Building a system for strong privacy

I got a small laptop here, which is sadly only 32 bit. To be honest, a bit old-fashioned, but still an unbeatable battery time of 10 hours of normal use. In my humble opinion it’s pretty much a sin to throw that box away. Sadly the 32 bit architecture is about to die out – on the other hand just that makes it even a bit more exciting.

Debian itself eases the problem a lot – so I decided to do a little bit of a privacy box here. The first consideration here was encrypting the harddisk using LVM and LUKS to ease the direct attack surface to my data as it’s still a portable device that can be snatched with ease.

For a desktop environment I choose LXDE as I want to keep most of the calculation power for doing real work instead of entertaining and drawing beautiful shadows below mouse cursors.

The real challenge is now, since we want to provide privacy, to immerse ourselves in the TOR network. This in itself is not that difficult, if it not for the evil DNS server, which would leak out on us. To patch this loophole there is a DNSPort setting in torrc – plus we prohibit querying addresses for private addresses as defined in RFC1918. But just locking down the DNS would prevent the general operation: We need to keep it open for Tor itself; so a firewall needs to be in place to enforce compliance.

But Tor doesn’t provide security per se – so it’s necessary to ” beef up” Firefox for web surfing with a few little things to intercept and block scripts, and to bend everything to encryption so you’re not overheard again. Man-in-the-middle attacks are no joke and should not be underestimated!

– to be continued


Leave a Reply

Your email address will not be published. Required fields are marked *