I always find your additional perspective interesting mirimir. I would never have thought how cloud services could be used when you live under a repressive regime. Hard drive encryption is always an important one, again very difficult to tackle. I use SSD hardware encryption for some applications, LUKS-dmcrypt and truecrypt for others. I do also use bitlocker in some rare cases, usually with another form of encryption. Look forward to hearing all of the alternatives.
I suspect that AES isn't as secure as we're led to believe. Remember the article about their data center? One of its functions was breaking encryption. They're the ones pushing AES. There's no way I'll believe that they'd recommend something they can't break.
Your referring to GnuPG 2.1 with elliptic curve cryptography which if I understand correctly has considerably smaller public key size vs the larger RSA public key while providing comparable security. Is dm-crypt full-disk encryption and LUKS the extension of it that work together to provide data encryption? Truecrypt doesn't offer full disk encryption for Linux does it?
For the purposes of my question, I mean either GnuPG 1.4 or 2.1 LUKS is basically just a passphrase management system for dm-crypt. TrueCrypt never supported FDE in Linux.
Opposite to some members, I vote for writing your books (first of all, sorry if my English is improper!). Keep in mind, people who read books and who read online articles are quite different! I don't mean those online reader don't read books. But when a subject is given, there're 2 (or more) types of people who firstly go for book, and who go for online. I'm actually former type, and when I started to learn security, I seeked some books but finally find there're many more resources on internet when the subject is IT or security (it can not always be applied to other subjects though.). However, still those a bit obsolete knowledge helped me to understand security somewhat. If one could understand general thing with help of some actual examples, he will have some ability to utilize this knowledge. You can also put some good URL as a reference and in main text. For beginer, what important is not a bunch of detailed info which even can overwhelm him, but rather general principles with some good example. I guess most people who search online for better privacy already have some interest in privacy. But there're poeple who have no idea about privacy, and some of such people will not have interest until he die, but a book in a bookstore or library might change his life. I have had many such experience with books, so I'm strong supporter of book and so far even e-books can't be alternative for me (even if can be, yeah, there're other considerations which we can discuss). I hope you re-consider what is a thing only YOU can/will do. If your desire is give detailed info people who already started to think about privacy, Wilders is one of the best place. If it is to invite people who don't have any idea of privacy, it's not or even near to the best IMHO.
Agreed, the next thing that will be able to decrypt well-encrypted data is side-channel attack. Most other vuln are not as powerful to decrypt those by itself. (The first thing is of course brute-force.) Theoretically possible, but not well likely. That means only NSA have outstanding genius, but even so, hiding such vuln in long term is highly difficult. But I admit encryption algorithm is not a pure mathematics.
Depending on how you look at it, this is either way off topic or belongs in a section of the book dedicated to the more paranoid/distrusting among us. Both Ferguson and Schneier expressed quite a bit of doubt in AES. AES became the standard primarily because it was faster, not because it was more secure. It also stands to reason that a data center built to attack encryption will focus primarily on the "secure" standards. Given that BlowFish and TwoFish are also unbroken, I'll stay with those.
TrueCrypt if you trust it (debatable) can give you combinations of algoritms (AES,Serpent,TwoFish) I probably would however not trust bitlocker IMO.
No way I'd trust bitlocker against any adversary of consequence. As far as TrueCrypt is concerned, I'd trust the older versions from before everything went nuts over there. IMO, there's no real advantage to using more than one layer of "conventional" strong encryption. That idea needs to be completely reexamined. Scramdisk using BlowFish encrypted partitions serves my needs quite well. It's not an option for NT systems, strictly 9X. This is a topic that would be difficult to cover properly in a book. What the user would need to implement would vary greatly depending on their situation. For many, a large encrypted container would be sufficient. For others, one or more data partitions would be needed. That in turn depends on whether the user has separated "system" and "data" to separate partitions and what they've included in the data partition. Depending on the scope of the book, wiki, website, etc, it's hard to get everything into an order that can serve as a guide and still address the details that make the effort worthwhile. A while back I was working on a guide for securing 9X systems without an AV and vendor support. What I originally thought would be a couple of pages had tripled in size and wasn't nearing half done. As the topic gets broader, the writing gets harder. The scope of material gets wider and more difficult to put into a reasonable order. For some like Mirimir, this sort of writing seems to come naturally. I find it difficult to get the material into a usable order, to decide how much depth and detail to include for each part, and to make a reasonable and consistent assessment of the readers knowledge and abilities. Regardless of what form(s) the finished product takes (book, website, etc), I feel that a forum is the ideal place to assemble and organize the information into a finished product. Everyone has different areas of expertise, different experiences, and different ways of looking at things. IMO, one of the most valuable assets is the ability to look at the issues from a different viewpoint and address the problems from new directions. Forums are ideal for that.
My reservation with Qubes is that the skilled user base is so limited. The oversight is "infant" compared to the TOR oversight. We have the best of the best in mass hitting TOR from so many angles. Qubes is basically one super star along with a handful of some pretty talented guys. That leaves me feeling like a glaring hole might get missed if its there. If you feel like I am wrong please feel free to disagree. My impression is from a year ago when I gave Qubes a spin.
