I wouldn’t describe it as a smoking gun. I am not the one who has been building and hyping that up. I made one comment about that in another topic and unman became obsessed about it and has been pressing me about that even since repeatedly.
It probably was that post yes and I couldn’t find it because I was searching for loud minority instead of “vocal small number”.
Good job renehoj!
Well, if this thread teaches people that glib throwaway remarks can be expensive, then, uh, it’s been worthwhile?
- HTTPS masquerading can happen when an onion service redirects to a clearnet website that uses HTTPS, and that is most certainly a privacy concern, which is why I do not want anyone using my onion address to log into the forum!
How does this work?
- I have had SourceHut up for a month now, and I have received ZERO contributions from “the community”
Where has it been announced that you have done that and that anyone should contribute through that channel? I am subscribed to the RSS and to both mailing lists, as well as to the thread where I suggested SH, yet I have not received any news about it. I don’t see it here either.
- I have received quite a lot of spam about all sorts of types of porn and crypto, though…
“The Internet is really really great…”
- The “Unofficial” Qubes OS Forum onion address has been up for the same amount of time, and has received a view hits, but some people were stupid enough to log in
No announcement.
Security is the ability to determine what your computer does and what it doesn’t do, as opposed to a third party.
That is transparency and being in control.
Privacy is the ability to reveal information to a third party on your own terms, should you even wish to reveal it at all.
That’s rather data confidentiality. Privacy is more about individual’s personal matters rather than information in general.
They are both functions of control over your machine, which Qubes OS provides through compartmentalisation. One does not necessarily imply the other, but they are most certainly not mutually-exclusive.
That doesn’t remove the privacy issues with the community platforms used by the project.
People are more likely to retain things they’ve built themselves over something they just “acquired”, and privacy is no different.
If that was true, Zuckerberg and the like would not be making billions from what they acquire for free.
I have Qubes OS installations on my employees work machines that not only tell me everything that employees do, but also give me the ability to issue remote salt commands to them. Why? Because they’re MY machines, not theirs, which I think is fair.
Sounds serious. If that is possible, and assuming dom0 has no networking, it raises the logical question - how does this work and can a remote person control anyone’s machine running Qubes OS?
Maybe a good slogan would be:
Qubes OS. WIth security through compartmentalisation, your operating system allows your computer to be what you want it to be.
Unless your employer wants something else 
This feels like a debate that only lead to division.
Qubes is on its own not very secure or private, it can be designed to be, and since the customization possibilities are almost endless. It therefore can be made into a secure and private system and its one of the best systems out there. Not just for privacy and security but across the board. I love it and i will probably use it over the next decade.
Security improves privacy and privacy enhances security, they go together.
Maybe we could put our heads together and unite and discover how to improve and stop arguing in between ourselves, unite and fight the real problem as one.
Yes I’ve learned that it’s best to be on the cautious side and quote as often as possible. I didn’t think it seemed necessary when I originally wrote that comment because I didn’t think it was a huge deal or big news. But from now on better be on the cautious side. A lot of time was wasted for a simple mistake of remember the phrase as “loud minority” instead of the actual “vocal small number”. It has the same meaning but made it more difficult to search for the post and I can imagine in this case it was also more difficult for Unman to remember he said that because the words used were different even though it has the same meaning.
I realize now a bit too late that this is something an AI would have been great for. An AI could easily have found the post if I told the AI to find a post by unman where he says loud minority. AI is great at finding words that mean the same thing.
But I hope this isn’t the only thing you learned from this topic. It was just at the recent few posts it became a lot of focus on that.
If you’ve got your answer that Qubes doesn’t prioritize all the privacy goals you’re interested in, are there any communities where you’ve had a good experience and that could be of interest to others here?
I’m taking a break from my duties on behalf of the deep state, to
catch up on this thread.
It’s not really a smoking gun at all, is it? It’s like a musket from the
museum that hasn’t been fired in 500 years.
If you read the post, yes, it’s glib, but it states an unavoidable
truth. When people talk about the opinions of the “user base”, then
actually they are talking about not even Forum users, but the
vocal users in the Forum. That’s a very small number compared to the
estimated 60,000 user base. I’ve pointed this out on a number of
occasions and it’s always worth bearing in mind, whatever the subject.
Anyone who reads just two posts on from the quote that @renehoj
linked, finds:
In my first post to this thread, I said:
I don’t find this to be unclear, and I don’t see anything there that
warrants the name calling, or spreading of FUD, that can be seen in this
thread.
It seems after all that most contributors to this thread agree that Qubes
provides both security and privacy, (if users want that), but there are
differences of opinion about provision of some services.
There is, of course, ongoing development of tools that can be used to
enhance anonymity, and privacy, both in and outwith Qubes core.
Contributions are welcome, in GitHub and not. In this regard, it’s
worth reading the docs on contributing.
I shall now return to my main task of undermining Qubes, and bringing
about the birth of the New World Order,(and perhaps breaking formatting
of this post).
Like I’ve said before, I think qubes os community is better than all other I’ve been in. The problem all communities have are the infliltrating deep state. They try to make it hostile and unwelcome to users who want strong enough privacy against mass surveillance. They think of people like me as a virus, they don’t want me to “infect” others by motivating for things like .onion support and protection against mouse movement fingerprinting and censorship resistance. They want people to be happy with just a little bit of privacy enough to protect against 3rd party trackers in ads.
I think most can agree that it’s very clear my goal was not to point fingers at anyone. This happened just in the last 1-2 pages because Unman kept pushing me to do that.
