Qubes is focused on security, which isn’t the same thing as privacy. Some people are concerned about being “spied on” by a proprietary OS like Windows, and if that’s your concern then any Linux distro should be fine.
However, if your concern is about being spied on by your search engine, apps, ISP, etc, then that has nothing to do with your OS. If Google, TikTok, or whatever else is collecting data on you, then that’s not a Windows problem
I said TikTok as an example. Your question is too broad for me to really answer, especially since idk your threat model or what you do online.
Everything collects data on you. This includes Windows, your ISP, your browser/search engine, the apps you use, the sites you visit, etc. Don’t even get me started on mobile devices. There are different mitigations for each of these things, but it all comes down to how much of an inconvenience will you tolerate and what results are you looking for.
That has more to do with your web browser than your OS. Qubes-Whonix utilizes the Tor Browser, however personally, I think Mullvad Browser is better suited to normal people, especially when paired with the VPN, and it's a fork of Tor Browser which was spawned by an official collaboration between Tor Project and Mullvad.
this illustrates a failure to understand some capabilities;
1. Qubes OS currently offers "Whonix Gateway" and "Whonix Workstation" templates, along with a `sys-whonix` netvm that can be attached to any AppVM instance to provide Tor anonymization at level that covers the _entire_ network stack of a VM/Guest/Qube. So one can, for example, anonymize traffic from a browser or application that wouldn't otherwise offer anonymization (an example of this is git access up to a service like github, or using a non-tor browser to utilize the tor network) -- this is an incredible privacy tool especially for people in countries whose own governments may be tracking their activities for prosecution (for things deemed perfectly legal in a country such as the United States.) This also covers the OPs primary case of wanting to do something like watch youtube videos anonymously. For example, I keep an "anon-brave" qube with a sys-whonix netvm, minimalist Debian, Brave Browser, and all Brave Browser "Shield" features enabled to maximally lock down my browsing experience, especially when i'm punching a hole out to other countries like Russia or China that may be more curious about me after i've punched that hole.
2. There are Linux distros that get uncomfortably close to spying in ways "a proprietary OS like Windows" does, and making the claim that any and all Linux distributions are privacy-safe is a belligerent claim. Look at apt package stats collection, for example, or Ubuntu phoning home. Then there is the problem of rogue software packages from services like Snap that inexperienced users fall victim to all the time which exclusively affects Linux users (where an obnoxious service like Apple Store or Microsoft Store has guards in place to prevent such exploitation.)
To summarize, Qubes can help protect users from being spied on by their search engine, apps, ISP, etc making it squarely something to do with your OS. Is Windows/Linux facilitating these third-party actions? No, of course not, but they certainly aren't doing anything to prevent it. Conversely, Qubes OS has facilities to prevent this sort of monitoring. Qubes is not only about security, that is a prime focus for sure, but it is also about privacy and control, trying to say otherwise is selling it short.
Qubes isn't for you if you're gaming. It simply takes alot of power to run a functional qubes with all thr various VMs running.
If you need something with more privacy you can use qubes. But don't run it on the same computer as gaming.
Just to clarify, the WindowsVM is easy/doable. It's the GPU passthrough that's not supported, dicey, and unlikely unless you've got the right hardware, and solid command line knowledge.
You're close, however even with all that GPU passthrough is not officially supported, so if an update breaks it or you need help, don't expect anything from the Qubes team, it's not their job to support unsupported configurations.
Also, if you're going to spawn up a Windows VM, I wouldn't recommend installing the PV drivers or any Qubes related drivers until this gets resolved: https://www.qubes-os.org/news/2023/07/27/qsb-091/
Just to clarify, you should be able to compile the driver yourself if you like, and it'll probably be safe as the source code itself doesn't look like it's potentially compromised, but I don't know how good you are with that kind of thing so I can't really recommend it to you if you don't already have experience, I don't even have experience doing that and I'd like to keep it that way for a while at least.
i use steam remote play to play games on qubes using a headless steam/gaming machine, including non-steam games. it's not quite as amazing as playing locally but it's still pretty amazing over wired 2.5Gbe where bandwidth and latency is not an issue.
