On Fri, Jul 10, 2020 at 01:27:04PM +0000, 'qubesanon' via qubes-users wrote: > Hello! I am looking for guidance in how best to set up my Qubes. I understand > that it's a very personal decision but having a methodology for how to > navigate the tradeoffs with an individual's personal philosophy seems prudent. > > I believe that it's best to start with different types of threats that Qubes > may help you protect against. I am not a security expert, so please forgive > the informality of my description here as well as gross errors/omissions. > Corrections are very welcome. > > 1. Malicious software: A user wishes to reduce the harm/access of malicious > hardware. > Solution: Execute malicious software in a VM only with access to data that > the user is willing to risk. > > 2. Malicious install script: While install scripts are smaller and easier to > audit, they are typically run as root. > Solution: Install software in standalone VM. Consider that VM compromised > from inception. > > 3. Tracking based on cookies/ad networks: privacy is undermined because your > behavior is correlated across seemingly unrelated websites you visit. > Solution: Separate VMs (and/or use disposable VMs) for different types of web > browsing. Use a search engine that does not track you. > > 4. Tracking based on IP. > Solution: Use Whonix/TOR or a VPN. Use a search engine that does not track > you. > > 5. Theft of data from hardware. > Solution: Store in VM without network access. The data may need to be > acquired from a VM with network access, but keeping it at rest on a > non-network VM is still beneficial. > > Personally, I find the tracking threats (3 and 4) to be the most challenging > to wrap my head around. Ideally, I would want as much traffic as possible > going through Whonix. And that which can't may want a different VM for each > website visited. While that approach is extreme and onerous both on myself > and my machine's precious resources, I find it difficult to determine where > to draw the line between caution and convenience. > > Some questions that might help bring clarity: > > - Under what circumstances would I want to use a different VM for my email > and for my financial accounts? > - Under what circumstances would I want to use a different VM for my email > and for my shopping? > > Thanks! >
Brief response: Beside considering the types of threats you should start by considering the way you live your digital life - this is implicit in your questions, but I would make it explicit. Draw the line between caution and convenience wherever it works for you. It has to work, or you will find yourself ignoring your own guidelines. Start by sketching out the areas of your life, and then allocate qubes/colours to those areas. This will help you to decide how many qubes you need. I always suggest starting big - you can always merge and cut down after. It's much better to merge than retrospectively split. Use background colours to match the ones you choose - force windows to specific desktops - much easier in KDE, but doable in Xfce (I think). Use different templates for different purposes. Use many different disposableVMTemplates, and use the disposableVMs systematically, allocated to different areas. Use Tor. Use Multiple Tor gateways systematically. Randomly change things around in sensitive online areas. Store data in offline qubes based on mini templates. Storing data carries a minimal risk. Always *open* that data in an offline disposableVM. On your specific questions: 1. Always. That way an attacker cant leverage your email to get your financial details/logins etc. It follows that you should probably have different email qubes for different accounts to keep your financial emails separate from your other emails. 2. The same answer as 1 - except that the risk of being attacked by shopping sites is probably higher than by banking sites, so here the risk runs both ways. Leveraging email to get access to your shopping habits etc, and leveraging a website to get access to your emails. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200712125603.GF922%40thirdeyesecurity.org.
