How to pitch Qubes OS?

Inspired by #6694 reported by @deeplow, I’d like to start a little brain
storming here about how to pitch (aka explain succinctly in 2-3 minutes)
why someone should consider using Qubes OS.

For me the tweet by Ed Snowden was enough to make me interested and from
there my technical understanding was sufficient to understand what Qubes
OS is and how it works (roughly). But we want to target a more broad
user base…

Personally I like short crisp videos like this, explaining the “Why” and
the “How to use”:

One possible approach:

  1. Acknowledge the problem (every day we hear about viruses, ransomware,
    trojas)

  2. What do the really serious people do? … compartmentalized,
    air-gaped systems … examples military, intelligence etc.

  3. You don’t need multiple computers and dedicated networks … Qubes OS
    can do all of this for you on one computer … better than “sand box”
    … hardware-based isolation

  4. Look and feel … it’s just a normal desktop but the colored borders
    alert you to which compartment you interact with. … show easy but
    secure ways to copy&paste and send/receive files

  5. Firewalls, VPNs, Tor

  6. Endorsements … Snowden

3 Likes

For the 3 - Run more fluently and with better performance than virtualbox & co

Other approach :

7 - It’s easier to manage your favorite application that can be on different OS and can be use seamlessly ( One that only work fedora, One that only work for Windows, One that only work for debian … )

8 - Say goodby to your dependency problem that breaks you computer and you need to reinstall everything

9 - So flexible, as it is like for docker but with a graphical interface ( Of course it’s technicly more than that but it’s a good analogy as a entry point to explain it, expacielly for a dev and sys-admin perpective that underdant whats bring docker and will be more intrestring by Qubes OS for that reason than for a security perspective )


Today we picture too much Qubes OS as extreme security OS, but we should picture more as a “flexibility” OS to make more people use it.

Recommandation by snowden will work only for the niche of people that value and security and privacy, but presenting qubes OS more about the flexibility that it brings to your day to day life in your work and personnal life and it will make more people intrested about this amazing project.

Because it has so much more advantage that are far more just about the fact that it’s secure and private. So many dev and sys-admin and linux users will just never care about it if it’s about security/privacy I can guaranty that.

So the communinication should change toward flexibility that Qubes OS brings and shouldnt maybe even talk about security/privacy. Because privacy/security communities already know that QubesOS is one of the best, and they will always advertises it wihout any doubt. What are the biggest community we can easely reach with Qubes OS ? The dev and sys-admin and all the one that works/study in computer science but also all linux users out there. In all of those two comminity, privacy/security one are barely 0.5% of them, it reprente so little from whom Qubes OS could easely reach.

But because we market it too much at the best for security/privacy we are loosing so many people that will not feel concerned by it. That why qubesos should be first the best flexible OS and then in a second place the best security/privacy. If Qubes OS gains enough market on linux user, it can quicly switch and become one of the top distro. Because once you taste to QubesOS, it’s so hard to change toward something else, so many people as we speak will never change to another OS once on QubesOS ( including me toward something else and it’s really not about the privacy security aspect) because there is no other Qubes Like OS as we speak. I could before quicly switch between debian and fedora and popOS to linux Mint from one month to an other, but now with Qubes I would loose so much control and flexibility that I’m now stuck on this boat wich is Qubes OS, so each new user to Qubes OS has a higher probability to stay than any on other linux OS.

So flexibility and control first (then privacy/security in second)

2 Likes

@quququbebebe I like all those benefits too, but strongly disagree with your conclusion. The Linux and Admin crowd will always find and try everything. We already have them. They already know. That can easily find us and understand.

Qubes OS was conceived and is explicitly made as an environment that provides reasonable security to those who need it (which is everyone, some just don’t realize it - yet).

Even privacy is a secondary objective. One most of us care about but not the primary goal of Qubes OS.

2 Likes

So the main (from a percentage view poit) type of user to be addressed are the current Windows users, who need security, but also flexibility badly. The main problem with this type of users, however, is that many of them just don’t know or look at anything outside of Windows. The question then is, how can we make them interested, i.e. how can we reach them at all? Probably by a message like: You can continue to use your Windows system, but avoid many of its snags like insecurity, self-destruction by inappropriate patches, … and you don’t need to become such a horrible thing as a Linux user.

One additional aspect is that you may reach technical people in the Windows world, and I think, many of them could be convinced quite easily. But often there is a management above them, who do not understand the technical issues but just are focused on a perceived risk reduction, and for them, that means: stick to something hat is running since a long time (albeit badly).

All this could be addressed in the introductory part of the Qubes documentation, but that would not be enough, as the Windows users are not likely to read that, in the first place. By which additional channels could we reach them? Frankly, I have no idea.

2 Likes

Qubes OS elevator pitch:

Step 1: Brandish a basket full of eggs and say, “This is Windows”, then drop it on the floor.

Step 2: Produce another (sleeker, aluminum?) basket and say, “This is macOS”, then drop it.

Step 3: Conjure a third basket, this one lightweight and transparent (acrylic?), and just let it slip from your hand. “Those were penguin eggs”.

Step 4: From your massive backback, now pull out a basket containing many little baskets, then drop one. “Qubes”.

(Sorry, I was bored. The eggs can be decorated to represent files/personal information/etc., Easter style)

4 Likes

Lots of great stuff here!

But I do see a couple of problems:

  1. Most users might be left totally in the dark running anything but Windows or smartphones. When something breaks, even a network setup or any problems booting they’ll totally give up and probably conclude that Linux is too much…

I guess that a Nitro laptop might be better set up than the X230 I installed on myself, and if I get a serious customer I might recommend that & do support based on having the same setup myself.

At some point its easy to “lose” the option of doing screensharing inside a Qube for simple instructions though, and I’d guess that trying to fix a problem remotely will be a serious challenge!

Would there be a way of securely doing remote support on dom-0?

  1. Making sure that a non technical end user gets started with & understands the main concept.

This could perhaps be done by things like forcing them to getting comfortable by shipping a laptop with a Windows Qube installed.

Could then start the process doing a screenshare & video call inside that Qube, then slowly pull the communication over to a more secure Qube via chat applications ++

The “carrot” here could be to introduce them to a separate user on that Qube, so they get that important feeling of being cloaked, using a spoofed ID or whatever way its natural to set it up.

Either way I’m pretty sure that almost all non technical end users need a LOT of handholding, and that it would be an ongoing process!

2 Likes

True, many of us do but mostly as a standalone VM for the occasional “can’t help it” scenario?

Running it the way you do (as a Template) with AppVMs works but requires even more technical knowledge to setup and maintain. Plus with Win10 we (currently) don’t have transparent mode … so the UX is less attractive: it’s not really one desktop but many.

I share your vision, but I don’t think Qubes OS is ready to capture the common Windows user (yet). For someone to have the energy to take the learning curve they already have to feel some urgency about their security.

3 Likes

I might get a customer that is totally clueless, and if we get this going they will have to trust us anyway.

So I’m just wondering if something like this is doable:

  1. Set up an ssh and maybe even X share on dom-0 which we could use for admin. Could be bound to our IP only.

  2. Install Windows on one or several Qubes where they will be allowed to do things the old way, perhaps while we analyse what they do as well.

  3. Set up some Qubes with Whonix where they will use Firefox or any other browser they are used to only.

Based on how the first weeks go we could then tweak and install, or block things for them, gradually teaching & guiding them towards better security.

This could even be used in concordance with mobile devices adapted to appropriate Qubes. Perhaps a Qube could even be dedicated to video support directly from us, also locked to IP to make sure it won’t be hijacked…

I agree with Sven. I would not recommend Qubes to my neighbor using Windows and believing that Microsoft and Google protect them enough and there is nothing to worry about. :wink:
I might try to convince him to something easier for a start. Like Manjaro or Ubuntu.
Qubes requires some sacrifices to use and need someone with strong need for it.
I would start from searching different needs that Qubes solves.
Those reasons might be supricing sometimes. for example:

  • I like to experiment with different apps so I use temporary VMs and delete them afterwards. Not trashing my main system.
  • using multiple TOR relays at the same time. each for different website makes my browsing harder to track.
  • I can change, upgrade my system keeping my home data untouched. I am no longer afraid of new ubuntu release upgrade etc.
    But all of those are for more experienced users.
1 Like

Step 5: Try to walk confidently out of the elevator but slip and fall because the floor is now entirely covered in broken eggs. :joy:

3 Likes

Has anyone thought of something like this?

