I’m facing complex security considerations and seeking external perspectives on potential solutions. I’m unsure how or if I should reformat my device to enhance its security posture and would appreciate any advice or insights from others familiar with these challenges.
I’m not engaged in any unlawful behavior, though I have experienced prior issues. My threat model includes activism and potential indefinite detention if I fail to provide a password, as well as customs inspections of my computer. I intend to install multiple operating systems, including a decoy OS for inspection purposes and a deniable setup for forensic analysis. Tails is unsuitable due to limitations in functionality (e.g., VPN/Tor routing, compilation). Qubes offers advantages but is complex. I prefer Gnome but value Qubes’ network routing capabilities. My threat involves aggressive network intrusion rather than persistent malware; hardening against memory and network attacks is prioritized. I have detected multiple recent network intrusions that often occur while the device is connected and minutes after the device is idle. While considering Parrot or Kali, I seek an OS with automatic hardening comparable to Fedora. SecureBlue’s limited root access is a drawback; the ability to modify default parameters is desired. Shuffleboard’s readiness remains uncertain. A possible setup involves Veracrypt Hidden OS with Windows unhidden and Debian hidden and Shufflecake inside the Debian environment.
I’ve also considered using a headless operating system with LUKS headers stored on a separate device. However, it’s possible the network intrusions stem from malware implanted at the firmware level before I received the device; in which case, altering the hard drive structure might be ineffective and potentially misguided. It is also conceivable that I am experiencing technical issues and misinterpreting them as network intrusion. Nevertheless, based on the nature of the errors occurring, it seems more probable that a hacker has gained access through my network.
Furthermore, given the possibility of pre-installed firmware malware, any mitigation strategies focused solely on software or disk structure may prove insufficient. The potential for compromise extends to hardware components themselves, complicating efforts to ensure system integrity.
It is also possible I am misinterpreting indicators and overlooking signs of an investigation, which would necessitate utilizing an amnesiac operating system accessing a Remote Desktop Protocol (RDP) if required. The cost associated with RDP services presents a challenge; however, the potential consequences of inaction could be significantly worse. There is also a non-negligible chance that all physical devices I own will soon be seized, and my current preparations may not adequately address this scenario.