Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create "Who uses Qubes" or "Why use Qubes" section #1906

Open
bnvk opened this issue Apr 13, 2016 · 27 comments

Comments

@bnvk
Copy link

commented Apr 13, 2016

We need some user friendly content that explains Who should use Qubes users base. The Tor project has a nice one.

This relates to #1833 @mfc are you up for working on this?

@bnvk bnvk added the C: website label Apr 13, 2016

@bnvk bnvk added this to the Documentation/website milestone Apr 13, 2016

@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented Apr 14, 2016

As I brought up in the discussion of #1833, it's not really clear to me who exactly the intended userbase of Qubes is. I think it's a high-level project decision that ought to be consciously made. In some respects it doesn't matter (for example, it won't change the security-oriented nature of Qubes), and many different answers can be justified. But, for the purpose of writing for one's audience, it's important to have an idea of who that audience is.

@mfc

This comment has been minimized.

Copy link
Member

commented Apr 14, 2016

First this should be framed "Who uses Qubes" not "Who should use Qubes". The should makes it into a value judgment which is unnecessarily thorny. Notice that the Tor page is not a value judgment (on the face of it).

We actually don't want to be listing like five categories of "types of people/users" if that means that some potential users (or current users) are not listed/captured. So that is one reason with the Tor page has "normal users", "high/low profile users", etc. So if we go this route we do want catch-all categories like that, and a mix of current users and desired users (just as Tor does implicitly).

I think more useful would be focusing on why someone would be interested in using Qubes -- malware protection, identity management, safely using Windows applications, etc. There is still no place that describes these things.

@bnvk bnvk changed the title Create "Who should use Qubes" section Create "Who uses Qubes" or "Why use Qubes" section Apr 14, 2016

@bnvk

This comment has been minimized.

Copy link
Author

commented Apr 14, 2016

yah @axon-qubes this is an effort to bring who that audience is into focus- it's not going to happen by not discussing it and not experimenting with our marketing and outreach 😄

Sounds good on the framing @mfc I updated the title. Feel free to help create content you think is best. I've found much mileage in the "persona" style explanations. So perhaps mixing...

why someone would be interested in using Qubes -- malware protection, identity management, safely using Windows applications, etc.

...with some user persona's of real (and non-real) people from the categories I mentioned, and by no means being exhaustive about this. An example would be:


Picture of Isis
Name: Isis Agora Lovecruft
Job: Cypherpunk, Tor Project Core Developer
Website: https://patternsinthevoid.net
Quote: "With QubesOS, I feel more comfortable accessing Tor Project infrastructure from the same laptop as I use to execute random GameBoy ROMs that I downloaded from the internet."
Setup: To do what Ms. Lovecruft is talking about, one simply makes a clone of their normal Debian or Fedora Template and then installs various emulators in that cloned Template. With this setup, if one plays a video game ROM, which happens to be infected with malware, no serious work, encryption keys, or server passwords get compromised, as the emulator and the game ROM are both isolated.

does this sound right @isislovecruft ?

@isislovecruft

This comment has been minimized.

Copy link

commented Apr 14, 2016

@bnvk Sounds pretty good! Maybe change my title somehow, because the first two things are things which I am, but I'm certainly not the entire Tor Project. :)

Also I'm not sure which readers this is targeted at, but maybe some basic Qubes explanation of "things are run in VMs based off of separate templateVMs" or something similar, in order to make it more clear that I'm not SSHing to bridges.torproject.org from my GameBoy emulator VM.

@isislovecruft

This comment has been minimized.

Copy link

commented Apr 14, 2016

Also, I'm not sure if I am a cypherpunk. Those people are cool.

@bnvk

This comment has been minimized.

Copy link
Author

commented Apr 14, 2016

@isislovecruft thanks. Updated. Silly coma. You totes are a cypherpunk!

@bnvk

This comment has been minimized.

Copy link
Author

commented May 6, 2016

adding as per @andrewdavidwong suggestion and @mfc feedback in QubesOS/qubesos.github.io#42


Picture of Snowden
Name: Edward Snowden
Job: Whistleblower and privacy advocate
Website: https://edwardsnowden.com
Quote: "Remember the 'I Hunt Sysadmins' presentation by @NSAGov? Make it hard for them. Use @QubesOS."
Setup: ...to be written, but perhaps a "Sys Admin" configuration of Qubes with Split GPG, VPN, Standlone VMs, SSH keys in different VMs etc...

