On Wed, Nov 06, 2013 at 01:21:20PM -0800, Matt Johnson wrote: > Sorry Eugen, I am still not getting it. You will author content in > isolation, without reference to any information at all? Or perhaps in
Let's say you're a journalist working with Snowden's leaked documents. Would you be comfortable with keeping any of these materials online at any time? > a library with books on paper? When I author something I constantly > refer to other material. Nobody prevents you from referring to external materials. This is why you buy an additional machine, and keep it stricly quarantined. And you *should* try to keep your main Internet-facing machine secure (e.g. by compartmentalization, and using hardened, amnesiac virtual appliances, preventing targeted spearphishing by using anonymization), just do not expect that it's a complete protection. Even an air-gapped machine is not a complete protection, if your physical security is inadequate to prevent an evil maid attack, or a TEMPEST attack. It all depends on your threat model. > Lets say you write something, then burn it to CD and transfer it to a > networked system and send it out. Isn't it now subject to traffic > analysis and perhaps malware injection? It is only secure if you Use anonymizing networks and encryption against traffic analysis and tampering with documents. > author it and never move it from the air gaped computer. This is incorrect. You can move your documents back and forth, provided you take precations about what you transfer, and how. > If you take Griffin's point that connecting a USB stick, or external You'll notice e.g. Bruce Schneier made very specific recommendations about using sneakernet for document transfers. Your chiefest potential vector is sloppy code in USB device insertion processing. I'm not sure hotplug SATA or CF is any better. This is something which needs focused attention. > hard drive is dangerous, and that PDFs are dangerous then I don't Security is never boolean. You can avoid richer formats, or revert to safer (e.g. PDF-A) forms to minimize attack surface exposure. > think you can do much with that air gaped computer. I am asking a > serious question, what are realistic use cases for an air gaped > computer? Keeping your main keys for signing really important materials, and proof if identity. Keeping extremely sensitive documents secure. Every activist should have one. Buy a used notebook, have it modified by technical people you trust to minize risk if it really matters. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.