Hello! I am looking for guidance in how best to set up my Qubes. I understand that it's a very personal decision but having a methodology for how to navigate the tradeoffs with an individual's personal philosophy seems prudent.
I believe that it's best to start with different types of threats that Qubes may help you protect against. I am not a security expert, so please forgive the informality of my description here as well as gross errors/omissions. Corrections are very welcome. 1. Malicious software: A user wishes to reduce the harm/access of malicious hardware. Solution: Execute malicious software in a VM only with access to data that the user is willing to risk. 2. Malicious install script: While install scripts are smaller and easier to audit, they are typically run as root. Solution: Install software in standalone VM. Consider that VM compromised from inception. 3. Tracking based on cookies/ad networks: privacy is undermined because your behavior is correlated across seemingly unrelated websites you visit. Solution: Separate VMs (and/or use disposable VMs) for different types of web browsing. Use a search engine that does not track you. 4. Tracking based on IP. Solution: Use Whonix/TOR or a VPN. Use a search engine that does not track you. 5. Theft of data from hardware. Solution: Store in VM without network access. The data may need to be acquired from a VM with network access, but keeping it at rest on a non-network VM is still beneficial. Personally, I find the tracking threats (3 and 4) to be the most challenging to wrap my head around. Ideally, I would want as much traffic as possible going through Whonix. And that which can't may want a different VM for each website visited. While that approach is extreme and onerous both on myself and my machine's precious resources, I find it difficult to determine where to draw the line between caution and convenience. Some questions that might help bring clarity: - Under what circumstances would I want to use a different VM for my email and for my financial accounts? - Under what circumstances would I want to use a different VM for my email and for my shopping? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/kxxA4mSN966MSNrVI8HS5Aau4kkv79CVw0wfJD_2J3QOxFqPpMFWuP18qAJXs_KdT1Q78a3A0DeaW_TJCcZymY-Kk_FbBqiBjMl8Nh366FE%3D%40protonmail.com.