~ / heritage
The Secure Desktops project (2015–2017)
Before this site existed, secure-os.org was the home of the
Secure Desktops mailing list — a quiet but remarkable forum
where the developers of Qubes OS, Tails, Whonix, Subgraph OS and Genode talked to each other.
If you followed an old /pipermail/ archive link to get here, this page is the
summary of what that archive contained.
How it started
On October 28, 2015, David Mirza Ahmad of Subgraph posted the first message to the list:
"This forum is the product of a meeting between Subgraph, Qubes OS and Tails, in which it was agreed that we need a place for ongoing discussion of ideas and collaboration in our efforts towards the common goal of building secure open source desktop computing environments."
Within two days, Joanna Rutkowska (founder of Qubes OS) and sajolida (Tails) had joined the conversation — the very first thread was titled "Subgraph and Qubes". The list ran on GNU Mailman under a charter that insisted on open source, collaboration over competition, and zero vendor marketing.
What was discussed
The archives spanned October 2015 to February 2017 — roughly 170 messages across 14 months. Notable threads included:
- Subgraph and Qubes (Oct 2015) — Joanna Rutkowska and David Mirza Ahmad comparing the two projects' isolation models in public.
- MAC address spoofing in Tails (Nov 2015) — Patrick Schleizer (Whonix) and others debating whether macchanger's "blend into the crowd" strategy was broken by design.
- 32c3 planning (Nov–Dec 2015) — coordinating a secure desktops assembly at the Chaos Communication Congress in Hamburg, with a dozen participants including people from Qubes, Tails, Whonix and Mullvad. The assembly was listed on the 32c3 wiki.
- Genode OS Framework (Nov 2015) — Norman Feske introducing Genode's capability-based architecture to the secure desktop community.
- Tor-based OS security (Nov 2015) — a long thread on the limits of routing everything through Tor, with contributions from Todd Weaver (Purism) and Joanna Rutkowska.
The list is also cited on Security StackExchange as a reference for the collaboration between secure OS projects.
The people
| Participant | Project |
|---|---|
| David Mirza Ahmad | Subgraph OS (list founder & moderator) |
| Joanna Rutkowska | Qubes OS / Invisible Things Lab |
| sajolida | Tails |
| Patrick Schleizer | Whonix |
| Norman Feske | Genode Labs |
| Todd Weaver | Purism |
| Fredrik Strömberg | Mullvad |
What happened to it
Activity faded through 2016 and the last archived messages date to February 2017. Subgraph OS never reached a stable release; Qubes, Tails and Whonix are still actively developed today. The domain eventually lapsed. When we acquired it in 2026, we chose to preserve the history rather than erase it: the original charter is restored at its historical URL, old archive links redirect here, and our guides pick up the same questions the list debated a decade ago.
Where the questions went
The problems the list worked on are still open, and our launch guides map directly onto them: Qubes OS and security by compartmentalization, Tails and amnesic computing, Whonix and leak-proof Tor isolation, hardened Linux distros compared by threat model, and full disk encryption in practice.
Sources: Internet Archive snapshots of secure-os.org (2015–2017), including the pipermail archives and the founding announcement of 2015-10-28. Page published June 12, 2026.