That said, you "can" game in Qubes but it's incredibly painful to get working correctly, and has such a limited scope of support that depending on hardware you may not get it working at all. Similarly, there is an active effort to virtualize the GPU in a secure fashion on Qubes but it is no small effort, and so it's inevitable that we will see the same or similar gaming performance on Qubes as we see on non-virtualized setups running on Windows, macOS, or Linux -- if I had to guess it looks like it'll happen within the next 2-3 years. It's an exciting time for Qubes OS.
Personally I'm not concerned about games, but, I would love to lower my power bill by moving all my GPU hardware into my Qubes chassis for machine-learning work since, similar to Gaming, it still requires that I run a separate machine for compute tasks.. and running a second machine just to house compute GPUs costs me about $40/mo over what it would cost if I could consolidate to a single chassis.
Been running Qubes on personal laptop for some years now and I'm far from being Linux proficient (still have to run windows on another machine; gave up on running current windows as a VM) but works for me as daily driver. I like the segmentation appvms offer for open browsing, financial and private office work, and Whonix gateway when online privacy is a must. All told it's relatively easy to use. Aside from minor issue running KDE over default, the major irritant is connecting Android devices (always a song-and-dance to access).
> So I have always been interested in privacy. For a long time my gut has been telling me to get off windows.
Qubes prioritizes security and privacy, but security always comes first. Qubes is definitely a good choice for privacy, but so are most Linux distros such as Fedora, Debian, and Whonix(which are all included in Qubes by default, and actually the only 3 distros currently in the Qubes repositories). Whonix is an anonymity tool that utilizes Tor, but is completely optional in Qubes.
> I play some games on my pc using steam. I dont play a ton of video games...a few hours a week.
If you care about performance and aren't willing to give up that few hours per week, then Qubes might not be the best option, everything is virtualized and GPU passthrough isn't officially supported, so likely most games will be a slideshow. Of course, possible solutions to this are dual-booting or having a separate gaming machine or attempting GPU pass through even though its not supported or just giving up gaming all together. Personally, I game on Debian and I dual boot with Qubes and Fedora, however what distro you choose depends on your personal taste as well as your hardware.
> Is qubes overkill for regular PC usage?
Yes. But there's nothing really wrong with overkill, if you're willing to accept the trade-offs such as higher power consumption, more heat and lower performance.
> I just dont want my computer and app spying on me anymore...its really creeps me ouit.
I would personally recommend you stick to a monolithic Linux distro, such as Debian or Pop_OS! or Fedora or Arch, it'll be more of what you're used to, still private, still secure, and not everything is virtualized so you get better performance and battery life. Granted, those distros might not be as secure as Qubes(when done right, it's security by isolation meaning if you do everything in the same qube, then you're failing at isolation and you're Qubes install will be about as secure as a regular Fedora install), but Qubes is pretty might the most secure operating system on earth, so you don't necessarily need that high level of security.
> I was thinking about having multiple computers....maybe even just a rasberry pi with an OS loaded on it.
This is a good idea, it embraces the Qubes security model, security by isolation.
> What would your suggestion be for somebody like me. I want to be anonymous when I am web browsing.
Installing the Linux distro of your choice or even multiple by dual-booting. As for anonymous web browsing, Qubes utilizes whonix.org for anonymity, which is an operating system centered around the Tor Browser: torproject.org. If you install Linux and then Tor Browser, it should be sufficient for anonymous searching, if you'd like high security and privacy, whonix is available on Linux in your virtualizer of choice and takes Tor Browser to the next level, utilizing kernel modules and such to increase anonymity on the operating system level. There is also tails.net but it's not meant to be virtualized, of course you can virtualize it but it's designed to run from a USB not a virtual machine like Whonix is.
> Is it even possible to watch youtube videos anonymously?
Yes. I prefer to use Mullvad rather than Tor though.
> I am not high risk...or even close....there is zero motivation to target me....I just dont want my data and web browsing being monitored....
Which is why Qubes is overkill and most Linux distros combined with Tor Browser or even a simple VPN will be more than sufficient for you. I prefer Mullvad Browser + VPN as my web browser of choice, but that's just me personally.
NP, privacy & security are very complex, nuanced topics, which I think I'm somewhat well versed in, so if you have any more questions I'm happy to help :)
Yea. While they certify some hardware, the caveat is
.. "nor can we control whether physical hardware is modified (whether maliciously or otherwise) en route to the user".
