Hi Nathan and folks
Getting through about 3./4 of the first module, I wanted to share some of my favorite tools that would benefit from being included in the discourse and resources, as well as some specific feedback and ideas. I really liked seeing the learning hierarchy example and the importance of teaching, so perhaps by sharing some resources/tools we’ve stumbled across we are retaining more and enhancing the learning process? Mastermind effect?
In that spirit it would be great to have an ‘action’ step exercise for teaching that module to others, perhaps linking to the forum where we can do a summary of that chapter or section, followed by some good ‘action steps’ for key parts ( versus intro of a broad range of choices to pick) to cement the knowledge for long term. An example could be summarizing each part of the encryption section, followed by installing specific tools for each category: PGP, always https etc. This would help especially with the more technical sections on TSL/SSL and such. I’m finding I have been watching the videos and skipping some of the further readings/action steps a little and having to backtrack. An audio version of the videos would be fantastic and help to reinforce or go over the knowledge when not having time to do the video.
Have you considered doing a security podcast Nathan? Your blog posts are very interesting and they would translate over nicely…
For email tools/resources I’ve been a long time user of both tutamail.com, as well as protonmail.com, where protonmail often just needs a captcha (sometimes tor triggers a phone verification or email verification) and can be used right away, whereas tutamail often disables your account for 24 hours upon signup
In terms of booting off of live versions of linux I cant recommend linux mint highly enough, Ive had very little problems with it and its been very reliable in booting off of public computers at libraries etc, whereas Ive found kali and other versions like debian and ubuntu troublesome in one way or another
Another possible idea i stumbled upon when trying to sell old computers without the hard drive, was booting them off of puppy linux on a usb. Could a secured PC be setup with no hard drive to force the user to boot off of a usb drive? Could that USB drive then be encrypted? With an SSD /high speed USB it seems possible one would not get much of a performance loss either? I’ve found some free or really cheap computers and equipment at swapmeets/flea-markets and classifieds.
It would be good to have a section on caching/physical storage to secure items, perhaps examples drawn from "How to hide anything book " which i find very enlightening https://www.amazon.com/How-Hide-Anything-Michael-Connor/dp/0873642899
As for the use of VM’s and virtualization, it would be good to see a comparison of performance/benefits with dual boots, running linux off bare metal, from usb sticks and other means. Being used to using windows all my life I’m trying to strategize a transition from reliance on windows, and have briefly used linux in the past with dual boots and mostly from usb but always come back to windows for the reliance aspect. Would be great to have a link to a ‘transition’ guide to ween oneself towards “windependence”
There are a few physical layers i’ve discovered which I’ll share and detail later, such as moving oneself away from what I’ve thought is the weakest point of privacy: usually association to one’s own name. With the use of legal entities, such as companies, foundations, family members or friends, one can create layers and moats of security that make it much more difficult to hone in on the identity of the user.
Really enjoying the learning so far and looking forward to more sharing…