Tips and Tricks
This section provides user suggested tips that aim to increase Qubes OS usability, security or that allow users to discover new ways to use your computer that are unique to Qubes OS.
Opening links in your preferred AppVM
To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. to learn more you can check security guidelines and security goals.
qvm-open-in-vm lets you open a document or a URL in another VM, it takes two parameters: vmname and filename.
For example, if you launch this command from your email AppVM:
qvm-open-in-vm untrusted https://duckduckgo.com
it will open duckduckgo.com in the
untrusted AppVM (after you confirmed the request).
If you want this to happen automatically you can creatte a .desktop file that advertises itself as a handler for http/https links, and then setting this as your default browser.
Open a text editor and copy and paste this into it:
[Desktop Entry] Encoding=UTF-8 Name=BrowserVM Exec=qvm-open-in-vm APPVMNAME %u Terminal=false X-MultipleArgs=false Type=Application Categories=Network;WebBrowser; MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
APPVMNAME with the AppVM name you want to open links in. Now save, in the AppVM that you want to modify, this file to
Finally, set it as your default browser:
xdg-settings set default-web-browser browser_vm.desktop
Credit: Micah Lee
Preventing data leaks
First make sure to read Understanding and Preventing Data Leaks section to understand the limits of this tip.
Suppose that you have a not so trusted enviroment, for example a Windows VM, an application that track and report it’s usage or you simply want to protect your data.
Start Windows template VM (which has no user data), install/upgrade apps; then start Windows AppVM (with data) in offline mode. So, if you worry (hypothetically) that your Windows or app updater might want to send your data away, this Qubes OS trick will prevent this. This applies also to any TemplateBasedVM relative to its parent TemplateVM, but the privacy risk is especially high in the case of Windows.
Credit: Joanna Rutkovska
Trim for standalone AppVMs
qvm-trim-template command is not available for a standalone AppVM.
It is still possible to trim the AppVM disks by using the
fstrim --all command from the appvm