Re: How do you make your life secure (software based)?
On Mon, Nov 26, 2007 at 03:16:58PM -0600, Ron Johnson wrote:
Lets look at this and see how feasable it is and still make having an
internet connection worth-while. If you want a truely secure internet,
don't use the internet. Buy a true copy of OpenBSD (since you can be
more sure that its real than someone's download-and-burn of Debian's).
Never connect to the internet and use the computer locally only. I've
heard that a top status-symbol at CIA is the NON-NETWORKED computer.
> If you want your internet existence to be totally secure:
> a) *Never* conduct financial transactions on-line,
OK. Telephone I guess. Do banks still have their own network or do
they use the Internet (perhaps IPSec or something over standard
> b) never give out any personally identifiable information,
> c) never discuss anything the least bit controversial,
Anything you say will be controversial to someone, or at least open to
interpretation. Very few of us are skilled professional diplomats who
live and breath nuance communication.
> d) never use a SIP phone,
> e) Skype seems secure, but the Germans might have cracked
> it and be blowing smoke in order to get Bad Guys to use
> encrypted Skype,
Heh. Not that I know what a Skype is.
> f) use the w3m browser,
What is it that makes w3m more secure? Is it fewer features or is it
really designed to be better? Presumably it doesn't have Java. Is it
more secure than the Lynx (patched) that is included in OpenBSD base?
> g) use Mutt or Alpine,
I don't see Alpine in Etch. It makes sense that Mutt being only a MUA
could be more secure than something that shares code with an unsecure
browser. Why else?
> h) never send cleartext email,
Why? Or is it just that over time you build up a large amount of public
writing that may give away hints that aren't noticable in individual
> i) only email a select group of friends & always use GPG,
So don't ask for help on DU?
> j) never use IM, bittorrent, ftp, etc,
bittorrent: OK, but why, if the MD5sum checks out?
ftp: Why? If you get the MD5sum via another route, e.g. http from
Would you include, e.g. cvs updates from openbsd.org (in order to get
security patches) in this?
I use an ftp mirror for my debian debs. Is it less secure than http?
> k) install minimal OpenBSD on your desktop,
While I'm sure the OBSD people would agree, with the same apps
installed, is OBSD really more secure than Debian?
> l) run really-minimal OpenBSD on your tight firewall.
Other than not sending plain-text email (e.g. to DU) or using FTP, this
looks really easy to follow.