I think computing from a usb creates a lot of computing problems that I can't see past. The biggest of those problems is that you must always be able to find a computer where the bios hasn't been locked down. Sure there are a ton of stupid people out there that don't know what bios is, but what if your in a jam which requires a computer to get out of and you have no access to any of those things. I think it is worth the pack weight to carry an eeePC. I carried mine all through Oregon and Northern CA, before ending up where I am at now and it did quite well. It is pretty durable as far as laptops and netbooks go. I've replaced the battery a few years ago. Added more ram, put in a bigger hard-drive and it's still kicking ass(though getting a little slow for the modern internet at times). I personally need a lot of control over my computing environment, so an android tablet doesn't cover my needs and installing cyanogenmod still doesn't give me as much power as customizing a linux distro. As has been stated all over the place, I recommend using debian if you can. My current setup is ubuntu because some of my hardware was impossible to get working with debian even using the same drivers and the same kernel. I never did figure it all out. After you get installed here is a small list of things I consider crucial and you can look into all of these things on your own:
Install Tor
Install GNU Icecat
Install MM3 Proxy Switcher(Icecat plugin) and configure it. I use this as my base configuration:
[Tor
socks=127.0.0.1:9050
clear=cache
homepage=
http://3g2upl4pq6kufc4m.onion/
noProxy=loaclhost, 127.0.0.1
config:network.proxy.socks_remote_dns=true
config:general.useragent.override=Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0
config:dom.storage.enabled=false
none=[object Object]
manualconfiguration=[object Object]
]
[None
config:network.proxy.socks_remote_dns=false
config:general.useragent.override=Mozilla/5.0 ;Windows NT 6.2; WOW64; rv:27.0; Gecko/20100101 Firefox/27.0
config:dom.storage.enabled=true
]
Disable insecure SSL(this means you won't be able to go on facebook... So sad... Get a Diaspora Account and ditch the status quo) Open Icecat, Type about:config in the url bar, click past the warning and search for the following keys and disable them:
security.ssl3.dhe_dss_camellia_128_sha
security.ssl3.dhe_dss_camellia_256_sha
security.ssl3.ecdhe_ecdsa_rc4_128_sha
security.ssl3.ecdhe_rsa_rc4_128_sha
security.ssl3.rsa_fips_des_ede3_sha
security.ssl3.rsa_rc4_128_md5
security.ssl3.rsa_rc4_128_sha
security.ssl3.rsa_seed_sha
The above are all considered insecure and you will be surprised how many sites still use them.
Install HTTPS everywhere(Icecat plugin)
Install Ghostery(Icecat plugin)
Install No Script(Icecat plugin)
Edit your torrc file to create a control port password. This can be a little convoluted if you are not familiar with the Terminal and entering commands, but this is Linux, no hand holding allowed(rtfm). Don't worry you can and will learn it all.
Open a terminal and type "man tor" and hit enter, from now on assume you will hit enter after any commands you type in. What you see now is called a manual page(you have just rtfmed). You will notice this little bit:
--hash-password PASSWORD
We will replace PASSWORD with your password. Now type "tor --hash-password YOUR_PASSWORD_HERE" and copy your password. When in the terminal copying text is done with ctrl-shift-c.
Now I prefer using vi as my editor, but you might not be familiar with vi yet and it has a bit of a learning curve so I would say stick with gedit, type "sudo gedit /etc/tor/torrc" This will open your torrc file in the gedit text editor. Anywhere you see a line start with "#" that line is "commented out." That means the setting is off. Go to where it says "[HASHTAG]#control[/HASHTAG] port" and remove all the "#" from that line, there may be more than one. Then do the same where you see "HashedControlPassword" and paste your hash at the end of that file. Then save that file.
Now you can use this script to change your tor id:
##############################################################
#!/usr/bin/python
import sys
import getpass
import stem.connection
import stem
from stem.control import Controller
from stem import Signal
CP = 9051
controller = Controller.from_port(port = CP)
pw = getpass.getpass("controller password: ")
controller.authenticate(password = pw)
controller.signal(Signal.NEWNYM)
print "changed identity"
#############################################################
Copy that into a file and save it something to the order of torID.py you may need to install the python stem library. Go back to Terminal and enter "Sudo apt-get install pip && pip install stem". The && means if the first command is successful execute the next one.
