For users testing our new Qubes integration (beta), please note that our instructions were missing a configuration detail for disposable VMs which is necessary to fully harden the configuration.
These instructions apply to users who followed the setup instructions before October 25, 2023.
What you need to do: run the following command in dom0:
qvm-prefs dz-dvm default_dispvm ''Explanation: In Qubes OS, the default template for disposable VMs is network-connected. For this reason, we instruct users to create their own disposable VM (dz-dvm). However, adversaries with the ability to execute commands on dz-dvm would also be able open new disposable VMs with the default settings. By setting the default_dispvm to "none" we prevent this bypass.