Here's my 2 cents ramble.

> So I'm trying to prepare a simple but complete todo list.

This reminds me of a joke: "I've read your manuscript and it was original and clever. However, the parts that were original were not clever and the parts that were clever were not original!" I.e. you won't succeed in that. Security is a process, and a very complex process at that.

> I've read about the proper use of Tor, and Snowden's software list.
I don't really know why Tails is worth it (besides being fully torrefied), but if it's good enough for him, it's good enough for me.

Anonymity is tails' only professed value. Unfortunately freedom takes a backseat as tails uses e.g. the vanilla kernel. Also if I was a powerful spy actor I guess the binary blobs in Linux might be quite tempting. Linus really should man up and kick the blobs from the kernel...

One issue with tor are the web browser extensions, e.g. you're more private browsing with Noscript, yet that will set you apart from the flock using the default tor browser without Noscript. Ditto all other security enhancing extensions...

One horror story is Intel vPro/AMT. If the hardware is compromised no software can make it secure.

Yet another of the hard challenges is our own behavior online. We can compromise ourselves in a million different ways online. That combined with an illusion of privacy can lead to nasty results. Paranoia is good but self-censorship should be avoided as far as possible...

I guess one thing we all should do it fire up Wireshark and see and actively keep an eye on exactly what kind of traffic our machines are spewing.

> The hard work is to determine what's truly important.

Indeed. It's a great subject to think about. Look forward to hearing replies from knowledgeable people.

Reply via email to