Something that shows ‘normies’ how bad things can actually get if you’re complacent.

1 Like

You’re absolutely right: Having Windows under Qubes is great, but getting there may be something for the unafraid, and surely not for the average Windows user who just buys a (badly) preconfigured PC and expects to use it without too much knowledge. So currently I don’t see Qubes as a system for this type of users, although, from a technical poit of view, they need such a system very much. The HP video illustrates that nicely!

On the other hand, companies are being crippled by attacks using Emotet or such, which could be mitigated by, for instance, sanitizing incoming documents in a Qubes system before delivering them to the final user. I think, a lot of system administrators struggling with current attacks would appreciate that

  • if they knew about Qubes after all

  • if the learning curve were not that steep

  • if their management would allow them to use something other than the “proven” :frowning: Windows systems.

So, what could we do to help these people:

  • Make Qubes more visible in the field. Well, that sounds like - urgh - marketing. But this need not deteriorate the honesty of Qubes, if the information provided to potential users is correct and helpful. Here it is essential to show what Qubes can achieve (security, flexibility, usability) and this much better than conventional systems. It may help to stress that Qubes is not another slightly more secure Linux system - as I have seen all too often in some magazines - but rather, as @adw put it lately, a meta operating system allowing to choose from different software environments.

  • Help Windows users with better integration into Qubes. Essentially this would mean a simple and robust setup of Qubes Windows Tools in a Windows VM, accompanied by a wizard helping the user to get it running without too much fuss. This surely requires some effort, especially as MS does its best to provide an unstable environment, but it may be well worth it. There may even be hope of providing seamless mode for Windows 10, as @deeplow recently put it in Windows support in Qubes.

  • Improve the - already very good - documentation. Here the current activities like Qubes issue #6698 are moving in the right direction, and I am fascinated to observe the progress.

  • Perhaps someone could even provide preconfigured systems with Qubes with Windows clients preinstalled. In my opinion, this is something the market needs, but I am very sceptical if the market is aware and if such an idea would sell.

Just my 2 cents …

Step 6: Get billed for the shoes of every person in that lift, while making a mortal foe out of the janitor.

Step 7: Get banned from using the elevator. If you work in that skyscraper, this could be worse than getting banned from the building altogether. You might be able to work around this by contracting some sort of highly transmissible virus.

  • It may help to stress that Qubes is not another slightly more secure Linux system - as I have seen all too often in some magazines - but rather, as @adw put it lately, a meta operating system allowing to choose from different software environments.

I remember all too well how hard it was to describe to end customers that Drupal is a CMF (Content Management Framework) not just any CMS back when I built a couple of businesses on that…

What works is to tell people what they can do, not how - thats also where they’ll have to pay for valuable help! :wink:

Right now I’m telling family that what I’m tinkering with is this:

  • Securing my crypto accounts and other financial services to a very high level
  • Dividing my personal and professional world
  • Stopping and/or controlling everyday surveillance
  • Always using a very secure way if I need to check something that might be politically sensitive
  • Turning the surveillance around, especially for my already compromised, personal data

Got Windows working in a Qube today, so that will be what I’ll show them live as “tamed” inside of the mysterious Linux world that they’ve heard about :wink:

Qubes OS elevator pitches:

  1. Were you ever curious but afraid:
    – to click on that link in the email,
    – to open that email attachment,
    – to go to that shady-looking website,
    – to install and run that suspicious program or even a virus,
    – to insert that USB stick from someone untrusted?
    Wth Qubes you do it all securely in a disposable VM and your personal files are safe. The worst thing which might happen is that the disposable VM breaks.

  2. Were you ever concerned about opening your online banking/entering your credit card in the same browser where you go to random websites? Actually, even when the browsers are different it can be a problem on a monolithic OS!
    On Qubes OS, you open those things in separate VMs, isolated with hardware, not software. It’s often better than physical (air-gap) isolation.

  3. Are you tired of remembering tens of complicated passwords? On Qubes OS, you can save all your passwords in a text file (in a dedicated offline VM) and copy them into the necessary fields (in other VMs) whenever needed. No viruses or ransomware will have access to them.
    (Not necessarily the most secure way I guess but much more secure than anything else outside Qubes, isn’t it? Most people probably have a worse workflow here, such as reusing the same passwords.)

  4. Were you ever experiencing that something breaks after an update or after installing some software? On Qubes OS only a virtual machine breaks in such cases, and it can be easily, securely backed up and restored with a few clicks. Even if you forgot to make a backup this time it’s possible to restore from automatic backups, which are preconfigured.

  5. Do you prefer a certain GNU/Linux distribution, but something forces you to use another one, or Windows? On Qubes you can run many Linux distributions at the same time with a unified, simple interface. That important Windows program should also work in the corresponding Windows VM.

  6. Do you feel concerned that some software you must run (or Windows itself) sends telemetry or unknown stuff to some servers outside of your control? On Qubes OS, you have a Firewal with a simple GUI enforcing any rules on any VM.

  7. Did you hear stories that cameras or microphones in your laptop can be switched on remotely by malicious actors without your consent? On Qubes OS, you choose which VM has access to the camera and microphone, or you choose none. The Admin VM has no Internet.

  8. Do you want to be anonymous on the Internet? One of the best modern solutions, Whonix with disposable VM, is available on Qubes OS out of the box. Alternative solution would be Tails, but it’s much less convenient and requires to reboot your system each time.

  9. Are you tired of entering your super-long root password every time you do something? On Qubes, you don’t need a root password at all, because security is enforced on a higher level, level of hardware isolation. Just type sudo and run whatever you need.

  10. Do you feel that your work is not well separated from your personal life on your machine? With Qubes OS, you can have separate, independent VMs for them. You start and stop them independently, they don’t interfere with each other. If one is damaged/compromised, the other one will still be fine. Of course, you can have (much) more than two enclaves like those with a unified, simple interface.

2 Likes

This has worked for me in presentations:

  1. Connect Linux laptop (#1) to projector.
  2. Start presentation.
  3. Start talking about security benefits of dividing work between
    different machines - (compartmentalisation is too long a word)
  4. Explain benefits of using offline machine.
  5. Pull out second laptop(#2), connect to projector. Show it is offline.
  6. Need for Windows - pull out third laptop(#3) - connect.
  7. Show favourite(!) corporate windows program.
  8. Talk about transferring data.
  9. Move data to USB, reattach laptop#1, and show data there
    10, 11, 12 …

Depending on how many laptops you have, and how much time, you can
keep this going for a while.
Soon two things happen:
Some people start laughing at the unwieldiness.
Some people realise you have stopped “changing” laptops, or are using
the “wrong” laptop.

Then, “Wouldn’t it be great if you could do all this in one machine?”
Reveal Qubes - go through all the things you just talked about.

You need to be able to carry this off - timing is important, and it
takes a fair bit of practice.
Having two separate Windows versions is great, and making sure you have
different desktops for the Linux “machines” essential.

4 Likes

Awesome!

1 Like

Awesome!

Indeed!

Definitely, the idea of having multiple “laptops” in one laptop is incredibly appealing. I’ve got every OS imaginable on my Qubes GPD Win Max (absolute TANK of a laptop, by the way), and it is awesome being able to run literally ANY piece of software known to mankind.

I have also used port forwarding to run my company’s servers inside Qubes before (separate VMs for web, mail, jitsi, and LDAP, all on the same piece of hardware, but compartmentalised). I have had pen testers actually think that they were interacting with a fully-fledged server room, when in fact it was all on a single old laptop I had lying around!

