Digital security

11 08 2020

A reader who is far more literate about these things than us, sends some advice. As always, we urge readers to be critical and careful in using digital material (including suggestions from others):

Many of these activists have security literacy, but I expect that most do not and this knowledge will help to protect them as they exercise their rights.  This is really important at this stage and I am certain I am not the first to flag this.
One useful approach is the idea of a live OS that can be installed onto a USB drive and will mask the host system information from both the ISPs and the websites.  These are systems that you can plug into any computer and boot as if it is an alternative operating system without damaging or changing the machine.  Most importantly, none of the activity will be logged on the machine because it will bypass everything except for RAM.  This means that students can insert them onto school machines secretly without being tracked, but also at home without risking their family security or incurring punishment.  The challenge is that forcing the machine to boot the USB will require pressing a special key as the machine turns on, usually Esc or one of the F# keys, and this depends on the machine itself.  If someone can figure out how to install these (unetbootin is the best tool: http://unetbootin.github.io) then they will be savvy enough to google their computer.
Lastly, people should go through their settings and update privacy, such as on web browsers to delete personal data (cookies, history, passwords) on exit.  They should consider not using Google anymore and opt for privacy ones like DuckDuckGo (not strong on Thai language support though).  Also to check out various browser extensions and tools from Electronic Frontier Foundation (EFF) (https://www.eff.org/pages/tools).  People should be compartmentalizing their online activity and start getting used to using private windows by default.
The suggestions are endless, so I’ll stop here and highlight some that I’ve worked with:
TAILS OS – a USB-based system that is fully encrypted and can be moved from physical systems without wiping the installation.  It will force all web traffic through a TOR network.  It is useful for standard work, such as document production, media editing and other basic tools a user needs because you can save your work and resume at a later time.  Those of you who are journalists might be familiar with this because it was promoted by Edward Snowden.  (https://tails.boum.org/install/index.en.html)
Kali Linux (Live) – a standard Linux installation but it is a “live” version that you can boot without affecting the rest of the machine.  Each boot session will be fresh and all work will be wiped when you exit, but the usb itself won’t be encrypted so it will be clear what it is to anyone who checks it.  Kali is meant for hackers so it is full of technical tools to do a range of good and bad activities, but this means that it is designed for anonymity.  (https://www.kali.org/downloads/)
Any Linux Live – Linux is pretty useful because it is free and most distributions offer live versions that can be burned to an optical disc or USB that will let you boot into any machine (more challenging for Mac).  These are not designed for privacy per se, so users will need to do some preliminary work to protect the machine.  (https://distrowatch.com)
Other tools:
Web Browsers:
TOR Browser – easy to use, but there is a security vulnerability for Mac and Linux users that has been floating around lately and may or may not be fixed.  Also looks very suspect if installed.  Many sites don’t work well with TOR enabled, though, and sometimes setting up the connection can be challenging.  Not sure the level of integration with EFF tools in latest releases.  (Windows, OSX, Android, iOS, Linux) (https://www.torproject.org/)
Brave Browser – a common browser that incorporates EFF tools by default and doesn’t arouse suspicion.  Value is that it has a native TOR feature on desktop versions that is very easy to use.  Same problem with sites when using TOR.  (Windows, OSX, Linux)(https://brave.com/)
Opera Browser – a more common browser that has a native free VPN for desktop versions, which is useful for some limited privacy.  Should install EFF tools as extensions. (Windows, OSX, Linux) (https://www.opera.com/)
Virtual Machine:
VMWare Workstation Player – a virtual machine inside an existing machine and can be any OS on any kind of host machine, including OSX on a windows machine etc, so it’s fully private for the individual user. But setting one up is time consuming, especially with creating a bridge for internet while the host system only uses Wifi.  It’s useful for testing whether an attachment has a virus or malware, but it is very resource intensive on RAM and CPU, so machines will overheat.  If accomplished, though, you can carry around a full system of any sort and move it between a few machines without leaving a trace on the host, other than the fact that VMWare is installed. (https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html)

Actions

Information

One response

13 08 2020
trombik

I don’t know the quoted message was written by whom, but it sounds reasonable. as stated in the message, enabling USB boot in BIOS would be the hardest part. I don’t think average Joe can do it without help. if you need help, I’m happy to do so.


Tomoyuki, an expert in IT security and computing (Twitter: @ytrombik)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.




%d bloggers like this: