I just joined and I heard someone say using QubesOS is bad advice. I obviously missed the initial part of that conversation... QubesOS is great if you care about privacy and security.
Discussion
Two problems with Qubes:
1. Can't run it in an isolated VM. It has to be bare metal. This is a huge problem for plausible deniability.
2. It's own VMs can't be encrypted. If an adversary gains access to the machine, all VMs are compormised.
It's way too vulnerable.
Plausible deniability for what? That you have a computer? The entire Qubes installation can be encrypted with full disk encryption.
Too many people think full disk encryption solves everything. It doesn't.
Even possessing unencrypted VMs is a huge attack vector. Plausible deniability should be the first line of defense.
If a VM can't be run in an isolated, encrypted container, it loses 99% of its security.
For my needs and my level of trust, Qubes does the job. What would you suggest as an alternative?
I'm interested in this convo, please continue!
Plausible deniability is a feature you want if you’re worried about the authorities seizing your machine. It’s not the first-line-of-defense if you’re trying to defend against compromise.
Deniability of the very existence of the file.
Thank you for explaining what #[4] meant. I still don't know if I understand the argument though. People need to be able to save data.
The focus of discussion was more on ordinary people securing their Bitcoin and less for the more security savvy segment. The unfortunate use of “cold wallet” in Luke’s tweet is what we were worried about, plus the FUD potential of this incident. No one is against using QubesOS.
Glad to hear folks discussing practical advice and not just “dunking” on luke
luke had all his btc stolen, if you manage your cold storage correctly that should not happen a cold storage wallet should never be used on a computer that goes online.when you need to transfer funds import key to a new wallet and you do this off line, then use that wallet online
