search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
541 stars 48 forks source link

Create "Who uses Qubes" or "Why use Qubes" section #1906

Closed bnvk closed 3 months ago

bnvk commented 8 years ago

We need some user friendly content that explains Who should use Qubes users base. The Tor project has a nice one.

This relates to #1833 @mfc are you up for working on this?

andrewdavidwong commented 8 years ago

As I brought up in the discussion of #1833, it's not really clear to me who exactly the intended userbase of Qubes is. I think it's a high-level project decision that ought to be consciously made. In some respects it doesn't matter (for example, it won't change the security-oriented nature of Qubes), and many different answers can be justified. But, for the purpose of writing for one's audience, it's important to have an idea of who that audience is.

mfc commented 8 years ago

First this should be framed "Who uses Qubes" not "Who should use Qubes". The should makes it into a value judgment which is unnecessarily thorny. Notice that the Tor page is not a value judgment (on the face of it).

We actually don't want to be listing like five categories of "types of people/users" if that means that some potential users (or current users) are not listed/captured. So that is one reason with the Tor page has "normal users", "high/low profile users", etc. So if we go this route we do want catch-all categories like that, and a mix of current users and desired users (just as Tor does implicitly).

I think more useful would be focusing on why someone would be interested in using Qubes -- malware protection, identity management, safely using Windows applications, etc. There is still no place that describes these things.

bnvk commented 8 years ago

yah @axon-qubes this is an effort to bring who that audience is into focus- it's not going to happen by not discussing it and not experimenting with our marketing and outreach :smile:

Sounds good on the framing @mfc I updated the title. Feel free to help create content you think is best. I've found much mileage in the "persona" style explanations. So perhaps mixing...

why someone would be interested in using Qubes -- malware protection, identity management, safely using Windows applications, etc.

...with some user persona's of real (and non-real) people from the categories I mentioned, and by no means being exhaustive about this. An example would be:

Picture of Isis Name: Isis Agora Lovecruft Job: Cypherpunk, Tor Project Core Developer Website: https://patternsinthevoid.net Quote: "With QubesOS, I feel more comfortable accessing Tor Project infrastructure from the same laptop as I use to execute random GameBoy ROMs that I downloaded from the internet." Setup: To do what Ms. Lovecruft is talking about, one simply makes a clone of their normal Debian or Fedora Template and then installs various emulators in that cloned Template. With this setup, if one plays a video game ROM, which happens to be infected with malware, no serious work, encryption keys, or server passwords get compromised, as the emulator and the game ROM are both isolated.

does this sound right @isislovecruft ?

isislovecruft commented 8 years ago

@bnvk Sounds pretty good! Maybe change my title somehow, because the first two things are things which I am, but I'm certainly not the entire Tor Project. :)

Also I'm not sure which readers this is targeted at, but maybe some basic Qubes explanation of "things are run in VMs based off of separate templateVMs" or something similar, in order to make it more clear that I'm not SSHing to bridges.torproject.org from my GameBoy emulator VM.

isislovecruft commented 8 years ago

Also, I'm not sure if I am a cypherpunk. Those people are cool.

bnvk commented 8 years ago

@isislovecruft thanks. Updated. Silly coma. You totes are a cypherpunk!

bnvk commented 8 years ago

adding as per @andrewdavidwong suggestion and @mfc feedback in QubesOS/qubesos.github.io#42

Picture of Snowden Name: Edward Snowden Job: Whistleblower and privacy advocate Website: https://edwardsnowden.com Quote: "Remember the 'I Hunt Sysadmins' presentation by @NSAGov? Make it hard for them. Use @QubesOS." Setup: ...to be written, but perhaps a "Sys Admin" configuration of Qubes with Split GPG, VPN, Standlone VMs, SSH keys in different VMs etc...

andrewdavidwong commented 8 years ago

Related (possibly duplicate): #1947

mfc commented 8 years ago

so i think this should be framed in terms of types of people/professions who use Qubes (like the Tor website has), rather than the people themselves. if we want to highlight people, either should be a quote on the main page or a "case study" that we promote (on the blog?).

I think I was a bit too harsh above about the differences between "use" and "should use", the Tor Project page actually says:

"Here are some of the specific uses we've seen or recommend."

and I think ours will likely also have some userbase projection to it.

below is a basic draft of one approach, that uses professions to frame different Qubes functionalities that may be relevant to them (#1947 could potentially be a source for some of these).

andrewdavidwong commented 8 years ago

Very helpful discussion of use cases and user stories: https://groups.google.com/d/topic/qubes-users/S32mraCRdac/discussion

andrewdavidwong commented 8 years ago

We can also add a use case for individuals who manage their finances digitally. I can write that one up once we have the page.

