On 07/31/2017 07:45 AM, Joe wrote: > On Mon, 31 Jul 2017 14:54:31 +0200 > Daniel Pocock <daniel@pocock.pro> wrote: > >> On 31/07/17 07:39, Daniel Pocock wrote: >>> >>> Hi all, >>> >>> I've recently had discussions with new users at various events who >>> were installing Debian for the first time, usually on laptops. >>> >>> It is easy enough to run the installer and get Debian up and >>> running. >>> >>> However, if the user is security conscious, or will be travelling to >>> events and passing through hostile airport/border checkpoints, are >>> there any extra suggestions about how the laptop could be setup? >>> >>> For example, should they use the default disk encryption strategy >>> proposed by the Debian installer, or another strategy? Or should >>> they be considering a derivative or something else? >>> >>> Another question that comes up when I have this discussion with new >>> users, they want to reduce their dependence on cloud services, so >>> what is the currently recommended way to sync or replicate content >>> from their laptop disk for backup purposes? While I have various >>> ways of doing this as a developer, what is proposed for >>> non-developers? >> >> >> I received a private reply seeking clarification of the threat model >> >> Standard threats affecting all people who travel with a laptop these >> days: >> >> 1. return of laptop for warranty service, technician has your data >> 2. theft of laptop >> 3. routine inspection by border officials (they may want the user to >> log in and type screen unlock password or briefly attach a device for >> "checking" the laptop) >> >> The user in mind: ordinary person who simply doesn't want to either: >> >> a) risk losing a copy of personal documents and photos when such loss >> could have been easily prevented, >> >> b) lose time answering questions at a border checkpoint because their >> laptop looks too secure or unusual. >> >> Obviously there are users who know they might be singled out for >> closer scrutiny and they might go to extra effort but I'm simply >> asking about the case of the ordinary user encountering ordinary but >> sometimes unreasonably curious uniformed officials. >> > > Fairly low down the scale, I'm not an international spy or inventor > with secrets: > > I have a TrueCrypt (yes, I know it's unsupported, but to the best of my > knowledge, it is still fairly safe) volume of 4GB stored as a file on > my [Windows] laptop. It fits on a DVD for regular archiving, and on > pretty much all USB sticks now. I don't use an enormous encrypted > partition because I like the utter triviality of copying a single > sub-DVD-sized file, and having it cross-platform compatible. Also, > the size limitation means that I exercise some discipline in what is > kept in it, I don't just throw everything in indiscriminately. > > I open it and use FreeFileSync to sync most of its data with my server > when at home, I do the same with Unison with my workstation and server, > so there are generally three live or nearly-live copies of important > data, and many archive snapshots of it going back years, plus a few > random copies on USB sticks. When I fill the 4GB I'll create a second > one. > > Photos are more problematic, and movies even more so. I take a snapshot > of our photo collection to a hard drive every month or two, plus DVD > copies of new material. I have a number of retired hard drives, as I > like to replace working drives after about five years, and most of them > will go on much longer with occasional use. > Potentially useful resources: Hardening Debian for the Desktop Using Grsecurity https://micahflee.com/2016/01/debian-grsecurity/ Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud https://www.eff.org/wp/digital-privacy-us-border-2017 Regards, Ralph
Attachment:
signature.asc
Description: OpenPGP digital signature