Modifying my laptop to be a ghost

>>60683320
start by not using your personal fucking computer for work stuff you dingus

>>60683353
Was expecting Tails meme as first response. Disappointed.

>>60683353

Who said it was going to be personal, dingus

>>60683320
Install hardened Gentoo

>>60683584
>>60683353

Holy fuck this board really is useless.

>>60683686
You should know, can't even figure out some basic shit without being spoonfed

>>60683796

Computer tech isn't my expertise, hence why I went to you guys.

If you're going to meme go to another thread. If you're not going to be helpful then you can just leave.

>>60683686
This board is for shitposting you cock muncher.

>>60683320
Ask your security handlers

install hardenedBSD, that way you will be totally safe

>>60683832
>looking for actual information
>posts on /g/
>must be /g/'s fault

>>60683320
Image the laptop and encrypt the disk. Never let them look and when you return it re-image with original image unencrypted to render residual encrypted information useless.

>>60683832
Looks like OP's got a little attitude on him

You haven't given us dick for details
>hur dur my employer is autistic and won't allow any breeches in security however, he doesn't outfit us with the necessary equipment and software to obtain such a goal hur
Who's trying to track you, how, what type of environment do you do most of your work, step it up a little OP.

If you're looking for goverment paranoid level shit then use Qubes OS, it's pretty good for browsing the deep web or just general secure browsing, but you have to install the OS on the computer.

>>60683901

No one asked, they memed.

>Who's trying to track you,

Corporations mostly. Gov would be a plus just because.

>how

Wifi, ethernet

>what type of environment do you do most of your work

I travel so, but mostly from home, sometimes at work depending on the project

File: 1258629281053.jpg (42KB, 401x604px) Image search: [Google]

42KB, 401x604px

penis penis penis

use incognito mode

>>60684031
If it's just basic stuff like that just combine the vpn with other browser extenstions like https everywhere, disconnect, blur, and noscript.

>>60684086

Basically I want to mask my IP and be behind 7 proxies

>>60684100
Dude one is enough, unless they have a backdoor on your computer, no level of tracking should break the vpn unless it's unencrypted.

>>60684100
And if you're serious invest in a paid vpn, becuase that will most of the time give you the best protection, I've had the best luck with services such as tunnel bear for windows, and bitmask for linux.

>>60684115

So a VPN is an obvious must.

Should I consider encryption at all?

>>60684131
Encrypted vpn, and with your computer I would recommend using veracrypt to create encrypted volumes if you're suspicious of people snooping on your computer, you can also try whole disk encryption as well with the same program, but this usually takes a while to do. Even if you have a password on your computer, if you leave it unattended for a while a person can easily break in with a boot usb and some forensics tools easily found on the web and make a copy of your hard drive without you knowing it.

>>60683320
Use Qubes OS and Whonix in a VM. Then use tor for everything inside the whonix VM. As for any other VM use hardened BSD or Debian with SElinux.

>>60684031
be careful to avoid DNS leaks- be sure to route DNS requests (ALL traffic, not just TCP) through your VPN of choice.

Thinkpad x200, libreboot it, then install tails on it or just install some linux distro on it in general and use a VPN.

Tin Hat GNU/Linux

TinHat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM. TinHat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, TinHat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting. One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications. Needless to say, this has some rather extreme advantages and disadvantages, making TinHat a rather particular distribution.

TinHat was conceived as a challenge to the old mantra that physical access to a system means full access to the data. This is certainly true in the case of unencrypted file systems, and at least potentially true in the case of encrypted. Rather, TinHat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box --- either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. TinHat is a baby step in that direction.

Even before sitting down and thinking of the technologies one could use for such a project, other considerations pop up. Obviously if the user is able to get to the data, then in principle so can others. These issues impinge on the user's social situations: What happens if the user walks away from a running system where he is logged in? A classic problem. What happens if he is coerced into letting the adversary in while the system is up? If the user is uneasy keeping his personal files in RAM, he may want to back them up to encrypted drives. Then the window of a "coercive attack" extends beyond the uptime of the system. What if the user is watched via a secret surveillance camera? What about a hardware keylogger? Or a microphone listening to the unique sounds of keystrokes on a keyboard? How deep does the rabbit hole of paranoia go?

Let's set aside the social engineering attacks for now and focus on the major technological obstacles. Recent advances in cold boot attacks, where data in RAM (such as encryption keys) can be retrieved even after a system reboot, have put our goal even further beyond reach Utilities like msramdmp can be used to dump the entire tmpfs root file system of TinHat for forensic analysis. The situation seems bleak, but this just gives us opportunity for more clever ways of encrypting/hiding data in RAM itself --- at least until hardware solutions come along. This is clearly the direction in which we would like to develop TinHat, but must admit that we are stumped. No matter how many layers of encrypts we add, we cannot avoid keeping clear key somewhere in RAM.

Of course, the ideal that "physical access == zero information loss" would be useless if TinHat didn't also protect against the more familiar network/code born exploits. For this we employ GRSEC/PaX technology which is a reliable security solution already integraged into major Linux distribution by the Hardened Gentoo Project. Since TinHat provides an option between Gnome, XFCE4, or FluxBox desktop environments running on top of X, some compromises in security had to be made; however, these are noted so that the user is aware of their existence. Little can be done on generic hardware; however, we have found that on specific motherboard/video chipset combinations, hardening features which would otherwise break X can be enabled. For this reason, we not only provide polished ISO images for immediate use, but also our "cookers," VMware virtual machines which we use to make the ISOs.

Finally, TinHat has a secondary goal. Since we are running purely in RAM, TinHat is fast! If "Zero Information" is one subtitle that we can append, another would be "a Glorious Waste Of RAM". TinHat requires about 5 GB to run comfortably, 4 GB for the tmpfs root file system, and 1 GB for paging. If one wants to further reintroduce Gentoo's portage system and/or the kernel source tree, 5GB becomes a very tight squeeze. Forget adding any more software after that, which leads to the paridoxical sitatution: why else would you reintroduce portage/kernel trees if you don't plan to add any new software? Although we provide an i686 release, in our lab we run the amd64 version on 8 GB boxes in which we reintroduce portage/kernel and add the entire Open Office suite. One gets spoiled when your word processor pops up in mere seconds!

>>60683466
>getting your workplace tech support from /g/
I don't think that's any better

>>60683320
https://pastebin.com/5XfDX4wL
you are welcome

>>60684439

This is helpful, thank you.

>>60683320
>1. install your o.s. of choice on a usb stick
>2. acquire laptop
>3. remove hdd from laptop
>4. only boot from usb
>5. use another usb to save files

That's it. It's un-compromisable unless you're exploited while using the system or someone steals your 2nd usb.

You will not be able to bookmark pages or save passwords like a normie but that's the only downfall.

>>60683320
Install Linux, use full disk encryption, use 64 character passwords, use gpg encryption for emails

>>60683466
>Who said it was going to be personal,
If it's work's laptop it's their problem to get and keep it secured, not yours. Follow the security policies to the letter. Don't try to improvise your own additional approach, unless you want to take the fall for anything that goes wrong.