I think adding a knowledgebase page on virtualization can be extremely helpful for the privacy community. I don’t necessarily think there should be any tutorials for setting up virtual machines since there are tons of ways it can be set up, and for different operating systems/distros, but talking about the technologies behind them would be useful. Since there are a lot of virtualization technologies, I think the page should go over them first and foremost.
I was recently pretty new to virtualization and didn’t know where to start learning about them, but then I found this post and thought it was extremely helpful.
There should also be OPSEC tips to maximize security and privacy. Compartmentalization is often cited as a good OPSEC tip, and I think virtual machines are perfect for that. For example, I currently compartmentalize my school-related stuff into a specific virtual machine for privacy purposes and for convenience since my school requires Windows 11 and various Microsoft services, of which I personally don’t use. Other workflow tips would be useful too.
The page should also mention use-cases and “downsides” to virtual machines: situations where they should be used but also when they’re useless.
While we’re at it, there could also be a new recommendations category for virtualizers. I currently use virt-manager as a GUI and recommend it along with QEMU/KVM for CLI, although this also has GUIs.
although I’m not sure what config a VM really needs to be more secure.
I’m talking more about workflow than anything else, but one technical thing I’ve come across is that virtual machines can split traffic, which can suck if your goal is to hide your IP. If you have a VPN enabled on your host machine with the intention to pass it onto the virtual machine, it may not go through and you’ll be leaving your virtual machine with your own IP instead.
I’m not sure how often that occurs, but it’s one thing. I’m sure others can find more to go over.
There’s really not any privacy differences between libvirtd, lxd (vms), xen, virtualbox, hyperv, bhyve etc. There are reasons you may want to use one over the other.
Having said that, I do want to look into a systemd-homed guide at some point. We recommend full disk encryption, but that doesn’t really come with any deniability.
A portable encrypted home directory may have some benefit when sharing a computer for example.
I think I agree. Honestly I’m not sure a VM-heavy workflow is the right approach for most people outside of Qubes. The host OS requires ultimate trust and thus is almost never suited for running desktop VMs in a non-Qubes environment. I think our efforts might be better spent working on a Qubes configuration guide: