>>108991124
Would you rather have your data stolen publicly ?
I always steal data via private channels

>>108991124
>Glowies figured it out

>>108991124
Buy a thinkpad x230 and install heads. Heads is a lot more secure than standard bios or uefi and unlike Libreboot it provides measured boot. Write protect the flash chip. put nail polish on the screws and take high resolution pictures to ensure signs of tampering. Do NOT use a HDD or SSD. These have DMA so a malicious firmware could do a lot of damage, use of USB is preferred since they do not have DMA. Completely remove the microphone, sound card, webcam and the WWAN card from the laptop. Remove the fan to prevent binary acoustic data transmission. Replace the default wifi card with a supported atheros card. Disable wifi when not in use. Make your own independent Linux distro. Most Linux distros value covenience over security and will thus never have good security. Your only option is to make your own. Use musl instead of glibc, Libressl instead of openssl, sinit instead of systemd, oksh instead of bash to reduce attack surface. Enable as little kernel modules as possible to reduce attack surface. Use a hardened memory allocator. Apply strong SELinux and sandboxing policies. Restrict the root account heavily to make sure it never gets compromised. Disable JavaScript and CSS in your browser. Block all FAGMAN domains in your hosts file. Monitor all network requests. Do not use a phone. Never speak near anyone who owns a phone, they are always listening. Never use any technology made after 2008 except for technology which can be corebooted/librebooted and is not skylake onwards. Never leave your devices unattended. Tape triple layer aluminum foil all around your room as ghetto tempest shielding. Type really quietly as defense against audio keylogging. Use ecc ram to minimize rowhammer and rambleed. Encrypt everything multiple times with various different encryption implementations. Compile everything from source. Use hardened compilation flags. Always read through the code before installing something if possible. Only use the internet when necessary.

>>108991215
>USB is preferred since they do not have DMA
do external drives count?

>>108991124

look at firewall log and find DROP

>>108991215
X230 has vulnerable microcode and a very insecure (basically useless) tpm1.3. It also doesn't support ecc ram. The atheros wifi card also still has proprietary firmware on it, its embedded in the chip instead of being loaded by the OS.

File: 1761048651713859.png (227 KB, 441x330)

227 KB PNG

>>108991215
>Remove the fan
How do you cool down the laptop then?

>>108991556
15W CPUs can be cooled passively

File: case-4-rubber-hose-crypta(...).jpg (72 KB, 1024x768)

72 KB JPG

>>108991215
>all this and he failed to account for rubber-hose attacks
In reality most people who get caught or spied on do so because they made really dumb opsec mistakes rather than a flaw with technology. The human element is always the easiest to break.

>>108991215
>Apply strong SELinux
Sup glownig.

File: 1655701318583.png (2.58 MB, 2440x1560)

2.58 MB PNG

>screen goes black for a couple of seconds then comes back

>>108992246
that happens to me cause my display port cable is damaged

>>108991124
why are you running sshd?

>>108992395
i started always running it because there were times when my graphics driver crashed and i was forced to reboot and lose whatever i had running

File: 1780756024681.gif (164 KB, 640x640)

164 KB GIF

>>108991124
>iptables INPUT
>allow all

iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-inc 1

File: 1766247900733604.jpg (57 KB, 1172x460)

57 KB JPG

>>108991124
why even run an ssh daemon on a computer where you dont need ssh access?

also that scene is retarded and overly dramatic, drilling hard drives? just overwrite the LUKS header and beginning/end of partitions. i suppose drilling is fast but if you're worried about forensics a drive filled with random bytes is less suspicious than one with drill holes and both have sectors that can be recovered if passphrase + luksheader are compomised.

i get why he microwaves the sims but what is that chip he's ripping from the MB? MB firmware?

>>108991124
Me when I'm arguing on 4chan and make a spelling mistake.

>>108992602
i refuse to audit my posts before posting them. let the goyim deal with my grammatical mistakes.

>>108992612
this, worrying about language syntax is for absolute plebs.

>>108992664
error in line 1

>>108992591
>just dd from dev random lol
in the real fake world (military, glowies, etc) they destroy sensitive data by shredding it. basically everything just gets put into a giant industrial shredder like you see at metal recycling places.

even if there's better/cheaper/faster ways it's more cost effective

>a drive filled with random bytes is less suspicious
lmao are you kidding me if they have reason to seize your drives they are already suspicious no matter what state they're in

>>108992612
>>108992664
>nsa agent fingerprints your style of writing

>>108992852
they're welcome to talk to me directly. i will tell them ad nauseam about my hatred for the jews and desire for a global holocaust for the crimes they have committed against humanity.

