Re: best practices for a fresh install on a laptop
On Mon, 31 Jul 2017 14:54:31 +0200
Daniel Pocock <daniel@pocock.pro> wrote:
> On 31/07/17 07:39, Daniel Pocock wrote:
> >
> > Hi all,
> >
> > I've recently had discussions with new users at various events who
> > were installing Debian for the first time, usually on laptops.
> >
> > It is easy enough to run the installer and get Debian up and
> > running.
> >
> > However, if the user is security conscious, or will be travelling to
> > events and passing through hostile airport/border checkpoints, are
> > there any extra suggestions about how the laptop could be setup?
> >
> > For example, should they use the default disk encryption strategy
> > proposed by the Debian installer, or another strategy? Or should
> > they be considering a derivative or something else?
> >
> > Another question that comes up when I have this discussion with new
> > users, they want to reduce their dependence on cloud services, so
> > what is the currently recommended way to sync or replicate content
> > from their laptop disk for backup purposes? While I have various
> > ways of doing this as a developer, what is proposed for
> > non-developers?
>
>
> I received a private reply seeking clarification of the threat model
>
> Standard threats affecting all people who travel with a laptop these
> days:
>
> 1. return of laptop for warranty service, technician has your data
> 2. theft of laptop
> 3. routine inspection by border officials (they may want the user to
> log in and type screen unlock password or briefly attach a device for
> "checking" the laptop)
>
> The user in mind: ordinary person who simply doesn't want to either:
>
> a) risk losing a copy of personal documents and photos when such loss
> could have been easily prevented,
>
> b) lose time answering questions at a border checkpoint because their
> laptop looks too secure or unusual.
>
> Obviously there are users who know they might be singled out for
> closer scrutiny and they might go to extra effort but I'm simply
> asking about the case of the ordinary user encountering ordinary but
> sometimes unreasonably curious uniformed officials.
>
Fairly low down the scale, I'm not an international spy or inventor
with secrets:
I have a TrueCrypt (yes, I know it's unsupported, but to the best of my
knowledge, it is still fairly safe) volume of 4GB stored as a file on
my [Windows] laptop. It fits on a DVD for regular archiving, and on
pretty much all USB sticks now. I don't use an enormous encrypted
partition because I like the utter triviality of copying a single
sub-DVD-sized file, and having it cross-platform compatible. Also,
the size limitation means that I exercise some discipline in what is
kept in it, I don't just throw everything in indiscriminately.
I open it and use FreeFileSync to sync most of its data with my server
when at home, I do the same with Unison with my workstation and server,
so there are generally three live or nearly-live copies of important
data, and many archive snapshots of it going back years, plus a few
random copies on USB sticks. When I fill the 4GB I'll create a second
one.
Photos are more problematic, and movies even more so. I take a snapshot
of our photo collection to a hard drive every month or two, plus DVD
copies of new material. I have a number of retired hard drives, as I
like to replace working drives after about five years, and most of them
will go on much longer with occasional use.
--
Joe
Reply to: