please delete

[marmarek]

Are you looking for https://www.qubes-os.org/doc/how-to-use-disposables/ ?

[andrewdavidwong]

Adding an option on Qubes Manager that when the user uses, the Qube selected and all of its data are completely destroyed in a secure manner, and then, recreates the Qube from the selected template.

As Marek pointed out, the thing you're describing already exists.

I believe that this would be very useful primarily for anonymous identities, since in order to stay anonymous, they have to be destroyed and recreated periodically, by having this feature, the user can securely start their Qube from scratch, to avoid the older destroyed identity to leak data into the new one.

Yes, but only when using Whonix qubes.

---

Closing as an "unsuitable proposal" (the proposed action is unsuitable, e.g., because it rests on a false assumption or misunderstanding, such as a proposed enhancement designed to fix something that is not really a problem in the first place). If anyone believes this is a mistake, please leave a comment, and we'll be happy to take another look. Thank you.

[DemiMarie]

@NebulaOnion you can already do this by overwriting the AppVM’s private volume with zeros, at least if I understand what you are wanting correctly.

[andrewdavidwong]

@andrewdavidwong Please, forgive me since I have not explained myself properly, the feature I'm describing would be the ability to destroy all the data inside an AppVM (non-disposable) and then, recreating the same AppVM from the template, it's not a DisposableVM since DisposableVMs nuke all their data after they get shut down, with this feature, this would only occur when the user uses the feature.

No worries. I understand what you're asking for now, but I'm still not convinced that this is a suitable proposal. What you're asking for are essentially disposables that self-destruct on demand (and only on demand) rather than on shutdown. And the reason you want this is because you believe that it's important for anonymity. There are two main problems, as I see it:

1. The assumption that this is important for anonymity is questionable, and you haven't offered or cited a compelling argument to support it. In all my years reading about privacy and working with Whonix, I've never heard of this cited as an essential feature. By contrast, I have heard about TAILS-like amnesiac functionality being important, but that's what disposables are already trying to deliver (with further progress needed on anti-forensics), whereas what you're asking for would not be TAILS-like amnesiac functionality. (Note: This isn't an invitation to use this issue as a forum for debate. We have an actual dedicated forum for that. We can be convinced to reopen issues if there are compelling arguments, but let's have those arguments in the appropriate venue and link to them here.)

2. The main functionality you're asking for (destroying and recreating qubes) can already be done with existing functionality, either by using disposables or simply by creating a fresh qube based on the same template, copying user data over, and deleting the old qube. (Most cusotmizations reside in user data and would be preserved; those that aren't in user dirs could be stored in the template or in bind-dirs, so no customizations need be lost with this method.)

For these reasons, I'm inclined to leave this issue closed as an "unsuitable proposal" (subject, as always, to being overturned by the judgment of the devs).