Linux distribution with compartmentalization be enough? If so, what would you recommend?

For simple web browsing (e.g., YouTube, Reddit, Twitter, etc.), I plan on using proxies: https://github.com/mendel5/alternative-front-ends. Can you also recommend a browser and search engine that would align with my goal of balancing anonymity and privacy, while being as secure as possible? Please provide links to resources.

Thank you all

1 Like

I don’t think this is true.

It takes time to start a qube, but once the qube is running it’s not slower than use traditional Linux, and it’s possible to offset the qube startup time by preloading the qubes you use often.

2 Likes

Kind of true.
If one uses laptop with CPU that is not recent Intel 11-12Gen then it’s quite possible that even Youtube will be quite laggy playing basic 1080p@60fps videos. In Kubuntu it will work flawlessly even in 5 players simultaneously due to hardware acceleration that is not available to qubes in Qubes OS.

Other stuff is about twice slower to my estimation, that is not a lot.

Qubes OS has several advantages over GNU/Linux for average users:

  1. It can run applications completely offline (like in some offline vault qube). The other way to see it - you can store data offline, no application is able to send it anywhere because the whole qube is offline.
  2. Applications are limited in sharing files, clipboard and anything else, you can separate them better.
  3. Qubes OS allows the easiest way to make chains of VPNs and even Tor. It’s not possible on GNU/Linux.

Everything else is the same (except security, of course) as in GNU/Linux.
And a lot of things in Qubes OS are worse or not working at all compared to GNU/Linux (like VirtualBox).

Long story short, if you completely do not need all of these 3 advantages and you are not too much concerned about security - you do not need Qubes OS.
Otherwise, welcome aboard!

2 Likes

Another point for KDE folks.

If you like KDE and like KDE/Qt-related application (dolphin, kate, gwenview, okteta, qbittorrent and etc) and do not like Gnome and its applications (due to the lack of features or ugly look) - be prepared that you will have to work on Qubes OS a lot to make it decent.

Qubes OS has XFCE desktop environment (in dom0) which is way less functional than KDE, and it has Gnome applications in default templates. So, no dolphin but nautilus, no gwenview but some kind of alternative from gnome and etc.
To make KDE work in default fedora template you have to be an advanced user or follow some third-party guides.

Not so in my experience.
I dont have reports of laggy YouTube even on x230 - there can be
issues over Tor but that’s a separate issue.
Nor do I see “other stuff” (what?) running “twice slower”, although
perhaps I dont understand what you mean by this. Do you mean that music
players run at half speed? That editing is half the speed?
Even 10 year old CPU provide a reasonable Qubes experience, and once
qubes are started there’s minimal slow down in ordinary use (in my
experience).

These judgements will depend on what applications you are
running, and how you manage your qubes.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

I have used Qubes OS on my X230, X270, T480 and 12th gen workstation, and they are all able to play YouTube video without any issues.

I don’t think there is much difference between using Firefox on my X230 and my 12900K, but the 12th CPU with NVMe drives will start Firefox twice as fast as the X230.

2 Likes

14 posts were split to a new topic: HD video playback on Qubes OS / older computers

It’s just barely possible the OP was alluding to whonix running slower. (They said OS, they didn’t say which one and from the context it could have been either.)

Whonix does run slower, when browsing, at least for me.

So I’ll point out that you can use Qubes without whonix if desired.

As for regular Debian qubes running in Qubes OS, I’ve found them responsive enough (even on my cranky old laptop) once they have started up.

One thing about QubesOS is that it is very, very flexible. If you don’t like the setup provided by the install (for example, you need a few more domains, or one or two of the ones it came with are superfluous) you can create them, or delete them as appropriate. It’s really meant to be an example that would work for most people, not The Way You Should Use Qubes.

Another example: You can also clone templates, and install some software just on one copy of the template. (So if one of your appvms is based on that template, it sees that software but no other appvm based on the other template will be able to run it. If you do enough of this customization, your work qube cannot do everything your personal qube can do, or vice versa. This makes it harder for you to do the wrong thing on a qube.)

1 Like

We’ve moved very much off topic.

@Nulaxz - you’ll have gathered that opinions vary considerably depending
on what applications you want to run, and how you want to use them.
From what you say, I doubt that you will have issues with Qubes
performance.

Is Qubes what you need? You’ll have to make that judgement.
I don’t think you will find another distribution that provides the level
of compartmentalisation out of the box that you will find in Qubes.
Qubes-Whonix should provide the balance of security and privacy that
you are looking for. Qubes also makes it easy for you to experiment with
different front ends and different proxies without risk.

Give it a try - if it doesn’t suit, you can install something else.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes

I was on the same path as you several years ago. Switched from Mac to Linux ThinkPad X230 + Debian + Whonix, then accidentally found Qubes OS. At first things appeared complicated. But in time, the things you can do with compartmentalization are mind blowing. It has been two years on Qubes and counting - I can’t see myself using anything else now.

YouTube - Try “FreeTube” or Brave browser for better performance.

3 Likes

Agreed about the “mindblowing” factor!

By now I wonder if other qubes users would even recognize my system.

Almost everything I do now is on a disposable, which should be close to bombproof from a security standpoint.

1 Like

I co-sign that.

I have used various intel processors and amd processors on equivalent hardware. I have the understanding that amd performance is considerably superior. Unfortunately I cannot give a solid reasoning on this. Maybe due to the performance implications of spectre mitigations caused intel to slow down. I had to switch to amd just because of that. And even on plain linux distributions, I mean even without Xen, that kind of slow down is still present, unless those mitigations are disabled.

However after migrating to amd, Qubes was way faster, that includes playing hi-res youtube videos and so on.

Therefore one can reach a conclusion that judging Qubes performance by Intel experience would mislead oneself.

Split the HD Youtube playback related posts into their own thread.

Buy a House under a Trust not in your name with all mail going to a Commercial Mailing Address and all cards masked with [company].

Swap to Qubes. Anything is better than Windows.

I switched to Qubes OS to increase security and privacy. It was a ump in the dark. After year, I discovered that Qubes OS is very usable as a daily driver, and incredibly flexible and useful. I can separate work and personal files. I can run separate VPN connections for work, for personal and for untrusted. I can test software with Qubes/VMs and then delete these Qubes. Learning how to use Qubes OS was worth my time and effort.

1 Like

I even installed it on my laptop. It’s a bit slow there (it’s a Librem 13) but I feel much safer.

Since my e-mail client is on a virtual machine, I can even move it from my desktop to my laptop and back again (using backup and restore). [Of course I need a thunderbird template on each actual computer, but that’s trivial. I made sure to name them the same so the Email AppVM could just drop into place.] This is good because when traveling I no longer have to use webmail then end up with my replies never getting into my client.

That’s a MAJOR increase in convenience that all by itself more than makes up for the fact that Qubes does slow one’s workflow a little bit.