this post was submitted on 26 Sep 2021
14 points (100.0% liked)
Privacy
31874 readers
551 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Qubes is good and the approach that it has is in my view the best approach to security, security by compartmentalizing and is the same security tactic that certain three letter agencies use to stop leaks from happening.
Daniel the guy that does GrapheneOS basically says that its compartmentalizing garbage because linux isn't built with security in mind.
And also Qubes isn't a silver bullet at all - it uses the xen hypervisor which has had vulnerabilities in the past https://www.cvedetails.com/vulnerability-list.php?vendor_id=6276&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=296&sha=7354f1cd84d744aba90e37868d68b6095ad317f5
Plus the hardware compatibility makes it almost impossible to use on the majority of devices.
Qubes is good for security between computing contexts on the machine itself (though, not perfect as you mentioned), but by itself isn't meant to anonymize you on the internet.
Is Linux not designed for security? I'd have assumed it's one of the more mature security wise due to its prevalence in servers.
Wither way, I guess you can use BSD in the containers if that's a real concern. Though, this is why I wish there was a viable desktop microkernel OS. Such an OS might even be able to replace the need for a hypervisor like in Qubes, if it has built-in compartmentalization for userspace programs.
Yeah I think that BSD is the most secure operating system to-date and these are the guys that created ssh, the service that is used by most people in the world for connecting to theirs servers. So the folks that develop BSD really know what they are doing when it comes to security.
I've not actually tried openBSD myself, but I can already tell you that having that setup correctly so that you have containers that use openBSD instead of linux will be a pain in the ass for compatibility and is likely going to be extremely difficult to setup correctly on qubes. But in my view is likely the most secure you can get with Qubes OS.
For people who don't want to or aren't knowledgeable enough to go through all that trouble, what would you think about just having multiple bootable partitions (presumably with BSD ideally), each independently encrypted with a different password? That way in theory if a single OS instance is compromised, it can't access the information on any of the other instances since only the booted one is decrypted from the perspective of any malware.