Jeeppler commented 7 years ago

@mfc you should differentiate between an user need and a technical solution to address it. You do that in most cases. However, you sometimes mix it up. For example, a everyday user actually does not have a need to "integrate Windows, Debian, Fedora and more applications within a single desktop environment". An everyday user, at least for my understanding, does not even know the difference between Windows, Debian and Fedora.

andrewdavidwong commented 7 years ago

you should differentiate between an user need and a technical solution to address it.

Agreed.

For example, a everyday user actually does not have a need to "integrate Windows, Debian, Fedora and more applications within a single desktop environment". An everyday user, at least for my understanding, does not even know the difference between Windows, Debian and Fedora.

But that's just a difference in the way you're using the term "everyday user."

Jeeppler commented 7 years ago

The problem with the group "everyday users" includes basically everybody who has Qubes OS installed on their main computer. The term is to general to be useful. All other terms are group specific, such as researcher or journalist.

There must be a term which describes an user who does not use Qubes OS for professional purposes and it would be beneficial to differentiate between levels of technical expertise. For example, home user surfer, home user technical enthusiast and home user professional. Home user professional would be somebody who uses Windows, macOS or Linux at work, but Qubes OS at home for personal projects or simply playing arround. Home user technical enthusiast could be everybody who does not work in the IT area, but developed an strong interest in computers and uses Qubes OS at home. home user surfer is somebody who uses Qubes OS for online banking, surfing etc. and really likes Qubes OS, but does not care about the technical details. Home user surfer did not install Qubes OS her-/himself instead somebody else installed it for him.

mfc commented 7 years ago

my aim was/is to include one category that was a catch-all, just as tor does with the "normal people" category.

Jeeppler commented 7 years ago

@mfc "normal people" is even more worse then "everyday users", because the opposite of normal is: abnormal?

mfc commented 7 years ago

opposite is "specialized use-cases", but yes it is less clear, hence me using "everyday users".

let's keep contributions to this thread actually moving it forward -- like filling out / improving some of the example use-cases. it's not going to go anywhere otherwise.

Jeeppler commented 7 years ago

@mfc Yes, I try to do exactly that. Please consider a better term then "everyday users".

Jeeppler commented 7 years ago

Useful for every user:

Technical Features:

Group Specific:

Jeeppler commented 7 years ago

this line:

visit media, whistleblowing, government, or corporate websites without them knowing it is you

sounds like anonymity. Even TOR can not provide absolute anonymity (bugs, zero-days etc. can jeopardize it)

mfc commented 7 years ago

sorry for the delay in responding, i really like your framing! i don't know if we want to pepper it with hyperlinks to different Qubes functionalities or if that would be overwhelming to the reader.

we might want stock images for the different groups similar to the Tor page, or graphics/icons to add some visual element to it.

tlaurion commented 6 years ago

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

marmarek commented 6 years ago

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

It is offtopic here... But the problem is not in passwords (you can change them at any time), but in LUKS key, you need to re-encrypt the whole disk, see here for example. We have done something different in the past: strip down the installer to ask only for LUKS passhprase. Write it into a partition, copy images/oem.img from there to the first partition (future /boot) and it will launch installer on the first boot.

tlaurion commented 6 years ago

@marmarek @mfc : Is there a OEM image permitting to change LUKS encrypted password and user passwords in a second stage, permitting to deploy those implemented persona as salt recipes, installing predefined softwares and customizations?

@marmarek : What about deploying specific softwares and configurations from custom salt recipes for defined personas from an external usb drive?

tlaurion commented 6 years ago

No, it is not. This doesn't change the actual encryption key (aka LUKS master key). You can see this with sudo cryptsetup luksDump --dump-master-key /dev/sda2 before and after luksChangeKey.

Sorry for the noise, @marmarek. I deleted my initial comment after reevaluating the facts.

Any discussion threads at hand of what led to r3.x-librem and why it was not used for QubesOS deployements on Librems?

andrewdavidwong commented 6 years ago

@tlaurion, please take off-topic discussion out of this issue and to the appropriate place (probably the qubes-users mailing list).

mfc commented 5 years ago
deeplow commented 3 years ago

Some other examples can be taken from:

kennethrrosen commented 3 months ago

Seems like this can be closed, or is there still documentation needed @andrewdavidwong ?

andrewdavidwong commented 3 months ago

Seems like this can be closed, or is there still documentation needed @andrewdavidwong ?

Closing as completed. If anyone believes this issue is not yet completed, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen it. Thank you.

(BTW: I'm no longer the website and documentation maintainer. That's @unman now.)