OpSec Lounge (Security, Privacy, etc.)

Can you PLEASE add a warning when posting dailystormer links? I want to make sure I use an anonymous browser and a VPN before I go to these links. Actually the forum should do this by default me thinks.
Sure, I can post the full link the next time I post something from dailystormer, but keep in mind that not everyone will get your message.
To make sure you're accessing the media in a way that meets your opsec requirements, it's best that YOU take care of what you're accessing.
There are several things you can do to do this:

1. before you click on a link, hover over it with your mouse to see what the address is (this is the easiest approach).
2. enter this in your hosts file:
Bildschirmfoto-zu-2024-06-11-17-19-14.png

This will prevent you from accessing dailystormer with your default browser, but also with VPN (works on network level). In this case you can only access this address with Tor (works on application level).

3. Access this forum with a Tor browser like I do and you have peace of mind.
 
Last edited:
In this case, I can recommend MX-Linux, which still offers 32-bit support and comes with a latest version of OpenVPN,OpenSSL and a fresh kernel. It also supports "rolling updates" to keep your operating system up to date. I installed it on my old notebook and it works fine.

But if you prefer new hardware, this company might be a good choice:

Our products are designed from the hardware on up to respect you and your digital life, they come with physical hardware kill switches for your camera and microphone, with all known hardware backdoors completely neutralized and disabled (Intel Management Engine), running a curated freedom-respecting operating system and software applications, for maximum protection. We put your security at the forefront, and our laptops and smartphones will never invade your privacy.

My ten year old laptop has had something else fail on it. I have initially opted to replace the part and see if that works, but am not completely sure that it will. Almost let it go as I have replaced parts in it a lot of times now, has not yet been unsuccessful but it is getting tedious finding parts on the internet, ordering them, waiting for them to arrive, taking it all apart with screwdrivers, not to mention researching the repair manuals and videos. It's like an old person needing more and more medical attention.

So have been preparing for a possible demise of the hardware and getting something new. Probably would have to be something with the intel Management Engine disabled, which limits it to Nitrokey, System76, Purism, Dell or Tuxedo. If anyone knows any other manufacturers which sell PCs with the IME disabled, please post.

Interesting point is that Purism takes bitcoin and a very long list of cryptocurrencies :
Have any of you ever bought computer hardware with crypto?
 
Laptops are not really made for upgrades / repairs. A good bit of the components are soldered on, and they are not very expandable.
I have a friend who is a literal rocket scientist and swears by nothing but Lenovo. I had one years ago and it was very good. As it's a Chinese company, it might be free of a lot of the Intel spyware stuff.

You can keep a good desktop running for a decade or more. Laptops, usually when something goes I just say trash it. The heat they generate causes a lot of the components to break down much faster, and it's only a matter of time until something else fails.

I'm heavily biased towards desktops though.
Apple makes a very good laptop, that I use for travel. Sadly you can't dual boot them into linux anymore for "security" reasons.

If you're not tied to windows, I'd keep my eye on HarmonyOS:
 
I know that Purism and Nitrokey come with Intel Management Engine disabled.
Can you please provide the links that show this for the other vendors?
Tuxedo
Königsbrunn, 14. März 2018 – TUXEDO, der Anbieter von maßgeschneiderten Hardware-Lösungen auf Linux-Basis, startet die Auslieferung von Geräten mit deaktivierbarer Intel Management Engine.
and :

Dell
It looks like there are different stories on this :

...however if you look up the 15" Latitude 5550 Laptop there is currently an option which is default selected but can be unselected :
Intel® vPro® Management Disabled
I think that might be it.
It's not on all the models :

Anyway, I think my current notebook will get a new lease on life soon, but if it were to actually die I'd possibly order the purism.
 
Check out the Lenovo Thinkpad T470s. I was issued this laptop years ago from my company, and was impressed with the quality -- it's built like a tank!

