ava on Nostr: If your doing extremely "sensitive" stuff and your threat model involves the ...
If your doing extremely "sensitive" stuff and your threat model involves the likelyhood of forensics, a second laptop + tails is a very good option for those activities. It's not really designed for daily driving like Qubes.
It is best OPSEC practice to always turn off and OS, including a hardened one like QubesOS when not in use. Qubes sys-usb VM protects against evil-mail attacks and the like, but as with any OS...
If an adversary has the ability to perform forensics and has access to your daily driver, compromise should be assumed.
Use Luks for encrypting QubesOS drive with a strong passphrase (remember though people could torture you or family members until you give it up).
Store sensitive files using Veracrypt + hidden volume (you could even go so far as to bind folders that leave forensic footprints to this volume) to provide "plausible deniability". Veracrypt works on both QubesOS and Tails.
It's all about layers and multi-layered encryption (i.e. encrypt the encryption decryption with layers of encryption). The more layers you can put between an adversary and your data, the more time and money or criminal risk it will have to be worth for them to get to your data.
It is best OPSEC practice to always turn off and OS, including a hardened one like QubesOS when not in use. Qubes sys-usb VM protects against evil-mail attacks and the like, but as with any OS...
If an adversary has the ability to perform forensics and has access to your daily driver, compromise should be assumed.
Use Luks for encrypting QubesOS drive with a strong passphrase (remember though people could torture you or family members until you give it up).
Store sensitive files using Veracrypt + hidden volume (you could even go so far as to bind folders that leave forensic footprints to this volume) to provide "plausible deniability". Veracrypt works on both QubesOS and Tails.
It's all about layers and multi-layered encryption (i.e. encrypt the encryption decryption with layers of encryption). The more layers you can put between an adversary and your data, the more time and money or criminal risk it will have to be worth for them to get to your data.