Here is the situation. I currently have two subsystems [user profiles] set up to separately store and install some of my sensitive content. In terms of sensitivity, these two subsystems are essentially identical. The primary reason for keeping them separate is to isolate my online identities and platform accounts.
Before entering high-risk situations (for instance, an impending border check or anticipating targeted digital forensics), I manually delete both subsystems and restore them once I return to a safe environment.
My question is: Should I replace my current dual-subsystem setup with a single subsystem + a "Private Space" created within it? The reason I'm considering this is that in urgent situations, sequentially deleting two subsystems is obviously less convenient than deleting just one. Furthermore, from a forensic standpoint, any residual metadata left behind after deleting a single subsystem might be easier to explain away using unfalsifiable excuses (plausible deniability).
Additionally, one of my two subsystems is somewhat unique. For unavoidable reasons, I had to install an app in this space that may not be reliable or fully compliant, which is the main reason I isolated it in a dedicated subsystem in the first place. If the single subsystem + Private Space approach is viable, should I install this risky app inside the Private Space, or in the outer layer of that subsystem?