I find it useful in any discussion of hardening, to first recap the fundamentals of Qubes OS usage as I see them:
- assume that online qubes WILL get compromised
- compartmentalize your online activities accordingly (disposables where possible, everything that needs state/login into dedicated qubes: banking, medical…) so WHEN the compromise happens the data exposed is as limited as possible
- ALWAYS edit / view ANY file in an offline disposable
- have equally compartmentalized offline storage qubes in which you NEVER edit/view ANYTHING
- if there is a qube that holds data and needs to be online at the same time (e.g. dev qube with github) use firewall rules and compartmentalization to minimize exposure or if you can implement a “split” solution like split-gpg, split-git or split-email
Looking at the above, I am not sure how much I care about hardening in a “bang for the buck” kind of way. Yes, all of the above rests on the assumption that the attacker doesn’t have a XEN/Qubes OS zero-day. I am comfortable with that. If that residual risk is too high for your scenario you probably shouldn’t rely on an internet-connected computer at all.
I am confident I can explain the above rules to pretty much anyone by asking them to imagine each qube as a separate computer (including the disposables as one-time-use computers). Most people will be able to grasp and apply this model.
About the browser: I Brave with the “shield” set to not allow scripts or cookies by default as well as tracking and fingerprint prevention cranked to the max. That’s 4 toggles set once. Again, I am confident I can explain that to everyone. I use this even in my disposables. Now if I arrive at a site that’s not working, very few clicks (on the shield) are needed to make it work. It’s just enough of a hurdle to make me remember:
- am I in a disposable?
- can I do this in a disposable, instead?
- what will be exposed if this is a bad decision?
I am not arguing that hardening is always futile or unnecessary, but I am convinced that using Qubes OS in the first place improves the situation already very much.