BTW, the book Watchman Guide to Privacy will help you a lot, as it talks about physical security.
About using an encrypted cloud with TOR, it can be great if hidden. But if not hidden, then LE can just ask you the password, which you will certainly remember. With local encrypted storage on the other hand, you can claim that you forgot the passphrase (IANAL).
Arenât windows secure boot + trusted boot the same as âverified bootâ ?
Its easy to only use a laptop at home. You can also remove the battery which would turn it off if unplugged. In the previous link I posted by Mullvad, they say non laptop computers are not able to be tamper-proofed.
Interesting idea. Perhaps using a server hosted via bulletproof hosting (paid with crypto), then SSH into this machine over VPN or TOR would accomplish the same thing. You could set up a bash script to autowipe the files if you havenât SSHâd into it in a certain period of time (lets say 24 hours).
The machine you use to connect to the VPS could be amnesic like Tails. Meaning any physical devices confiscated wonât have anything.
If Iâm not mistaken, Full-verified Boot on MacOS verifies everything that is not a user-installed app.
I donât know if Microsoftâs Trustet Boot does the same (it verifies the Windows start up process, but unfortunately my knowledge of Windows software architecture is not sufficient to say if this is the same as MacOS Full verified boot).
But if it is equivalent, I would probably go with a Dell Latitude for the offline device.
Shouldnât that be the case anyway, regardless of my thread model?
But I understand what you mean, fortunately I have already taken such precautions (within my capabilities).
so true.
Interesting concept, definitely worth considering.
Some thoughts on this:
What if a component breaks or you have to make some hardware configurations?
Do you then have to dig out the whole system just to do a few (small) things?
You could try to make the system âfailure-proofâ (e.g. a backup system in addition to the current system, which then takes effect in the event of a failure).
You would have to take a closer look and think about it, but itâs not a bad idea.
I wouldnât like it when my extreme sensitive data is stored on other peopleâs computers/servers (even if itâs encrypted) and could theoretically be attacked all the time.
The concept wouldnât be bad in itself, but I think in my case I would prefer a âlocal solutionâ.
That would also be my concerns.
With a strong enough password itâs impossible for them to break it. Canât beat math.
Thereâs the possibility of a harvest now, decrypt later, https://en.m.wikipedia.org/wiki/Harvest_now,_decrypt_later
But probably not a huge concern
They could theoretically access the cloud hosting provider, upload a malicious version of your file that includes malware, and leak your encryption keys when you download it again.
Thatâs where Tor comes in. They canât easily link the file to you. Also slight problem with that plan, how are they even going to do that. It would make more sense iI think if they exploited Tor browser somehow like theyâve done before to deanonymize people. But I could handle the encryption fully locally and keep Tor browser on the Safest security setting which would be really hard to exploit.
I donât think a remote system would be the best in my case.
I need a system for editing files (this includes Office applications, but also image manipulation, metadata removal tools and some others).
This system (and the applications running on it) should NOT send any data to the outside and should also not receive any data (to prevent remote installations of malware and possible exploitation of remote vulnerabilities), except the data that I transfer via USB drives.
Furthermore, there should be a precaution that shuts down the system in the event of unauthorized access or makes the data unreadable (like BusKill).
With a remote system, e.g. a VPS, I see the following problems:
Something else:
What would actually be the case with a Surface laptop 7th for business device?
Can the Wifi card and NIC be removed as easily as on other laptops or are they also soldered onto the circuit board as on Macbooks?
Surface devices would have some advantages over a Latitude:
pros:
cons:
No. You can use a standard ISO and install the Surface Platform Installer MSI, which should also be obtained automatically via Windows Update. You could also just do an in-place upgrade to Enterprise just by entering an Enterprise license key, without reinstalling.
A solid option. What are your thoughts on the surface compared to a macbook?
The surface has pluton, but the mac has secure enclave and lockdown mode.
Both are closed source operating systems, however a lot of people say mac is more private than windows.
If you want a secure comms app for qubes that makes use of the isolation via qr-exec you might find my work with TFC interesting: GitHub - maqp/tfc: Tinfoil Chat - Onion-routed, endpoint secure messaging system
Very basically, itâs a three-programs per user system, each program running in their own VM:
Transmitter Program encrypts data and outputs ciphertexts to Relay Program. Relay Program delivers message to peerâs Relay Program, which forwards the ciphertext to Receiver Program for decryption. Neither Relay Program has access to keys used for end-to-end encryption.
qr-exec enforces unidirectional communication between the VMs. This provides key exfiltration security:
All packets in TFC are routed via Tor v3 Onion Services to provide anonymity and to protect metadata about communication.
The cipher suite is also pretty good
Caveats:
Qubes and qr-exec have their own problems with buffer-full state allowing transmission of binary data as long as thereâs purpose-built malware running on the VMs. Getting the malware to execute on Destination VM on its own is still quite hard.
If you canât take the risk, I might suggest you have a peek at the hardware isolated configuration of the messaging system, that uses hardware data diodes to guarantee single-direction communication between the programs with the fundamental laws of physics imposed by the optocouplers.
Why completely offline? You could use a proxy or a data diode. That way you would still get (security) updates for the system and the apps.
Ask the guys from Nitrokey they have experience in desoldering components, maybe they have a few tips or would even remove it for a payment.
Hi, sorry for my long absence.
Well one big advantage of the Surface devices is that they have memory encryption, which as far as I know is unfortunately not the case with Macs.
But Iâm still unsure which of the two systems I should use (at least Iâve limited the options to these two systems).
Thatâs why I wanted to remove all network components so that no unwanted connections to the OEMs are established.
But this will probably not work, my soldering skills are not sufficient for this.
Damn cool setup, Iâll definitely take another close look at it. Thank you for sharing it.
That will probably be the only option, maybe someone knows some products with which this can be realized?
Macs have DMA protection, and soldered RAM. Although the RAM is not encrypted, there are minimal ways to dump the RAM from lock screen.
Most tools to dump the RAM require a reboot.