Maybe I’m taking this too seriously, but I’ve already been segregating my activities with three different phones so I’m sort of used to doing it. Now I want to do it with PCs.
At home, I already have two different ISPs due to the nature of my work so I need a fallback service for enhanced reliability so I have two different public IPs.
One idea I have in mind is to install Proxmox on each of the PCs I buy. Then install the OS on each of the VMs I create.
The other idea is to install the OS bare metal.
To keep costs low, I’ll be buying the PCs used, but I’ll be buying new SSDs.
Will this setup enhance my privacy? I’m sort of worried that using Proxmox might make things too complicated and compromise my privacy and security.
I also have Mullvad. So if you guys were in my shoes, how would you set this up to enhance your privacy and make it as difficult to be tracked and profiled? I’m assuming every machine should have a different IP. If using KVMs to make it easier to switch from one PC to another, could my privacy be compromised?
To be very clear, I’ll make sure Google and Meta accounts are also never used on the web browsing machine. Any time I need to sign into an account, I’ll be using a dedicated machine for it.
I am in your shoes. I have a qubes laptop, mac, linux desktop, and windows pc. All are old, and the latter three are mostly treated as untrusted.
Qubes-os is made for this. But It has two limitations relevant to this. Nested virtualization and gpu acceleration. There are ways around it in both, but this is where that other hardware your getting comes in. Do all you can in qubes, making vms as needed. This way, you only need to keep passwords in, and backup one machine.
Then treat your other machine(s) as untrusted. For example, playing video games or copying code to them for testing. You can freely wipe and reinstall the untrusted machines. If you know configuration management, like ansible, you can manage them with that making wiping and repurposing easier.
If one is for gaming, make a steam buying account with its own qube on your main laptop, to gift games to your steam playing account on your gaming desktop. Bazzite is a good os for this. Since Steam backs up all your games, you don’t even need to back it up.
If you must run windows, install it with a local account only. Not a microsoft account. Theres a cat and mouse game going on here, so you’ll have to look up the current work around. Or maybe someone here can reply with it. You’ll want to back up your installer because the local account only workaround will probably change again by the time you re use it. Or make a dummy MS account for installation and never log into it after installation. So far, I’ve been able to not have an MS account, even though I made a dummy one and used it to log into minecraft.
If one of these is a mac, you can turn on ssh and push to or backup all its files from qubes too. But its own time machine will be more efficient if those are large files.
I have a main desktop PC that I built, a second hand desktop for my Nextcloud server, another second hand desktop PC for Monero, and a laptop for work, also second hand. I keep activities totally separated on each device.
I’m guessing this isn’t a very popular topic given the lack of responses. I know I’m in the minority with two ISPs at my home, but can my privacy be enhanced with two different public IPs even though I use a VPN?I’m assuming no matter what site or app I use, they won’t see my public IP anyway and will only see my VPN’s IP.
In short, no. Based on the threat model youve described, you gain no additional privacy with multiple machines. QubesOS achieves the same effect on single machine, with less complexity & attack surface. This is your solution. Although, the separation/isolation you describe is admittedly more of a security feature than one of privacy
I don’t believe this accomplishes anything, unless your threat model expects a targeted attack through an ISP. Multiple ISPs provides redundancy in the event of a DoS attack on one. And if your ISP is truly malicious & targeting you, I can imagine a situation where you would want to access the internet without their knowledge whatsoever. But those are security & anonymity issues, respectively. As you’ve already noted, a (trusted) VPN does indeed already make your internet activity completely private from ISPs
Multiple WAN links and multiple machines don’t really buy you any additional privacy, but there are good reasons for backup hardware and connectivity regardless. With more hardware you can also run more services locally, and this does meaningfully increase your privacy. This includes file storage, Internet-of-Crap substitutes, email, perhaps some AI models if you have good GPUs available. I don’t use any cloud services at all for my personal stuff.
Note that you don’t necessarily need more or new hardware. Don’t be afraid to work the machines that you already own harder. Any desktop, preferably running Linux, can do all of the above while still serving as a normal workstation.
Have you looked at Tor? Qubes comes with whonix, which is a good way to use tor. Only one isp needed.
Multiple isps is still good for redundancy.
In qubes, each appvm gets a network vm connection, so you can have multiple interfaces and connect them to different appvms. For example, one can go to ethernet while the others use wifi. Or you can have multiple wifi adapters, each getting its own net and firewalls qubes.
I don’t see any privacy benefits in separating the “web browsing machine” from the “rest of the work machine“. You could get a security benefit with such a setup, but that depends on it’s implementation.
If you want to separate work life from private life, separate computers are a must, but it doesn’t really matter how you do it. I’d prefer separate hardware and a KVM switch, if I had space constraints. If I had provide my own hardware for work, I’d consider putting my work computer inside a VM on my private computer, but that depends on the hardware requirements of my work applications (like a GPU).
Maybe I don’t understand the goal very well. I have a private life / work separation on my phone too, using shelter. So I can install the view apps my employer encourages to have separated from my private life. I could get a separate phone for work, but then I had two phones to carry and charge and things like using a Bluetooth headset would get more complicated.
I prefer not to mix work and personal life. I even have a work phone, and I use it exclusively for that purpose.
Just to be clear, and I feel like I’m repeating myself here, I didn’t sign up with any other ISP because of a threat model. I have to work and make money. Internet redundancy is paramount.
We understand why you have several ISPs (work). Regardless, this comment:
…sounds like you are asking if multiple public IPs, from different ISPs, offers any privacy benefit. The reason you have more than one to begin with (work) doesnt appear to matter in this context