On Mon, 31 Jul 2017 14:54:31 +0200 Daniel Pocock <dan...@pocock.pro> wrote:
> On 31/07/17 07:39, Daniel Pocock wrote: > > > > Hi all, > > > > I've recently had discussions with new users at various events who > > were installing Debian for the first time, usually on laptops. > > > > It is easy enough to run the installer and get Debian up and > > running. > > > > However, if the user is security conscious, or will be travelling to > > events and passing through hostile airport/border checkpoints, are > > there any extra suggestions about how the laptop could be setup? > > > > For example, should they use the default disk encryption strategy > > proposed by the Debian installer, or another strategy? Or should > > they be considering a derivative or something else? > > > > Another question that comes up when I have this discussion with new > > users, they want to reduce their dependence on cloud services, so > > what is the currently recommended way to sync or replicate content > > from their laptop disk for backup purposes? While I have various > > ways of doing this as a developer, what is proposed for > > non-developers? > > > I received a private reply seeking clarification of the threat model > > Standard threats affecting all people who travel with a laptop these > days: > > 1. return of laptop for warranty service, technician has your data > 2. theft of laptop > 3. routine inspection by border officials (they may want the user to > log in and type screen unlock password or briefly attach a device for > "checking" the laptop) > > The user in mind: ordinary person who simply doesn't want to either: > > a) risk losing a copy of personal documents and photos when such loss > could have been easily prevented, > > b) lose time answering questions at a border checkpoint because their > laptop looks too secure or unusual. > > Obviously there are users who know they might be singled out for > closer scrutiny and they might go to extra effort but I'm simply > asking about the case of the ordinary user encountering ordinary but > sometimes unreasonably curious uniformed officials. > Fairly low down the scale, I'm not an international spy or inventor with secrets: I have a TrueCrypt (yes, I know it's unsupported, but to the best of my knowledge, it is still fairly safe) volume of 4GB stored as a file on my [Windows] laptop. It fits on a DVD for regular archiving, and on pretty much all USB sticks now. I don't use an enormous encrypted partition because I like the utter triviality of copying a single sub-DVD-sized file, and having it cross-platform compatible. Also, the size limitation means that I exercise some discipline in what is kept in it, I don't just throw everything in indiscriminately. I open it and use FreeFileSync to sync most of its data with my server when at home, I do the same with Unison with my workstation and server, so there are generally three live or nearly-live copies of important data, and many archive snapshots of it going back years, plus a few random copies on USB sticks. When I fill the 4GB I'll create a second one. Photos are more problematic, and movies even more so. I take a snapshot of our photo collection to a hard drive every month or two, plus DVD copies of new material. I have a number of retired hard drives, as I like to replace working drives after about five years, and most of them will go on much longer with occasional use. -- Joe
