You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 3.89K Posts
- 98.2K Comments
- Modlog
Nothing is perfect. Your goal is to make attacks expensive as shit. Like ideally requiring dozens of hours of electron microscope time to pull off.
You can do a lot to that end though.
Use a mostly read only OS if you can, if you’re enterprising, a custom yocto build with most of the rootfs read only, otherwise a statically defined system like nix that can be readily deleted and rebuilt in minutes. There are configs out there for deleting root on every bootup and having the system automatically repopulate the filesystem. Enable secure boot if you can, it’s frankly your best line of defense. Any of these options are sufficiently weird that designing exploits for them would be a suffer fest.
Forget nail polish, fill screw holes with RTV and if you’re enterprising, the USB ports. At that point you can still get into the system but it’ll be obvious that someone scraped the shit out. You can simply swap the ports for fresh ones with a solder job if needed. If you don’t need this, use epoxy, get some all over the case seam. For the charging port, if it’s USB C PD, I’d need to reread the spec but you should be able to cut D-/D+ and the SS lines with an exacto blade right next to the connector and still be able to charge, just don’t hit the VCC, GND, and CC lines.
Finally, make a kwikset key trap and use it as either a lockbox lock for your stuff or the lock to your house. Kwikset should lull people into a false sense of insecurity but if they try to pick it they’ll suddenly be in a situation where they either need to go overt or somehow replace your lock before you get back. Keep things weird, your goal is to get an adversary, even one with infinite resources, to make ridiculous mistakes.
delete
They’re the data carrying lines, if you cut them it’ll still charge, but no USB data can use the port.
delete
+1 for the lockbox idea. with appropriate selection it could also provide (varying degrees of) electromagnetic shielding. useful in general, and increasingly as the line for actual device shutdown becomes more and more blurry.
as for making adversaries make ridiculous mistakes, making the power button short out the battery permanently and wiring up another button for the power instead would be a hilarious security measure
But data extract still possible. Better destroy data/hardware on press.
Power up normal, then enable induction coil glued to ssd and fry it.
Or go nuclear, overload battery and make explode in their face.
with the induction coil thing, it NEEDS to boot into a Linux partition that boots into RAM just to play the ElectroBOOM fleming’s right hand rule song at full volume while the coil runs
unfortunately there’s no ElectroBOOM song about the right hand coil rule or electromagnetic induction