Then you want to make your tor id switching script executable. In ubuntu you can usually just right click on it and go to properties, then click the permissions tab and click executable.
Now you can run this script to change your tor id.
For more privacy you may want to run this in ubuntu too:
"sudo apt-get remove zeitgeist zeitgeist-core zeitgeist-datahub python-zeitgeist rhythmbox-plugin-zeitgeist geoclue geoclue-ubuntu-geoip geoip-database whoopsie"
This can cause ubuntu to say you've experienced an internal error occasionally, but to me the trade off is worth it.
I occasionally run the following script to remove logs from my computer:
###############################################################
#!/bin/bash
recursiveShred(){
for f in *
do
echo "found $f"
if [ -d "$f" ]; then
echo "cd to $f"
(cd $f; recursiveShred)
elif [ -f "$f" ]; then
echo "shredding $f"
chmod 755 $f
shred -xzvfu -n 25 $f
else
echo "$f is not a file"
fi
done
}
(cd /var/log; recursiveShred)
################################################################
And this to remove temporary files:
################################################################
#!/bin/bash
recursiveShred(){
for f in *
do
echo "found $f"
if [ -d "$f" ]; then
echo "cd to $f"
(cd $f; recursiveShred)
elif [ -f "$f" ]; then
echo "shredding $f"
chmod 755 $f
shred -xzvfu -n 25 $f
else
echo "$f is not a file"
fi
done
}
(cd /tmp; recursiveShred)
################################################################
Use at your own risk.
Finally I would say install mega using the ubuntu installer so you can have a more secure way to share files quickly.
Get a proton mail account so you have a secure way of sending and recieving email.
Also install macchanger, "sudo apt-get install macchanger" and use this script to change your mac address and hostname:
################################################################
#!/bin/bash
echo "changing mac on $1"
ifconfig "$1" down && macchanger -A "$1" && echo `tr -dc "[:alpha:]" < /dev/urandom | head -c 15 ` > /etc/hostname && hostname --file /etc/hostname && ifconfig "$1" up;
################################################################
I put this in my start up programs too so that I always have a different mac and hostname. If you always use the same hostname the router you are connected to can be used to quickly deduce who you are even if your ip and mac change all the time. Anything that can be used to identify you should be changed frequently including your browser's user-agent. I think this is a point of a lot of debate, but I use really common user agents because I think blending in is better than having some unique random string that changes all the time because there are not that many people who do that with their user-agent so if you do you make the pool of potential browsers smaller. If some corporate or government interest is tracking you, create the most amount of work possible. Make the search criteria as vague and unhelpful as possible. That is my philosophy. I go here:
https://panopticlick.eff.org/ to check how unique my online signature is. I want it to be as common as possible with as few bits of identifying information as possible.
As per hostnames you could get a list of common ones and change my script around to randomly select common hostnames. I'd say use stuff like "mike's iphone". For my purposes the random string generation is sufficient, but you have to make that call for yourself.
These are only some small, basic steps towards having a secure, mobile computing environment. There is a lot more that goes into keeping your stuff safe and I think it is incredibly important when you are on the road. People can steal your stuff. The police could attempt to violate your privacy. Don't make it easy. I even install truecrypt and put anything really important in a hidden archive, then with some voodoo you can even zip your entire truecrypt archive and hide it in a jpeg file. Your average person is not going to be capable of finding that sort of thing so it is reasonable to keep important documents that way.
Now the final thing. The role of your usb flash drive... Backups. Copy all your important stuff onto at least one flash drive and make sure it is encrypted.
Sorry for the long speech, but I think computer security is particularly important for marginalized people of all kinds. Your iphone is an expensive tracking device. Your android phone is little better, but your computer doesn't have to be, with Linux you can control everything save some of the hardware, but if you are really worried about that you can get laptops made entirely from open source hardware...