AmpleApricots
kiwifarms.net
- Joined
- Jan 28, 2018
When an intelligence government agency has a vested interest in you, your life is in the hands of people that are willin both to torture and to murder you and people close to you (and might or might not enjoy it) and the laws of the country you're in don't protect you anymore. Good luck with that.
If it's police/federal law enforcement you are worried might be after you, what you're up against can vary wildly from incompetent bumpkins who's whole IT forensics experience consists of checking the windows trashcan on the desktop to high level security specialists, anything is possible. The latter usually work privately because if you're good in the field, you can do better, government jobs aren't well paid and have often crazy hours and backlogs. (This is true for my country, it might not be true for yours) Usually here a robust encryption setup and (even more importantly) not cooperating is the smartest thing to do and your shins will probably remain unbusted for it. There's many tales you can find on the web where people talked themselves from "his shit is encrypted and we have no good proof, probably will have to let him go if he doesn't talk" to "can you believe he gave up his password willingly after we told him we already know everything and will go easy on him if he makes our job easier? He got ten years in the slammer". This happens faster than you think. If they look you up for a month or two while they're investigating you, it's easy to just crack and believe everything that's being told to you, especially since they WILL psychologically abuse and manipulate you in ways that are perfectly legal. As people have said, don't trust windows computers. Effectively, you have no idea what your OS does and with whom it talks and the sheer amount of malware which might or might not be allowed to be used by law enforcement where you are is mind-boggling. Same goes for any locked-down smart device. They're very attractive targets for very many eyes.
When going with linux, the route of a simple encrypted partition that's mounted by a kernel carrying an initramfs with all the important parts is the simplest. It is easy to set up by yourself. IMHO don't trust ready-made solutions by distributions because distro maintainers are the tranny jannies of the linux world and often have no idea what they're doing. The less moving parts there are, the less room there is for an exploitable mistake. It's really important to understand this stuff yourself to be safe and having to put trust into other people because you don't know how anything works IMO means that you can't effectively have a very safe setup. Sorry, just the way it is. Can't become the world's best chef knowing nothing about ovens! You can use features like the aforementioned secureboot/TPM to validate that the kernel/firmware/certain parts of the hardware is/are untampered. How much that will help to know in practice depends to be seen regarding your potential attackers and your setup. Even more interesting with this technology, you can "chain" the encryption of the data to your hardware, meaning making it impossible to just create an image of your hardddrive and just throw it on some cloud to have arrays of GPUs pummel it. (This might be more interesting than you think. An encryption that's unlikely to be broken now might be trivial to break in twenty years because of new discoveries be it technology or bugs in the encryption, and storing a HDD-image for twenty years is not a tall order for a government agency) Of course, if there's something wrong with your hardware, your data's gone.
If you're looking for security from criminals online, most common sense security measures (e.g. different user for your webbrowser task, sandboxing, don't click that naked_cowoker_pics.exe atttachment) are enough. They're usually looking for the low hanging fruits and there's plenty of them. Airgapping generally can't be beat. Good luck hacking that small paper notebook lying in the drawer of your desk. There'll never be a javascript exploit for that one.
If it's police/federal law enforcement you are worried might be after you, what you're up against can vary wildly from incompetent bumpkins who's whole IT forensics experience consists of checking the windows trashcan on the desktop to high level security specialists, anything is possible. The latter usually work privately because if you're good in the field, you can do better, government jobs aren't well paid and have often crazy hours and backlogs. (This is true for my country, it might not be true for yours) Usually here a robust encryption setup and (even more importantly) not cooperating is the smartest thing to do and your shins will probably remain unbusted for it. There's many tales you can find on the web where people talked themselves from "his shit is encrypted and we have no good proof, probably will have to let him go if he doesn't talk" to "can you believe he gave up his password willingly after we told him we already know everything and will go easy on him if he makes our job easier? He got ten years in the slammer". This happens faster than you think. If they look you up for a month or two while they're investigating you, it's easy to just crack and believe everything that's being told to you, especially since they WILL psychologically abuse and manipulate you in ways that are perfectly legal. As people have said, don't trust windows computers. Effectively, you have no idea what your OS does and with whom it talks and the sheer amount of malware which might or might not be allowed to be used by law enforcement where you are is mind-boggling. Same goes for any locked-down smart device. They're very attractive targets for very many eyes.
When going with linux, the route of a simple encrypted partition that's mounted by a kernel carrying an initramfs with all the important parts is the simplest. It is easy to set up by yourself. IMHO don't trust ready-made solutions by distributions because distro maintainers are the tranny jannies of the linux world and often have no idea what they're doing. The less moving parts there are, the less room there is for an exploitable mistake. It's really important to understand this stuff yourself to be safe and having to put trust into other people because you don't know how anything works IMO means that you can't effectively have a very safe setup. Sorry, just the way it is. Can't become the world's best chef knowing nothing about ovens! You can use features like the aforementioned secureboot/TPM to validate that the kernel/firmware/certain parts of the hardware is/are untampered. How much that will help to know in practice depends to be seen regarding your potential attackers and your setup. Even more interesting with this technology, you can "chain" the encryption of the data to your hardware, meaning making it impossible to just create an image of your hardddrive and just throw it on some cloud to have arrays of GPUs pummel it. (This might be more interesting than you think. An encryption that's unlikely to be broken now might be trivial to break in twenty years because of new discoveries be it technology or bugs in the encryption, and storing a HDD-image for twenty years is not a tall order for a government agency) Of course, if there's something wrong with your hardware, your data's gone.
If you're looking for security from criminals online, most common sense security measures (e.g. different user for your webbrowser task, sandboxing, don't click that naked_cowoker_pics.exe atttachment) are enough. They're usually looking for the low hanging fruits and there's plenty of them. Airgapping generally can't be beat. Good luck hacking that small paper notebook lying in the drawer of your desk. There'll never be a javascript exploit for that one.
Last edited:
.
