Welcome to the Heist
It's just like Macklemore said
No Lies Deep Web
I am a fair man, and as a result of this fairness, I must come to terms with the harshest of truths in this world, and though I do not want to hear them, it must be said, as to ignore the way the world can be is to ignore the very earth on which you trot. You see, there was never any Holocaust (whoops, banned in Germany), and there are no criticisms whatsoever of the fair nation of Siam (whoops, banned in Thailand), and the United States was completely justified in its bombing of Glorious Nippon (banned in Japan! Hat trick!), and I know that all of these are true because I have said so.
So when I say that I have absolutely nothing on any of my computers that I have to hide, then you know that it is true, because I have said so. And you know that our government has nothing to hide, but they do so because they want to protect us, and you know that this is true because they have said so. You cannot call us liars, for to call us liars is to betray your nation, your glorious Frogland, and to bastardise God himself.
Also Ronald Reagan was a good leader. Fuck, I broke the illusion.
Yeah, you got some shit on your computer you gotta keep safe, and you'll lie your ass off to keep anybody from knowing. Maybe you have a sex tape on there you're waiting for a Hollywood agent to turn into a movie. Maybe it's some anime that's illegal in your country, as to why you would ban an art form is beyond me (#tw nipple rotation). Maybe you're storing on it plans for a discount 9/11 so you can shout "aloha akinator" on an airplane and get away with it (Hi, ISIL).
Whatever the reason, you got some things that nobody else needs to see, and you need to lock up your workstation tighter than a Republican's asshole. So let's talk about ways to lock up your precious files so that nobody can ever retrieve them, even though so far as you're concerned I don't exist, and you have absolutely no way to talk to me about any sort of concerns that might plague you or your mind, you silly nerd.
Pass the BIOS password
If you have a single care in the world about digital security, you would have already locked down your operating system with a password. It's a shame then, that your operating system password does absolutely nothing to prevent a thug from plugging in an external hard drive, booting up a new operating system, and then copying all of your files to the drive. It's one of the most basic attacks a data thief can execute, and if your data isn't encrypted, it's out there in the clear to be viewed by anybody.
The solution to this problem is not just to have an operating system password (though this is also important to prevent physical attacks from snoopers), but to also set a BIOS password, which locks up the hardware to the point where it's a brick if they don't have the correct password.You can go into your BIOS by pressing a special key the instant your computer boots up (watch carefully when it first starts), and then just set all the passwords available with unique and easy-to-remember passwords. This will stop most attackers from mucking about with your files, and makes your computer a bitch to crack.
On some computers, you'll have to go into the UEFI instead, which is the same principle with a different screen.
The unfortunate thing about this method is that it's stupidly easy to bypass, not just through manufacturer backdoors, but through a few easy-to-access hardware hacks that can be as simple as removing the motherboard battery. It won't stop an experienced thief or hacker from getting into your files (which is why you encrypt them, dummy), but it will be a pain for forensic teams to deal with, as it involves more paperwork and tighter assurance that the data wasn't lost in any attempts to access the hard drive. With some computers, like a laptop, it's next to impossible to do this without damaging the hardware (and therefore evidence), so it's even more secure. Hooray, serendipity!
Yes, this method involves remembering and inputting two more passwords when your computer first starts up. But it's either spending an extra ten seconds a day typing them in, or spending ten years in prison for a crime you didn't commit. Pick your poison, because prison is Hell.
Encryption, which is scrambling data that can't be unscrambled unless you have the right password, is one of the only ways to protect your data which crackers, thugs, and the government can't get into. It's computationally impossible to reverse a long and random enough password within your lifetime, and if you picked a good password, it'll be impossible to guess either through manual means or computational means. At that point, only specialised attacks are able to gleam your password, and if you don't know it by heart, you wouldn't even be able to reveal it.
So knowing how effective encryption is, it's a massive benefit to encrypt your entire hard disk, and every piece of data on it, using a program like Veracrypt, and not the now-defunct Truecrypt which has some theoretical security flaws. Full-disk encryption basically makes your entire hard drive impossible to access unless you either have the password, or wipe the entire thing and install an operating system on it. It pisses off pretty much everybody it comes into contact with, so it's very effective.
