I don't do anything illegal but with the work I'm involved in, I can'f afford any compromises because my employer is autisic that way (no I don't work for the DNC).
As such I want it to be secure and mask wherever I go and whatever I do, if at all possible. I know VPNs are obvious but I'm wondering if you guys had any tips or tricks. Thanks.
start by not using your personal fucking computer for work stuff you dingus
Lincoln Reed
Was expecting Tails meme as first response. Disappointed.
Ethan Long
Who said it was going to be personal, dingus
Logan Jones
Install hardened Gentoo
Kayden Hill
Holy fuck this board really is useless.
Oliver Nguyen
You should know, can't even figure out some basic shit without being spoonfed
Kayden Robinson
Computer tech isn't my expertise, hence why I went to you guys.
If you're going to meme go to another thread. If you're not going to be helpful then you can just leave.
Brody Rodriguez
This board is for shitposting you cock muncher.
Bentley Russell
Ask your security handlers
Thomas Price
install hardenedBSD, that way you will be totally safe
Justin Thompson
>looking for actual information >posts on Sup Forums >must be Sup Forums's fault
Alexander Scott
Image the laptop and encrypt the disk. Never let them look and when you return it re-image with original image unencrypted to render residual encrypted information useless.
Joseph Fisher
Looks like OP's got a little attitude on him
You haven't given us dick for details >hur dur my employer is autistic and won't allow any breeches in security however, he doesn't outfit us with the necessary equipment and software to obtain such a goal hur Who's trying to track you, how, what type of environment do you do most of your work, step it up a little OP.
Jackson Ortiz
If you're looking for goverment paranoid level shit then use Qubes OS, it's pretty good for browsing the deep web or just general secure browsing, but you have to install the OS on the computer.
Lucas Bell
No one asked, they memed.
>Who's trying to track you,
Corporations mostly. Gov would be a plus just because.
>how
Wifi, ethernet
>what type of environment do you do most of your work
I travel so, but mostly from home, sometimes at work depending on the project
Owen Mitchell
penis penis penis
Jackson Campbell
use incognito mode
Lincoln Anderson
If it's just basic stuff like that just combine the vpn with other browser extenstions like https everywhere, disconnect, blur, and noscript.
Bentley Turner
Basically I want to mask my IP and be behind 7 proxies
Mason Morgan
Dude one is enough, unless they have a backdoor on your computer, no level of tracking should break the vpn unless it's unencrypted.
Easton White
And if you're serious invest in a paid vpn, becuase that will most of the time give you the best protection, I've had the best luck with services such as tunnel bear for windows, and bitmask for linux.
Sebastian Moore
So a VPN is an obvious must.
Should I consider encryption at all?
Dominic Reyes
Encrypted vpn, and with your computer I would recommend using veracrypt to create encrypted volumes if you're suspicious of people snooping on your computer, you can also try whole disk encryption as well with the same program, but this usually takes a while to do. Even if you have a password on your computer, if you leave it unattended for a while a person can easily break in with a boot usb and some forensics tools easily found on the web and make a copy of your hard drive without you knowing it.
Kayden Powell
Use Qubes OS and Whonix in a VM. Then use tor for everything inside the whonix VM. As for any other VM use hardened BSD or Debian with SElinux.
Connor Barnes
be careful to avoid DNS leaks- be sure to route DNS requests (ALL traffic, not just TCP) through your VPN of choice.
Aiden Watson
Thinkpad x200, libreboot it, then install tails on it or just install some linux distro on it in general and use a VPN.
Liam Cruz
Tin Hat GNU/Linux
Jose Torres
TinHat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM. TinHat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, TinHat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting. One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications. Needless to say, this has some rather extreme advantages and disadvantages, making TinHat a rather particular distribution.
TinHat was conceived as a challenge to the old mantra that physical access to a system means full access to the data. This is certainly true in the case of unencrypted file systems, and at least potentially true in the case of encrypted. Rather, TinHat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box --- either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. TinHat is a baby step in that direction.
Gabriel Richardson
Even before sitting down and thinking of the technologies one could use for such a project, other considerations pop up. Obviously if the user is able to get to the data, then in principle so can others. These issues impinge on the user's social situations: What happens if the user walks away from a running system where he is logged in? A classic problem. What happens if he is coerced into letting the adversary in while the system is up? If the user is uneasy keeping his personal files in RAM, he may want to back them up to encrypted drives. Then the window of a "coercive attack" extends beyond the uptime of the system. What if the user is watched via a secret surveillance camera? What about a hardware keylogger? Or a microphone listening to the unique sounds of keystrokes on a keyboard? How deep does the rabbit hole of paranoia go?
Let's set aside the social engineering attacks for now and focus on the major technological obstacles. Recent advances in cold boot attacks, where data in RAM (such as encryption keys) can be retrieved even after a system reboot, have put our goal even further beyond reach Utilities like msramdmp can be used to dump the entire tmpfs root file system of TinHat for forensic analysis. The situation seems bleak, but this just gives us opportunity for more clever ways of encrypting/hiding data in RAM itself --- at least until hardware solutions come along. This is clearly the direction in which we would like to develop TinHat, but must admit that we are stumped. No matter how many layers of encrypts we add, we cannot avoid keeping clear key somewhere in RAM.
Aaron Wilson
Of course, the ideal that "physical access == zero information loss" would be useless if TinHat didn't also protect against the more familiar network/code born exploits. For this we employ GRSEC/PaX technology which is a reliable security solution already integraged into major Linux distribution by the Hardened Gentoo Project. Since TinHat provides an option between Gnome, XFCE4, or FluxBox desktop environments running on top of X, some compromises in security had to be made; however, these are noted so that the user is aware of their existence. Little can be done on generic hardware; however, we have found that on specific motherboard/video chipset combinations, hardening features which would otherwise break X can be enabled. For this reason, we not only provide polished ISO images for immediate use, but also our "cookers," VMware virtual machines which we use to make the ISOs.
Finally, TinHat has a secondary goal. Since we are running purely in RAM, TinHat is fast! If "Zero Information" is one subtitle that we can append, another would be "a Glorious Waste Of RAM". TinHat requires about 5 GB to run comfortably, 4 GB for the tmpfs root file system, and 1 GB for paging. If one wants to further reintroduce Gentoo's portage system and/or the kernel source tree, 5GB becomes a very tight squeeze. Forget adding any more software after that, which leads to the paridoxical sitatution: why else would you reintroduce portage/kernel trees if you don't plan to add any new software? Although we provide an i686 release, in our lab we run the amd64 version on 8 GB boxes in which we reintroduce portage/kernel and add the entire Open Office suite. One gets spoiled when your word processor pops up in mere seconds!
Oliver Richardson
>getting your workplace tech support from Sup Forums I don't think that's any better
>1. install your o.s. of choice on a usb stick >2. acquire laptop >3. remove hdd from laptop >4. only boot from usb >5. use another usb to save files
That's it. It's un-compromisable unless you're exploited while using the system or someone steals your 2nd usb.
You will not be able to bookmark pages or save passwords like a normie but that's the only downfall.
Anthony Walker
Install Linux, use full disk encryption, use 64 character passwords, use gpg encryption for emails
Aaron Lee
>Who said it was going to be personal, If it's work's laptop it's their problem to get and keep it secured, not yours. Follow the security policies to the letter. Don't try to improvise your own additional approach, unless you want to take the fall for anything that goes wrong.