[cogman10]

Unless you are making a vm per page refresh, I can't really see how a browser in the VM is any safer than a browser outside the VM.

My most valuable stuff (passwords, bank accounts, logins) is accessible from the browser. You'd need to somehow sandbox and frequently destroy/restore the rendering and javascript engine to avoid leaking this information cross site while having a fairly strict firewall between those and the external browser. (IE: cookie/session/password storage).

[Syonyk]

It's not "a browser in a VM."

It's "A range of VMs, with different browsers in them, for different purposes."

My "random web use" browser VMs don't have anything in them - they're ephemeral. If I need a password, I copy it from another VM over. If you escape into that VM, you might be able to grab a password being pasted, but I don't access anything I consider sensitive in them - just random forum accounts, etc. And it's easy enough to spin up other disposable VMs for stuff in Qubes (I actually mostly browse through the Tor network, to add traffic to it).

So, for your use case, you'd have one VM with your "core" stuff - passwords, logged in to webmail, banking. And then you do everything else web related in a different VM.

[cogman10]

Ah, makes sense.

Probably a good solution for the highly technical, not something I could ever propose to my mother.

[halJordan]

I mean your mother is successfully using Apple's highly sophisticated sandboxes and things like authenticated pointers. (sHe's On AnDrOiD)

For Qubes specifically she can understand theres a bank Qube and a Facebook Qube and a nothing-special Qubes and its all color coordinated. She doesn't even need to know they are VMs, they're just color coded windows

[hiatus]

As a qubes user myself, I don't think my mother would be able to perform the initial setup and segregation, not to mention endure the hurdles of copy/paste rules and filesharing across VMs. Oh sure, she could learn another set of copy paste keyboard shortcuts that will end up as another handwritten note on her list of keyboard shortcuts. Not to mention how frequently I'd get called due to slowness as she neglects to close the VMs. And say goodbye to remote support options unless she gives me SSH to dom0 but then why do any of this anyway at that point?

[jwells89]

My bet is that over time most people would slip on the separation and end up with tons of tabs in the wrong containers. The only way it'd work in the long term is if there were some way of automatically taking link clicks in the "wrong" container, thoroughly sanitizing them, and then tossing them over the "right" container but then you're back to risking cross-contamination.