Part of the goal was to teach you how to detect deep state behavior on your own without pointing fingers at anyone. The other goal was if we can come to an agreement if qubes os is about security or security and privacy.
It seems like we maybe have been successful in the end and agreed it is about privacy and security:
So in conclusion, I think although there was some rough stormy waters, we had a good productive ending in the end. That is at least my opinion.
Like two peas in a pod 
I can’t unsee this now.
I’m sure the point about vocal forum users being a tiny proportion of total users has to be masking other points - it makes no sense to me by itself, because engaged users who only make verbal contributions are a tiny proportion of total users with any widely-used product, but their opinions are still usually a priority for strategy and marketing, commercial or not, even at a similarly low scale. If there are (roughly) 5-10 established users here talking in some depth about the same theme, then other projects of a similar size would see that as a usable indicator, which is basically where I started with this. Pretty much every idea is going to start with such a usable indicator, well before support for it becomes representative.
So what’s going on? Assuming security-focused users are a lot less likely to give feedback? Apparent correlations between users wanting certain features and users making irrational/harmful statements? Something about the forum design that means having fragments of the community developing ideas here doesn’t work well? I could respect any of these even if they don’t reflect a concrete team position - it would just be good to know where the pushback is actually coming from.
You cannot “trust” people. You can verify the code. If you try to substitute one kind of trust with another (code with “people”, those two are just homonymous, not anything more) you get confused and possibly screwed.
@capsizebacklog please stop the deep state nonsense. If you or anyone has a problem with someone else, please addess it privately, with respect (ideally with the moderators).
This is a forum about Qubes not lunar theories.
I’ll probably be doing a bit of cleanup on this thread. It is truly a dumpster fire. The kind that makes a commuity rot and sows internal division.
If you or anyone else has a problem with this, please send your spam directly to moderators and do NOT further pollute this thead.
But how good do they verify each others contributions within the qubes team? It sounds like they do it very good against contributions from outside the qubes team but what about inside? The reason I have doubts is because I’ve seen a few posts that raise doubts, and because I have learned my lesson I will quote a coupe here.
Therefore, trust is still important even in an open source project. But there are two different types of trust. First is the trust the end users have in the devs, this should be as high trust as possible. The second type of trust is how much the devs trust each other. I think it is probably good if the devs don’t trust each other because that motivates them to more seriously verify each others code. And as explained in this topic, it’s not only about code but also about the direction of the project, what the priorities are what the priorities aren’t. That is one of the biggest points of this topic from the beginning, that the community doesn’t find it clear if qubes os is security or security and privacy.
Thanks to this topic it seems like we have finally agreed on that it’s security and privacy. This is important and I hope everyone can see how successful and valuable this topic as been.
Related on the interpretation of What about privacy in non-Whonix qubes?
Moderation note
I have given this poster a symbolic very short suspension: you can attack ideas but no people.
Criticism needs to be constructive and well reasoned. The dreck in this thread will no longer be tolerated.
Update upon further review:
The user has been suspended indefinitely.
The rest of this thread seems to be a profound inability to grasp the meaning of distrusted infrastructure.
@nokke is right: user’s (including @unman) cannot delete posts unless it’s a new topic and there haven’t been any replies. All edits are tracked in a publicly accessible history. Moderators can delete posts but will only do so in narrow circumstance (illegal content, leaked identities).
Going forward any posts in this thread violating the CoC, like attacking the personalities of forum members or containing off-topic drivel about deep state, “the people”, etc. will lead to an immediate 48 hour suspension and permanent suspension on repeat.
Binary choices are misguided in most contexts and especially when it comes to security and privacy. There is no such thing as absolute security or privacy. The key questions are ALWAYS:
Simple / obvious examples are:
When I started out on this journey 10+ years ago I too was confused about the security / privacy question and it was the patient and consistent guidance and help from members like @adw and @unman and many others as well as the excellent FAQs of the Whonix website and forum (@adrelanos et al) that helped me appreciate the complexity of the field.
There have also been many threads about GitHub, the website, TOR, VPNs (!!!) etc. What many casual readers like the OP and new / unexperienced users see as “anti-privacy” is the opposite. It’s a more disillusioned, more matured view: engaging in discussions of “this is better than that” in fact are HARMFUL, because they run the danger of placing trust in things that cannot be verified and therefore should not be trusted. The position of the project (as I understand it) is to mistrust any and all infrastructure and find ways of eliminating the need to trust.
Which brings us to the root of trust. Qubes OS is designed in a way to minimize the need to trust to a few key ingredients:
In theory even that doesn’t require trust, since both are open source projects and their code can be audited. However in practice even highly qualified persons will find it challenging to audit the entire project and then keep auditing any and all commits thereafter. So yes, in practice one has to place a certain trust into the contributors of these projects. That’s not perfect, but for many contexts and circumstances it is reasonable (compared to the available alternatives). If your thread model is such that the above is an unacceptable risk, then Qubes OS is not for you.
One more comment about the other off-topic notions in this thread: this is the Qubes-OS forum and it’s purpose is to help others understand how Qubes-OS works and provide a community of engaged helpful members to educate and support each other. This needs to happen without politics and activism, because those things by definition split the community. We want everyone who wants to participate here to feel welcome and comfortable to do so regardless of what opinions and positions they otherwise have. If that is too difficult for some, then again this forum and community is not for them then. The internet is large and everyone can find countless places outside this forum to spread their believes and preferences.