Monday, October 1, 2018

Linux for practical secure dual-PC systems


During the interview, Snowden discussed his motivations for releasing the documents to journalists, explaining, "The intelligence capabilities themselves are unregulated, uncontrolled, and dangerous. People at NSA can actually watch internet communications and see our thoughts form as we type. What's more shocking is the dirtiness of the targeting. It's the lack of respect for the public and for the intrusiveness of surveillance."

Edward Snowden, quoted in In NBC interview, Snowden says NSA watches our digital thoughts develop
http://arstechnica.com/tech-policy/2014/05/in-nbc-interview-snowden-says-nsa-watches-our-digital-thoughts-develop/


Snowden was apparently referring to a "Thought-Police" black-op within the NSA which snoops on us partly to interfere with our plans to make us feel powerless. Don't plan on getting rid of them, because you can't get rid of something if you can't find it.

Although learning to use Linux can be frustrating, it is worth the effort because it is the most practical OS to my knowledge for creating relatively inexpensive secure PC systems which don't rely on software (other than AES-grade encryption software, which is trustworthy) for protecting data. In such systems, there are two PC's which share a monitor and a keyboard by means of a KVM switch, one of which is used for accessing the internet but not for processing sensitive information, and another PC for processing sensitive information (such as shopping lists, plans, and messages to be encrypted and transferred to the internet-connected PC for transmission), which is unquestionably secure because a) it is completely electromagnetically isolated from the internet, and it has no internal drive which can be used for surreptitiously storing data to be uploaded to the Thought Police when a connection becomes available, or to be retrieved during a "no-knock search" (it stores data only in an encrypted form on physically small USB flash drives which are removed and hidden when not in use); and b) the installation can be maintained by using a unique program named Apt-offline, which combined with the new "containerized" software systems for Linux, allows any available change to be made to the installation (including OS-updates) without connecting it to the internet. Installing the new "containerized" types of Linux software is like installing Windows software, but the new systems won't entirely replace the old systems anytime soon, if ever, so there will still be a place for Apt-offline in the Linux world for the foreseeable future.

You could probably create the same kind of system with Windows, but you would need two copies of Windows, and to update Windows on the secure PC, you'd have to get a copy of the latest version of Windows and use the copy to update the installation (or to create a new installation). This will become more feasible when Windows Core is available, because it will allow installations to be tailored to the PC, instead of using a gargantuan OS which is the same for every device. It might also be possible to create two installations of Windows from a single copy to run on a single PC, and run one on the PC in "secure mode" and the other on the PC in "non-secure mode," but it would be inconvenient to put it mildly to switch between the two installations.

Linux is great for accessing the internet, because it's essentially immune to viruses. I've been using it to access the internet for over 7 years, and have never had any problems with viruses, or any need to install anti-virus software. Although OS-updates are made available, I don't use them except in rare cases, and have never had reason to regret it. Instead, I replace the entire OS every couple of years to stay reasonably current.

Linux also allows you to format any drive, including physically tiny, all-metal USB flash drives and micro-SD cards, which can be hidden easily, with an encrypted format which the NSA reportedly won't even try to crack. Instead, they would try to get the password, which I suppose could involve sneaking into someone's home, and circumventing the typical security measures. (Booby traps are illegal for good reasons, so don't get any stupid ideas.)

The only reason I would use Windows would be for some application which I couldn't get anywhere else, or to use a piece of hardware that doesn't work with Linux. Windows works well in Windows ads, but recent Chromebook ads indicate that many people still have problems with it. Chromebooks are great for people who don't want to think about their PC beyond using the applications, and think that BB couldn't have any reason to spy on them and/or that taking steps to prevent him from spying on them is un-American, but if you want a PC which you can trust to protect your data, Linux is the probably the best OS for you. You might balk at the cost of the required hardware, but you can use inexpensive mini-PC's which use the latest AMD processors, which have a lot of processing-power per buck and per watt, and you can't obtain completely trustworthy security through other means at any cost.