Replying to db2f6a66...

Two problems with Qubes:

1. Can't run it in an isolated VM. It has to be bare metal. This is a huge problem for plausible deniability.

2. It's own VMs can't be encrypted. If an adversary gains access to the machine, all VMs are compormised.

It's way too vulnerable.
Avatar
Derek Ross 3y ago

Plausible deniability for what? That you have a computer? The entire Qubes installation can be encrypted with full disk encryption.

Reply to this note

Please Login to reply.

Discussion

db
db2f6a66... 3y ago

Too many people think full disk encryption solves everything. It doesn't.

Even possessing unencrypted VMs is a huge attack vector. Plausible deniability should be the first line of defense.

If a VM can't be run in an isolated, encrypted container, it loses 99% of its security.

Avatar
Derek Ross 3y ago

For my needs and my level of trust, Qubes does the job. What would you suggest as an alternative?

Avatar
Jonk 3y ago

I'm interested in this convo, please continue!

Avatar
Rijndael 3y ago

Plausible deniability is a feature you want if you’re worried about the authorities seizing your machine. It’s not the first-line-of-defense if you’re trying to defend against compromise.

Avatar
john 3y ago

Deniability of the very existence of the file.

@https://en.m.wikipedia.org/wiki/Deniable_encryption#:~:text=In%20cryptography%20and%20steganography%2C%20plausibly,that%20the%20plaintext%20data%20exists.

Avatar
Derek Ross 3y ago

Thank you for explaining what #[4] meant. I still don't know if I understand the argument though. People need to be able to save data.