I used to be a Dell guy, but I am hard on keyboards and trackpads and found myself having to replace trackpads much too frequently. When my last Dell trackpad failed, I decided to check eBay for the T470s and found they are readily available pretty cheap.

Also, this is the easiest-to-repair laptop I've ever owned. The back panel is held on by 5 regular phillips-head screws, and all the components are easy to remove and replace.

It's several years old now, so doesn't have the latest/most-powerful CPU, but it does everything I need easily. I assume it does include the Intel Management crap, and I'm not sure it can be disabled, but otherwise I recommend this laptop.
 
Last edited:

I actually contacted Dell support yesterday about this (waiting on a response). I was just getting ready to purchase a Latitude 14 Rugged, but then when I went to add it to my cart, the "ME Inoperable" option wasn't available anymore. It looks like they have already removed this option from all of their online offerings. That didn't last long. Perhaps it was added by mistake?

After doing some more searching, it looks like the option was only meant for certain customers and was accidentally made available to the public.


So much for Dell.


And how about
?
 
Anyway, I think my current notebook will get a new lease on life soon, but if it were to actually die I'd possibly order the purism.
i'm looking into this kind of thing and also contemplating what to do as the Win11 BS probably will steal all your activity via screenshots, though they say it'll be opt-in (whatever). Rob Brax talks about this a lot recently, too. What do you think you'll do, stad?
 
i'm looking into this kind of thing and also contemplating what to do as the Win11 BS probably will steal all your activity via screenshots, though they say it'll be opt-in (whatever). Rob Brax talks about this a lot recently, too. What do you think you'll do, stad?
I quite Windows about eight years ago and am not going back. If I really need it which is extremely rarely, I set up a Windows instance in Virtualbox on my Debian. Was actually surprised that the Windows .iso can be downloaded for free now from the Microsoft site and my ten year old machine will run it in Virtualbox, not that I need to. I think if you do need Windows unavoidably to run some work software, a modern machine with Virtualbox would do it without any issues, and you could use Linux for everything else.

But no, will not waste a whole lot of time just out of fear of the IME. Only if and when this machine truly dies or becomes too troublesome will I replace it with an IME-disabled model.

This IME as surveillance thing is speculation anyway, no-one has proved it and you'd think if it really was a thing, Snowden or someone else would have leaked it by now. If this IME is really being used by the 3 letter agencies they probably save it for the high profile targets.
 
I quite Windows about eight years ago and am not going back. If I really need it which is extremely rarely, I set up a Windows instance in Virtualbox on my Debian. Was actually surprised that the Windows .iso can be downloaded for free now from the Microsoft site and my ten year old machine will run it in Virtualbox, not that I need to. I think if you do need Windows unavoidably to run some work software, a modern machine with Virtualbox would do it without any issues, and you could use Linux for everything else.
Thanks for this. Is the IME what is actually utilized in order to do the screenshot recording, or are these similar surveillance possibilities that are technically different?
 
Thanks for this. Is the IME what is actually utilized in order to do the screenshot recording, or are these similar surveillance possibilities that are technically different?
Windows itself and other Microsoft products very likely has some closed source code with surveillance possibilities but the chances of that in Linux is much less.

The theory is that the IME is independent of the operating system and nobody knows what it is doing except a small group of engineers and executives at Intel and the three letter agencies. I don't necessarily believe the theory all the way but am just saying that if you have to buy new hardware, err on the safe side and get something with the IME deactivated. Otherwise just keep your hardware but run Linux on "bare metal" and if you still need it, Windows in Virtualbox.
 
Laptops are not really made for upgrades / repairs. A good bit of the components are soldered on, and they are not very expandable.
I have a friend who is a literal rocket scientist and swears by nothing but Lenovo. I had one years ago and it was very good. As it's a Chinese company, it might be free of a lot of the Intel spyware stuff.

Most laptops yes. Lots however have upgradeable components, and specific manufacturers like Framework make the entire thing modular so you'll be able to upgrade all parts for the foreseeable future.
 
Back
Top