3 posts were split to a new topic: Problems with setting up full disk encryption
I have a large desk that accommodates two laptops side by side.
A new security practice I’ve taken up: I have 2 linux laptops now - the one that I “trust” (the newer, faster one), and the laptop that I “don’t trust” (the older, slower one).
On the laptop that I “trust” (the trust is not an absolute trust, mind you, as I know I can never get security absolutely perfect), I have all my personal information, and my password safe.
On the laptop that I “don’t trust”, I have no personal info to speak of, and I’ll use very few user accounts there. It’s here where I run the sort of slimy corporate proprietary software that I don’t trust (and can’t get away with not using, as my organization demands its use), such as Zoom. I fully expect said proprietary software will scan around my disk for personal info to send back to the mother ship, so I leave as little of that information around as possible, to be found.
1 Like
I moved all my “work” to VMs on desktop and laptop. The Host and all VMs, except one, are blocked for inbound traffic. I have one VM, that I exclusively use for banking and that one is encrypted by Virtualbox.
I use two routers, the first one is managed by the Internet provider and the second one is used to connect all my computers and that router is also blocked for all inbound traffic. Of course I changed user and password of that router.
My laptop and backup-server are used for ZFS send/receive backups through SSH and its keys. Both do support file sharing over the network to allow to reload files, but:
- They are almost always powered-off, except during the weekly backups.
- They are connected to the second router, that is closed for all inbound traffic.
I will always be able to reload one of the snapshots from host, laptop or backup-server in case of hacks. Worse case I re-install the Host or VM. The host is a minimal install of Ubuntu and the VMs save many weekly and monthly snapshots on the system itself and on the backups.
I’m not interested in paid VPNs, since Google, Microsoft, Amazon and others are anyway selling my data for profit and giving it to the US government. 
3 Likes
+1 @BertN45
- All usage moved into VMs.
- Storage access R and RW divided up according to each VMs purpose.
- Strict iptables rules throughout.
- Lightweight host with no externally accessible services.
- Raspberry Pi network operated 3rd monitor accessible only from the host (no router inbetween).
- OpenWRT router managing VPN.
- Full disk encryption and USB 2FA all the things.
- KeePassXC
- Full stack of browser security/privacy extensions, no extensions for browser profiles intended for singular Website use (ex: Email).
- Frequent updates
1 Like
- Use common sense when surfing/using the webb.
- Linux on all riggs at home.
- Proton VPN and Proton Mail
- Iptables + Gufw
- Firefox with various plugins and addons.
- Using compartmentalization with various “multicontainers” in Firefox.
- Bitwarden as passwordmanager.
1 Like