@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented May 6, 2016

Related (possibly duplicate): #1947

@mfc

This comment has been minimized.

Copy link
Member

commented May 6, 2016

so i think this should be framed in terms of types of people/professions who use Qubes (like the Tor website has), rather than the people themselves. if we want to highlight people, either should be a quote on the main page or a "case study" that we promote (on the blog?).

I think I was a bit too harsh above about the differences between "use" and "should use", the Tor Project page actually says:

"Here are some of the specific uses we've seen or recommend."

and I think ours will likely also have some userbase projection to it.

below is a basic draft of one approach, that uses professions to frame different Qubes functionalities that may be relevant to them (#1947 could potentially be a source for some of these).


  • developers
    • splitgpg (for email, git signing)
    • malware protection / isolation for build environment
  • system administrators
    • fine-grained networking control: have multiple firewalls, VPNs, Tor connections running in parallel
    • Qubes OS considered the highest level of security practices for sys-admins according to Linux Foundation IT
  • businesses
    • use legacy Windows applications within a secure environment
    • integrate Windows, Debian, Fedora and more applications within a single desktop environment
    • protect confidential information while still interacting with less secure environments
    • boot integrity (anti-evil-maid) to ensure the security of your laptop while you travel
  • researchers
    • malware protection, safely interact with email attachments
    • visit government or corporate websites without them knowing it is you
    • use Martus to gather information more securely
  • activists
    • easily create and maintain multiple identities online depending on the risks you face
    • visit media, whistleblowing, government, or corporate websites without them knowing it is you
  • LGBTIQ communities
  • journalists
    • splitgpg
    • communicate with anonymous sources in a secure way
    • visit government or corporate websites without them knowing it is you
    • handle untrusted PDF and DOC files
    • convert untrusted PDF into trusted PDFs
  • everyday users
    • integrate Windows, Debian, Fedora and more applications within a single desktop environment
    • safely interact with the web, whether visiting websites or opening files
    • easy backup and restore functionality
@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented May 19, 2016

Very helpful discussion of use cases and user stories:
https://groups.google.com/d/topic/qubes-users/S32mraCRdac/discussion

@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented May 21, 2016

We can also add a use case for individuals who manage their finances digitally. I can write that one up once we have the page.

@Jeeppler

This comment has been minimized.

Copy link

commented Dec 15, 2016

@mfc you should differentiate between an user need and a technical solution to address it. You do that in most cases. However, you sometimes mix it up. For example, a everyday user actually does not have a need to "integrate Windows, Debian, Fedora and more applications within a single desktop environment". An everyday user, at least for my understanding, does not even know the difference between Windows, Debian and Fedora.

@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented Dec 15, 2016

you should differentiate between an user need and a technical solution to address it.

Agreed.

For example, a everyday user actually does not have a need to "integrate Windows, Debian, Fedora and more applications within a single desktop environment". An everyday user, at least for my understanding, does not even know the difference between Windows, Debian and Fedora.

But that's just a difference in the way you're using the term "everyday user."

@Jeeppler

This comment has been minimized.

Copy link

commented Dec 16, 2016

The problem with the group "everyday users" includes basically everybody who has Qubes OS installed on their main computer. The term is to general to be useful. All other terms are group specific, such as researcher or journalist.

There must be a term which describes an user who does not use Qubes OS for professional purposes and it would be beneficial to differentiate between levels of technical expertise. For example, home user surfer, home user technical enthusiast and home user professional. Home user professional would be somebody who uses Windows, macOS or Linux at work, but Qubes OS at home for personal projects or simply playing arround. Home user technical enthusiast could be everybody who does not work in the IT area, but developed an strong interest in computers and uses Qubes OS at home. home user surfer is somebody who uses Qubes OS for online banking, surfing etc. and really likes Qubes OS, but does not care about the technical details. Home user surfer did not install Qubes OS her-/himself instead somebody else installed it for him.

@mfc

This comment has been minimized.

Copy link
Member

commented Jan 10, 2017

my aim was/is to include one category that was a catch-all, just as tor does with the "normal people" category.

@Jeeppler

This comment has been minimized.

