Let’s face it, the longer you survive in crypto the bigger your threat profile gets.
Not only has my crypto bag been growing, but I’m now a DeFi developer, and have a much larger public presence. Crypto thieves have been growing more sophisticated in general, and I am at higher risk of being personally targeted.
This made me quite uncomfortable with the security of my existing setup.
That’s why when the DeFi Education team announced they would be launching a solution, I was one of the first ones on the waitlist.
Over the past weeks, I have been beta testing the LizardOS secure operating system from BowTiedIguana. I’m sharing my experience and impressions, which you may find useful in deciding whether it’s right for you.
Let’s get a disclaimer out of the way. This is not a paid review. I purchased all hardware and software with my own money, and have received no compensation for either purchasing the product or writing this review. All I received as a beta tester was the early adopter price, and help from Iguana to integrate some hardware which is not supported for the mass release.
Bottom line: I have been very pleased with the product, find it to have exceptional value, and would recommend it to others.
What is LizardOS?
LizardOS is a custom configuration of the security-centric open source operating system Qubes. It automatically installs many commonly used programs and configures the OS with sane default settings.
Qubes provides powerful security capabilities, but it is time-consuming to configure, prone to hardware compatibility issues, and requires specialist knowledge to ensure it’s set up correctly. LizardOS provides, as much as possible, an “out-of-the-box” experience which takes care of those issues for you.
My Experience
Installation
Once I obtained my computer hardware and a suitable flash drive, I purchased the LizardOS software from Iguana’s website. Payment is done via BTCPay, so you will need Bitcoin, and do be prepared to wait for some time for Bitcoin block confirmations to elapse. My payment confirmation took almost an hour.
Once confirmed, I downloaded the .iso file and followed the LizardOS installation manual to create a boot flash drive. After plugging it into the target computer, installation of Qubes took about 10-15 minutes. At this point you set your password, connect to the internet, and run the LizardOS installation script. About 30-60 minutes into the install you have to interact with the installation script to make it install a Windows VM, if you desire.
After that it was bedtime, I let the installation run overnight and it was ready for me in the morning. It should take a few hours in total to install everything, depending on your internet speed. I was downloading over an average-speed connection, so you can consider my experience pretty typical for the average user.
All the installation instructions provided were clear, concise, and accurate. I had no difficulty following them.
Use
Qubes takes a little getting used to, I’ll say that up front. I’m coming from being predominantly a Windows user, so some of the flows are a bit different. Little things like copy-pasting a screenshot into a Discord chat goes from this:
Windows+Shift+S
Screenshot
Ctrl+V
To this:
Print screen key to open screenshot tool
Screenshot
Save image
Open folder containing image
Right click, send file to AppVM
Add file to chat
This workflow is due to how the clipboard has to work to prevent qubes from leaking data to your other qubes via image data.
Don’t get me wrong, the workflow IS well-designed. It’s just different as a natural consequence of the secure architecture. I got used to it pretty quickly but there is definitely a learning curve at first.
Other than these minor teething issues, I found myself getting around pretty quickly. Users who are already familiar with Linux machines should quickly be comfortable in the interface. Do be prepared to use a terminal if you have to do advanced things, but the Qubes GUI is sufficient for almost all routine tasks I ran into.
LizardOS’s default apps worked like a charm. Its templates are preloaded with web browsers, communications and social apps, media players, document tools, and more. The anon-finance qube comes with Ledger Live, which worked seamlessly, and I was using Discord, browsing the internet, and writing code in short order.
LizardOS also comes with a preconfigured VPN, which you can change out for your own if desired.
Pros
LizardOS will materially improve your security
This is the reason I bought this product, and the single most powerful reason to use any flavor of Qubes.
You can open attachments in disposable sandboxes. You easily set up and use any number or configuration of firewalls and VPNs. You can set up an airgapped environment to store password managers, private keys, and other sensitive information. Disc encryption is standard. Backups are painless. A successful attack against one qube cannot compromise other parts of your computer.
As a crypto user, defi protocol core dev, and niche microinfluencer, my threat profile was rapidly exceeding what I was prepared to handle.
I needed to upgrade my hardware and my habits. Using a single computer for everything from degen yield farming to development work to doing my taxes was not going to cut it.
A single compromise anywhere could catastrophically spill over into all my other domains. This is exactly the scenario Qubes is designed to prevent.
LizardOS makes it easy to separate your anonymous and personal identities
It can get tricky to keep your IRL persona and your cartoon alter ego separate. It’s far, far too easy to accidentally open a google doc in the wrong context and connect with the wrong account.
