this post was submitted on 31 Oct 2023
29 points (89.2% liked)

Privacy

31938 readers
942 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

In my opinion it would probably be using Qubes certified hardware with Qubes on it and then routing everything through whonix VM.

Curious to know if anyone has anything else that is more secure than Qubes - I mean like does anyone know what darknet vendors use opsec wise?

Also I heard Snowden used Tails OS when blowing the whistle - so perhaps using tails would be up there.

top 14 comments
sorted by: hot top controversial new old
[–] sneezycat@sopuli.xyz 26 points 1 year ago (3 children)

Computer without any networking capabilities, no external drives, in a secure location. 99% secure (not immune to human error/social engineering).

Extra points if nobody but you knows about its existence.

If you're asking about OS, Tails is a pretty popular one but I'm sure you'll get better recommendations (sorry can't actually help you!).

[–] SomeBoyo@feddit.de 5 points 1 year ago (1 children)

Don't forget to put the computer inside a faraday cage or turn the room into one.

[–] sneezycat@sopuli.xyz 0 points 1 year ago (1 children)

Why? It's not like it can be wirelessly accessed. Could protect against cosmic rays or whatever I guess.

I think a better addition to the setup I suggested would be hard drive encryption. Just in case.

[–] lemann@lemmy.one 6 points 1 year ago

It's not like it can be wirelessly accessed

The creativity of research students shouldnt be underestimated lol, they have found ways to transmit data to cameras, to microphones (inaudible to us), and also by using coil whine in power supplies, all by modulation.

There is the caveat that these usually require the computer to be compromised first though, if it is airgapped

[–] GreyTechnician@lemm.ee 5 points 1 year ago

Yeah, I guess the most secure you can really get is having a device that has literally no networking capabilities.

Although that isn't fool proof, just look at stuxnet

[–] Anticorp@lemmy.ml 4 points 1 year ago (1 children)
[–] satanmat@lemmy.world 4 points 1 year ago

Nice option… but I was looking for something that could run on my PET16. This is too powerful for me

[–] jet@hackertalks.com 14 points 1 year ago* (last edited 1 year ago)

This is all down to your threat model and use case.

the most "secure" desktop would be an airgapped system, no connection to the internet, and no storage.

Qubes is great, but its not magic, you have to be clear about what you are protecting yourself against. If your using Qubes and someone steals your running laptop, your data is typically unencrypted, etc.

Qubes + always on vpn VM + tails disposable VM.... is pretty good

I'm running Qubes now, its great, but its just a toolbox, you still have to build up your own usage model, how you want to separate identities and use cases and network stacks.

[–] netchami@sh.itjust.works 12 points 1 year ago

Darknet vendors mostly use Tails, as it makes it easy to wipe any tracks. The chance that they will be targeted with malware is low, they require privacy and anonymity over security.

[–] AnnaFrankfurter@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

Tails OS is only useful if all you want to do is buy few drugs or blowvwhistles on government or any other one off thing. But for daily driving tails OS is terrible.

The main selling point of tails is that it is amnesiac but I'm pretty sure most people will want to save some data on there device.

even though I've set priorities .onion but in reality most website I need are on clearnet with no onion mirror. I know this can open to network analysis attacks but I'm OK with it most of the time. (LEA Already knows I visit 7000 times a day). But back to the point all these clearnet site share data With each other and this could lead to cross contamination and sites able to build a proper profiles on you. Tails can't do much here but with Qubes you can compartmentalize.

If you want to login to your bank account or some other site where you don't want yo use Tor but still not share anything more than you want to Tails has no solution you will be forced to use a different less secure and private OS but again with Qubes you can create separate VM that will only connect to your bank directly.

[–] Privacy@monero.town 3 points 1 year ago (1 children)

Unpopular opinion but.. First privacy and security is not the same, one relays on the other tho. So find your treat model when it comes to privacy. If its about security as you mentioems qubes is also great, yet needs a lot of knowledge. Your computer is only as secure as you made it and make it! Keep it up to date etc. For a normal user who don't have the knowledge or used qubes or even Linux in the past it is probably a jump to high. Macos is secure, not very private. Consider all of this find out yout treat model find out what you use your computer for. Separate business and private accounts etc..

[–] AnnaFrankfurter@lemmy.ml 2 points 1 year ago

I agree with most of what you said. But I won't consider Mac a secure os. Yes it may be more secure than a vanilla Linux distro but with few minutes you can make a vanilla Linux and Mac os equally secure.

But then the problem is if someone is able to gain access maybe chaining 2-3 Zero days. They will get access to everything. But in qubes with hardened templates they will have access to single qube. And if you were being care full only a disposable qube.

The power of Qubes is in its ability to compartmentalize everything. You still need to harden all templates use minimal template for vault VM. I've more than 30 separate appVM. And still use disp VM with most of the time.

[–] AnonymousLemming@feddit.de 2 points 1 year ago
[–] Cwilliams@beehaw.org 1 points 1 year ago

Install something basic with no network access. Anytime you need network, boot Tails and use that