In today's time, surveillance has become more prominent and has spread to many new facets of the internet and even hardware. Due to this, I just bought a Thinkpad X60 with plans of consolidating it via libreboot and a security oriented OS to maximize my chances of remaining secure and the minimize the chance of being attacked.
My question is, with many different OS choices to choose from, which one in particular offers reasonable security while still allowing for general usage with popular applications What would you consider the best FDE application, Truecrypt, Veracrypt, Etc?
Sorry for the blog type post, so I will contribute some resources: amiunique.org (See your browser fingerprint) privacytools.io (Privacy enhancing tools)
Gentoo or Arch or Debian with GRsec kernel on LUKS encryption. Use RBAC for hard mode application level firewalling, firejail for easy mode.
Jonathan Myers
Qube OS.
Kayden Adams
Can it be trusted? I thought someone said that it was compromised or something. What about tails or whonix?
James Baker
I've not looked in the source (and even if I did, should you trust me?). I wouldn't say it's compromised, but it isn't as mature as Linux or OpenBSD that's for sure. The NSA supposedly doesn't like Tails, so that's a good sign. Truecrypt has any advantage over dm-crypt/LUKS?
Owen Scott
You'll notice some people who claim things are compromised are never able to back up their claim with any facts or provide an alternative that is better. Their only goal appears to be to get people to reduce their security. I call them shills. You can either ignore them or call them shills too.
Qubes is good, but it might be slow on an X60. It comes with Whonix.
True/Veracrypt's advantage is that it's cross platform. You can decrypt the same encrypted volume in Windows, Linux, and I think Macs too.
Blake Green
Maybe you were born after 2004 but Truecrypt is pozzed. Try and find any real, identifiable people who maintain it. Good luck.
Jonathan Taylor
Truecrypt has vulnerabilities that are supposedly fixed in Veracrypt. But while truecrypt is audeted veracrypt is not.
LUKS is best but if you're in a pinch or using Windows for whatever reason vera/truecrypt are still viable alternatives.
Juan Wright
You want security? You want privacy? Then once you've bootstrapped yourself into a slightly not-botnet level you'd best be starting a revolution, nigger. Nobody wins a purely defensive game.
Brayden Ward
I'll try to dumb it down for you.
The best approach for security from a consumer point of view is security by isolation. This approach assumes correctly, that everything can and will be compromised at some point.
It's pointless to try to make a system 'NSA-proof', because you will never be able to assure 100% that there isn't a 0-day in your system nor can you compete with (((their))) vast amounts of resources (money+manpower).
Security by isolation can be applied to various areas.
OS: Qubes does this by creating throw-away vm's for every purpose.
Behavior: seperating sensitive tasks. This means that you should not mix your location, software, hardware or anything else related to things which might identify you. This also applies to things like Tor browsing sessions, where you might consider never searching for terms you normally would while shitposting on kikes.
I was a GRsec, SEL, gentoo and arch tryhard myself. But eventually every of these systems,OS' had flaws, no matter how hard you tried or how much time you've invested.
The future of OpSec lies with small throwaway devices like PI's, combined with compartmentalized behavior and locations.
Henry Brown
Pick one of the two. If you use non-popular tech, you become more interesting target for government. (Unless the choice is to not use computers at all)
Dominic Brown
There is going to be a black market for linux distributions and non-botnet hardware in the future. At home, everyone will have Amazon Echo, Playstation 13 and a Mac Book to fake the goyim life.
Brayden Jones
Agreed, I wouldn't recommend Truecrypt either but the question I was replying to asked what advantage it had.
Can't worry about lists. Eventually they'll have a list of suspicious people because they act like they don't have a computer. Last will be a list of suspicious people because they hid from all the other lists so they must be hiding something.
Brody Harris
Last time I checked Truecrypt had been audited to some extent and they found nothing, so it has that going for it. The worst you can say is that it isn't maintained and the original developers stopped working on it under mysterious circumstances.
Robert Sanchez
Give me one reason why is bothers you
David Hernandez
I don't want to be spied upon.
Brandon Sullivan
Truthfully, I really don't give a shit about the government or surveillance, because I am busy educating myself and enjoying my life. However, some actions look bad in the eyes of "the man" and this is the reason why I bought a separate computer specifically for security purposes while having one with windows and FDE on it for general purposes.
Security is not limited to terrorists and pedophiles, and with large websites such as Google, Facebook, Twitter, Youtube, Etc. collecting your information and learning about you. I bet the N$@ A already has or is working on an algorithm that is able to predict your actions and knows how you think based on your information.
Michael Thompson
No user. You give me one good reason why I should give up my right to privacy.
Ryan Lewis
If you weren't a mongoloid you'd realize that buying a severely outdated laptop to run a secure operating system is counter productive then there's no hope for you.
Sell your x60, buy a laptop that supports flashing coreboot and is x64 and run qubes os.
If you won't sell your x60 have fun running Parabola/GNU+Linux with grsec libre kernel.
Ethan Taylor
wew
Asher Robinson
I run Qubes too but 4.0 is going to require nested paging which my current laptop can't handle. Not to make this a consumer advice request, but do you know of any laptops or even desktops that have both nested paging and are Coreboot compatible?
Newer laptops with Intel ME can go burn in a fire.
What are some differences between coreboot and libreboot?
Ethan Parker
Coreboot still has binary blobs for some things. Libreboot, on the other hand, has mentally ill trannies.
Julian Kelly
ME is a problem but even the Qubes folk recognize that fact. All you can do is have a properly authenticated ME blob for coreboot. If you feel risky maybe flash the ME Disable Coreboot BIOS to your laptop.
ME isn't going anywhere so just get used to it. Avoid processors with v-pro and you're okay.
Even then you're not going to be a target for such an advanced attack. No three letter agency is going to in the case of running Qubes: Blow a Linux kernel exploit to preform a Xen 0-day to then use the ME to root your system.
Hudson Collins
You have to be genuinely security-ignorant to buy a computer from Lenovo, a manufacturer known to put hardware backdoors in their computers. Intelligence agencies have been prohibited from buying Lenovo computers for that reason.
For browsing the web definitely at least use Whonix. You should always assume that your browser has already been hacked.
Jayden Miller
Veracrypt IS audited. But you should use LUKS.
Mason Scott
Can one build their own CIA grade hardware components for X-treme SEC? Like, build your own motherboard with manual mechanical switches instead of software, to make certain hacks and exploits impossible? Plus a completely unfamiliar and (I assume) way more advanced architecture and security?
Levi Anderson
Tell me sir, do you have a cell phone? Do you keep one or more credit cards?
Lucas Clark
Windows XP + 3rd party software Firewall + Diskcryptor (FDE) + Veracrypt (containers) + Tor ULTIMATE COMBINATION
easily destroys any linux into pieces. linux doesn't even have a firewall
Adrian Flores
Also, I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX. Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.
Gabriel Lee
how is that a problem? and it's not vulnerable, it's rock solid and secure
it has more privacy and security than linux
those are not firewalls you idiot. they don't block applications but stupid ports. if you open port 80 any app or malware can transmit data through it
Brandon Moore
linux doesn't have a single firewall
Justin Sanders
...
Andrew Hughes
Even though you are probably baiting, there are anons here who might take you seriously, therefore I'll have to spoonfeed you, you stupid nigger.
Most of the time iptables and ufw works, but since you are retarded, people have made a simplified version.
