what are the best lap-top for opsec?

[depresskid]

what are the best lap-top for opsec?

Currently using Mac OS with windows boot-camp - T2 - with FileVault with long password
only using sessions , wicker me , telegram (password lock on + only using private massage) during the conversation.

For boot-camp windows I only used them for Tor when I doing the operation
I'm not a expert in this field so please give me some advice for this.

I want all the setting that is against digital forensics.

 

[archae]

Read this guide and the complementary sources that are linked in there. It has everything you want to know I reckon

The Hitchhiker’s Guide to Online Anonymity

The Hitchhiker’s Guide to Online Anonymity

anonymousplanet.org

 

[KokosDreams]

The Purism - Librem 14 is a notebook by a US company that values user privacy. Snowden once recommended this company on his twitter.
This notebook features physical kill switches for microphones, camera and other security & privacy features.

 

[hermano]

Never use telegram, never use windows.
Use hard disk cryptors + tails os with tor bridges.

 

[KokosDreams]

Should be mandatory on the deepweb, gates software and anonymity..hmm I dont know There are litterally people with phones entering the DN

 

[beherit]

Coudn't agree more.

 

[SasquatchMonero]

Thinkpad x230. Flash coreboot on it. Run linux, preferably QubesOS. Do your OPSEC-criticial acts in the Whonix qube.

 

[KokosDreams]

Why do you think the THinkpad x230 is the most secure? I am a fan of thinkpad but your take would be interesting to hear, on their technical infrastructure

 

[SasquatchMonero]

Thinkpad x230 is one of the last line of Thinkpads that can be coreboot/libreboot'ed. Generally, the Thinkpads of these kinds are old, like 10 years and more. Thus, their CPUs are 3rd gen intel or even older.

Thinkpad x230 has the best intel CPU that can also be coreboot'ed. (Disregarding the system76, and other linux laptop sellers who have newer CPUs and ship with coreboot).

X230 is not the most secure, but it has the fastest CPU that are among the ones that can be made "most secure" by coreboot'ing.

 

[KokosDreams]

Thanks a lot. I am not that tech savy but I am looking for a more secure setup for myself, from its technical abilities.
It is difficult to see what and what not defines a good notebook from OpSec perspective and you clearly helped understand it more

 

[SasquatchMonero]

Feel free to ask more, I am happy to help.

 

[KokosDreams]

Outside of using different forms of disposable OS like Tails/Whonix, what would be the technical measures you'd take to further protect your privacy? What are you even looking for?

 

[SasquatchMonero]

>what would be the technical measures you'd take to further protect your privacy?

This depends on what privacy of mine I am protecting, and from whom.

 

[mevex21]

@KokosDreams

First off, please take to consuderation that there is a chance by X % that bbgare is trully made to collect informations about certain players that would not stop their carrer anyway, the only difference is the potential groups of interests could give the problem ( how to make certain drugs) - (they would get all this stuff from ebooks anyway, without any problems though -> they will give you an option to buy small amounts (or maybe big ammounts, which would lead a certain person to a link between the person and these cops for getting further information leak as the website neeeds not only javascript, but runs on clearnet withou any problem. There are few active users, which are the chemistry experts (of course, you can consult with them in any time, better tell them all the things you have in your mind though, they are here for you)... and certain few active peoples who are either idiots, or rather cops. I would safe my bet from bettng who is who, but sometimes it's really clear to me.

In my opinion, average lifespan of darknet vendor is way shorter that most peoples think. Not saying that certain actions could'nt be done anonymously, but the way it works at the bottom is that if somebody of entire pyramid will at some magic point fck up somewhere, then you could get potentially linked too... And the story never ends...
Do what you want to do, certain things works for sure, but don't make assumptions that any given person and any given database with storage in external server is safe from getting you being exposed on some point.
Btw, the technology that is used to find certain leaks in a code of literallty anything (including runing VM using android system, all that "certain" things that's on the web is endless. Those who eventually get their hands on it at some point will be like best of best in entire IT section of cybersec..

I would just stay very, very carefull with asumptions like because something is commonly used by all the folks, like some comunicator etc so they couldn't be badass wrong about it and they actually wait for their own tragedy,

 

[KokosDreams]

Suggesting BB is a honeypot is nonsense

 

[SasquatchMonero]

why are you so confident about this place?

 

[KokosDreams]

I would think it is obvious due to the way knowledge is spread here freely. A honeypot would be more pushy about collecting data whereas BB doesnt care who consumes the content. LE would not spread knowledge like this I think. The cost on society is not worth it for the reward, it would not be justifieable despite for any crazy government I would believe.

What makes you unconfident?

 

[beherit]

System76 and Tuxedo have nice builds, some actually pretty affordable.

 

[TheVacuumGuy]

Every laptop will do for that matter. Opsec is all good and nice but in reality it's mainly boils down to behavior and precautions. A better way to think about it is: what happens when investigations break your door and takes your machine. Despite what people tell you, technology and encryption or software you use, they will find proof.

That is eventually what you need to prevent. This all may sound obvious, but in the end people tend to make it easy for themselves (i.e. using simple passwords, keep files and history, andsoforth).

Example tip: Boot your laptop from USB , do not use persistence on it, and do not use device storage. (Sure, it's a hassle setting things up everytime you use it) but that's the price you pay.

 

[OrgUnikum]

Get a Chromebook, but one which can run Linux. They are so cheap used that they are throw-aways but the better ones can run a lean Linux at a decent speed AND most of them have coreboot as bios. Also they have ARM CPUs and ae as such unaffected from the microcode problem which make all newer Intel and AMD cPU a security risc. As ARM CPUs do not rely on microcode to work and the whole BIOS is open source with core or libreboot, no binary blobs with unknown code.

As distro I would recommend Puppy Linux for ARM. Yes thats unusual but there are reasons: With a "frugal" install it will run completly from RAM and it is as such insanely fast even onChromebooks (4 Gig RAM is what you want). It installs in a encrypted file which can be just copied to another machine and then it runs there, this makes the Chromebook a true throwaway. Only drawback is that you cannoz have a zillion tabs open in the browser. But this you should not do on a device for this purpose anyways. You should use a single-threaded browser like waterfox and open only a minimal amount of tabs.
Puppy Linux offers also security by obscurity. You can bet that the enemy has software for all highly recommended high security distros and browsers. Puppy Linux is buildt on a layered filesystem. Any malicious software will install itself nicely into the usual files which are present on top, but those files are never used but actualy it all runs on files two or more layers down and only if YOU install something it will be done in a working way. But you should use flatpacks and sfs packages - then its virtually inmutable.