Why I bought a laptop

Karsten wrote:

Don't overlook hardware. Keystroke sniffers are now dime-sized or smaller, capable of holding MBs worth of output, or months worth of typing. If you're going to be paranoid, don't stop at half-measures.

Reminds me. There was a time when I was chief sysadmin at $FIRM, an outfit in San Francisco. The moment $CTO came aboard, all manner of odd things seemed to be happening on the LAN, leading to the strong justifiable suspicion that he was tapping all e-mail in or out of the company, right at the switch, primarily in order to monitor discussions among other members of the executive staff that might affect his... interests. (I wish we could talk about the $12M in contracts given largely to firms in which he had undisclosed ownership interests. Can we use bad words like "embezzlement"? Hmm, probably not.)

Anyhow, I had a pretty good notion about what the gentleman was doing, without exact confirmation, and found that it, um, didn't meet my needs. I saw no reason I shouldn't have reliable, private communications between my desk at work and my server at home. Given such a channel, I could then reach out from home to any further locations, without $CTO having any access to my affairs.

So, I sat down and considered threat models. My apartment at The CoffeeNet? Not impervious, but good enough. The various wires between my cubicle and my apartment? Assumed hostile and compromised -- but fortunately SSH (properly used) makes that irrelevant to privacy, leaving only DoSing, which didn't seem to be a problem in that case. My workstation on my desk? Oh-oh.

As you said, hardware can be compromised pretty easily. So can unattended software to which the bad guys have physical access -- and I knew that it only seemed like I was at my desk 24 hours a day. If $CTO wanted to bug my Debian workstation, he might be able to do that without my being able to easily tell. Or he could put in a hardware-level keyboard sniffer, with much less effort, and I wouldn't likely find that at all.

The guy probably wouldn't bother, but I realised that there was an easy way to eliminate all those possibilities: I bought a used Sony VAIO PCG-505TX, installed Debian on it, and used it (only) for any computing for which I wanted privacy and assurance of personal control.

These days, a Knoppix CD is about 7/8 of a loaf. The bad guys' options at the level of your workstation's software just about vanish. Others exist, but you've picked most of the low-hanging fruit.

Rick Moen
rick@linuxmafia.com

Welcome to IWETHEY!