{"id":2759,"date":"2026-05-02T15:39:27","date_gmt":"2026-05-02T21:39:27","guid":{"rendered":"https:\/\/fallingworks.com\/blog\/?p=2759"},"modified":"2026-05-02T15:39:32","modified_gmt":"2026-05-02T21:39:32","slug":"qubes-os-a-privacy-operating-system","status":"publish","type":"post","link":"https:\/\/fallingworks.com\/blog\/2026\/05\/02\/qubes-os-a-privacy-operating-system\/","title":{"rendered":"Qubes OS – A Privacy Operating System"},"content":{"rendered":"\n

A quick disclaimer to start off – this is not an in depth examination or review of Qubes OS. Qubes OS has a picky list of requirements that most people would not be looking for. Instead, this just my experiences and neat things I tried while taking the OS for a test drive. <\/p>\n\n\n\n

Qubes OS, “A reasonably Secure Operating System” as the distro’s website<\/a> declares, is a privacy and security focused operating system which heavily leverages (Xen) virtualization technology to isolate critical OS components to reduce the chances of the whole system being compromised. In other words, the virtualization technology of Xen provides the ability to used trusted environments for things like online banking or working from home and also create temporary (or untrusted) environments that provide a clean slate without the risk information being spread preventing shady websites from drop malicious browser plugins or scrape session tokens to hijack a Discord account.<\/p>\n\n\n\n

Below is a diagram borrowed from the Qubes OS site<\/em> describing how it all works .. which can be a little complicated. The key part of the diagram is that everything is separated from everything else mostly<\/em>. A thumb drive that is plugged in does not get to talk to the network or the hypervisor (the thing that runs the show) because that drive is isolated to its own little world. <\/p>\n\n\n\n

\"Qubes
Qubes OS Trust Diagram<\/figcaption><\/figure>\n\n\n\n

That isolation of components opens the door for some cool tricks. <\/p>\n\n\n\n

\"Untrusted
2 Firefox enter only 1 is trusted<\/figcaption><\/figure>\n\n\n\n

Cool tricks like having a Firefox session that remembers all my personal settings, history, plugins, and so on while running another session that remembers nothing. But I can the comments now – “So what? Big deal, that can be done with a private window” which is true, but this forgetful Firefox that remembers nothing has a special trick. When I start the forgetful Firefox (also known as Firefox running in a disposable qube), a second qube is started to provide the internet for forgetful. That other network qube starts up and begins running a VPN connection so the forgetful Firefox and ONLY the forgetful Firefox is running through a VPN connection. <\/p>\n\n\n

\n
\"Starting
Starting a VPN qube<\/figcaption><\/figure>\n<\/div>\n\n\n

Of course you can have applications OTHER than Firefox, but the concept is similar each one runs in its own little world and can only interact with other applications in that little world. For instance, in the image below, all of these applications in Yellow will all run in the “Personal” qube and keep all those settings and options isolated to just those applications, which is great for testing things OR maintaining different levels of anonymity. <\/p>\n\n\n

\n
\"Personal
Personal Apps<\/figcaption><\/figure>\n<\/div>\n\n\n

Of course in the event you want to have a completely different set of apps, say a test set or a work set, you can create a different qube that has just those apps. <\/p>\n\n\n

\n
\"New
New qube<\/figcaption><\/figure>\n<\/div>\n\n\n

Qubes OS is not too great for gaming and playing very high quality videos will likely studder since most of the system is a bunch of virtual machines (and resources are shared between qubes). So if you want to be paranoid about privacy or security you might want to take a look, and if you want to be ULTRA paranoid the installer provides options to encrypt the hard drive at install time.<\/p>\n","protected":false},"excerpt":{"rendered":"

A quick disclaimer to start off – this is not an in depth examination or review of Qubes OS. Qubes OS has a picky list of requirements that most people would not be looking for. Instead, this just my experiences and neat things I tried while taking the OS for a test drive. Qubes OS, … Continue reading Qubes OS – A Privacy Operating System<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bluesky_dont_syndicate":"","_bluesky_syndication_accounts":"","_bluesky_syndication_text":"","footnotes":"","_share_on_mastodon":"0"},"categories":[46],"tags":[],"class_list":["post-2759","post","type-post","status-publish","format-standard","hentry","category-software"],"share_on_mastodon":{"url":"https:\/\/techhub.social\/@fallingstuff\/116507146472604403","error":""},"_links":{"self":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/2759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/comments?post=2759"}],"version-history":[{"count":8,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/2759\/revisions"}],"predecessor-version":[{"id":2791,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/posts\/2759\/revisions\/2791"}],"wp:attachment":[{"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/media?parent=2759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/categories?post=2759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fallingworks.com\/blog\/wp-json\/wp\/v2\/tags?post=2759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}