Qubes for at-risk populations

I’d like to spark conversation and gather information on the current progress towards making Qubes usable for those who are more likely at risk - Human Rights workers and Investigative Journalists among others. It’s also stated this is one of the key target audiences on the Qubes website:

Made to support vulnerable users

Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefits of using multiple computing devices at a fraction of the cost and without the associated loss of usability. (in qubes-os.org/intro)

Great progress has been made thanks to the Qubes team and all contributors, but we know we’re still not at the point that a mac and windows users can simply do their work on Qubes with little more than some training (to adjust for the compartmentalization paradigm).

A past conversation on this topic happened on mailing-list but hopefully by bringing it also here, it can reach a wider audience (thanks to the usability of the forum)

Current Efforts

This is a list of current efforts towards bringing qubes to at-risk populations. Either in terms of training, custom software aimed at this population or training programes.

Qubes UX Team

Nina Alter is now officially part of the Qubes’ Team and will be spearheading UX improvements for the operating system with the help of the MOSS Mission Partners award.


(Note that these are just mockups, not final designs. Find them here and here)

Securedrop Workstation

Securedrop is a project by the Freedom of Press Foundation (FPF) that aims to connect journalistic sources with journalists in a way that both are protected. Particularly, to safeguard the security of journalists the FPF team has been building a configuration of Qubes for opening documents safely and sharing them, even when they come from untrusted sources. Find more about the project here.

Watch the video The Next Generation of SecureDrop: A Virtual Event by FPF

Qubes Trainings for Journalists (By FPF)

As part of FPF’s efforts to migrate their system for journalists to Qubes (see above) they will be doing trainings for journalists on the operating system. Not a lot of information is publicly available on this.

Other projects

What other projects are there? Is anyone developing a salt configuration for these populations?

If you know of another project, please do share them bellow.

5 Likes

I’d like to contribute towards this goal and connect with those who are also interested.

I’d like to help if at all possible.

2 Likes

Id love to help with anything in this space. There were a couple amazing talks about how folks from FPF were using qubes at hopecon this year.

The first one talks about personal use cases for qubes and also goes into orchestration. I think the value would be not deploying just qubes to an at risk user but deploying a preconfigured qubes setup that is reproducible.

https://archive.org/details/hopeconf2020/20200730_1600_QubesOS_for_Organizational_Security_Auditing.mp4

The second talk deals with secure drop architecture and use

https://archive.org/details/hopeconf2020/20200801_1700_The_SecureDrop_Journalist_Workstation.mp4

3 Likes

4 posts were split to a new topic: Is SaltStack Open Source?

I didn’t know about those! Thanks a lot @robstunkist! That’s exactly the sort of content sharing that created this thread in mind with.

I converted one of those talks into a post it the hopes it reaches some more people in the community:

2 Likes

this is awesome! thanks for doing this

2 Likes

thanks for creating this thread @deeplow. this topic is dear to me.

you may be interested in this old issue where we had tried to create some at-risk user personas, to more clearly commmunicate what Qubes functionality may be useful for them:

re: salt recipes, here is old issue discussing “recipe store” idea (probably not for R4.1 since last updated 2016):

and here is a gender and security manual from 2015 that discusses Qubes OS:

https://gendersec.tacticaltech.org/wiki/index.php/Step_1#Security_by_isolation:_Qubes_OS

3 Likes

It seems to be pretty outdated or it was never accurate. In particular, it claims that Tor cannot be installed on Qubes OS…

You’re welcome! It’s also very dear to me :slight_smile:

yes, I think that issue should be re-ignited or be futther developed under: issue #3758. I’ve posted there some more inspiration material for creating these personas.

Yes, I’m aware :slight_smile: That’s one of most complete guides out there. Too bad that these things get outdated so easily @427F11FD0FAA4B080123.

Thanks for bringing that to my attention. I think having that will be a huge stepping stone especially for organizational security (in newsrooms, or digisec trainers for example).