Someone swiped Nancy Pelosi’s laptop from her office. Those who know the story, know that it was said the laptop was only used for Displaying things. Nothing private on it.
But what about your Laptop, if it was stolen. Not just the Drive Encryption, which is likely that some might pick up that Password by Over the Shoulder, Coffee shop Cameras, wild hunch Password testing.
While average people might feel comforted by having the feature of, 'Find my Device."
I uh, that allows someone to know where my laptop is who is just surveilling me. Which brings up, am I only concerned with Privacy, or Security against a more ruthless adversary.
Likely they could do the same by tracking my email account login.
Anyone want to explain not what is good idea to do, Or never to do; but what they have already implemented. Why that would not work in some setups, situations.
Keep up-to-date backups and a way to restore so the physical laptop is not as valuable to you.
My technique is to keep my laptop on in sleep with the drive “decrypted” and keep that password well-secured. I don’t have administrator privileges on my main user account for what that’s worth. I also updated my umask and all my account file and directory privileges to prevent other users from reading it if they were able to get access to some account. All this encourages a would-be thief to just wipe the drive and resell the laptop.
In theory I should also have a ready record of the various serial numbers on the computer like the MAC addresses, etc. to allow it to be identified if it were ever found. All that information is probably somewhere but I haven’t bothered to consolidate that info. Further I could set up some kind of “call home” feature that e-mails its connected IP addresses somewhere, but that would be a fair amount of effort and likely not overly useful.
2FA? So that it is not only what you know (and can type in while under surveillance) but also what you have.
Somewhat related: A variable password where a single surveillance event will not be sufficient. Might require a PAM plugin?
Strong random password? (wild hunch will not succeed within the lifetime of the universe) With a limit on number of attempts (such as occurs with a smart card or other TPM).
Good question. Is anyone offering a service that does that while still being adequately private?
Better still: nothing on it. If you have an adequate self-hosted cloud, maybe you don’t need anything on the laptop.