Well, my specific concern is that the NSA's data collection system presents a real danger to us. I don't feel it's fear mongering; my fear is completely valid. Whether or not the NSA and the Obama administration are abusing these powers is irrelevant. Future presidents not only might abuse them, they are likely to abuse them. The main principle of my book is that if you have an opinion on any political matter that might be used to persecute you in the future, it's in your best interest to express it as anonymously as possible, and if you're organizing protests or otherwise interacting with fellow activists, you'd better not only do so anonymously, you'd better encrypt your comms too.

It's not about having something to hide from the NSA. It's about engaging in things which are legal NOW, but which in the future may be made illegal and punished retroactively. We don't know what future administrations will do with these powers, so it's a good idea to try to shield yourself from them insofar as you are able. Again, this isn't fear mongering. This is applying caution. The examples I use in the book are things like for/against gun control, for/against birth control, for/against abortion rights. The point I try to make is, no matter what your position is on any controversial topic, some future administration might vehemently disagree with you about it, and use things you've said against you thanks to this awful system the NSA has constructed. It's a danger. The use of Tor and encryption can help prevent the things you say from haunting you years later.

I also mention the use of Tails on a thumbdrive, which is kind of neat. Someone recommended that to me recently, and it seems pretty solid.

As for more interest in security, I'm a big fan of that, but we should address one thing at a time, and prioritize. For me, this NSA Internet dragnet is a good place to start. If you can protect yourself from that, the rest should be rather easier, don't you think?

Well, I'm running Fedora Gnu/Linux, and GnuPG. For public key encryption, I recommended RSA for both signing and encrypting, with 4096 bit keys. For protecting files, I recommended 256-bit AES or Twofish and symmetric encryption, with a long passphrase memorized and never written down or stored. I didn't write any encryption software myself; I'm trusting the people who wrote GnuPG, and the open source community, to "get it right". In answer to your question, yes, my disk has encrypted partitions, including swap.

The side channel attacks you mention don't seem like they'd be particularly easy to use to go after someone, particularly someone following the recommendations of my Linux book, which include using full-disk encryption. You seem to want to discourage people from trying to use these tools ("Encryption is HARD" -- uh, huh) rather than giving useful advice about how to use them well. I don't think this is a productive approach.

I'm not doubting your technical knowledge, but I wonder if some of the challenges you're making here are a little bit exaggerated. If you grabbed my laptop, for example, and the entire disk was encrypted with a nice, long pass phrase, how would you decrypt my AES-256 encrypted file within my encrypted home partition? How would you even be able to access swap? Not doubting, asking. What scenario is there where you'd have that level of access to my system without (for example) convincing me to decrypt it for you so you can use your attacks?

Mea culpa: I didn't mention whole-disk encryption in the Windows edition because it's my assumption that all the solutions in that realm are proprietary, and you have to assume a proprietary solution has a backdoor. Better to not mention it at all than to steer someone to a bad tool... I wish there was something I could do about that, but I don't know of any open source full-disk encryption schemes for Windows.

I just read an article about how Asia (including China) prefers male children so much that demographically it's "missing" about 136 million women; that is to say there are WAY too many men and nowhere NEAR enough women for the society to grow in a normal fashion.

Couple this with the ghost cities phenomenon and you have to wonder how they're going to populate all this infrastructure they're building.

The thing about buildings is, you have to live in them, and maintain them, or they crumble into dust. Google Pripyat for some great pictures of this process at work.

I'm curious how this is all going to work out. I'm sure it'll be interesting, but I'm willing to bet you that China isn't going to be the world's greatest economy anytime soon.

Firefox is dropping the status bar in 4.0??? What???

But... But... WHY?

I see a status bar plugin in my future.

Thank you! I'll try that. Good suggestion...

Who said anything about sending MAC addresses to the internet? Every time you guys respond to me, you put words in my mouth. It's dirty pool to argue with my point by rephrasing it in a way suitable to you.

Anyway, why are you fixating on the MAC address thing? Who cares about it, it's just one part of my suggestion. My point, which I will reiterate, is that dodging from one piece of hardware to another and using public, anonymous access points in nearby towns will make it virtually impossible for anyone to definitively tie you to anything you say on the internet. It's not just the MAC address, it's making sure nothing recovered from the disk can trip you up, making sure they can't tie your hardware and OS to the comment somehow, etc, etc.

It wouldn't be difficult for a corporation to have someone figure out where you're posting from, then try to watch and log the traffic at that access point. Most internet forums don't use SSL. This one doesn't. If they want to log your MAC address while they're at it, it shouldn't be too hard. You're not using your imagination; you rely on your test prep book too much, CCNE-guy. You have to think of worst case scenarios, and see how they'd try to get you if they were annoyed enough to put some effort into it.

It doesn't matter what MOST do. It matters what some MIGHT do.

I like the idea suggested by another poster: rip the hard disk out, use a dongle and a live CD, and use a ramdisk as a temp disk. I can't think of anything wrong with that approach.

Guys like you are a trip. SO confident. SO sure of yourselves.

UPDATE: I tried Debian, and I'm sorry, but I don't know what's going on with that distro. First, the default background was some kind of space scene that looks like it was done by little kids, with whooshing kiddie rocket ships and simplistic drawings of a vaguely saturn-like planet. Horrible, just horrible. I thank GOD I didn't show that to my boss, he'd have laughed out loud and banned me from the server room.

I'm not going to pick on the Debian guys, but I was completely unhappy with Debian. It was terrible. I'm going back to Ubuntu; if the Gnome guys keep acting like idiots I'll switch to Kubuntu or install KDE like the other guy said.

Yeah, but I find myself drawn to Debian. In an age where everyone seems to be trying to dumb things down for the hoi polloi, the folks at Debian specifically keep power users and geeks like me in mind. They pay attention to us, and deliberately make it possible for us to do our thing our way.

I'm definitely switching to Debian and using KDE from here on in. I'm going to spend some money in their store too. I wonder what they've got available... At the least I'll buy a full DVD set.

Incidentally, I remember back in the old days, using Red Hat and Slackware, that I was able to do a lot more tuning of my GUI than I've been able to with Ubuntu. How I have missed that. I'm looking forward to what I can play with under Debian.

I am also i this category. It appears I will be switching back to KDE as well.

Since I've been using Ubuntu for a while, that means I'll be switching distros. I have decided to focus on Debian from now on, since it lets you choose which desktop you want to run. It seems better than Ubuntu anyway.

The people who build Gnome seem intent on forcing everyone to do things their way. I hope their system falls out of favor, and they are all relegated to the scrap-heap of history, like all tyrants.

Unkind.

Of course your disparaging opinion of me is invalidated by the fact that your ONLY complaint about my post is that people can spoof their MAC addresses. I'm afraid you have failed to impress me with this information (most of which you probably cut/pasted from the web, amirite?).

Not all network cards will allow you to spoof MAC addresses. Do you really trust your manufacturer? Better do some test posts locally and see... Many manufacturers build things in to help law enforcement, and these same things help corporate lawyers when they're annoyed at you.

I love the way you just ASSUME nobody keeps their logs... Ha ha ha... That's just precious.

I stand by my comments. They're better -- and more polite -- than yours.