Copy link

commented Jan 17, 2017

@mfc "normal people" is even more worse then "everyday users", because the opposite of normal is: abnormal?

@mfc

This comment has been minimized.

Copy link
Member

commented Jan 17, 2017

opposite is "specialized use-cases", but yes it is less clear, hence me using "everyday users".

let's keep contributions to this thread actually moving it forward -- like filling out / improving some of the example use-cases. it's not going to go anywhere otherwise.

@Jeeppler

This comment has been minimized.

Copy link

commented Jan 17, 2017

@mfc Yes, I try to do exactly that. Please consider a better term then "everyday users".

@Jeeppler

This comment has been minimized.

Copy link

commented Jan 17, 2017

Useful for every user:

  • safely interact with the web, whether visiting websites or opening files
  • easy backup and restore functionality
  • handle untrusted PDF and DOC files
  • convert untrusted PDF into trusted PDFs
  • encrypted email communication (splitgpg)

Technical Features:

  • transparent integration of Windows, Debian, Fedora and more applications within a single desktop environment
  • boot integrity (anti-evil-maid) to ensure the security of your laptop while you travel

Group Specific:

  • developers
    • multiple development environments with different configurations for different projects
    • testing applications on Windows and Linux (Debian, Fedora, ....)
    • git signing (splitgpg)
    • malware protection / isolation for build environment
  • system administrators
    • fine-grained networking control: have multiple firewalls, VPNs, Tor connections running in parallel
      Qubes OS considered the highest level of security practices for sys-admins according to Linux Foundation IT
  • businesses
    • use legacy Windows applications within a secure environment
    • protect confidential information while still interacting with less secure environments
  • researchers
    • malware protection, safely interact with email attachments
    • visit government or corporate websites without them knowing it is you
    • use Martus to gather information more securely
    • availability of different operating systems (Windows, Linux, Unikernel) from a single desktop environment
  • activists
    • easily create and maintain multiple identities online depending on the risks you face
    • visit media, whistleblowing, government, or corporate websites without them knowing it is you
  • LGBTIQ communities
    • easily create and maintain multiple identities online depending on the risks you face
  • journalists
    • communicate with anonymous sources in a secure way
    • visit government or corporate websites without them knowing it is you
      everyday users
@Jeeppler

This comment has been minimized.

Copy link

commented Jan 17, 2017

this line:

visit media, whistleblowing, government, or corporate websites without them knowing it is you

sounds like anonymity. Even TOR can not provide absolute anonymity (bugs, zero-days etc. can jeopardize it)

@mfc

This comment has been minimized.

Copy link
Member

commented Sep 25, 2017

sorry for the delay in responding, i really like your framing! i don't know if we want to pepper it with hyperlinks to different Qubes functionalities or if that would be overwhelming to the reader.

we might want stock images for the different groups similar to the Tor page, or graphics/icons to add some visual element to it.

@tlaurion

This comment has been minimized.

Copy link
Contributor

commented Sep 17, 2018

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

@marmarek

This comment has been minimized.

Copy link
Member

commented Sep 17, 2018

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

It is offtopic here... But the problem is not in passwords (you can change them at any time), but in LUKS key, you need to re-encrypt the whole disk, see here for example. We have done something different in the past: strip down the installer to ask only for LUKS passhprase. Write it into a partition, copy images/oem.img from there to the first partition (future /boot) and it will launch installer on the first boot.

@tlaurion

This comment has been minimized.

Copy link
Contributor

commented Sep 19, 2018

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

@marmarek : What about deploying specific softwares and configurations from custom salt recipes for defined personas from an external usb drive?

@tlaurion

This comment has been minimized.

Copy link
Contributor

commented Sep 19, 2018

No, it is not. This doesn't change the actual encryption key (aka LUKS master key). You can see this with sudo cryptsetup luksDump --dump-master-key /dev/sda2 before and after luksChangeKey.

Sorry for the noise, @marmarek. I deleted my initial comment after reevaluating the facts.

Any discussion threads at hand of what led to r3.x-librem and why it was not used for QubesOS deployements on Librems?

@andrewdavidwong

This comment has been minimized.

Copy link
Member

commented Sep 19, 2018

@tlaurion, please take off-topic discussion out of this issue and to the appropriate place (probably the qubes-users mailing list).

@mfc

This comment has been minimized.

Copy link
Member

commented May 21, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.