#PrivacyTechPro tip: Qubes OS assumes vulnerabilities and has been designed under the assumption that they will be exploited. I received a comment that I feel is important to address on Qubes OS and Xen security: ----- "Xen can give false sense of security too, there was years undiscovered vulnerability that allowed escape from domU to dom0." ----- I hear you. Though I wouldn't accuse Qubes OS of encouraging a false sense of security. No OS is without vulnerabilities. Qubes OS assumes vulnerabilities and has been designed under the assumption that they will be exploited. Xen security advisories are tracked on qubesos website. "Qubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.)" https://www.qubes-os.org/security/xsa/ https://www.qubes-os.org/security/qsb/ "In building Qubes, our working assumption is that all software contains bugs. Not only that, but in their stampeding rush to meet deadlines, the world's stressed-out software developers are pumping out new code at a staggering rate — far faster than the comparatively smaller population of security experts could ever hope to analyze it for vulnerabilities, much less fix everything. Rather than pretend that we can prevent these inevitable vulnerabilities from being exploited, we've designed Qubes under the assumption that they will be exploited. It's only a matter of time until the next zero-day attack. In light of this sobering reality, Qubes takes an eminently practical approach: confine, control, and contain the damage. It allows you to keep valuable data separate from risky activities, preventing cross-contamination. This means you can do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop. In fact, Qubes has distinct advantages over physical air gaps. Made to support vulnerable users and power users alike Qubes provides practical, usable security to vulnerable and actively-targeted individuals, such as journalists, activists, whistleblowers, and researchers. Qubes is designed with the understanding that people make mistakes, and it allows you to protect yourself from your own mistakes. It's a place where you can click on links, open attachments, plug in devices, and install software free from worry. It's a place where you have control over your software, not the other way around. (See some examples of how different types of users organize their qubes.) Qubes is also powerful. Organizations like the Freedom of the Press Foundation, Mullvad, and Let's Encrypt rely on Qubes as they build and maintain critical privacy and security internet technologies that are in turn relied upon by countless users around the world every day. Renowned security experts like Edward Snowden, Daniel J. Bernstein, Micah Lee, Christopher Soghoian, Isis Agora Lovecruft, Peter Todd, Bill Budington, and Kenn White use and recommend Qubes. Qubes is one of the few operating systems that places the security of its users above all else. It is, and always will be, free and open-source software, because the fundamental operating system that constitutes the core infrastructure of our digital lives must be free and open-source in order to be trustworthy." #cybersecgirl #qubesos #privacy #security #osint #infosec #linux
The TL;DR is that even though Qubes is not some perfect, magical, guaranteed-to-be-impenetrable thing, it's still what security experts widely agree os the best thing out there. nostr:nevent1qqsfcu64v6h3vk6ntm04scj8j9km5m47vcgj3f6xw7m26k4f4jp0crspzemhxue69uhkummnw3ezumn0dahx2uewvdhk6q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzqvzn4w
Privacy and security is extremely hard to achieve. We need privacy tech abstracted away for the users. I remember a website where we could buy hardware with Qubes but then again you're trusting that website. Expecting people to setup these systems on their own doesn't scale. Without scale, we can't improve these technologies. But then again, there isn't enough demand for it either. This is the problem I see with privacy tech. PS: I have set up systems on my own with significant effort and expenses.
They allow donations in BTC and other crypto. I think this is always a good sign.
Do you recommend any of the qubes certified laptops … or what laptop do you recommend? 😁
What I don't get is... Why "Xen"? Why not just plain "old" KVM?