The team behind #SecureDrop (open source whistleblower platform originally created by Aaron Swartz) has been investigating the use of #QubesOS for building an integrated workstation for journalists using SecureDrop.
Folks interested in newsroom security, or the use of virtualization to mitigate digital security risks may want to check it out. Thoughts on this approach appreciated:
I've been using Qubes, as a curious adventurer, for a few years. I think its pretty widely regarded (by those that know their stuff) as offering the best security/privacy you can get on a PC.
Interestingly modern Apple/Pixel smartphones are probably more secure (see CopperheadOS).
I can see how a Qubes box set up just for this could be pretty solid.
For **ultimate** security I wonder how it compares to an air gapped machine though. A vulnerability in xen or Intel...
@rysiek @eloquence ME (could ME clean the laptops?) or ??? has got to bring into question having very valuable info on a box thats connected to the internet?
But ultimately nothing is secure, its a question of weighing everything up (makes my head spin) & this approach could make lots of sense for some.
Guess I'm probably not telling you anything unknown/useful.
Nice to see Qubes potentially providing utility for these types of orgs.