Hacker News new | past | comments | ask | show | jobs | submit login

If you consider specific listed threats as not a real threat model, then what else would you like to know? The threats are real and I value my data and privacy a lot. Also, I want to support a great OS by using it and spreading the word. Personally, using Qubes for me is not as hard and limiting as people think. It's the opposite: It improves my data workflow by separating different things I do on my computer.



Data being stolen (or getting ransomwared or whatever) from my personal machine is something I expect to happen maybe once or twice a lifetime as a baseline if I have like a bare veneer of security (a decent firewall on the edge, not clicking phishing links). I silo financial information (and banks also have security) so such a breach is extremely unlikely to be catastrophic. In general I don't find this to be worth caring about basically at all. The expectation is that it will cost me a couple weeks of my life as like an absolute worst case.

That is roughly equivalent to dealing with a security related roadblock to my workflow for 1 minute every day (or 10 security related popups that i have to click that cost me 6 seconds each or one 30 minute inconvenience a month). I think that even having the UAC popups enabled on Windows is too steep a price to pay.

I think security like this matters in places where the amount of financial gain for a breach is much much higher (concentrated stores of PII at a company with thousands of users for example) because your threat model has to consider you being specifically targeted for exploitation. As an individual worried about internet background hacking radiation it doesn't make sense for me to waste my time.


Thank you for the interesting arguments.

> I silo financial information (and banks also have security) so such a breach is extremely unlikely to be catastrophic

So you are doing manually what Qubes OS does automatically: security through compartmentalization.

> The expectation is that it will cost me a couple weeks of my life as like an absolute worst case.

This sounds quite reasonable but ignores privacy issues and issues with computer ownership with Windows; I guess you also don't care about that.

I do agree that using Qubes wastes more of my time than your estimates; however it also, e.g., encourages 100% safe tinkering for those who like it, prevents potential upgrade downtime, enables easy backup and restore process and more.

> I think security like this matters in places where the amount of financial gain for a breach is much much higher (concentrated stores of PII at a company with thousands of users for example)

How about owning crypto?


If I owned crypto I would store the keys on a medium that people don't expect to find keys on and it would definitely not be live. (example, laser etched barcode into a rock)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: