-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/24/20 8:04 AM, Set Emeraude wrote: > my assumption is that if its closed source, its backdoored by > default
That really should be your assumption of all software unless you have written or audited and compiled it yourself. And even then ... why do you trust your compiler? It's not like that hasn't been done yet. One of the many things I appreciate in the Qubes philosophy is that you dramatically minimize the things you have to trust implicitly: the XEN hypervisor, the HW virtualization and the Qubes team. You should setup your qubes thinking that you are already thoroughly compromised. How would you minimize damage then? * email qube --> should contain only email and shouldn't be able to talk to anything other than your email server (POP/IMAP and SMTP). You might want to compartmentalize further (e.g. private email, work email) * web --> this shouldn't contain anything valuable; compartmentalize (e.g. banking --> https to bank only, stateful private, stateful work, disposable for everything else) ... look into the "open in qube" browser plugin. * documents/photos/library --> there is no reason these qubes need to be online ever; compartmentalize * editing documents --> use disposable offline qubes for that * firewall all online qubes ... only allow what you know is needed (e.g. your dev qube might only need github.com) Mindset: the qube _is_ compromissed... how do I prevent anything valueable from leaking? ... how do I minimize ways things could leak? (offline is a great answer if it makes sense in the context) And then after all of the above: do your best to not be compromised, use apparmor, be smart, use disposable vms for view/edit, audit your log s Have fun! /Sven - -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl7zaQAACgkQ2m4We49U H7YibBAA1UdiGCFOseQ3Vvu9WLcgnN8k3S03xzbf0m5qbbnV+Gdd4D4b5uTrInDY 3o0+8oX32CssJWLWv2DhOye/DiQBrzSBg9FEl+VUMLyum0lQ040ltRddzrfuZI+N JH9yQ7efMwGej8ejYZur7kvHrS0o+djNKHZ2yL1hWoAy/d2cvsE13yQLcd3Ynfco /1hJ09oakFTZ0ItgqLl5sNGCjlks0Il3OjpvjAwb/86vBYD54VJARZup9ZEhxfv9 crlqKte22IWi6lIG1GdU2EUilje7HPN/AZ3xADg6AwpIBU29GEtYy1r/93esuhqB 2S2OzouyLAU09JOOAbH+aKQwjNZkKnKXABBYDukN9/T/lZDU28hlsECFcpd1NOM3 buXRjV/66ExslCVZ4QST49ykXBbTS6pN9cSrpdaHp7hHwSgZwKJJi7NEiAI95pGp 2WNU6dNCugUB4x42ugle2cIPHJOv1rOFSySNIpy/s+ubtlyPr9B99bxYMtBz5j6g YXdANIrVrg8ijyFXSPe8ORA4ydgj05LEmBa672+0BYzQnbyXITvRuZt4QZTcGUTJ OLC/nsi/1E2o6gHVIC5HnPqu8jvHbbFy/DPcnuySgjLMw9CWjZXh7+m+E+zFwqcp ZJXlwFvmiRgk/huHUBzNwWpsn6F8KflNKMiyHa/y8v9oYLuEGvY= =VkeP -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f629f633-0ccb-bcb8-089f-b97cd930c147%40SvenSemmler.org.
