Healthy paranoia and your computer

[tim_n]

Yes, this is a technical discussion, and therefore I suspect this post may suddenly be shifted... and no, I'm not trying to avade any law enforcement officials.

I would like to pose a challenge to the hexus community at large, building a computer based on unblemished paranoia.

The objective is to have a PC that is still able to be used (so no 'locked in a nuclear silo, covered in concrete surrounded by high concentrations of clorine gas' please) and be done on a 'normal' budget (<£1000)

It's not gaming level - but office level. Conceiveably it should also incompass a connection to the outside world with as much privacy as possible.

Other fun hardware mods are also allowed. Everyone knows something with flashing blue LEDs is far more secure than a beige box.

Don't forget this is hardware and software. A perfect challenge for a boring friday day...

[TiG]

This is so easy, purchase a firewall, set the firewall to deny all incoming attempts.

Purchase a gun and stand next to user of PC, that if it comes up with do you wish to look at britneyspears.exe

Clicking yes results in requirements for new user

TiG

[specofdust]

All you need is a kick ass firewall and some knowledge. Each activity online will require differnet protections and privacy controls, depending on what it is, but most that need it have programs for it.

Proxies are also a good idea, there are plenty of good paid fast ones, that'll keep your IP less tracable.

Various other privacy programs are out there, google will help you

[BEANFro Elite]

To be honest I can't be bothered to mention any hardware specifications, but you say you want privacy on the Internet in which case I would recommend, Steganos Security Anonym, having used it myself for about a week I can honestly say it does work, but I stopped using it as I realised I don't actually do anything online thats illegal or dubious in anyway and so I have nothing to hide...

I don't know what you're up to, but I have only mentioned the program in the hope that you REALLY are paranoid...

Be warned though, as with encrypted emails, you may well be drawing unwanted attention to yourself.

[specofdust]

Hmm, yeah, encryption, forgot about that. I'd use it personally, there have to be some forms of encryption out there that are crazily powerfull, use them

[nameinuse]

As for hardware, just buy everything in cash, in person, whilst wearing a hoodie.

You'd probably want to use an OS with code you can audit yourself, so one of the open source OSs would probably the simplest choice here. Normal security stuff, limit it to only what you need.

Aside from that The Onion Router would be a good start for your internet connection, and PGP would be a pragmatic way to go about encryption. You'd probably need to steal (this is hypothecial, of course) someone else's wireless broadband so your connection was not traceable back to you, which is a pretty mean thing to do if your nefarious activities get traced back to them.

You could look into biometrics... combine those with a token (RFID or smartchip) and a reasonable hard password and you'd have a computer that was reasonable hard to break into until anyone got physical access. I suppose an EMF or other drestructive charge in the case would make any physical tampering less of an issue.

If you were kidnapped by the aliens who were after the contents of your tinfoil hat, you wouldn't be around to protect the data anymore. You may want to install a dead man's handle, so that if you don't do a specific thing (Log in, or type a command, or whatever) in a given length of time, all of your data is deleted, or highly encrypted, or something. You could also send emails to people telling them what you really thought of them with this!

[Knoxville]

Hmm, yeah, encryption, forgot about that. I'd use it personally, there have to be some forms of encryption out there that are crazily powerfull, use them

anything over 128bit and you have to give the key to the encryption to the government or its illegal tbh

[specofdust]

Is that so? I'd reccomend 4Mbit then. The government can stuff themselves, they don't own encrpytion.

[tim_n]

hmmm, interesting thoughts - but can I assure everyone that this is hypothetical?

I'd have a firewall - probably smoothwall - blocking all incoming and outgoing attempts. Not sure what wifi is most secure, but with encryption at least it's not completely unencrypted like an internal wired network is - still the bit where it goes into the router though...

The PC would be a TFT screen - not sure that they can pick up TFT - CRT isn't a problem though, they can see what you're viewing from the otherside of the street with a CRT.

PC would be running a patched and modded version of bart XP (I couldn't write my own kernal, but if I could I would..) with a copy of truecrypt on my HDs. Regular swipes with a memory cleansing agent for RAM and swap would also be essential.

Replace the keyboard every week or so (now that's paranoia lol) and regular sweeps for spyware, virii etc.

If you _were_ doing something illegal a 5.25" bay box filled with thermite and a magnesium ribbon sitting by would be quite handy... though good bye surrounding floor!

[specofdust]

lol,yes, explosives hear lots of electricity, thats smart

The TFT's a good idea, and they keyboard would need to be of a different make each week, since they can tell what you're typing from the sound now, change the keyboard, change the sound.

[scotty6435]

If you've got a hardware firewall, proxy PC (low spec P2 jobbie with two 100 speed network ports, running a linux based smoothwall) and a really good firewall setup properly, you're pretty much guarenteed security. This can be done really cheaply as the proxy PC can be bought for less than £50 including a screen.

[TheAnimus]

does it have to be IBM PC?

An Acorn would be far more secure, just off security by obscurity. (even thou the OS itself can be considered less secure than NT kernel). http://www.iyonix.com/ RISC OS is good but limiting in some ways.

I wired my PC in halls when i was slightly parinoid about stuff, ultra-sound to determine if components are moved. A PIC was the heart of it.

I played around with smart cards and CF with a micro, so the uC on the smart card was converting the data using a symple cypto algo. I used some code from LILO and it almost worked. Emphasis on the almost, i had better things to do than finish it, but it would be entirely possible to bootload an OS which decrypts a volume. Only with a smart card + pin.