If you're targeted by state, Qubes on a PC isn't secure enough. It sits at a weird place, where it is stronger than your regular Linux, and showcases interesting ideas, but is quite restrictive in what you can do and doesn't provide any real security guarrantees. It's an open-source small shop project. Xen bugs and kernel bugs are too frequent, big boys know them/buy them/make them/exploit them, surely silently for years.
The idea your data on a PC connected to Internet can be really secured from the most powerful actors is very naive.
Snowden is using and recommending Qubes [0]. Only 25% of Xen bugs on average affect Qubes [1] and never lead to escapes. What is restrictive about Qubes? I do everything I need on it.
Don't do things just because twitter persona says so. Is there an independent security audit of Qubes that checks its factual capabilities in security?
> Never lead to escapes
Escape is the highest form of security failure. I'm talking about data access and exfiltration.
Do you store all your important data on a VM with no internet access? Even Qubes users don't, it's hard to work with. Then it's Firefox/ kernel bug away from being accessed remotely.
XSAs are publicly known vulnerabilities discovered by someone who wanted to make it public and later were published by the Xen developers. There very probably are publicly unknown vulnerabilities, both in HW and Xen, discovered/created by people who want to profit from exploiting them. There are whole teams focused on this kind of work, payed by states and criminal-enablers like NSO.
> What is restrictive about Qubes?
No GPU acceleration for video in a VM, legacy OS on dom0. Xen development in support of modern CPUs has fallen behind, didn't even boot on modern Zen X570 platform last time I tried, dysfunctional nested virtualization, using KVM from Linux does not work, can't run Android Studio with phone emulator.
Did you just call Snowden a "twitter persona"? You're not serious. Not sure if I should reply further after that.
> Do you store all your important data on a VM with no internet access? Even Qubes users don't
Yes, I do. And I'm a Qubes user. There are many more users like me on their forums. This is much more convenient than you think: you can easily and securely copy/paste passwords wherever needed.
I am serious. He is famous for leaking interesting US gov documents and running away, but then he's become a celebrity who talks and writes on the internet. What computer security work is Snowden known for that makes him an authority on computer security? If let's say Kevin Mitnick said Qubes is a solid product for data protection it would be interesting; Snowden, not much.
What about that audit?
If you keep all your important data off internet, that's good for you, and Qubes helps.
The idea your data on a PC connected to Internet can be really secured from the most powerful actors is very naive.