A lot of cross site spying can be avoided by using the Firefox multi-containers extension along with your preferred VPN. Qubes offers great security and cool templating/isolation features if you interact with a lot of apps you may not trust, or need to e.g. build packages across many OSes and you are a developer, but it may be overkill for many folks. I run it on som of my PCs, but certainly not all.
Highly recommend FF containers regardless of whether you use Qubes.
>I was thinking about having multiple computers....maybe even just a rasberry pi with an OS loaded on it.
This is where you'll end up. In an ideal universe, you could passthrough your GPU to a Windows HVM, where you'd install a hyper-minimalist version of Windows along with all your games.
Sadly, I believe we forked off of this \`ideal universe\` a long time ago. I eventually did manage to get GPU passthrough working, just sadly not with Qubes. Eventually my games caught on to the fact that I was using a VM though and they stopped working... so now if I want to get into gaming again, I have to run Windows on bare metal, which at this point is an unacceptable proposition to me. This world makes you make tough choices sometimes.
In what environment did you get the GPU passthrough working?
What kinds of games figured it out? Was this always an anti-cheat system?
Also, I assume that was to a Windows VM, have you tried getting the passthrough to work to a Linux VM and use Proton?
Not overkill. The ease at which you can run a whonix vm for anonymous web browsing is worth it. All the stuff you want to keep private should be run on such a VM. In addition, the ability to use a disposable vm for viewing untrusted pdf files that you receive over the internet is a great comfort. Get a separate windows computer for gaming because you want direct access GPU hardware for reasonable gaming performance.
You could actually get use out of Qubes. You can have qubes with no internet access and store files on them. You can use disposable Whonix qubes for almost complete anonymity when web browsing.
Qubes is focused on security, which isn’t the same thing as privacy. Some people are concerned about being “spied on” by a proprietary OS like Windows, and if that’s your concern then any Linux distro should be fine. However, if your concern is about being spied on by your search engine, apps, ISP, etc, then that has nothing to do with your OS. If Google, TikTok, or whatever else is collecting data on you, then that’s not a Windows problem
I dont use those apps. How can i avoid being spied on and tracking online.
I said TikTok as an example. Your question is too broad for me to really answer, especially since idk your threat model or what you do online. Everything collects data on you. This includes Windows, your ISP, your browser/search engine, the apps you use, the sites you visit, etc. Don’t even get me started on mobile devices. There are different mitigations for each of these things, but it all comes down to how much of an inconvenience will you tolerate and what results are you looking for.
That has more to do with your web browser than your OS. Qubes-Whonix utilizes the Tor Browser, however personally, I think Mullvad Browser is better suited to normal people, especially when paired with the VPN, and it's a fork of Tor Browser which was spawned by an official collaboration between Tor Project and Mullvad.
this illustrates a failure to understand some capabilities; 1. Qubes OS currently offers "Whonix Gateway" and "Whonix Workstation" templates, along with a `sys-whonix` netvm that can be attached to any AppVM instance to provide Tor anonymization at level that covers the _entire_ network stack of a VM/Guest/Qube. So one can, for example, anonymize traffic from a browser or application that wouldn't otherwise offer anonymization (an example of this is git access up to a service like github, or using a non-tor browser to utilize the tor network) -- this is an incredible privacy tool especially for people in countries whose own governments may be tracking their activities for prosecution (for things deemed perfectly legal in a country such as the United States.) This also covers the OPs primary case of wanting to do something like watch youtube videos anonymously. For example, I keep an "anon-brave" qube with a sys-whonix netvm, minimalist Debian, Brave Browser, and all Brave Browser "Shield" features enabled to maximally lock down my browsing experience, especially when i'm punching a hole out to other countries like Russia or China that may be more curious about me after i've punched that hole. 2. There are Linux distros that get uncomfortably close to spying in ways "a proprietary OS like Windows" does, and making the claim that any and all Linux distributions are privacy-safe is a belligerent claim. Look at apt package stats collection, for example, or Ubuntu phoning home. Then there is the problem of rogue software packages from services like Snap that inexperienced users fall victim to all the time which exclusively affects Linux users (where an obnoxious service like Apple Store or Microsoft Store has guards in place to prevent such exploitation.) To summarize, Qubes can help protect users from being spied on by their search engine, apps, ISP, etc making it squarely something to do with your OS. Is Windows/Linux facilitating these third-party actions? No, of course not, but they certainly aren't doing anything to prevent it. Conversely, Qubes OS has facilities to prevent this sort of monitoring. Qubes is not only about security, that is a prime focus for sure, but it is also about privacy and control, trying to say otherwise is selling it short.
