New Post: Shields Up: Flexible Security for Changing Threats

People often ask me for security advice, but before I can offer any recommendations usually I need to ask people specific questions about themselves to understand the threats they face. That’s because the security measures you take depend on your threats, and because everyone faces different threats, there are few one-size-fits all recommendations. When I wrote Linux Hardening in Hostile Networks , I intentionally split each chapter into three sections with each section recommending more extreme (and sometimes more complicated) hardening measures than the last. The reader was instructed to read up to their level of comfort and threat, and then revisit the more advanced sections later.

Each person not only faces different threats, the threats they face can change. Security needs to be flexible, and should be capable of offering strong protection by default, and extra protection during a crisis. Doors typically have a regular lock and a deadbolt, and many people only lock both at night or when they are leaving the house. We also expect to be able to lock our doors ourselves, with keys under our own control. Likewise our security measures should not only offer a strong defense, they should do it while maximizing our freedom and our control.

We are very thoughtful about the security measures we build into our products at Purism. We design measures so that they can provide a baseline of strong but convenient security for our customers, while also providing options for extra protection for customers facing more extreme threats. It might be tempting to build security measures as though everyone is an international spy, and you will find plenty of people in information security who can’t think outside of that box. Unfortunately that threat model is not only unrealistic for the average person, it also leads to impractical security advice that often does more harm than good. Balance and flexibility is important and in this post I will provide a few examples of how one can use our security measures to adapt to changing threats.

Read the rest of the post here:

Antenna connectors for modems are still only good for approximately 10 connect/disconnect cycles? If so, the passage about swapping modems to compartmentalize communications is impractical.

… as always, proportionate to the threat that you face.

In jurisdictions where it is legal to do so, you may get some of the same benefits of swapping modems just by changing the IMEI (if you can work out how to do so).

On the other hand, changing the modem or IMEI may not be adequate unless you also change your SIM.

Stalking and state-level hacking are not my priority concerns, but I am concerned about web browsing out-of-the-box with PureOS 10. How about an article about protecting your browsing experience with the PureOS 10 Web app? Or perhaps installing another browser and setting it up for privacy and security?

Thanks for the suggestion. We’ll consider this for a future article/video.