AND I had it connected to my TV at the same time, and used another VM to run VLC to watch movies :upside_down_face:

Because I opened ports to the outside world, I have had VMs compromised (crypto-miner, ssh spoofer, and they got the VMs SSL keys) in the past, so I can definitely vouch for the Qubes OS model. I would have been so much worse had I been running anything except Qubes OS!

1 Like

I think Qubes, but more so (Xen/)GNU/Linux has a long way to go before even the tech-savvy users would consider Qubes as a daily driver. Also the hardware in laptops-- a future standard fast CPU, SSDs, and 16GB of RAM would probably be the baseline to ensure people don’t feel like they’re using a dinosaur computer from the 2000s.

That being said, I think the best selling point to more average users is the workflow that Qubes provides.

One Qube for School, one for Work, one for Finances, one has your photos. It’s so easy for me to be organized and not get distracted. My School browser has school-related bookmarks. My Finances browser only has my discount broker. My media VM has my photos, and I don’t have to go hunting for a long-lost jpeg that I can’t remember if I moved to Desktop/ or Pictures/ or ~/many/levels/deep/.

To me, this is how desktop computers were meant to be used; Windows and Mac OS leave you with bloated Downloads/ folders, and that’s it. Besides, if a program is slow to open in Qubes, or you need to reinstall something, you don’t need to waste time in System Preferences or Activity Monitor-- just restore a Qube (I think this is possible?) or create a new one.

I’d be wary of introducing Qubes via (harsh) truths like “any USB you plug into your normal OS could compromise your machine.” This is not fun to think about, it is technical, and will simply drive people towards not caring enough (i.e. “I have nothing to hide,” or “nobody will target me”).

One advantage that Qubes has towards more widespread adoption is that it perhaps epitomizes the role of technology in industrialized societies.

First, Qubes is abstract. The concepts of a hypervisor and a virtual machine, which provide the backbone for Qubes, are incredibly abstract, especially to those who treat computers as, “I type my document and click print, then I check my email.” Why is abstraction relevant? Because industrialized societies, especially in technological and financial sectors, have almost always everywhere tended to get more abstract. I’ll give in examples in a second, but the main idea is that because industrialized societies have gotten more abstract, that abstraction is in some way important to people. If Qubes also grows more abstract, people will enjoy it in the same way they have been enjoying the various abstractions of industrialized society.

The best example of an abstraction is in money. Money began in Mesopotamia as quantities of grain. Grain is very concrete. It is physical, and you and others can eat it. Fast forward, and money became pretty shells. Shells are still physical, and they’re at least pretty-- but you can’t eat them or use them for anything meaningful. So the purpose and symbol of money has grown more abstract: first it was something very useful (edible grain), and then it was something only slightly useful (pretty shells). Fast forward again, and the physical objects defined as money (coins, bills) are not useful at all beyond the value given to them by a government. Some may enjoy the “gold aesthetic,” but that is surely less naturally pretty than a colorful sea shell.

Fast forward to cryptocurrency-- the epitome of abstractified money. Bitcoin is so abstract that it’s ephemeral. Unlike all past forms of money, it’s not physical. Ether-eum is literally ether-eal.

All this to say that Xen and Qubes are other examples of humanity pushing the bounds of abstraction. People need abstractification in modern cultures, so a more abstractified Qubes (not necessarily difficult to use, although some Linux users certainly seem to enjoy the sado-masochism that comes with minimalist programs) will be more popular.

Qubes also mimics other aspects of industrialized society. For example, the notion of a “cube” itself, of packaging everything into little boxes and containers perfect for single tasks. There isn’t room to go into it here, but the psychology underlying our culture’s trend towards dividing things up and consuming them is a very powerful current that will only go stronger. Take Bitcoin “blocks” or Chia “plots” or a hyper-organized smartphone home screen as examples.

A lot of trends in our modern culture are exhibited in Qubes. This is because Qubes was built by people in modern culture. By leaning more into those trends, Qubes devs can make Qubes more popular. Anybody should feel free to DM me if they’d like a deeper psychosocial explanation of the symbols underlying our culture.

2 Likes