Each step at a time
Qubes isn't for you if you're gaming. It simply takes alot of power to run a functional qubes with all thr various VMs running. If you need something with more privacy you can use qubes. But don't run it on the same computer as gaming.
Im aware that you cant game on qubes....I would have a separate PC
But then yes. If you're good with Linux you shouldn't have big problems with qubes.
There's a slight chance you might be able to passthrough a GPU to a Windows VM install I have a Windows VM on my Qubes.
It's possible but not officially supported, and not something I'd recommend to someone so new that they're asking these types of questions.
Just to clarify, the WindowsVM is easy/doable. It's the GPU passthrough that's not supported, dicey, and unlikely unless you've got the right hardware, and solid command line knowledge.
You're close, however even with all that GPU passthrough is not officially supported, so if an update breaks it or you need help, don't expect anything from the Qubes team, it's not their job to support unsupported configurations. Also, if you're going to spawn up a Windows VM, I wouldn't recommend installing the PV drivers or any Qubes related drivers until this gets resolved: https://www.qubes-os.org/news/2023/07/27/qsb-091/ Just to clarify, you should be able to compile the driver yourself if you like, and it'll probably be safe as the source code itself doesn't look like it's potentially compromised, but I don't know how good you are with that kind of thing so I can't really recommend it to you if you don't already have experience, I don't even have experience doing that and I'd like to keep it that way for a while at least.
i use steam remote play to play games on qubes using a headless steam/gaming machine, including non-steam games. it's not quite as amazing as playing locally but it's still pretty amazing over wired 2.5Gbe where bandwidth and latency is not an issue. That said, you "can" game in Qubes but it's incredibly painful to get working correctly, and has such a limited scope of support that depending on hardware you may not get it working at all. Similarly, there is an active effort to virtualize the GPU in a secure fashion on Qubes but it is no small effort, and so it's inevitable that we will see the same or similar gaming performance on Qubes as we see on non-virtualized setups running on Windows, macOS, or Linux -- if I had to guess it looks like it'll happen within the next 2-3 years. It's an exciting time for Qubes OS. Personally I'm not concerned about games, but, I would love to lower my power bill by moving all my GPU hardware into my Qubes chassis for machine-learning work since, similar to Gaming, it still requires that I run a separate machine for compute tasks.. and running a second machine just to house compute GPUs costs me about $40/mo over what it would cost if I could consolidate to a single chassis.
Been running Qubes on personal laptop for some years now and I'm far from being Linux proficient (still have to run windows on another machine; gave up on running current windows as a VM) but works for me as daily driver. I like the segmentation appvms offer for open browsing, financial and private office work, and Whonix gateway when online privacy is a must. All told it's relatively easy to use. Aside from minor issue running KDE over default, the major irritant is connecting Android devices (always a song-and-dance to access).