Full-disk encryption is also an option for most smart phones, and can also be applied to external sources using Veracrypt. This, combined with further encrypting sensitive files on your operating system, is enough to make would-be crackers give up on any hope of gathering evidence from your computer. That is, unless you choose an especially shitty password.
Please note that your built-in Windows encryption is not secure at all. Not only does Microsoft have the decryption keys (which is very, very bad for security, and even worse in the hands of a malicious company), but the software used to encrypt your disk is closed-source and unable to be verified by independent security experts. Not only that, but Microsoft's collaboration with the NSA means that they have all the power they need to be able to access your data. All they have to do is ask Microsoft, and they'll give it to them. Plus, you have to sign up for a Microsoft account to use it, which defeats all the privacy you're going for by letting Microsoft associate a single account with your computing activity.
While Veracrypt will help, as it's FLOSS based on the audited and now obsolete Truecrypt, it's impossible to know just how insecure and how many backdoors Windows has, because it's closed source and in the hands of a for-profit company. So if you can, jump ship to a more secure operating system like one of the many Linux varieties, and never use Microsoft's products. That includes Bitlocker, too.
Actual, physical, meatspace security
It is strange that while I may know all the things in the world about safely storing your software, I have very little experience in securing the hardware. While securing your hardware has slipped the mind of most computer users, for the paranoid and afraid of theft (because we're all paranoid and afraid of theft, in one way), you should develop some actual, physical, meatspace security to counteract that.
Physical security is a lot harder than virtual security, because virtual security is easily obtained by following some basic steps (like the steps on this blog, if you would like to slip some dollar bills in my fanny, as it were) to secure and destroy that data. With physical security, it's much easier to break with the right tools, but it also comes at the liability of doing permanent damage to the hardware, which is pretty much a no-sell for everybody who might want access to your hardware.
Thieves will hate it because it prevents them from stealing your stuff in a speedy manner, as well as being unable to access the valuable goods inside the computer. Crackers hate it because it prevents certain types of hardware hacks, meaning they can't do side channel attacks without breaking the lock. Cops hate it because it makes their seizures harder, and if they damage the evidence, it's useless to the forensics experts. And the experts hate it because it's more paperwork they have to fill out to get requests to bust it open, as well as providing food for defense attorneys to say that they made the evidence unreliable. What a beautiful hurricane of fuck you started!
The big takeaway is to secure your stuff with equipment that is proportional to the cost of the equipment, at least 5%-10%, until you get to the really expensive stuff in which case there's an upper limit to how secure you can make it. If you happen to have a $1500 PC (even though my $600 one cleaves every task short of Wii emulation), don't use $20 equipment to protect it. You need the expensive stuff, and if that involves $200 for a decent lock and chain, then it'll be worth it in the long run. Not to mention how you can re-use your locks for another occasion.
Securing your laptop is harder, because it's made to be carried around with you. Beyond the typical safety stuff of "don't leave it alone", even in the trunk of your car, it's hard to secure a laptop in a permanent establishment because most locks designed for them are absolute shite and will only prevent thieves who are dumb or ill-prepared. They can be cut open and picked in seconds (note: this channel is fantastic), so they're only a good defense against babies and raccoons.
Securing a desktop is a little more practical, seeing as it'll stay in one place as opposed to being carried around. You have a few more options in regards to physical security, though alarm systems are ineffective when it comes to government thugs, and security cameras may reduce your privacy if you don't securely delete the data (though the raid footage would be very useful for showing to your lawyer). The best option would probably be locking it up in an enclosure case and then chaining it to your walls and floor. An enclosure, however, would cost at least $400, and at that point you're probably too rich and worried for me to help you anymore.
Some cases have a hole in the top of them to let you run a lock and chain through them - the lock preventing the case from being opened, and the chain to be attached to something permanent like a wall. With most cases, and especially with custom-builts, there is no such hole, and it might do you some good to drill one into your case to accommodate and make sure nobody but you can open the case. Once again, make sure you have a great lock and chain - especially on the chain part, as you don't want anybody with bolt cutters to simply break it.
The cheap and realistic solution would be to remove all the hardware from the case, drill four holes in the bottom and side, and then bolt it to your wall and floor using nuts. Note that this assumes that you don't want to move it anywhere (no shit), and that you've found the perfect position to put it in for the next year or so, where you can access everything you need to without moving it anywhere. This also assumes that your hardware will still fit INSIDE the case after you insert the nuts, so plan ahead and look for gaps in the parts.
