Fascinating for privacy and "Turn off your phone before you go to the secret location" threat models:

"What's more, even phones that are powered off or that have dead batteries can be located for "several hours" after they go dark. However, this only applies to certain handsets, including the Pixel 8 series and Pixel 9 series from Google; the phone needs specialized hardware that enables a low-power Bluetooth signal to be broadcast, even if the handset itself isn't turned on."

https://www.wired.com/story/android-find-my-device-upgrade-whats-new/

My virtual machines topology on Qubes OS looks like this (without going too much in details)

Thanks to Qubes OS, using this is not a nightmare.

- 3 VM per client (web ui, development, administration) + 2 VM per VPN
- 1 VM for my web browser (that resets every start)
- 2 VM for emails (I use 2 emails providers)
- 1 VM for each communication app (matrix, xmpp, whatever)
- 1 VM for handling the audio device
- 1 VM for the network device
- 2 VM for each VPN (clients VPNs, home VPN, infra VPN...)
- 1 VM offline for data storage
- 1 VM offline for secret storage (ssh, gpg, password databases)
- 1 VM for development
- more or less 1 VM for each program I run from there :D

I have 2 VMs per VPN as one holds the VPN and another one is holding the firewall rules under it, so if the VPN is compromised the rules below and upper will not be affected.

below rules affect the VM using the VPN, upper rules affects the VM with the VPN to restrict it only to the VPN destination