No.910
There's a lot of conversation and arm waving about keeping yourself secure but most of it boils down to people yelling "Use Tor!" or "Smash your smartphone!". Let's discuss some practical (read: not perfect) steps we can take to help defend ourselves against our assumed threat models or situational use.
In my case, I've got access to a highly trusted home server, a moderately trusted office server (not related to the company I work for), and a lightly trusted public server. I've got a decrepit laptop for personal use, a laptop for work use, and a smartphone. The computers run Linux and BSD (distros are irrelevant) and my phone runs Lineage without any connected "apps" other than a web browser.
So here's a few scenarios and my responses to them:
0. Personal computing on company hardware
I keep my personal computing and work computing completely separate but once in a while I want to read some news or chat with a friend and all I have is my company laptop.
In this case, I'll either fire up a VM with Tails or I will simply SSH into one of the servers mentioned above to get things done. It's tidy enough that I'm not worried about work finding anything personal of mine. I wouldn't fret if they took the laptop from me. They're not likely to see the traffic, either.
1. Advertisers and marketing goons feeding me garbage
To avoid this, I use pi-hole and a custom hosts file to avoid some advertisers outright. I disable JavaScript by default and only selectively enable what I need. I often also browse the WWW with a text based browser.
I don't have any social media accounts and I try to limit my viewing of content from social media sites. I try to use Tor when I can to obfuscate my browsing a little further.
I use small/private email hosts that aren't scraping my messages and I use GPG when people are willing to do the same. I use XMPP with OTR/OMEMO in case that traffic is being mined for data. Sometimes I'll use Tox but I'm not sure it defends against this too well.
2. Physical theft or acquisition of my laptop
I use full disk encryption and strong passwords. That's about it. I make backups and the like but I'm not sure about the best way to expand on this.
I'm considering using a live OS full time but then I fear the hd in the laptop would go to waste. I'm not sure where I'd keep my media (pictures, books, music) but I could do all my work on the servers.
I'm also concerned about all the programs I use regularly. I don't use any web "apps", preferring local programs instead.
I'm definitely interested to hear if anyone is using a live OS full time and how you manage your programs, media, and existing storage. A live OS would give me insane portability and would negate the fear of having the laptop being stolen or tampered with.
3. My personal tracking device
I do use a smartphone. It's running Lineage without any Google programs and the only connected thing on it is a web browser, which I use lightly. I use it for sending and receiving calls, sms/mms
messages, reading books, and taking pictures.
I'm not concerned about state actors in this case. I believe it's impossible to avoid them and trying to avoid them just makes you stick out like a sore thumb. I definitely have a few text/mms messages that I wouldn't want to be seen by people other than me and the parties involved, though.
I have the phone encrypted and regularly change my pin. I keep the number of "apps" installed to a minimum and only install Free Software on it whenever possible. I make sure that the programs on it don't reach out to the Internet unless I want them to. I'll often browse using Tor if I do use the browser.
While it wouldn't run Free Software, I'm considering getting an inexpensive dumbphone for calls and messages. I could then get a digital camera and an ebook reader (preferably without networking capabilities) and cover most of my usual bases. I do have a tablet I could carry around in the interim. I'm still thinking through this situation.
If I had the dumbphone, I would consider not putting anything into the address book and regularly deleting messages after I've read or seen them and maybe wiping the call log with some regularity. I have far too much stored on my current phone.
4. Avoiding passive vulnerability scans or bot sweeps
In this case, I try to keep all my hardware up to date and use my firewall to minimize the surface area of the border of my network and my local machine. I also move things to nonstandard ports when possible and encrypt as much traffic as I can. This is all pretty basic stuff and avoiding bots isn't rocket surgery.
So there you have it, Lain. A few of my practical security measures and some of my threat models. What steps do you take in your usual computing to keep yourself safe and what are you trying to protect yourself against?
No.911
>I'm definitely interested to hear if anyone is using a live OS full time and how you manage your programs, media, and existing storage.
I've never used it full time, but if you don't need to install much extra software, Tails or live Ubuntu with a persistent volume might work. My dream USB setup would be a Debian system that boots into a read only/live mode by default, but optionally allows you to boot into a "persistent" mode where you can install software and tweak the default settings. Possibly with a separate writable partition for downloaded files/media.
No.916
>>911Alpine linux is already setup to do something like that and it's not hard to roll your own setup. The easiest way to do it would be to just make your whole OS the initial ramdisk (might want to use zram to save space) and when you need to edit it you can just use a script to recompress the current setup into a ramdisk.
No.917
>>916I'm surprised I haven't heard of alpine before. It looks fantastic. Many of the applications I use are built with gcc, so I worry about compatibility but I'd really like to try it out. Descriptions of it give off a BSD vibe.
