Most Secure or Not

Of course, they can. One prime example is the Kodachi Linux, which is based on the Ubuntu distro. It has won several awards for cybersecurity.

3 Likes

The second you buy a PC, they link the Mac address or the serial number of any part in the computer to your credit card.

In Germany you have to show your ID when you buy a phone or PC. => war on terrorism…^^

So you are fooged. even if you buy a refurbished or used pc on ebay or amazon. fooged.

To be free without any registration of the hardware:
Go buy a pc at a garage sale.
Did you lend money to your friend’s sister’s buddy? Then let him buy the hardware.

first, without internet, format the hard drive 1-2 times or remove it right away and do everything via live cd or live usbstick. i will look at tails qubes and kodachi this week.

2 Likes

Hello @fugbug and welcome to the forums!
Thankfully, Linux offers you the capacity to randomize your MAC address, which is always handy. Also, it does not store or transmit any hardware information - at least not without your explicit consent. As long as you are on a VPN with zero log retention, you run Privacy Badger & uBlock Origin, you are relatively safe. For more safety, disable scripts on your browser or use the TOR Browser with its maximum settings (TOR post VPN setup). :slight_smile:

you are absolutely right, you can do a lot right with linux, but you can also do a hell of a lot wrong.

but i think if you want to be consistent, you should start with the hardware. all the chips on the boards come from the land of panda. and i would bet there are protocols we don’t know ;).

last but not least, the biggest danger is still in front of the computer. only with absolute discipline, comparable to radio traffic behind enemy lines, you can protect yourself and others.

why do you think mr.zuckerberg named his company “meta”? because exactly these “meta-data” and one or two algorithms tell more about you than your diary.

1 Like

Agreed in full!
On the hardware side, we’ll need to keep an eye out for the new TMP 2.0 and T2 chip modules (PC and Apple, respectively).
On the Zuck-man side, the Meta-Data connection is valid. Because that’s what he and his cronies are collecting. Former FB is now coming forth with the truth about their purpose.

2 Likes

life log is an open secret. :slight_smile:

what meta data do, you can see here very well.

2 Likes

What would be your next pick? Didn’t Snowdon use tails and switched to cubes now?

Tails is a non-persistent distro, which runs out of a USB stick - regardless of the computer you’re using. Qubes has persistence (you can store files and settings), but it requires a serious system with at least 32GB of RAM, due to its many virtual machines.

As for me, I don’t need to go into “overkill mode” - which is what the two distros provide. For now, I’m settling for a reasonably secured distro, either Ubuntu or a Fedora/CentOS one.

You could do that… or just randomize your MAC address. If you automate it, you’d change it before you bring up your networking. You want to change it before you start sending ARP packets around.

1 Like

Tails on a HP EliteBook 8560w running very well.
RAM 3.8 GB
Intel Core i5 2520
64 bit
no hdd

mac adress randomizer, tor vpn network per default.
booting time ca 90 seconds
persisting storage on usb

lesson learned, please enable storage before you typing the obfs4 tor bridge key in … :wink:

please download, do the screenshot that bridge key from a complete another network, that is not connected to your desired machine.

2 Likes

i was also looking for a secure email. i am start to use startmail. for all us citizens, it is a dutch company using only server in eu. the registration process is really straight forward. i recommend you for the registration, similar to the tor bridge key, please use a completely different network. so you can avoid any tracking.

lesson learned: please enable the persistent storage for thunderbird. when you like to use a mailing client. you have to enable the device with a special password, which is only shown once. :man_facepalming:

another important point is to start a process, follow it and complete it. depending on the level of threat or the need for security, you should reboot the system after each task.

1 Like

Are you running Linux from a USB? Otherwise, you normally don’t need persistent storage (unless you’re running Tails).

yes, i’m trying to push it to the limit.

and so you can also consider three other aspects of data security:

  1. don’t always be online.
  2. always restart the machine (in the case of TOR, new IP and MAC addresses are always distributed).
  3. if the worst comes to the worst, make sure that you can also create physical data security.
1 Like

Good points and I agree with the first.

For the second, it depends on your network. Routers in general hold the same IP no matter if they are rebooted. They only change when you reset them to factory settings. The MAC address is mainly visible on phones when using data. Routers tend to send out their own MAC address. If you’re worried about your IP address, stay on VPN > TOR and shift servers for the former, and exit route for the latter (you can do do while online).

