After the Year of Datasec Fail, in the wake of breach after leak after hack, it’s time to cop to the fact that private data security is Serious Business.
Private sector titans like Google, Facebook and Yahoo, not to mention the actual flippin’ US government, have demonstrated that, if there’s anything in your life you’d rather Vladimir Putin and/or the entire Internet not know about, you’d better spit on your hands, boot up your robot of choice, and take responsibility for your own infosec.
Sounds awful, doesn’t it?
The mere notion of handling your own information security (“infosec” to professional nerds like your narrator) conjures images of command lines, spaghetti code and whatever else it is tech types actually, yknow, do. If only there was an easy fix! A simple, widely applicable one-shot that would make your precious 1s and 0s safe forever.
There pretty much is. It’s Linux.
Superficially, using the famous open-source operating system might seem like the opposite of security. After all, the point of open-source is that anybody can look at and futz with the code. How is that compatible with “make everything hidden?”
But that’s the not-so-secret shame of tech
As we’ve ceded more and more of our lives to internet-enabled services, nothing is hidden. Cloud-based services like Google Docs and online-only offerings like Facebook and whatever Yahoo’s doing these days are accessible to everyone, everywhere. That’s the point. That’s their offer. “Accessible to everyone” is incompatible with “accessible only to nice people.”
The Linux fix is twofold.
First, old-school hackers (cue pounding 90s electronica soundtrack) still trading on invading your personal system generally don’t bother with Linux exploits. Windows and the traditionally safer Apple are bigger, more valuable targets. Second, 5 popular distros – that’s “particular flavors of Linux some noble white-hat nerds put together for you” – incorporate fixes for increasingly common Internet breaches of the kind that felled Facebook and Google.
Tails is a live OS, which means you can put it on a USB stick or disc, run it on any computer, and when you pop it out again the computer goes back to the way it was. Local hacks work by reading your logs, huge quantities of nested information your operating system hangs onto for complicated reasons. Windows does it. Apple does it. Some Linux distros do it. Tails doesn’t. It also roots your internet traffic through the legendary Tor, benchmark of Internet anonymity. Tails’s commitment to zero-footprint computing also has the smaller but just as welcome convenience that, if you do prefer to use it sparingly and stick with your old, less-secure OS, it leaves no souvenirs on your system; your old setup will boot like nothing happened.
If this were a 19th century novel, this entry would be called “IprediaOS. Or, the Trouble with Tor.” Tor prioritizes security above all else and limits Internet access accordingly. There’s a lot of stuff it won’t go near, because it’s just not secure enough. That limits the mainstream usability of Tor, not to mention services like Tails that rely on it. IprediaOS uses a similar but less strict service, I2P, that affords access to the everyday Web with minimal loss of security. IprediaOS also comes with anonymous chat, email and BitTorrent clients.
Whonix is a unique beast. It’s a virtual machine, which is (incredible oversimplification incoming!) a program that thinks it’s a computer and convinces others to treat it likewise. Its big offer is that it can be run as a program on the Windows and Mac OSes, making it a perfect match for anybody who only has a job or three that demand anonymity – cloud-based business records, say, or anonymous blogging – and is otherwise good to go with a by-the-book setup. It’s also a great way to learn the basics of home infosec, since, being based on the venerable Debian distro of Linux, it plays well with Microsoft, Apple and other Linux systems.
Not a typo! This cleverly named beastie discreetly keeps your secrets by building a discrete structure, unconnected to anything else, for you to whisper them in. It’s limited in function compared to the other services listed, functioning primarily as data storage and anti-malware/spyware/Trojan solution, but it is very good at those things. It’s in beta at present, and as is a beta’s wont there’s a bug or two to shake out, but it has real promise as a data security tool.
Qubes is the Whonix solution raised to the level of an operating system. It compartmentalizes your work as separate virtual machines, limiting any compromise in security to one set of services, with no chance of spreading to more vulnerable areas. Qubes even color-codes your machines for you, with colored frames indicating the potential security vulnerability of a given VM. So, if you set up one machine as straight data storage with no access to the outside world, that’s about as secure as data gets and Qubes will tell you so. The machine you do your web browsing in will be coded otherwise. Better still, Qubes provides a secure data-transfer solution that lets you move information safely between machines. Last September Edward Snowden, a man understandably interested in information safety, tweeted “If you’re serious about security, @QubesOS is the best OS available today. It’s what I use, and free. Nobody does VM isolation better.” Can’t say fairer than that.
Don’t be intimidated
Obviously, as is made clear by the monolith of text above, infosec is an enormous topic.
That said, don’t let it scare you.
Get educated on the subject and in a week of digital futzing you’ll be warm in the knowledge that you do security better than the smartest, richest, most powerful people in the world. Happy (white hat) hacking!