Tear apart my rookie qubes set up (OPSEC)

Hey Qubes Community,

I’m very excited to share my first qubes set up with y’all. I’m not very techy have never used Linux and this took a lot of research and work to put together but I finally have the first draft rough set up I was planning! These have all been actually created this isn’t just a plan.

Device: Lenovo thinkpad e15 gen3 40gb ram ddr4 1tb hdd nvme running bare metal w Logitech mx mouse

This took me roughly 40 hrs and a week and half to put together. I’ve used qubes forums trouble shooting with chat gpt and grok when there wasn’t any guides.

IMPORTANT TO NOTE MY GOALS

Extreme privacy but also solid functionality / usability. Easiest system for a beginner with my needs and apps

Ideally I would like as much routed over TOR as possible other than when it breaks apps or makes things unbelievably slow or when not really necessary to use a kill switch vpn cube like I have set up w firewall blocking any non vpn traffic.

I also would like as many apps as possible to safely be updated on their own which is why I started to install some more things to templates. If the template is offline idk if it’s necessary to make clone templates for only few apps. I don’t have that many. I want stability and functionality which is why I prefer Debian if possible for less breakage unless much better on fedora or whonix. If a clone template would be good for some of these pls recommend it. Wasn’t sure how to choose minimal templates or download them as I don’t see them in drop down.

ROOKIE QUBES SETUP

1. Messaging Qube (AppVM) (sys-vpn) (sys-whonix would be awesome if easy for a beginner to pull off without crazy coding and set up)

• Purpose: Secure communications

• Apps: Signal, Telegram

• Template: Debian

2. Crypto-Tor Qube (AppVM) (sys-whonix)

• Purpose: On-Tor crypto tools

• Apps: Electrum (comes installed w whonix WS template), Feather Wallet (whonix appimage installed to the appvm- would it be better in template for auto updates and persistence?) noticed having signal and telegram installed into appvm instead of Debian template was quickly not the way to go. Best to use flatpak for whonix feather install?

best to make standalone for this whole qube?

Want to use my ledger wallet as offline crypto storage and these as my hot wallets to send and receive securely with my ledger to confirm transactions

• Template: Whonix

3. Password-VPN Qube (StandaloneVM)

• Purpose: Bitwarden

• Apps: Bitwarden (Flatpak for auto installs- should flatpak be installed into template and download Bitwarden on template and use as appvm for auto updates?

• Template: Debian

4. Sys-Print Qube (Standalone) sys: n/a

• Purpose: Secure printing

• template - fedora

• Driver: Rollo thermal driver from list of drivers to choose only worked not the install one for some reason

5. Crypto-VPN Qube (StandaloneVM) (sys-vpn)

• Purpose: Hardware wallets over VPN temporarily until switching over fully using ledger with electrum and feather. Any other apps that accept everything and go smooth over tor would be great but starting with these since BTC and XMR are main coins everyone uses.

**Also for wallet update downloads

• Apps: Ledger Live (AppImage), Trezor Suite (App image and Flatpak)

• Template: Debian standalone (was told by AI ledger or trezor shouldn’t be downloaded to template)

• Notes:

• got ledger nano s plus working but trezor model t refused to work. Also didn’t think it was smart to use the work around qubes forum guide to install trezord and website launching scripts it looked like inside of sys-vpn. I will be strictly using ledger probably even tho trezor is open source. Or if you recommend trezor for singing transactions and cold storage from my future electrum and feather wallets pls let me know.

6. Sys-VPN (Standalone VM) (sys-firewall)

• Purpose: Main VPN tunnel (Mullvad)

• notes* used @solene guide thx once again. More notes at bottom on beginner pitfalls to watch out for. TURN ON NETWORK MGR IN SERVICES AND use sudo nano to write her code in terminal

• Template: Fedora

7. Vault Qube (n/a netvm)

-Template: fedora

• Purpose: Offline password storage (KeePassXC)

• Apps: KeePassXC, Kleopatra should it be stored in here? Does it matter since usually just used for PGP… I installed on whonix template and Debian template so far. Prob will install on fedora so it can be used here if best for it.

8. Torrent Qube (AppVM) (sys-vpn)

Is Appvm best here or is disposable if I was maybe gonna install movies etc onto my 2tb Lacie hdd. Also need enough room for backup of Qubes but idk if you can do both on same drive. Or should I just install the movies onto the media tab? I have a lot of storage in this device. 1tb hdd nvme

• Apps: qBittorrent installed directly onto my fedora template for auto updates

• vm Template: Fedora

9. Media Playback Qube (AppVM) (netvm n/a)

• Purpose: Play media from HDD or install into here to playback media safely

• Apps: VLC/MPV

• Note: Keep no network to avoid spread of malware from files opened

General questions

Any way to have 2 monitors connect and to extend the display not just mirror the laptop screen? Have two sceptre monitors

• what storage size should each of these cubes be?

-Where best for kleopatra to be installed? Should I take out of Debian and who is template install and put into fedora template so it’s on vault and auto updated?

• Standalone VMs update independently. Any way to make underlying os updated automatically without having to go in each one terminal and update
• Why is all video and audio slow motion and choppy running off my vpn in other appvm or dVMs?

Backup Strategy?