Managing everything using discipline and procedure works, but it is fragile. One slipup can reveal you.
Qubes in general helps segregate this by letting you use different Qubes for different contexts. LizardOS comes preconfigured with qubes supporting many common applications, in anon, personal, and secure contexts, as well as customization that further helps keep your contexts organized across virtual desktops.
I personally found these features to be helpful and time-saving as it prevents the hassle of keeping up with accounts, signing in and out, etc. That said, the convenience really pales in comparison to the reduction in stress.
The peace of mind that comes with not being constantly dogged by a low-grade worry about doxxing yourself cannot be overstated.
LizardOS facilitates clean workflows
As a developer, I particularly enjoyed the ability to segregate my work contexts.
I do dev work for multiple clients. Having everything on one machine is not the best solution for the security of the codebases, IP and license concerns, or the actual development work itself. (environment hell, anyone?)
The solution: a dedicated qube for each project.
LizardOS does not come with a preconfigured developer template, as the necessary apps are highly dependent on the type of work being done and the developer’s preferences. A one-size-fits-all solution would be heavy, cumbersome, and would still likely not meet all the user’s needs.
I was quickly able to install a template VM, customize it, then use that as a base to create a qube for each project I was working on.
This keeps my workspaces clean, and my clients secure.
Bonus sidebar: I initially based my dev template on an unsuitable linux distribution and didn’t realize that until after I’d already set up app qubes, installed packages, set everything up, and started trying to run some code. Bummer, right?
Nope.
Qubes shone here. I changed out the underlying template to an entirely new OS, and it was completely seamless. All my files and credentials stayed in place. The only thing that changed was that my code in the appVM would run now!
LizardOS saves an unbelievable amount of time vs. raw Qubes
Qubes is notorious for being a difficult dragon to ride. It takes the typical complexities one might have with a linux operating system, and adds the qube architecture onto that load. Even something like getting an external keyboard to act right could be a fight if you are not already a power user.
LizardOS skips all of that. Minus an internet connectivity issue (my fault due to not using the recommended Lenovo laptop), install and setup was remarkably painless. It could do 95% of what I needed to do right out of the box, and I was well positioned to customize it to my needs.
It is not an exaggeration to say that this product saves tens if not hundreds of hours over setting up Qubes yourself.
Even if you are making minumum wage you’ll probably be positive ROI on time saved vs. setting an equivalent workstation up yourself.
That’s not even mentioning the extensive custom-written documentation which comes with LizardOS. Iguana’s docs are worlds ahead of the internet-available resources, and records a wealth of accumulated tribal knowledge which you will be hard pressed to find elsewhere.
Cons
Qubes is not for the technically challenged
Let’s address the stickiest point up front.
The LizardOS installer and “sane defaults” philosophy removes the brutal slog to get the operating system set up.
However, there is still a good chance you’re going to have to open a command line on a semi-regular basis, and you have to have a little understanding of how Qubes works architecturally to both use it to best effect and customize it to your needs. Removing a layer or two of abstraction from what you’re used to as a Mac or Windows user is the tradeoff you pay for increased security.
Don’t get scared off by that! If you are a reasonably intelligent person who does not crumble at the first sign of resistance, you can manage it.
That said, I would definitely not put this on my grandmother’s computer. If you get paralyzing fear at the sight of a command line interface or struggle to navigate your iPhone, Qubes is probably not for you.
Qubes does not support GPUs
Not needing to purchase a graphics card was a welcome surprise to my wallet when building my PC, but if you regularly use graphics-heavy applications or have a PC gaming habit, this may be an issue.
Qubes is touchy about hardware
If you stray outside of the recommended model of Lenovo Carbon laptop, you may experience hardware compatibility issues. I had a painful internet connectivity issue which Iguana was thankfully able to help resolve.
I built a desktop instead of purchasing the laptop due to the needs of my use case, but I would not recommend this unless you know what you are doing. Iguana helped a lot with ensuring part compatibility and I would not have felt comfortable custom-building a PC for Qubes without his assistance.
The Bottom Line
I am extremely satisfied with my purchase. I get to enjoy the security advantages of Qubes, and LizardOS has saved me a huge amount of time and energy vs. configuring Qubes myself.
The product’s base configuration covers the majority of daily use cases, and puts you at a very good starting point to customize your computer further for your own unique needs. The fact that it is usable out-of-the-box is exceptional for a Qubes product, and speaks volumes to the amount of work that has gone into creating LizardOS.
If you need to improve your security or anonymity postures, LizardOS is the way to go. You can purchase it here.
this is a great review