Security : to find its own limit or to find it unuseful ?

Or passion ?

I have recently subscribed to the Bruce Schneier's crypto-gram newsletter as I have been fascinated by the Internet / computers security since a few months and as his site is very valuable. I am not informatician at all and that's mostly the systemics approaches of the security that made me spend some days, nights and finally weeks betwen my computer to understand what would be the next vulnerability / defense behind the next vulnerability / defense I can find with my humble background and with the large Internet database. I have even been planning to build my own Open-BSD live-OS for a more secure laptop (yes, all this just for a small netbook !) but it finally happened, at least : There are too much things to do for what I have to protect and it is endless. I got my clean Linux Mint with the minimum stuff I need for browsing Internet safely and anonymously (surely even much more than I will never need, I even went to run Jondo on top of Tor on top of my VPN), I got all my needed enforce-apparmor-profiles, all the Internet-easy-to-do tips for hardening its Linux done, my security updates are set up to "daily" and I subscribed to a few security related weekly newsletters to keep in touch with it, maybe. But finally, I will never be sure that all I've done is really useful, or if my computer is not already compromised or if I will not be "social-engineered" tomorrow... I have paid for a well-known and pretented to be "NSA-proofs" email service (but working and looking nice !) and a VPN provider. I have nothing to really hide but Internet became a so strange world that the thiny line seperating our private life and our "digital life" is becoming a little bit scaring to me. There are all things I have done on my computer to secure my data, al things I have planned but I will never do, and the gigantic amount of things that I will even never be aware of. Looks like a strange challenge, dumb somewhere, fascinating elsewhere. I will just end with the following link :

https://www.schneier.com/crypto-gram-0003.html#8

Sabrina - Paris - France

 

You might like this: Nadim Kobeissi Cryptocat at Google Internet at Liberty 2012 https://www.youtube.com/watch?v=hakux3_W8-4 (EFF also recommends Cryptocat, which is actually how I found it, but that's besides the point)

Basically, making better privacy security based things to the general public or people who aren't developers, and then people using it because it's easy enough. And that's why a lot of people don't build their own BSD/Linux distro, or have the time to tweak it out and instead rely on prebuilt distros (like he says in the video, that stuff is designed by people who have deep understanding of the inner workings for OTHER people who have deep understanding of the workings).

But, if you're in the mood to build/tweak a distro, Debian might be worth a look into as it's the base for Tails: https://tails.boum.org/contribute/relationship_with_upstream/

To a certain extent, you know, I believe the most secure (home) computer is one that isn't connected to the internet, though obviously that isn't practical for daily use.

 

1. There is no such thing as 100% security. There will always be a new and ingenious exploit or attack that will bypass any security solution that you may have.
2. Security is not useless. Even if you don't have 100% certainty that you are secure, a well implemented security plan/solution will reduce the probability of an attack very close to zero.