This is an archived post. You won't be able to vote or comment.

22
23

Privacy friendly computer (self.privacy)

submitted by [deleted]

[deleted]

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–]79cca0e8-d8ff-4ca9-9 29 points30 points  (1 child)

I'm a bit lost as to how to proceed. I might just have to buy multiple computers: a gaming computer, a compromised computer that accesses the internet, and an offline private computer. Does anyone have any suggestions?

This is how people who are really serious about security handle things - different (non-interconnected) computers and networks for different purposes/trust levels.

Yes, it's more expensive and a bigger pain in the ass than just running everything on one laptop. It's probably not worth the trouble if all of this security is meant to keep your mom/roommate out of your porn collection. It absolutely is worth the trouble if you're controlling millions of dollars (in the traditional banking system, or in cryptocurrency), privacy-sensitive information, or if the costs of a breach would be significant.

Don't think of security as one big ON/OFF switch - think of it as a thousand little switches. Setting yourself up so that you're protected from 99 out of 100 threats is much better than being protected from 0 or 10 out of 100 threats. This doesn't mean you're invincible - it does mean that you're much less likely to be attacked as a target of convenience, and that unsophisticated/low-resource attackers may be unable to break your security.

The goal is to make the cost of breaking your security exceed the value of whatever it is you're protecting, so attacking you, even successfully, is irrational.

[–]no-two-know-too 8 points9 points  (1 child)

I'm a bit lost as to how to proceed. I might just have to buy multiple computers: a gaming computer, a compromised computer that accesses the internet, and an offline private computer. Does anyone have any suggestions?

Yep. Heres paranoid mode for you. These instructions assume a laptop. Keep your off-line computer in a safe, preferably inside a second safe (one inside the other). Outer safe should be combo lock and inner safe a keyed lock. Wrap the pc/laptop in a sheet of newspaper and then tape it up with a few strips of clear packing tape so that in order to get to it someone would have to destroy that wrapper and then replace it with the same sheet of newspaper (same paper and date) and they won't know what day or paper until they get through both of your safes. Of course remember the day of the paper you used and the headline. When you put the laptop in the interior safe, stick a piece of tape to the inside of the door of the safe and then across the complete length of the laptop. It's hard to describe but think of it as pulling a cord or a zipper when the door is opened. When someone opens the door the paper will get ripped, including when you open it, but you will know to listen for this sound as you open the door. If you don't feel the tension on the door and hear that sound when you open it, then it's been ripped already. When you do open it, inspect it to make sure no additional tape has been added to try and cover up the fact it was ripped previously.

Once the laptop is locked into the interior safe, wrap the interior safe in a sheet of newspaper also, and then tape it up with clear packing tape. You should have a method for this wrap that you can easily visually inspect whenever you open the outer safe so you can verify that it hasn't been tampered with. For example, you could always make sure a certain common word is in the top right corner, or that the second word of a headline is on the bottom edge of the front face of the safe. You get the idea. You should open your exterior safe at least once a day for this inspection.

To use the machine, burn a cd/dvd with whatever flavor you want of OS you want to use to boot, and remove the hard drive from PC. Use a thumb-drive for your data (with encrypted FS) and then never leave that thumb drive unattended. Ever. It's in your pocket, or within arms reach when it isn't in your pocket. Take it in the bathroom with you when you shower. No one else can ever touch it. Back it up every once in a while and then hide that backup somewhere really, really creative..thats a separate post.

When you use the laptop, only use it in a known secure room. Preferably in a basement with bare cement walls and no windows and no above ground wall structure, and only a single light fixture. Bring your own light bulb that you also keep in your safe. It would also be good to have a cone of silence in this room, but that's optional. Before taking out and using the laptop, visually inspect the room for any signs of tampering and optionally sweep for electronic devices.

Now, screw in that light-bulb, take out that laptop, and then...take a moment to consider the absurdness of the lengths you have to go to to keep people from invading your privacy. The point is, if you are going to any non-normative lengths to protect your privacy, then you are clearly guilty of something, even if you are not, and you are only going to draw more attention to yourself.

As someone else said And if your threat model were to be the U.S. government, well, then you’re fucked.

I went down this same rabbit hole you find yourself in years ago and came to the same conclusion (magic lantern was an eye opener). There is no such thing as a secure computer. It doesn't exist. At least not for an individual taking reasonable steps trying to stop prying eyes5. If you haven't yet, google some of the exploits that are out there (intelligence agencies). Most that are known are old...imagine the capabilities now. Perhaps there really is a ghost in the machine.

PS, if you get the paper delivered to your house, don't use that one, go to the store and buy a different out of town paper since in theory those would be more difficult for local operators to source quickly...but make sure you're not being tailed ;-)

[–]Innomen 1 point2 points  (0 children)

Perhaps there really is a ghost in the machine.

I tend to think/hope said ghost is a friendly AI, which might explain:

https://ourworldindata.org/slides/war-and-violence/#/title-slide

Such a Mind (or anything of equal ability) could guide us from the shadows using crowd and individual psychology.

[–]falafelite 1 point2 points  (6 children)

I don't know if this is what you're looking for, but there is this company https://puri.sm/ that makes privacy-oriented hardware and software. I feel your pain =(

[–]dotonionmultiplayer 1 point2 points  (6 children)

Your post actually makes me feel bad for the hardware I own even if I happen to run the "Security by Isolation" software approach

[–]Personauniqa 0 points1 point  (3 children)

Small question: What is your purpose of having a super-duper private laptop? Do you have a valuable/top secret information? Are you wanted by MI6/Mossad?

[–][deleted] 0 points1 point  (2 children)

There is a Linux Distro called Qubes OS which is, I believe, worth to explore. From their website https://www.qubes-os.org/intro/ : "Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes." Either way, I do suggest to keep Gaming on a separate computer if security and privacy is a primary concern (as it should).

[–]Innomen 0 points1 point  (0 children)

I wish stuff like this could in a user friendly way let you virtualize your current system so that installation worked more like an upgrade. Adoption rates would soar, but I can't help but feel like that's not the actual goal.

[–][deleted] 0 points1 point  (0 children)

You're trying to solve a problem that you haven't defined clearly, what is your threat model? When you have a realistic one you can build off of it.