> - Under what circumstances would I want to use a different VM for my email and for my financial accounts?
> - Under what circumstances would I want to use a different VM for my email and for my shopping?
>
> Thanks!
>
Brief response:
Beside considering the types of threats you should start by considering
the way you live your digital life - this is implicit in your questions,
but I would make it explicit.
Draw the line between caution and convenience wherever it works for you.
It has to work, or you will find yourself ignoring your own guidelines.
Start by sketching out the areas of your life, and then allocate
qubes/colours to those areas. This will help you to decide how many
qubes you need. I always suggest starting big - you can always merge and
cut down after. It's much better to merge than retrospectively split.
Use background colours to match the ones you choose - force windows to
specific desktops - much easier in KDE, but doable in Xfce (I think).
Use different templates for different purposes.
Use many different disposableVMTemplates, and use the disposableVMs
systematically, allocated to different areas.
Use Tor.
Use Multiple Tor gateways systematically.
Randomly change things around in sensitive online areas.
Store data in offline qubes based on mini templates. Storing data
carries a minimal risk. Always *open* that data in an offline
disposableVM.
On your specific questions:
1. Always. That way an attacker cant leverage your email to get your
financial details/logins etc.
It follows that you should probably have different email qubes for
different accounts to keep your financial emails separate from your
other emails.
2. The same answer as 1 - except that the risk of being attacked by
shopping sites is probably higher than by banking sites, so here the
risk runs both ways. Leveraging email to get access to your shopping
habits etc, and leveraging a website to get access to your emails.
unman