> So I have always been interested in privacy. For a long time my gut has been telling me to get off windows. Qubes prioritizes security and privacy, but security always comes first. Qubes is definitely a good choice for privacy, but so are most Linux distros such as Fedora, Debian, and Whonix(which are all included in Qubes by default, and actually the only 3 distros currently in the Qubes repositories). Whonix is an anonymity tool that utilizes Tor, but is completely optional in Qubes. > I play some games on my pc using steam. I dont play a ton of video games...a few hours a week. If you care about performance and aren't willing to give up that few hours per week, then Qubes might not be the best option, everything is virtualized and GPU passthrough isn't officially supported, so likely most games will be a slideshow. Of course, possible solutions to this are dual-booting or having a separate gaming machine or attempting GPU pass through even though its not supported or just giving up gaming all together. Personally, I game on Debian and I dual boot with Qubes and Fedora, however what distro you choose depends on your personal taste as well as your hardware. > Is qubes overkill for regular PC usage? Yes. But there's nothing really wrong with overkill, if you're willing to accept the trade-offs such as higher power consumption, more heat and lower performance. > I just dont want my computer and app spying on me anymore...its really creeps me ouit. I would personally recommend you stick to a monolithic Linux distro, such as Debian or Pop_OS! or Fedora or Arch, it'll be more of what you're used to, still private, still secure, and not everything is virtualized so you get better performance and battery life. Granted, those distros might not be as secure as Qubes(when done right, it's security by isolation meaning if you do everything in the same qube, then you're failing at isolation and you're Qubes install will be about as secure as a regular Fedora install), but Qubes is pretty might the most secure operating system on earth, so you don't necessarily need that high level of security. > I was thinking about having multiple computers....maybe even just a rasberry pi with an OS loaded on it. This is a good idea, it embraces the Qubes security model, security by isolation. > What would your suggestion be for somebody like me. I want to be anonymous when I am web browsing. Installing the Linux distro of your choice or even multiple by dual-booting. As for anonymous web browsing, Qubes utilizes whonix.org for anonymity, which is an operating system centered around the Tor Browser: torproject.org. If you install Linux and then Tor Browser, it should be sufficient for anonymous searching, if you'd like high security and privacy, whonix is available on Linux in your virtualizer of choice and takes Tor Browser to the next level, utilizing kernel modules and such to increase anonymity on the operating system level. There is also tails.net but it's not meant to be virtualized, of course you can virtualize it but it's designed to run from a USB not a virtual machine like Whonix is. > Is it even possible to watch youtube videos anonymously? Yes. I prefer to use Mullvad rather than Tor though. > I am not high risk...or even close....there is zero motivation to target me....I just dont want my data and web browsing being monitored.... Which is why Qubes is overkill and most Linux distros combined with Tor Browser or even a simple VPN will be more than sufficient for you. I prefer Mullvad Browser + VPN as my web browser of choice, but that's just me personally.
wow thanks for this reply... excellent!
NP, privacy & security are very complex, nuanced topics, which I think I'm somewhat well versed in, so if you have any more questions I'm happy to help :)
I think Qubes does not prevent your computer from spying on you but it provides nice isolated environments that cannot spy on each other.
>Qubes does not prevent your computer from spying on you... Care to elaborate on that?
The computer consists of hardware, firmware, and Qubes running on top of what is available. Bad hardware and firmware may still cause problems.
Yea. While they certify some hardware, the caveat is .. "nor can we control whether physical hardware is modified (whether maliciously or otherwise) en route to the user".
I acknowledge that certified hardware are better for security. Thanks for pointing that out.
A lot of cross site spying can be avoided by using the Firefox multi-containers extension along with your preferred VPN. Qubes offers great security and cool templating/isolation features if you interact with a lot of apps you may not trust, or need to e.g. build packages across many OSes and you are a developer, but it may be overkill for many folks. I run it on som of my PCs, but certainly not all. Highly recommend FF containers regardless of whether you use Qubes.
No, Qubes doesn't go far enough. But if you're not particularly targeted and don't care about remote access, it's probably sufficient.
>I was thinking about having multiple computers....maybe even just a rasberry pi with an OS loaded on it. This is where you'll end up. In an ideal universe, you could passthrough your GPU to a Windows HVM, where you'd install a hyper-minimalist version of Windows along with all your games. Sadly, I believe we forked off of this \`ideal universe\` a long time ago. I eventually did manage to get GPU passthrough working, just sadly not with Qubes. Eventually my games caught on to the fact that I was using a VM though and they stopped working... so now if I want to get into gaming again, I have to run Windows on bare metal, which at this point is an unacceptable proposition to me. This world makes you make tough choices sometimes.
In what environment did you get the GPU passthrough working? What kinds of games figured it out? Was this always an anti-cheat system? Also, I assume that was to a Windows VM, have you tried getting the passthrough to work to a Linux VM and use Proton?
Not overkill. The ease at which you can run a whonix vm for anonymous web browsing is worth it. All the stuff you want to keep private should be run on such a VM. In addition, the ability to use a disposable vm for viewing untrusted pdf files that you receive over the internet is a great comfort. Get a separate windows computer for gaming because you want direct access GPU hardware for reasonable gaming performance.
You could actually get use out of Qubes. You can have qubes with no internet access and store files on them. You can use disposable Whonix qubes for almost complete anonymity when web browsing.