{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiecuzfjl4m2abh6jyq5ubtsnzzmmi4tqn5ulimi4yjba2dtqrwrjq",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmgijcimdnb2"
},
"path": "/t/segmentation-of-apps-through-vms-containers-on-debian/38065#post_2",
"publishedAt": "2026-05-22T08:09:19.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Qubes OS Forum – 14 May 26",
"What's your Template:AppQube Ratio?",
"Qubes OS Forum – 21 Nov 25",
"Do you have a template for each pseudonym/activity, or a template for each...",
"Qubes OS",
"How to organize your qubes"
],
"textContent": "Well I was involved with a discussion about this segmentation issue a week or so ago:\n\nQubes OS Forum – 14 May 26\n\n### What's your Template:AppQube Ratio?\n\nGeneral Discussion\n\nThis is more of a threat model discussion: I don’t believe there’s a “right” or “wrong” take On one extreme end, you could install every program within the stock fedora template, and create many app Qubes from it. This has the benefit of limiting...\n\nReading time: 4 mins 🕑 Likes: 61 ❤\n\nImmediately under that is my participation into the topic, which is referring to another similar topic discussion:\n\nQubes OS Forum – 21 Nov 25\n\n### Do you have a template for each pseudonym/activity, or a template for each...\n\nGeneral Discussion\n\nFor example, if I have a pseudonym John, and I need three apps: A browser (Brave, Trivalent, whatever) SimpleX Thunderbird Would you: create a template named, say, whonix-workstation-17-john, and install the three programs in there (I know...\n\nReading time: 6 mins 🕑 Likes: 42 ❤\n\nSo the problem is that you are containing each individual app into separate VMs, but you do not compartmentalize your identity into separate VMs instead, which means you are paying a lot for resources. To address that, you could separate your identity into similar workflows, such as the Qubes OS default qubes:\n\n 1. Personal\n 2. Untrusted\n 3. Vault\n 4. Work\n\n\n\nThis suggestion is incredibly generic because I have no idea what your identity consists of. Journalists and whistleblowers have specific needs that may not be applicable to your threat model, and so on. You will likely want to look at this documentation for some inspiration to compare against:\n\nQubes OS\n\n### How to organize your qubes\n\nWhen people first learn about Qubes OS, their initial reaction is often, “Wow, this looks really cool! But… what can I actually do with it?” It’s not always obvious which qubes you should create, w...\n\nThis information will nudge you into a more relevant direction, but you will still be required to do the initial bootstrap yourself.",
"title": "Segmentation of apps through VMs/Containers on Debian"
}