The best lock I found was this Mul-T-Lock (Israeli company, from the most paranoid country on Earth), which is pretty much the final word on lock security. It's unpickable, so forceful destruction is the only choice, and it's Grade 6 certification means that it's pretty much indestructible to anything more than industrial-strength methods, which will surely damage if not destroy whatever the lock happens to be attached to. If a thief sees this lock, they give up. If a cop sees it, they'll cry.
You can actually buy bolt-cutter proof chains, although they're very expensive, so either pony up or store your computer super close to something you can attach it to. A wall, perhaps? The floor? Make sure they can't tear up the fastener, though. It might do good to store it close to a pillar, if you have one, but if you don't the floor is pretty much your best option.
You'll notice a problem with physical security is that it's infinitely more expensive than software security (how can you get cheaper than free?). We take everything for granted nowadays that we forget that our world is actually made up of stuff, and in doing so we have to pay for it. What a wacky thought. I suppose it's better than the Spartans, who banned all forms of currency.
Alright, enough lock and chain porn. At this point, there's no way in Hell a thief is going to get into your stuff, and the cops are just going to be pissed off that they have to tamper with evidence to steal your computer (if they don't take up residence in your house, which I've never heard of, but you can be the first!). Not to put you on the level of the people who live in tunnels preparing for the zombie apocalypse, but I'm assuming that treating your computer like a sex slave would annoy your landlord and worry your family. But a man can dream.
Op Sec for Cool Cunts
All the sex slavery in the world is worthless if you don't have the smarts to take advantage of it. Now that we've gone through the theoretical, let's talk about the pragmatic. Follow these simple steps, and you'll make sure that nobody will ever take advantage of your trust in computers.
Don't let normies use your PC
Okay, this is fucking obvious. Never let anybody else use your computer while you're alone, and be very hesitant even if you're standing right behind them. If anybody asks you to use your personal computer, they're probably ignorant of just how much of a security risk that poses. Unauthorised access to materials can destroy an entire criminal case, and can leak data from a company from what an IT nerd assumes is an innocent user. If they have a problem because with that, tell them to deal with it.
Related: don't ever share your PIN codes, your passwords, or any other confidential information, even to your wife. There are some things you never tell anybody else so long as you live, and computer secrets are a part of that category. If they try to complain and say that you don't trust them, you probably fell in love with the wrong person. It's not about trust - it's about making sure that sensitive information never gets out under any circumstances, and that if it does, then you can easily discern the source of the leak.
Also, to the kids out there, fuck your parents if they try to manipulate you. They'll say shit like "I bought that computer, so it's mine, and I have the right to use it". I'd tell them to fuck off if that wouldn't be a stupid thing to do. That's mental and financial abuse, and you should probably talk to a youth worker about the blatant disrespect of both your property and you as a person. Shit like that can damage lives forever, and I won't ever respect somebody who fucks up their kids like that.
Use your lock screen
Every time somebody leaves their computer unattended, you should cringe. That's just begging to have your computer stolen and all of your files deleted by some asshole who takes the opportunity. The amount of stuff a "hacker" could access if you leave your computer logged in and running is equivalent to a total disaster, as they have full access to computer's settings and every unencrypted file on there.
Here's a hint: "Windows key + L" . This immediately sends you to the lock screen and prevents anybody from accessing your computer. Learn to press those two buttons every time you leave your computer, even for a minute, as it only takes a malicious user a few seconds to alter your computer forever. Yes, you'll enter your password a lot more often. But what's worth more? A few seconds of your time, or the irreversible damage caused by total data loss?
You should even do this at home, to prevent somebody from just looking at your screen and spying on what you're doing, thus giving you a greater sense of privacy over your life. This is also why having a strong Windows (or other OS) password is important - having a lock screen is no good if your password is "letmein". It's a shame Windows only supports passwords up to sixteen digits (to my knowledge), as it would be beneficial to have a password that nobody could steal by quietly walking up to you and looking at your keyboard.
This also applies to your cell phones. There's a setting on most smart phones that let you change when the phone blackens its screen, and when it locks itself. You'll want to set the screen darken time to thirty seconds to a minute, and the lock time to be the instant the screen goes dark, so that you can press the power button on your phone and have it instantly be locked, which is very useful when looking at porn in public. Incidentally, this also makes it a lot less likely that a cop will be able to keep your phone unlocked if they confiscate it, as it only takes them thirty seconds to lose all the easy data on the phone.
