On 12/29/2016 08:22 AM, HiringQubesExperts wrote: > Hi all, > > I am planning on buying a 13.3 - 15.6 laptop that I will specifically > use for running qubes, and containing lots and lots of highly > sensitive files. > [....] > > I really hope we can start a discussion on these topics that will > lead to a general what-should-I-buy advice when one wants maximum > security from COTS hardware, and open software. > The whole topic is not as simple as you put it: "security" is not a linear measure, hardly even measurable. Hence you cannot ask for "security" as a whole, and it does not come in handy packages on a Walmart shelf.
What I generally recommend is to first model the threats, and then build security accordingly. In your message you only mention "highly sensitive files", but not your threats. If you are afraid of software intrusions, you will want to isolate your data from the internet, and then Qubes is a nice place to start. But then you may probably have to make sure your usage habits are sound for this goal (the switch can take some time to get accustomed to). If you are afraid of casual physical thieves, a simple FDE (luks) is way more than enough, but if you are dealing with people intentionally pursuing your files then everything you mentioned in your e-mail is not enough, just added complexity: you will need to think of fake volumes and password for under-coercion data switch, bordering on plausible deniability. If the people pursuing your files have very strong motivations or a big organization (say, a government), you may want to think out of the box (i.e. thermorectal cryptanalysis, or the old but good https://xkcd.com/538/ ): when the owner cooperates any lock opens, be it a 3$ padlock or a multi-million-dollar fort. Likewise, if you travel with that laptop, you may want to research plausible deniability for sensitive data (make it look like the most dumb windows laptop you can but), and having a biometric sensor / unheard-of brands / custom bioses would only raise suspicion. In any case you are likely to have to change some habits, to follow the security guidelines you decide/plan. Qubes by itself is a very nice foundation for both solutions for physical security and software security, and you can add any other feature you want to pick from your list, but just "adding them all" will probably make your computer less secure overall (more software attack surface) and will tire you with the security procedures, prompting you to find shortcuts in the long run or abandon the whole "fort" altogether. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/900deb4f-7114-c1cb-c7ce-5e50095228c2%40gmx.com. For more options, visit https://groups.google.com/d/optout.
