On 2016-06-20 21:08, [email protected] wrote: > Here is a short, simple overview that could be used as a starting > point by nearly anyone able to boot US live: > > Due to the growth even in open source of applications that "phone > home," when it is necessary for privacy or security reasons to be > able to deny having produced a media item, it should be done on a > computer that is not connected to the Internet. The finished media > can be moved by a new flash drive to another computer in another > location for publication. > > When even more security is needed, UbuntuStudio can be run from the > live DVD or flash drive, and the raw media clips can be kept on > removable media and editing applications set to put their temporary > files on the same media. When the job is done the media containing > the raw material (USB 3 flash drive or the original camera card) can > simply be destroyed. A USB 3 flash drive will give far better > performance when running "live" than a DVD or a USB 2 flash drive > will. > > UbuntuStudio is almost opposite say, Windows 10 when it comes to > security. No automatic backup to cloud servers, no automatic sharing > of encryption keys with Microsoft, no "unique advertising ID," and so > on. UbuntuStudio is not financed by selling your personal information > to advertisers. > > On the other hand, even things like automatic checks for updates > can reveal the existance not only of a computer but a computer with > a media editing program consistant with what adversaries believe the > media in question was produced on. Automatic crash reports can do > the same. All of these generate server logs that can be accessed by > authorities or just plain stolen by hostile hackers. A computer > that is not connected to the Internet can't connect to cloud servers > nor be listened in on over the network. > Thank you Luke, it is well formulated and benevolent. You have some very good points, but i would like to avoid handing out "general/good practices". I'd rather issue a firm warning and link to some trusted and well furbished documentation source: Handing out good-practices would require us to be very detailed and i think it is out of Ubuntu Studio's scope. It could also render us responsible for failed attempts to remain invisible. If not in the public eye, in the eyes of a victimized user.
How about this?: > Because Ubuntu Studio is open, cares for freedom, strives for > transparency, and is not financed by selling your personal > information to advertisers, it's true that Ubuntu Studio offers > better control over your privacy than proprietary operating systems > usually do. Ubuntu Studio does not include software for encryption > and/or anonymity, but you can and are free to install such tools. > However, even when you use tools known to grant the strongest > available privacy, there are still pitfalls. > > As soon as a computer is connected to the Internet, user errors and > misunderstandings, can render even the strongest protections useless: > Third parties not necessarily need to do something manipulative; a > user's lack of knowledge can easily make sensitive information > public, usage-patterns can easily make the origin of sensitive > information identifiable and once such data is stored on the > Internet, there's no way to control it. > > Journalists, activists or anybody else working with sensitive > information should consider never connecting computers containing > such information to the Internet. To learn more about how to > transfer sensitive information to Internet securely, read [link to > some guide] or (preferably) ask someone tech-savvy close to you who > you that you trust deeply. -- Set Hallstrom aka sakrecoer
signature.asc
Description: OpenPGP digital signature
-- ubuntu-studio-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
