mulanderDec 30, 2017

Friendly reminder. Full disk encryption on a server you have no physical access to grants you no security, same for your laptop if you carry it around in sleep mode. FDE protects your data at rest as from a cold boot you need to provide the passphrase. If your box is running the secret is present in memory and can be grabbed by a dedicated attacker.

For the same reason, when approaching border control, TURN OFF your phone, just locking the screen is often not enough.

Show threadradiant3462
@mulander (I'm follower # 666 by the way) I always encrypt home and the whole thing when I do a Nuke & Pave. Any other advice? I run either Ubuntu or Debian. BSD is a bridge too far for me now.
Dec 31, 2017 at 8:17amWeb
Show threadmulanderDec 31, 2017

@radiant3462 guess just the usual stuff:

1. keep your system up-to-date
2. make sure you access sites with TLS (https://)
3. use signal, matrix or a messenger with an otr plugin if you need a secure private chat
4. use gpg to encrypt emails
5. NEVER paste anything with sudo | bash into your terminal