Just my two cents worth. The majority of the population will forsake security over convenience. There is an inherent psychological factor blind trust in people which prevents them from implementing security measures that guard their privacy. Most information is to complex and too technical for the average computer user to understand. If you can find a way to defeat or undercut the advertising, marketing and media industry, you might have a chance. At the very beginning of the internet, 'we' always feared that once the advertising industry got involved, the internet as 'we' knew it would disappear. 'We' had no idea or consider the criminal component and abuse that would occurr nor miscreants whose sole pleasure was to bring a destructive element to the internet just because they could. Considerng Moore's law, technology is advancing at such a pace, that rendering privacy will be near impossible in the future. Bill Joy, one of the founders of Sun MicroSystems, fears robotics, genetic engineering and nanotechnology will destroy humanity in our lifetime (2000). Kirkpatrick Sale says that technology has the power to overwhelm and eliminate the natural world (1999). He also opines, “The industrial civilization so well served by its potent technologies cannot last, and will not last; its collapse is certain within not more than a few decades Data-Driven Tech Industry Is Shaken by Online Privacy Fears -
How-to guides are easy, because I merely need to flesh out my notes. I worked for years as a bench scientist, and learned the practice of keeping extremely detailed notes. In writing that eight-part series, I did the entire setup from scratch, starting with a fresh host machine. I even did some of the steps multiple times, following my draft instructions. I have a much harder time with more conceptual articles
When I played with Qubes a year or so ago, installation was no harder than Windows or Linux. However, the default setup wasn't very usable, and (as I recall) customization wasn't documented very well. But the Qubes team seems to have big dreams If they can massage it into something as user friendly as Windows or OSX, maybe they could go mainstream. But on the other hand, computers are a dying platform, and smartphones are a security nightmare
I agree, bitlocker probably not trust worthy against five eyes nation state surveillance. It all depends who they have given the keys to from other countries as to whether it is trust worthy there. I do use bitlocker though on my windows virtual boxes that have been encrypted in linux partition using LUKS-dmcrypt. I also use bitlocker when transferring files by USB as it is very easy to setup and Windows 7 and 8 machines can all open the files. Better than nothing and it will stop somebody if the drive gets misplaced. Better than nothing.
Okay, let's keep on topic. Agreed and this is the degree of protection I want. I use Cyphertite for desktop and Wuala for Android, both after I locally encrypted contents by either Truecrypt, EncFS, Encdroid, or EDS. Except slow update they work fine, tho Cyphertite don't have secure sharing feature which other provider such as SpiderOak and Tresorit offer.
Well, not wrong exactly, except that most of Qubes is Fedora plus Xen - and these are fairly well scrutinised. The Qubes specific bit is relatively small - youthful of course. I thought R2 was easy to get going and use, and it's great news that other distros are porting into it. The way I see it is that it's offering a better version of what I already do with VMs manually (and worse). I already operate the security domain idea, but not with some of the Qubes protections. Currently, most of the hardware experience is with laptops, especially for VT-d. Since most laptops have very limited RAM capability, I'd like to see more of a reference for a beefy desktop environment which did support the IO virtualisation properly, and that they did have a good secure boot process (I can't recall what their thinking was in respect of TPM for example).
Encryption would be good topic to tackle and I have used it only on Windows. The cloud storage I'm in more agreement with noone_particular. Maybe were both in the minority as many do use it. It may depend on the situation of the user as mentioned by mirimir.
The current trends are steering users to the cloud, whether the user wants it or not. Users have to dig through OS and application settings and disable cloud options if they don't want them used. I can somewhat see its usefulness if you have data that needs to be accessible to multiple devices from different locations. That said, for most users that would be a small percentage of their data. For data storage and backup purposes, hard drive storage is fairly cheap and a one-time investment. For users of a single device, eg a PC or laptop, storing backups in the cloud is pointless. If your device is non-functional and needs a backup image restored, the cloud is out of reach. IMO, this push to cloud storage and computing has little to do with user convenience. It's more about big data and the authorities having easier access to your data and better visibility of your activities. It's much easier for them to access a few data centers than a large number of individual devices in multiple locations. They can coerce, hack or otherwise require a data center to give them access to your data without your knowing it. It's harder and more risky to accomplish that with the users own devices.
I know some iFreaks. Consider the capability of hacking out some notes on your iPhone during a cab etc ride, then sitting down at lunch to flesh them out on your iPad, and finally finishing the piece after dinner on your iMac. And doing all that without ever thinking about where the stuff was stored. I can do the same, of course, with my devices and a thumb drive. But the Apple way is just so bloody seductive, isn't it? Actually, if Apple implemented iCloud like SpiderOak does, it wouldn't be too bad, no?
Personally I use Owncloud. Great program and have it set up on my home server. It offers some great features such as: Syncing photos taken on my Android phone Editing documents Syncing calender and contacts RSS News feed syncing Android App All hosted on my own computer. Cloud is not a dirty word. Also good for dealing with my wife. She does not back anything up, really really bad. Now I have her laptop and phone setup so that everything is backed up to my cloud which is then backed up to 6 different physical drives. She likes it because it is like Dropbox. For me that was a big factor as well, I dont want my family using Dropbox and Google but getting her to give it up without an alternative would last about a day.
Now there's an actor with a greater reach than a TLA....! I think you're kinder than me, because, while I provide default backup which works beautifully, if she doesn't bother, it's her problem.... I think running your own cloud groupware software is a great idea, and as @mirimir says, could be accessible on VPN remotely. On my list of things-to-do.
I can't think of much I'd need to have remote access to. I don't use portable internet devices. I almost never need to access sites from other locations. With the possible exception of some pictures (which would require me to sort through that mess) and some utility software, most of what I can envision needing remote access to would fit on one or two floppies.
