I live in a country that has a track record of changing governments on an irregular basis, and could possibly become oppressive without notice. That being said, I have tried to be prepared for such an eventuality. Though I have done nothing illegal, the mere fact of being a foreign national could perhaps set me up for a 2 AM raid by the local Stasi. Anything on my computer that is perfectly legal today could be illegal tomorrow, and when the goal is an arrest SOMETHING can always be found (or planted) as an excuse to do so.
I would like opinions as to whether this setup is sufficient against a government computer intrusion:
Windows 11 OS with strong random pass-phrase
C-drive full disk BIOS encryption with 4096 bit key and six random word pass-phrase by Diceware
Brave browser with Firefox for backup
StartPage search engine
Private Internet Access VPN with Proton VPN as backup
Tails OS with DuckDuckGo search engine over Tor for anything that even remotely might be construed as suspicious
No Wifi or cellphone. All internet connections by ethernet cable.
I know every chain has its weak links, and that is why I am asking. I appreciate your input.
Thank you for your reply. I suppose it is rather important to look like a face in the crowd. My primary concern, however, is not so much a secure online presence as the consequences of my PC being confiscated or stolen. How easy or hard would it be to break into my system, assuming no physical duress for the password? Again, nothing is illegal at the moment, but there may be reading materials that might not agree with an oppressive government’s political views.
My use of VPN, etc., is only an attempt to leave the least trace as possible.
What is “BIOS encryption”? If that’s something built into your BIOS you can and should not rely on that. Always use well-known, audited open source software for really important things like encryption.
Perhaps I used the wrong term. By this I mean the disk is fully encrypted and the password must be presented before Windoes can start. This encryption is done by VeraCrypt. This is separate from the Windows password.
I’m sorry for the confusion. I have no doubt everyone here knows a lot more about these things than I. That is why I am asking. And thanks for your reply.
Other than the technical aspect, you might want to consider this matter in the legal aspect as well. The most important part is jurisdiction. For example, a full disk encryption won’t prevent you from cloud recording/logging, i.e. if there were some services logging your actions in the background, and those actions are considered to be offenses, you are busted even though the government can’t crack your device. And any registered company in your country will sing like a bird due to court orders.
Therefore, your first priority is to prevent any leakage. If I were you, I would use a product/service that’s not registered in the country.
Also, according to Techlore, PIA VPN and Proton VPN are not one of the providers that listed as warrant canary. They might not be your best bet.
Well, if this is the case then there aren’t really technological measures you can take to protect yourself against this threat. The mere fact that you have an encrypted drive might be seen as evidence of guilt regardless of its contents, for example.
Without knowledge of details like what data you’re actually trying to secure, which government you’re trying to protect from, what techniques they might use against you, etc., nobody here will be able to give you a fully-informed opinion on your situation. I’m not suggesting you share all of these specific details online in a place like this… I just want you to understand the limitations that a community like ours can provide. In your case it sounds like your situation is potentially very complex and the threats you face (governments) are very advanced, so you may want to consider consulting someone who is an expert in your specific situation.
In terms of actionable advice: Something you may wish to consider is not storing any data locally in the first place, if protecting against physical confiscation is your greatest concern. Storing your information with an encrypted cloud storage provider and only accessing it via Tails (i.e. making it difficult or impossible for an attacker to know which cloud storage provider you use in the first place based on physical/local evidence) could provide decent protection against such a threat.
The general insights given within this community and on privacyguides.org should not be construed as specific advice for your situation.
About the only thing protecting you there is the amnesic nature of Tails, (ie not having anything to find) the rest is security theater against a state adversary. What browser or search engine you use is irrelevant. Whether the connection is WiFi or Ethernet also has no bearing on anything if these connections are tied to you (via credit card etc).
One could argue that a fixed wired internet connection is less anonymous, as it is usually tied to an address (xDSL, FTTP etc), as opposed to a burner cell phone maybe not even in your name. Having said that possession of a cellular device under someone else’s identity may very well be incriminating on it’s own.
I need a VPN with Torrent support.
Is PIA (Private Internet Access) not a good choice?
Currently I use iVPN, but the disabled port forwardings
Private Internet Access review conclusion
Private Internet Access is a cheap VPN. The company has been adding features to increase the value of the service, but it still lags far behind industry leaders like NordVPN or Surfshark. On a positive note, it does have good VPN apps that are secure and user-friendly. But even with that, these drawbacks stand out:
Slow and inconsistent speeds
Based in the United States
Does not work well with streaming services
Now part of a large VPN conglomerate (Kape Technologies)
Mediocre support that may or may not be available
In short, while the company continues to improve their service, we still can’t recommend this VPN. There are too many other great alternatives to consider.
If the VPN is not declared its warrant canary status, it’s most likely to say yes to any warrant sending to them, and is complying to any government/third-party request providing there’s a court order.
Just so you know, we don’t put any value in warrant canaries. As far as I know these have never been proven to actually work, and are just that, security theater.
Generally a gag order will include broad description of “tipping off” the person being investigated.
In the context of what this thread was originally about, oppressive governments will generally not have any sway over companies in other jurisdictions that that simply just won’t comply with unreasonable requests.
If you live under an oppressive government, it would make no sense to use a VPN operated from that same country, regardless of whether there is a warrant canary or not.
You probably don’t. The only thing that might happen is you might miss out on some peers. Of course there are other things eg usenet which do not have this issue and work just fine with the servarr family of tools.
Use a normal VPN all the time, possibly enable it on router level. Get Mullvad, Proton, IVPN or Windscribe.
If you want your browsing to be private, use VPN all the time, or if you suspect that government will take your computer, use sandbox when browsing. Windows 11 has Windows Sandbox, which will do the job.
When using normal browsers, disable cloud sync and profiles, and delete cookies and history on closure.
You can use VPN on your phone. Also use NextDNS or Control D as your DNS provider instead of ISP, if you want additional control over your DNS queries.
You should research “Plausible deniability”. For example, have an hidden partition with your prohibited stuff, and a normal partition with your normal stuff. This way, when the police knocks at the door, you can claim to cooperate by giving them your password and be well-seen.
Yes, it is secure but configuration options are very limited compared to Vmware Player/Workstation. You need to have Windows Pro or above license. It is also deleted once you close the app, unlike other 3rd party apps.
It’s really secure. I can post my config later and you’ll get an idea of what you’ll need to change in practice.
I run Mullvad Browser in mine.
If you want an easier experience you could just use Microsoft Edge inside of Microsoft Defender Application Guard. It’s really enable and play and is incredibly secure out of the box.