It's not paranoia to stop some random asshole from accessing your computer, even if that random asshole is your mom. If everybody would have stronger passwords and remember to lock their phones and computers whenever they're not using them, we'd have a lot less issues in regards to snooping spouses (tip: get a better lover. never be with somebody who disrespects your privacy) and cops conveniently seeing suspicious activity.
Jeepers, stop peepers
If you really have some sensitive info on your screen, it helps to avoid other people from looking at it. There's a few easy ways to do this, such as lowering the text size, zooming out your browser windows, tilting the monitor a certain way, and pressing "Windows key + L" whenever somebody tries to talk with you while you're working.
You may also want to invest in a privacy screen, where you get an effect like looking at a 3DS screen the wrong way - it blurs the screen so that only you can effectively see the data, and everybody else looking at it from an angle sees nothing but either black or gold or some other colour. Yes, it's a bit expensive, but it's a one-time purchase, and it helps prevent anybody from casually glancing at your screen like I do habitually at the public library. I would like to apologise to everybody I have disappointed with this information.
Shut it down
You may have read some advice about how you should leave your computer in sleep mode, as it's much more convenient and faster to boot up. Bad advice. Failing to put your computer to sleep opens it up to a number of attacks, all of which simply shutting it down prevents.
Remember that BIOS password you (hopefully) put on your computer? It's not doing much if your computer is on all the time, as its intentions to lock down the hardware are worthless if the hardware is on all the time. Shutting it down forces an attacker to either guess the BIOS passwords or reset them, both of which is a pain.
Putting your computer to sleep also removes some of the disk encryption on it, allowing anybody with the opportunity to copy off your files while it's still awake, leaving some of your sensitive data in the clear. Shutting down your PC requires somebody to either break the encryption password (most likely impossible) or to extract it out of you (run).
Leaving your computer in sleep mode means that it's easier for an evil maid to infect your PC with software that allows it to do something unpleasant, as your hardware is still vulnerable because it isn't being locked down by the BIOS. This can include keylogging, which renders almost all of your passwords useless, or other unfun malware.
A more obvious upside of powering down your computer is that it also clears all the history for that user session, meaning that all your shit from the last session isn't easy enough for anybody to take a peek at. Of course it'll still startup whatever programs you haven't told it to stop starting up, but it's still better than having your shotacon fanfiction up for anybody to sneak a peek at.
In the land of the theoretical, keeping your computer asleep as opposed to shut down means that all the component on it are still running, and still holding stuff in their memory. In the case of the RAM, this can include the disk encryption keys in plaintext, which would be very bad for you if a forensics expert were to get a hold of that. This is known as a cold boot attack, and shutting down your PC prevents this issue by shutting down all the components as well, meaning they hold absolutely nothing.
Nothing special needs to happen for this. Just shut down your computer normally (and your cell phone if you have the chance), as the operating system knows how to shut it down safely without corrupting itself. Unless you see a cop car outside your house, in which case hold down the power button for five seconds and shut it down immediately. You might think a raid will occur with a lot of screaming and shouting, but they tend not to at all.
"Life is the bitch, and death is her sister. Sleep is the cousin, what a fucking family picture. You know father time, we all know mother nature, it's all in the family, but I am of no relation."
Just kidding. The point is that there are many ways to have your space compromised by crackers and thugs, and though some of them are obvious, some of them are not so much. The goal of security is not to make your computer or anything else uncrackable or unstealable - it's to make them very, very close to unstealable and unbreakable, so that anybody who sees your stuff won't be able to access them before you're able to adapt. Nothing is completely 100% secure, though we try to get to that point, and even though vulnerabilities are discovered on a weekly basis, we must learn to live with them, and layer up so that we remain safe in an unsafe world.
In your lifetime, I pray that the guidelines I have set out for you will be as true in twenty years as it is today. One thing's for sure: the world favours those who learn to make the most of it, and I will do whatever I can to help you.
Pray for the safety of the Earth Gods at Froghand.
Today's page was updated on May 29, 2016!
I want it, I need it, need it to make me feel heated.