You are right, and I am saying exactly the same thing. You seem to misunderstand that Qubes saves you whenever you use it as designed by its security approach. To benefit from Qubes security, you have to use virtualization to compartmentalize your tasks. Only virtualization is a guarantee of security. Everything running in the same domain is assumed to be not isolated, and a compromise would affect everything in it. Even root access has no password by default in VMs. So what you're saying is obvious to any Qubes user. This is why I didn't mention it. (But I should have indeed.)
By you reasoning, Qubes doesn't provide more protection than the underlying operating systems. I've seen this myth on HN multiple times.
This has nothing to do with "No True Scotman", because my definitions and assumptions are not flexible. They are defined by the Qubes developers and documented. You misunderstanding me does not equal me being wrong.
When I say "this tool protects you" and you reply "it doesn't protect you if you misuse it; you give dangerous advice", you are the one misleading everyone. (Same with the kill switches on Librem 5.) Other people asked me for details instead of making a personal attack, https://news.ycombinator.com/item?id=47868133
Perhaps you are right that I could add more details for newcomers, but I was not wrong or harmful, unless you think every advice must have a full documentation for tools attached to it.
> ...unless you think every advice must have a full documentation for tools attached to it.
Those aren't our only two choices, and this is pretty manipulative and fallacious rhetoric on multiple levels. It's difficult to take much of what you say in good faith, given how you persist despite it being pointed out to you repeatedly, and by many people.
Somewhere between your original comment and requiring all advice to have full documentation attached to it is a reasonable course of action. Another quality frequently exhibited by your comments is dealing in absolutes, which tends to undermine your points and make your positions technically fraught.
I think if you're evangelizing an OS people may be unfamiliar with, and for an audience discussing a particular vulnerability, the responsible thing to do is add even the bare minimum of context to your comment rather than continuing your habit of posting fairly bare links sometimes accompanied by terse absolutes as if they constitute substantive commentary. All that serves to do is turn people away from your beloved projects, and frequently backs you into technical corners requiring you to accept even the slightest responsibility for your comments.
Here's a way of doing it: "The bug described in the article still exists within a given VM, but Qubes OS is the most practical solution I've found to split Tor Browser identities across disposable virtual machines, which fully addresses this vulnerability."
I get that you aren't precise with your language, which is usually where people seek to correct you and you double down, but when discussing technical subjects we ought to be precise, lest we inadvertently cause problems for others. And you might, one holds out hope, actually learn that some of your technical assessments are founded on incomplete or incorrect assumptions.
It's easy to be a zealot, and anyone can do that, but it's not actually that much more work to make genuine contributions.
By you reasoning, Qubes doesn't provide more protection than the underlying operating systems. I've seen this myth on HN multiple times.