• Use Qubes built-in Backup tool to external SSD? What’s cheapest best way? Want it fully encrypted like my bare metal qubes is.

I have a Lacie 2tb hdd but maybe I should get an ssd drive? Any recs for how best to backup. Wanted to use the Lacie to download torrent files onto to play movies etc idk if both can be used

VPN notes

• @solene thank you for your vpn guide my vpn cube is routed over it. I would only say for beginners it’d be good to note sudo nano to write the script to make terminal rules and most importantly that the network manager MUST BE ADDED TO the services tab in settings. I kept getting my VPN set up and running but no other downstream cubes network traffic would work before I finally figured that out. It took days haha

The “Disadvantages include:” section for Telegram is too numerous to quote.

Instead of vaguely stating extreme privacy or secure communications as a goal or purpose, define a clear threat model instead so I can slowly but accurately tear apart your setup as requested.

I agree about telegram not being a secure communication. Originally I had ai help me format my notes. I understand its pitfalls and no e2e encryption.

I’m using it since people chat thru these platforms with me still sometimes although less and less on telegram. Is there a common threat model chart?

I just like freedom and privacy. I’d say my threat model is low to medium to be honest.

No, everyone has different threat models.

That statement bears no explicit meaning or significance.

Perhaps use one of the more likely private email providers to communicate with others, an email you might connect with Tor, or VPN, or combination.

One view is, how secure what you say to others, is only as private as the security of the other person. What level of Security do they practice.

Instead of saying it bears no meaning without any explanation maybe provide an example of how you may explain threat model.

Probably best I can do is route people to use more signal and other more secure platforms when it calls for it.

@Atrate
Love privacy guides been looking at their material for around 5 years now here and there. I need to look over this once again. Think I read years ago. Thank you for contributing to the conversation.

To be brief, define your assets worth protecting, your adversaries, their capabilities/resources/toolkit, then the cost required for you to achieve sufficient security.

Hi @stonehedge

Welcome

Seems like you already did some great work!

" It is very strange to see Telegram in this list…"

Some more background information about why Telegram is insecure:

Telegram is not end-to-end encrypted by default, which allows the Telegram server to see all of your messages unless you use a “Secret Chat”. Telegram uses custom, unaudited encryption, and the first version of MTProto had severe security issues, although these were fixed with MTProto 2.0. However, Telegram still uses strange cryptographic primitives, such as AES-IGE, for “performance”, although they use it in a way that they aren’t affected by its known security issues. Telegram has also been criticised by well-known cryptographers, such as Moxie Marlinspike, Matthew Green and Filippo Valsorda.

Telegram has held crypto cracking contests, but these were rigged. Although the clients are open source, the server is not, so self-hosting is not a possibility. The creators of Telegram have also spread unfounded misinformation about competing apps before.

Telegram, along with most other messengers, leak significant metadata about your messages, even if the message itself was end-to-end encrypted.

Except from: Messengers | Madaidan's Insecurities

Once again ai had listed the purpose as secure messenger. I understand fully that telegram is not a secure messenger and would much rather use signal to acheive solid e2ee. I don’t know if anyone i know could or would be willing to set up any other secure messenger as easily as signal which is why I have that as my front runner to talk with others on at the moment.

It’s good since it’s popular enough there’s a big enough user base there for it to make sense for me to use.

Thank you for your contribution. If any of the rest of the setup you have any constructive criticism for I would appreciate it.

want to protect my communications, freedom, and crypto at highest priority. Govt agencies and hackers are adversaries. these other qubes are mostly for fun or it seems like they can only easily be used with a vpn to update the wallets with their software on their company platforms or torrenting etc. Below is more in depth understanding and reasoning why.

i would like to use signal ideally over tor if it doesnt break it because of its e2ee, easy for others to use and set up to communicate with me and large user base, i need to do more research but would also like to use PGP when needed emailing etc. if you have a website or way to practice PGP I’ll take it.

and my crypto id like to use ideally trezor model t since open source (also have ledger nano s plus which is set up and works fine so far-for ease of use was thinking of using this maybe since it’s working with no adjustments or weird sys-usb set up) and use it with electrum and feather routed over tor when in use. Issue with connecting Trezor on qubes so saw on Whonix website maybe I’ll have to create a separate sys-vpn to be able to put in the trezord commands found on this forum. This is to be able to keep my assets offline on hard wallet when not in use. When in use to send or check received.

should kleopatra be in vault only or doesn’t matter btw

Also am i doxxing myself by posting my set up? does that give a fingerprint away of qubes so to speak? i understand dom0 is offline and the vms are all separate computers but also a concern. trying to help other beginners here and learn myself in process but don’t want to endanger myself. thx

Hi @stonehedge,

I was going to watch your thread, and pick up wisdom from those wiser than me, but for this question:

Whatever Telegram (or Signal ) might do with your messages, there is also the possibility that their apps might be able to learn details of each other - if you have a single “Messaging” qube.

I see your first message and it shouts to me: “2 qubes for Signal and Telegram”, to decrease the risk of information leak between them.

Of course, maybe for you it is not a problem… and it is also necessary to beware of two un-named adversaries:

• Mistakes of the user
• Too much complexity

Keeping it simple is a big defence against these two.

I go back to watching now.