> if the experts can’t secure their accounts, what hope does anyone else have?
This is my opinion of the entire software industry.
Chrome exploits, iPhone hacks, etc. These are nearly trillion dollar companies. If they can't do it then nobody can. Something is fundamentally broken.
Something is fundamentally broken. "We can write perfect software to prevent all attacks" is fundamentally broken, because we have empirically proven that we can't. (The previous model, "we can trust people", is even more broken. But maybe it's the same breakage? "If this packet that came over the internet passes all of our filters of known bad things, then we should go ahead and process it.")
People have touted capability-based security, but I don't think that's the answer, at least for consumer devices (phones and not-administered-by-IT computers). Users will give an app whatever permissions it asks for in order for it to shut up and start running, and those permissions will be used to gut their security. It may limit the damage somewhat, depending on how disciplined the app and the user are, but it will only reduce the damage.
We need a completely different answer. I don't know what it is.
Qubes, as great as it may be, is still another abstraction on top of an insecure base. The fact that things like spectre and meltdown are even possible is worrying. How does Qubes solve this?
As another poster said, we need some other computing paradigm, but I don't know what that would look like. All I know is something is broken if these behemoth companies with limitless resources still get it wrong.
Qubes is not just an abstraction. Its isolation allows to overcome the problem of fundamentally insecure software. For example, my passwords are stored in an offline VM (where I don't run any apps) and my random internet browsing occurs in a disposable VM (which is reset every time).
Yes, Qubes does not solve the problems like Spectre and Meltdown. Yes, you must trust your hardware to use it. If you are looking to solve such problem, then you might be interested in a stateless laptop: https://blog.invisiblethings.org/papers/2015/state_harmful.p....
Apart from that, I believe, the best computing paradigm is free software and free hardware, but it does not seem too widespread now unfortunately. This would be the actual solution. The "behemoth companies" are not trying to solve computer security. They are trying to get as much profit as possible, and it goes against security of the users. This is why they are not supporting free software.
My current "good enough" solutions are disabled and neutralized ME in a laptop and Librem 5 phone.
This is my opinion of the entire software industry.
Chrome exploits, iPhone hacks, etc. These are nearly trillion dollar companies. If they can't do it then nobody can. Something is fundamentally broken.