Questions - anyone feel free to answer

  • Can you please tell me what you’d suggest for whole disk encryption? What are your thoughts on DM-Crypt VS Veracrypt?

  • What have you done for the web browser? Is it basically just Firefox with the 3-4 extensions you added? Or is there a lot more going on to protect us? One thing I can suggest is changing some of the about:config settings, especially the “media.peerconnection.enabled” changed to FALSE to prevent the browser from sharing internal IP addresses.

  • When generating a new keypair using enigmail with IceDove, is that key generated and stored on a public server somewhere? usually i generate my keys using a program like GPG4USB and i know my keys are generated locally and therefor my private keys are no where floating around on some other server…

  • I can’t seem to install enigmail on PureOS, any idea why? Did you guys include a built in PGP program?

  • I have been using Mint 17.3 recently and Windows all my life before… On mint there is something called a “software manager” it’s great way to search for and install new free software… What is the equivalent of that in Pure OS?

  • Since PureOS is unique, I seem to be having a lot of issues setting this laptop up for max security and privacy.

  • Do you happen to have a MAC address spoofer or changer built in?

  • Can you tell me more about PureOS? what are the major differences between it and say Mint? Especially in regards to privacy and security?

I’m not a Purism employee, just a user.

For full disk encryption, I recommend using LUKS, which typically runs atop dm-crypt. LUKS allows you to change passphrases and have multiple passphrases by generating a random key for disk encryption and then encrypting that master key to be decryptable with your passphrase(s).
Here’s the LUKS project: https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md

I don’t know the exact details on the browser modifications–it looked like a nicely picked set of browser extensions. I think the configuration will probably mature a little.

Enigmail generates your GPG private key locally and offers you the option to upload your public key to a server if you want. There might be a package in the repos. If there isn’t there should be one in the main Debian repo.

You can find software using Synaptic, which is renamed something like “Install Software” if you look around in the menus in PureOS. You can also search for packages in the Debian repositories at packages.debian.org

When researching configuration issues, I would recommend looking at forums discussing Debian Stretch (the current “testing” branch of Debian).

There is a Debian package called macchanger (and macchanger-gtk is a gui) that might help with changing MAC addresses.

From my experience using PureOS, it looks to be a hand-configured Debian Stretch install with packages picked to give a pretty easy start to users, even if they are coming from non-GNU/Linux operating systems.

Jason Hernandez answered this better than I could I think. Pretty much spot-on. We do hope to add macchanger but haven’t finished testing yet to make sure it doesn’t cause average users difficulty.

I would be reluctant to ship PureOS with macchanger running by default on boot, because some networks whitelist or handle payments by MAC. GoGo inflight wifi is one that users might have trouble with.

I’d like to see macchanger built into the guis of network configuration managers (NetworkManager, Connman, and Wicd) at some point, so you could use specific MACs on different networks… maybe that will happen. My bet is that systemd absorbs some of this one day :P.

Tails runs macchanger by default–I would recommend using it for situations where anonymity is paramount. It should run pretty well on the Librem, but might not have the enhanced touchpad drivers at this time.

Note that random MACs are now possible with network-manager 1.1.90 (which will be 1.2 when it becomes stable) https://mail.gnome.org/archives/release-team/2016-January/msg00026.html. So, it will be also part of PureOS.

1 Like