>> The disposable VM will not allow exfiltration, since it has no network

> Sure, unless you're doing something in the disposable VM that requires network traffic, like browsing.

This is called goal shifting. Anyway, in this case Qubes can also save you. You browse untrusted websites in a disposable VM, which doesn't contain anything sensitive. You move any downloaded untrusted files to a dedicated storage VM and never open them there without another, dedicated disposable VM.

You browse trusted websites in another, more trusted VM. More details: https://doc.qubes-os.org/en/latest/user/how-to-guides/how-to...

> It lacks numerous protections. It serves a purpose against certain threatmodels, but it's far from being close to 100% secure. Like I said, it's essentially a workaround.

I challenge you to provide me with a threat model that is not covered with Qubes. You couldn't yet. You can call it a workaround, but it's the only approach that actually works today and in the visible future.

> So you agree Qubes is not a 100% secure OS like the other poster was asking for, correct?

The poster is asking for a fairy-tale. I suggested something realistic that solves the problem instead.

> None of them are claiming it is as close to 100% secure as possible. No security expert would. Not even a security hobbyist would. It's a nonsense claim.

I also don't. But you seem to be seeking 100% security, don't you?

> That was always within your control.

I wasn't talking about my own words.