Edward Snowden needs about as high a level of operational security as anyone on the planet. He's appeared in conferences and interviews only as a man on a screen, staring into his webcam embedded in his laptop, undoubtedly covered with tape when not in use.
It might even be hard to switch disconnected when idle, just like on a Purism computer. His operating system needs to be as bulletproof as it gets, and for that he chooses the Qubes operating system.
Theory Behind Qubes
Qubes takes secure computing beyond the next level.
It implements a clever design of simultaneously isolating and chaining a series of virtual machines (which it calls "qubes") into a workable desktop interface.
Simply put: it's like having a few computers all in one, where you change the way you use your computer by isolating and segregating activity.
This comes down to multiple virtual machines in a main interface, some of which are "air-gapped" (where the computer never touches a network connected to the wider internet), some of which are passed through a Whonix obscuring machine connected to Tor (encrypting all traffic sent to and through it), some of which are disposable and some of which are for personal use.
Yes, we're acutely aware that "simply put" in the aforementioned paragraph may have been wishful thinking, but, to be frank, Qubes is incredibly complicated.
It definitely reignites and stokes the age-old digital dichotomy of "ease of use" versus "security." It's forever a trade off. And Qubes really does make you feel it.
This isn't a normal OS, and it isn't made for the average Facebook browsing and "Minion" meme-sharing user. Let's just say that unless your parents are working in or near the sphere of information technology, they aren't going to be touching Qubes with a 10-foot pole.
But What About an Average Dark Web User?
Users who frequent the dark web are assumed to have a relatively proficient level of computing skills.
At the very least, they can download and install the Tor Browser, which then leads them to forums which will immediately advise them to up their operational security beyond including a VPN as well as a virtual machine running something like or even a Tails-bootable USB drive. This isn't gospel however, and certainly isn't a necessity.
The Tor Browser can do the job if that's the level of operational security you deem appropriate based on your actions (known in cybersecurity circles as "threat modelling").
In totality, the above serve to protect a user frequenting the dark web to a very reasonable level-reasonable enough to put the onus back on the user to not trip up and head to a personal email account while surfing the black waves.
So Then-Who Is Qubes Intended For?
It's an operating system for seriously knowledgeable computer and technology users seeking the utmost privacy and security.
After my week using it, I had everything set up and was using it as intended. To me after this time using it though, it's not necessary for anyone who has evaluated themselves as anything other than a serious possible target-as in: a possibly targeted person like a dark web vendor, rather than a person picked up in dragnet surveillance, like normal users viewing the dark web.
High-value targets, defense contractors, people in seriously high positions of power and those hunted by the State are the people that come to mind when I think of the target audience for Qubes. Sure, adding security is great.
But you give up a huge amount of flexibility if you switch to Qubes for your main OS. That amount is going to be too great a trade off for regular dark web users, in this author's opinion.
My Week with Qubes OS
First, I installed Qubes onto my main SSD. The Qubes team does have a bootable Live USB Qubes version; however, it's currently in Alpha, and given the architecture of Qubes, it is an incredibly resource-hungry OS and the live USB boot wouldn't do it justice. This is because you're effectively running multiple virtual machines, normally at least four or five at a time, and therefore there isn't any such thing as too much RAM when it comes to Qubes.
I was using an Asus laptop, which plays nice with Qubes. As with any Linux-based distro, it's good to check and make sure your hardware is compatible before running into anything.
The install was painless. I was feeling positive to get going. The system loads into its desktop GUI, a core machine named "Dom0." This is the innermost layer ("Domain 0").
It's your computer. Nothing is really done at this level other than hosting virtual machines (other "qubes") as a security measure, protecting your hardware. This layer runs all the administration of the virtual machines without really running anything else.
By default, the system gets you started by running a few networking qubes: virtual machines that connect to the outside world. There is a basic Ubuntu qube, connecting straight to an internet access point, and a Whonix qube, to direct traffic through the Tor network.
These exist in the background: they are not virtual machine windows taking up valuable screen space. You select which of your working qubes you want to run through these networking qubes, directing your traffic.
Every time you open an application, the application window itself serves as the virtual machine. It's a strange concept to wrap your head around.
Each program is running independently and normally in a familiar GUI, but the color surrounding the window reminds the user what qube or virtual machine the program is leaning on.
From this, you establish qubes based on your life. I setup up my "Personal" qube, which went to the Ubuntu networking qube and out to the internet.
This was for banking, emails, basically anything personal that's used in conjunction with my password manager (essentially anything with a personal login).
Next was a "Work" qube, which I used for anything related to my jobs. This is where it was becoming apparent to me that Qubes was made for people working in serious roles where sensitive information cannot be near a personal machine.
Instead of carting around multiple computers (which occurs in governmental positions), a user could in theory meet the security thresholds of a high-risk role with one device.
My favorite feature in Qubes, by far, was the temporary qubes: a virtual machine that runs as a browser and in which is using masked computer identifiers (such as a spoofed MAC address). It's a great part of Qubes and incredibly useful for browsing. It's like taking the incognito mode and isolating it into its own virtual machine.
All in all, I found it a polarizing operating system. I was glad to be back on a nice looking and relatively simple to use system by the end of the week, and very glad to have Qubes in my rear vision mirror.
For my use, and against my reasonably vanilla threat modelling, it simply seems overkill. Odds are it will be overkill for you too, and the scales of usability and security will be too far tipped in favor of security at the significant detriment your ease of use.
Societal Ideology and Relationship with Technology
As a collective, we need to decide what's important to us when it comes to security. We genuinely have the tools to be highly secure: tools like Qubes do provide incredibly secure options and are quite literally built for state targets such as Edward Snowden.
With more time, it would get easier to use, but the trade off is just a bit too much right now. It's arguably because so few people (comparatively) use options like this that Qubes is as difficult to use as it is, meaning more users would mean more developers and more developers would lead to a better system. It's a bit recursive.
Perhaps each program or app should in fact run in a virtual box behind the scenes in all of our regular operating systems.
Perhaps we should fight through and use Qubes in order to send a message collectively that we respect and are willing to exercise our right to privacy.
In reality though, our addiction to dopamine-enabling technology in this instant gratification culture prevents us from taking a step back and relearning the way we use our devices. It's a bittersweet love affair.
Going back would mean a steep learning curve. But it is possible that it will become a necessity in some dystopian future. The way we digitately consume cannot be sustained, and the way we are digitally exploited should not be accepted.
Qubes and the like can be an antidote, albeit, at a significant cost and a hard to swallow pill.
Summary
A normal user seeking a disposable "qube" could just run a Linux virtual machine using something like the open-source VirtualBox on their operating system, pre-copied and deleted following its use.
Of course, the weak link is the main OS. Windows is notoriously not for the privacy-conscious.
Mac OS has its own trust issues, being closed source. The biggest step a normal dark web user could take to advance their security is to switch to a Linux OS as their daily driver. If you're used to Mac, there are plenty of Mac-like distros that will satisfy you.
And if you loved Windows 7, Linux Mint is awaiting you. They're open-source and vetted by the community, therefore coming with a higher level of trust at the core.
Qubes is made for the top of the top of risky users. It isn't easy to live with. It isn't intuitive. And it isn't smooth.
Unless you are incredibly familiar with Linux, you won't even be able to spend a week with Qubes. I struggled, and I've used Linux as a daily driver for the last few years.
But, Qubes has a purpose. It has a clear market. It is arguably the most secure OS available as a daily machine (which, to this author, rules out Tails and Whonix).
This is the trade off, and it's one that won't go away. It's the trade off behind every technology corner as we deepen into the 21 st century. It's the trade off we need to assess as a society growing accustomed to utter intuitiveness at a serious cost.