For the third, it depends on the type and - most importantly - the size of data you wish to secure. 10GB are much easier to store than 10TB. :slight_smile:

2 Likes

You mentioned the T2 chip.
I am have been trying to boot my iMac with Ubuntu via an external flash drive. I have researched the internet and found that my iMac is relatively new and does have the T2 Security Chip. I followed web suggestions that I boot into recovery mode and turn off certain security measures so that I can boot from an external drive. I have done all of this yet to no avail. When I am given the EFI option, I select it, then my iMac screen goes dark as if it is booting to the flash drive but it never succeeds. I eventually have to restart my system by holding the button on the back of the iMac.

Any information would be appreciated.
Thank you

As always it depends on what exactly you are trying to secure, desktop in general or server. As you know any open port ( or service) especial a default port is at risk. But the distro that is stable, well known and FULL of security tools is https://www.kali.org/

Hey @Fire and welcome to the forums!
I gave it a shot, personally, but I didn’t persist too much on the subject. I did a test on my T2 MacBook Pro 16" a few months ago. There is a process to allow booting from an external drive, which you’ll need to activate in the “safe” boot mode of macOS, under the security settings. I’m including a link on how to do that in the end of this post. This allowed me to boot Linux from the USB.

One thing you should be extremely careful of, when you try an installation to the external drive, is the following:
When it prompts you about where to install Linux, make sure you select Something else - as in manual partitioning. This is imperative. The reason is not as to which drive Linux will be installed, but the location of the boot loader. When you go manual, you have the selection on where to place that Linux boot loader. Under no circumstances should you select any automated boot loader installation and avoid installing any distro that does not give you the option to select the location of the boot loader install area. It will damage your macOS.

With that being said, when you enter the manual partitioning, select your external drive. You should then make three (3) partitions:

  1. The boot partition (usually EFI as its file system) and flag it for format and the /boot as mount point. Also, if you see the “boot” flag when you’re setting it up, select it. This partition should be anything between 512MB to 1GB.
  2. The Swap partition. This is your virtual memory, should your system run out of RAM. The ideal size is to set it equal to your system’s RAM (i.e. 8192MB for an 8GB RAM system). Select its filesystem to be swap. There is the option to also have hibernation for your system, if you select the swap partition to be 2x the size of your RAM, but I would not recommend it as you may hit some glitches.
  3. The last partition is your root one. That’s where the main OS will reside and is mounted at the / point. You can select this to be EXT4.

Once you are done setting those partitions, double-check that you select the boot loader (Grub) installation to be on your external drive.

Depending on the distro you selected, if you try to boot from your newly installed Linux on the external drive, you might still get a black screen. That’s something I faced on my MBPro. The two distros I hear recommendations about are PoP_OS and Manjaro.

Below is the link on how you can set your T2 iMac to allow booting from an external device:

1 Like

Hey @Mjbcs and welcome to the forums!
Kali is a really good distro, but it’s configured for penetration purposes, AKA hacking. If you’re not careful, you can get in trouble with it.
The most secure (defensive) distros I’m aware of are Qubes (due to its heavy virtualization), Kodachi, or Tails.

1 Like

Hey @vasileios
About the link at the end of your post - I had already found that article and followed those instructions but I was given the black screen. So basically everything else is moot. If I can’t even boot a little flash drive to ‘try’ Ubuntu I won’t be able to install it. The instructions you’ve given on partitioning are very appreciated though.

The distros you suggested might work as an alternative to Ubuntu though. I may check them out after I take a breather.

Just to be clear, when you say ‘safe’ mode you mean ‘recovery’ mode? Or are those two different things?

Thanks!

1 Like

Hey @Fire!
I tried the above boot method on my 2019 MacBook Pro 16" which has the T2 chip and it worked. Which makes me think that your Mac didn’t like either the app you used to flash the USB or the USB thumb drive itself. I’ve encountered both situations before, several times.

Also, when I mention “safe”, yes, it’s the recovery mode. This is mentioned different per distribution. Some call it “fallback” - others call it "recovery’. :slight_smile:

1 Like