1) qubes is a system for security and isolation. But when you install, you have no encryption options. distros thinks that if a user wants some strong crypto thing, they must research themselves and do all manually. We dont even find nothing about qubes encryption in docs. That is wrong. First thing we must do out-of-the-box is to offer strong full disk encryption, like veracrypt ones, with options, iteractions, etc., and inform the user about that. Even tails for just a live browser with storage capability does that. Even distros like PARTED MAGIC for managing partitions now come with veracrypt installed as default in live-cds. To me, Qubes is neglecting what the user wants to read and do in encryption aspects.
I usually use mint strong encryption. But even that i must do manually. Imagine ALL users trying to do this on their own. They wont. i use appendix A configs from links below, much stronger. https://community.linuxmint.com/tutorial/view/2026 (bios) https://community.linuxmint.com/tutorial/view/2061 (uefi) 2) Qubes face 2 problems nowadays for engaging new users with real security. a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for people that has WINDOWS and GAMES also, a good GPU, and wont waste their machine on a UNIQUE linux system at least without dual boot. b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, network, etc, and people are suspicious amd too. But most consumers are from nvidia. nvidia now spy on hardware level. Does not matter the system security. The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end computers can use windows for what they need and even play games. Plus, if you do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 monitors, it can change the vga adapter from 1 to other to use windows after starting the vm. that would be perfect. So we give a finger to nvidia and the drivers problems they cause, and we isolate their spying inside windows vm, plus eliminating the need for a dual boot and for everyone not using their gaming gpus. So, XEN is not good for that? consider passing to KVM. - To create a real secure isolation OS, it`s primal to ensure best disk encryption avaliable, with CHOICE for speed/security, eliminate the windows host multi boot needs, and make good use and usability for windows and gpus. You will reach that when you direct the efforts to adapting the system for what the global user WANTS AND NEEDS, and not adapting the user to the system that 1 person in 1 chair dream for its personal needs. Ubuntu did not follow this lesson with their unity thing and they paid the price. 3) Consider offering PFSENSE as optional firewall vm installed out of the box. It`s very hard and time consuming to do that inside qubes system without studying all, for managing internal ip structure etc. It is the most perfect firewall for use inside a VM, qubes is a system for VMs, and i did use it even inside windows in virtualbox. But i was in WINDOWS, and that means, no real security at all. I would like also to give 2 more suggestions for people to considerate, concerning whonix, since patrick is a developer here: 4) People need a pop-up window to explain them to NEVER use an existing normal vm trough the whonix proxy vm, just NEW ONES. Because they have already fingerprints, identifiers, browser behavior, browser plugins identification, aplication updates, specially in windows. If they connect that with once used real wan IP, game over for anonymity. 5) i will use this post to state that tor behaves differently to connect in windows tor browser, or linux tor browser, compared to whonix, and i dont know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get this behavior for almost 2 years, and i dont have the expertize to know why. after some googling, i saw i am not the only one getting different special routes in tor using whonix. Sorry for my bad english, is not my main language, i hope people can understand what i wrote. And forgive me if i wrote stupid things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8efb8d91-de6b-4a6d-b215-65bca333a81f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.