Thread

Not for everything, but for some things, yes. It depends on the application, the attack surface, and the threat model. If an app touches identity, finances, private comms, or needs special networking—Signal, banking, crypto wallets, torrenting—then it gets its own minimal template. Clean base, small attack surface, no bleedover. It’s also utilitarian and performance-based. For example, I have a dedicated template and AppQube for gaming. But for normal day-to-day stuff—if the apps share the same identity and the same risk profile, putting them in one template keeps things sane and still respects compartmentalization. I isolate by threat model, not by religion.

Thanks for the reply, I appreciate the perspective.