I know what Theo says about (x86) virtualization[1], but I think it's still useful to virtually separate your random browsing the web from things like health and banking, or where you keep your ssh keys (if you don't use a Yubikey or similar to keep it off your laptop) -- or other secrets.
You can be a victim of a random drive-by, you don't have to be a person on a "list".
Yeah. He's probably right. When we first saw Meltdown/Spectre/etc, and he preemtively disabled hyperthreading out of an abundance of paranoia, turned out he was right...
It's all broken, all the way down. However, compromising a browser or kernel is still a lot easier than compromising a hypervisor. At least in terms of number of known exploits.
Qubes tends to make very limited use of the riskier parts of Xen anyway, though. A lot of the security notices for Xen don't apply to Qubes because of how they've configured things or what features they use.
He's been right more times that I can count. Abrasive guy for sure, but he has decided not to suffer idiots. And he does what he does for himself; we are lucky beneficiaries.
Agree wrt your arguments; it's also why I write this in a browser in a VM that is not used for anything else than this sort of thing, and periodically I will roll back to a recent snap shot with a clean browser.
You can be a victim of a random drive-by, you don't have to be a person on a "list".
[1] https://marc.info/?l=openbsd-misc&m=119318909016582