So, I recently upgraded my GrapheneOS Pixel 7a to a GrapheneOS Pixel 9a and realized I can use Android 16’s desktop mode now.
I also have a Dasharo/Coreboot MSI Z790-P desktop PC with Secureblue currently installed on it. Was using Qubes OS previously and may go back.
Between desktop mode on my GrapheneOS phone and Qubes OS/Secureblue on my desktop, which offers me the most privacy and security?
For context, I’m more of a casual user. I’m not really a gamer these days. Honestly, most of my day to day use is just browsing Reddit and watching YouTube. I don’t use any “social” media neither.
Like I always say, there is no objective metric(s) against which to measure and evaluate for what’s most private or secure as I see it. This would all depend on your threat model, your use case, and the number of conveniences you’re willing to give up.
GOS desktop mode is far from complete and stable. I suggest you use what you’re using right now which are great options as it is.
Then even what you’re using for desktop is overkill. Simply using Fedora Workstation or Silverblue at most should be more than enough.
The virtualisation model of Qubes is neat, but it doesn’t change that the Linux hosts running within the VMs are still extremely insecure. It therefore requires meticulously confining your activities to separate VMs to get any meaningful benefit.
Desktop OSes lack even the most basic security features available on mobile including far more secure hardware, proper verified boot to prevent persistent malware, mandatory sandboxing with a general principle of least privilege, etc. GrapheneOS is also extremely privacy friendly with zero telemetry and all default connections are thoroughly documented..
While you’re not wrong, OP is asking for desktop privacy & security. And GOS desktop mode is indeed nowhere near where one can use it everyday and reliably.
But yes, once this is matured/developed more, GOS desktop mode will be it. I guess I should not say objectively no metric. I was more thinking on the lines of what’s secure and private for one may not be enough for another. Hence, no one size fits all.
This is simply objectively false. Security and privacy are not based on a vibe, as you seem to think. There are countless objective measures of security, like attack surface, threat models, cryptographic strength, etc.
It works perfectly reliably for me every day. Anyways, I think I made it very clear that my answer specifically focuses on what is more secure and private. They can then reach their own conclusions based on their needs and own experimentation rather than me guessing for them.
Perhaps PG can educate with another deep dive article on how to evaluate and the number of ways to measure it objectively. It would once and for all be an answer to similar questions that gets asked every now and then.
I’m sure this information is available elsewhere but not knowing which source to trust more and believe is the concern PG can help resolve too. If you’re an expert, you can do it yourself with a community wiki if you’re amenable to some effort and willingness to explain more and teach. Whenever I am wrong, I’d like to learn how and why.
They’re actually getting better in this regard. The Whonix-Qubes templates are now supporting Wayland with LXQT (or at least the experimental versions of the template). I’m sure its possible to manually create a qube with SecureBlue but I haven’t tried that yet.
The qubes security model assumes that the VMs themselves are insecure so its pretty much a requirement that you compartmentalize.
Perhaps I could’ve worded it better. My point was that the hosts are still ordinary desktop Linux distros with all the shortcomings of desktop operating systems that entails. Qubes’ strength is in the broader VM architecture, not in the security of the individual hosts. For example, if you do all your browsing in one VM, you gain very little from using Qubes. Ideally, you would separate sites by VM to get the most out of Qubes, but that would be quite inconvenient.
My understanding is that it does at least at boot. Obviously, you could still have malware that continuously infects a device after that, but persistent compromise of the OS and/or firmware should be effectively prevented. That, though, would be prevented by factory reseting from fastboot.
https://xcancel.com/GrapheneOS/status/1995605127689068977#m
Someone could install malicious apps and grant permissions like accessibility service access. As long as there are no hardware implants, the combination of checking the verified boot key fingerprint and wiping data from recovery will purge anything.
https://xcancel.com/GrapheneOS/status/1947731165613555945#m
GrapheneOS only supports devices with verified boot and downgrade protection for the firmware and OS. It isn’t possible to simply install persistent malware. It would be far more realistic to take apart the device and put a tracking device in it than what you’re describing.
I’m under the impression most of Qubes security is inherited from Xen, which is ridiculously secure. Even if a singular qube is compromised, the system remains protected. So the standard linux templates dont really represent a vulnerability to the system, just the singular qube & its limited contents
That said, I would love to see SecureBlue ported as a template, but Qubes does not currently support Wayland
But I’m really just arguing semantics here, I agree GOS desktop mode is probably superior