My question was not about the dictionary meaning of words but about what you actually meant. I asked exactly because I haven’t seen such people here, so I wonder how one actively works against privacy (Zuckerberg and the like excluded).
You were already using this concept.
Not really. Being against something is not identical to actively working against it.
This seems a bit like semantics again. I think if a user who is always arguing against privacy, as in someone makes a post suggestion a privacy improvement of some kind, then the other user argues against it. And that user always argues against privacy no matter what, they never say something supportive about privacy improvements. Then that is anti privacy I think. But I know this is also semantics and a bit depending on perspectives.
Could you please show us an example here in the forum? I don’t have one in mind.
Basically, it seems helpful to me when someone questions concepts. Maybe there is something to learn for me? A lack of support is not an indication that someone doesn’t share your goals. They may just doubt your methods and basic assumptions.
And to go a little further down the road of empty hypotheses … just imagine: Someone could make a supposed privacy enhancing proposal that is problematic because it doesn’t take certain implications into account. Or the suggestion is simply useless. As a result, the person questioning it might effectively argue in favour of privacy (whatever that means).
@capsizebacklog will tell you that I am such a person, so you should be
able to see my anti-privacy position in my posts. /s
Here I believe that you have cut to the heart of the matter.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
@capsizebacklog will tell you that I am such a person, so you should be
able to see my anti-privacy position in my posts. /s
I haven’t seen that in your posts. You are rather presenting the whole subject of privacy along the lines of a business deal of expense and profit. This is an attempt to combine two controversial and incompatible concepts - that of social justice and that of social inequality - and because that is impossible, it looks like you are “anti-privacy” (or rather pro-status-quo), although in your heart you are actually not.
Just my observation.
He wrote “/s” for “sarcasm” 
He wrote “/s” for “sarcasm”
I know 
I wasn’t going to say your or anyone else name, i think it’s wrong way to handle it. I think people can see this with their own eyes. If someone can’t see it then there are can be many reasons why not. Some people are very good at reading other people so they go to las vegas to play cards. Some people are great at catching on to scammers while others are completely blind to someone trying to scam them. But I think if we are all open minded we should be able to objectively categorize a post as “arguing against” or “supporting”. And then we can count how many posts are “arguing against” and how many are “supporting”.
But you did identify me as such a person in an unpleasant post.
As with the other thread regarding GitHub, I see nothing constructive in this
thread, so I doubt I will post again.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I think a better measure of commitment to privacy (than forum posts) is contributions to the Qubes project. By this accounting many of us are indebted to @unman for our own privacy. Personally, all of my privacy related enhancements of the basic Qubes install are built on the foundation of either template-mullvad or the debian-12-minimal template. So, with the exception of Whonix, @unman has had a hand in enabling all of my Qubes related privacy measures, and I’m sure I could list more.
I’m all for more privacy out-of-the-box. So how can we channel the OP’s concerns into real contributions? Personally I’m fine with “second class citizen” status as a contributor to the community forum, which more status than I ever had with M$ and their truly anti-privacy OS.
I’m interested if you continue to think that after exploring more old threads and user histories.
I didn’t think you were calling out any specific user.
Feeding back and iterating on this idea until you got something that looked vaguely valid, I suspect would take us quite some time. I’ve never seen anything like this done well.
Your privacy requirements seem to be “whatever I can get”, which fits being contribution-oriented - having a purely emergent privacy design would suit you fine. OP is starting from some concerns and more of a “top-down” view, which requires establishing more common ground upfront, and makes the forum important. Qubes as a project has a bit of both in its history of supporting privacy - e.g. the Whonix integration that solves a cluster of big privacy problems didn’t just happen on one person’s whim. Additionally, I don’t know of an example where Qubes has removed a privacy feature (maybe the onion site should count, or was it only ever experimental?), which looks like a commitment to stability regarding privacy.
Then we have Qubes commitments to:
which is one way to answer “security or security+privacy?” There’s a valid claim of investing continuously in privacy, but it’s not on the same level as security.
How would this mean we get Kloak support, but not GitHub independence, for example? At a glance, there’s better evidence of user interest in Kloak, the issues around it are simpler, there were devs interested in working with it, it’s a much smaller, clearer, self-contained project with few dependencies and a smaller cost+risk footprint, and isn’t a reversal of previous decisions, while staying as-is with GitHub’s not seen as a significant risk (maybe). We haven’t even needed to consider privacy.
Is there any way to get bigger privacy projects done? Disguising them as lots of small projects won’t work - people see the red flag when they ask why a small change is needed and your answer covers several pages. Clearly something happened with Whonix, so I’d go and look at the history there. My guess would be that the core team already had more direct awareness and interest, and it was credible from the start that users would opt in. Don’t expect to persuade the dev team to adopt an ideology or to chase hypothetical new users.
As with the other thread regarding GitHub, I see nothing constructive in this
thread, so I doubt I will post again.
What about ignoring actual solutions?
Example:
Problem:
CloudFlare - decrypts all traffic (“security only”) + fingerprints users (privacy). Confirmed that points about that were valid.
Solution:
Takes a few clicks to remove it from qubes-os.org.
Result:
No action.
That is all from that other thread.
I couldn’t agree more and I think this question is an important one.
Fair enough, although I’d characterize my privacy strategy as simply pragmatic given the current landscape. I do think we can do better. The only examples of a successful/sustainable, top-down, privacy focused OS that I can think of are Tails and Whonix, but these are more narrowly focused on anonymity. Qubes at least offers a decent foundation for privacy with the flexibility to offer emergent, community driven, solutions. I’d argue that we need a more efficient mechanism to bubble up community contributions to privacy and a top-down mechanism to implement such improvements without undue burden on the project’s resources (iow, protect the commitments we already have).
I’d like to see some evidence for that second claim.
Is action needed? Qubes offers an onion address for the web site, where
no JS is needed, and you can dispense with CSS.
So privacy focussed users will use that, while others can use www.qubes-os.org
with whatever browser configuration they wish, including no JS and no CSS.
Once again, this is an example where Qubes already addresses what you see
as an issue and attempts to provide a solution.
I really am out now.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I can confirm that CloudFlare is used only as a DNS provider. The CDN feature is entirely disabled. If you query host www.qubes-os.org, you will see that it is just an alias for qubesos.github.io. That is why HSTS is not available for https://www.qubes-os.org. Serving of the pages are down entirely via Github pages.
The same applies for forum.
If I understand this issue being a worry, that a third-party might be intercepting these messages to either modify them or analyze the texts being posted on non-public boards, the concept of distrusting the infrastructure is still relevant: for example, one could send each message as PGP-signed or PGP-encrypted, so as to prevent involuntary modifications and putting malicious words into one’s mouth, or allow only certain recipients decrypt it.
I think that’s basically true, but I can see why people find the extent of coupling/exposure to GitHub disappointing/offputting given everything else that is done - any community driven solutions inherit these limitations before they begin. I’ve not seen any initiative say that it’s avoided Qubes for that reason, but the number of productive, experienced people I know who’d see this as one compromise too far means I’d support a more proactive approach and upfront commitment, even if progress increments are very small and slow. I imagine the team’s had a similar experience, and the decision to stick with things as they are is a balanced one, but it’s still good to see users expressing the disappointment, asking for more information, and exploring - I get a pretty big confidence boost in the project when I see this handled well (openness, restrained frustration, no pettiness or getting butt hurt). It’s not great when that turns up volumes of misinformation and noise ofc, but big picture…
I’d like to see some evidence for that second claim.
First, I’d like to see some evidence that the first one is actually addressed. I have already answered enough trick questions in other threads and mine actual questions remain unanswered.
Is action needed?
You tell me. If all the traffic is decrypted, is that “security only” or “securing the endpoints”?
Qubes offers an onion address for the web site, where
no JS is needed, and you can dispense with CSS.
What has JS or CSS to do with HTTP and TLS fingerprinting?
So privacy focussed users will use that, while others can use www.qubes-os.org
with whatever browser configuration they wish, including no JS and no CSS.Once again, this is an example where Qubes already addresses what you see
as an issue and attempts to provide a solution.
This “solution” really says that only Tor users are guaranteed to read authentic documentation. Others go through a MITM.
A visitor may not even know what Tor or onion means, or there may be other valid reasons he may not be able to use Tor.
I really am out now.
What happened to “I’d like to see more evidence”?
I can confirm that CloudFlare is used only as a DNS provider. The CDN feature is entirely disabled. If you query
host www.qubes-os.org, you will see that it is just an alias forqubesos.github.io. That is why HSTS is not available forhttps://www.qubes-os.org. Serving of the pages are down entirely via Github pages.
user@host:~ > nslookup qubes-os.org
...
Non-authoritative answer:
Name: qubes-os.org
Address: 104.21.64.1
Name: qubes-os.org
Address: 2606:4700:3030::6815:7001
user@host:~ > whois 104.21.112.1 | grep Organization
Organization: Cloudflare, Inc. (CLOUD14)
To my non-expert mind, this means that whenever one connects to qubes-os.org, one connects to a CloudFlare-owned IP address, not to GitHub Pages (Microsoft) one.
The same applies for forum.
No. The forum does not go through CF:
Non-authoritative answer:
Name: forum.qubes-os.org
Address: 116.203.143.55