File: fbirecording.gif (1.39 MB, 350x200)

1.39 MB GIF

>>108992868
>they're welcome to talk to me directly

>>108992847
>in the real fake world (military, glowies, etc) they destroy sensitive data by shredding it. basically everything just gets put into a giant industrial shredder like you see at metal recycling places.
i know i served in the army and worked in a company later where i had to do SCAP and getting rid of old drives and all that shit. shredding exists not because its more secure its around because its simple and retard-proof.

if you know what you're doing running a simple dd command is better. the only issue is that if you suspect your main pc is compromised using the compromised system to wipe the drive it itself sits on is probably unreliable/unwise.

one time i had a 'drive wiper' raspberry pi. where i had an sd card that just booted and ran a script waiting for new block devices and overwriting them the moment they are detected (quick beginning/end overwrite and then full overwrite) over a USB-to-SATA adapter. but it would only work for those 2.5 inch ssds (which were the most common drive at the time) the big disk drives were too power hungry for a raspberry's electric system
made it after watching this meme
https://www.youtube.com/watch?v=xPWdSRXBZOk

>>108992852
unironically they can easily do this
read up on how synthid works for LLMs. the only way to really avoid it is super short posts and not giving them enough data to fingerprint you or asking an LLM to rewrite your every post in a different style.

>>108993043
>its around because its simple and retard-proof.
i figured it was more an opex vs capex false cost savings thing. you already have a big shredder for destroying end-of-life crypto gear and other shit where the physical device is secret too (dont want the NORMIES to buy one at auction and reverse-engineer the device itself) so you may as well get your money's worth by putting hard drives and RAM sticks and shit in there also

they don't re-sell even non-secret drives, usually, so it's either scrap them or have them sit in a safe taking up space forever. even non-secret computers would usually go to a recycler than be just tossed in the bin because of various Just Government Things unrelated to being scared that the chynese are going to dumpster dive all of Lt. Karen's emails (and ofc penny-pinching sysadmins absolutely gutting every machine that gets "lifecycled" because they have no budget to replace parts in computers, only get complete brand new ones every 5 years, which doesnt help when Lt. Karen does something stupid and a single component in her workstation breaks but you're not at the 5 year mark to replace it outright yet)

>>108993102
they do all this retarded shit because theyre scared that someone will sell or trash un-wiped drives. and theyre right to be this happened many times even drives that should have been encrypted but werent and had secret shit on them. this is why they enforce physical control over every data-storing device that enters is connected to any computer in the secure intranet.

ive seen cases where developers kept an old 'lost' laptop running windows xp in their lab with all their debugging enviroment/bs on it that was allowed to connect to the company intranet but wasnt up to any of the security standard bs they enforced on all the regular computers because it was disconnected from the intranet 99% of the time they only connected it to transfer some config files,binaries,fpga shit over. basically everyone cuts corners on security related shit all the time everywhere both in the army and in companies that work according to gov infosec rules, most of the people have no idea how the filesystems/encryption/whatever actually works so the simplest semi-enforceable rule is
>any drive that enters the system never leaves it unless it's physically shredded

glowie/corpo/gov ways of doing things are due to top-down structure where the tech people always cut corners or dont care about security shit and bosses are worried about security shit because its their asses on the line but know nothing about security.

>>108993202
none of that has anything to do with what i said, which is just that they destroy them because they don't re-use or sell drives because of how their budgets and non-security policies work. even unclassified/non-classified drives don't usually get re-used, except maybe by IT wagies pulling them to have spare parts.

fwiw, for stuff that is intended or likely to be reused, they do indeed just furnish "kill discs" with a copy of some open sores cancerware that runs basically dd dev/null over the disk like twenty times.

Old busted shit gets shredded because it's not worth their time to sell single 30 year old drives at auction as they get replaced and they pay by the year instead of by the pound for e-waste disposal (or do it locally where it's still "we pay Cpt. Tyler 40$/hr so he better be occupied") so may as well shred everything. ain't nobody wanna package up 500 drives across 10 years to sell them at auction for 41$ the person listing and managing the auction won't even get. and if you think it's limited to drives, in gubberment tons of shit just gets tossed out, and it's usually destroyed first. even junk vehicle parts and shit, aint nobody listing the turbo out of a fleet vehicle when it's replaced, that shit too just goes to metal recycling (who themselves might skim and resell but usually not since for them too, it's not worth their time to have a policy in place to comb over every triwall of "scrap" for anything useful)

>>108992591
>where you dont need ssh access?
Because SSH access is useful. I have wireguard setup between my laptop and workstation so I can ssh from one to the other and use it for remote development for example or fetch files without having to go through a 3rd machine.

Sometimes I forget to run IPBan and fuckers will use up to 8% of my CPU spamming ssh and RDP from thousands of connections a second.

>>108992349
that's what (((they))) want you to believe, anon