[liberationtech] Chromebooks for Risky Situations?

[Jacob Appelbaum]

Brian Conley:
> <snip>
> 
> 
>>> My point was for something off the shelf, I know of nothing better and as
>>> far as it goes... I'd say it's a step up for a lot people who should be
>>> using more secure IT technologies and methods than they are (such as some
>>> journalists), and they can take that step with minimal investment in time
>>> and energy and a chromebook will meet their needs.
>>>
>>
>> I'd suggest users have no hard disk and boot off of a Tails USB disk.
>> Now we've reduced the attack surface to the BIOS/EFI layer - something
>> that I suspect is pretty crappy all across the board.
>>
>>
>>
> <snip>
> 
> I would love to be a fly on the wall of the IDF customs agent you have to
> explain this to. I see no OPSEC problem whatsoever in travelling with a
> laptop that has no hard disk. I cannot imagine any customs agent or other
> two-bit security bureaucrat having a problem with that.
> 
> //
> 
> See what I just did there? I attacked the specific *text* of your response,
> rather than what I believe to be true about you. I assume you'd not ever
> recommend that interpretation of your words to someone, so how does it help
> dialogue/discussion/liberation for me to engage in that line of reasoning?
> 

Having had a laptop with no hard drive taken and inspected by US
customs, I'd like to say that it was a lot smoother than the time I
brought a Chromebook (with a (blank) disk) through customs.

In any case, you can do whatever you'd like with the drive in the system
- the point is simply to treat the disk internally as not part of the
operational plan for using the laptop. I would actually suggest a used
windows install that is forensically imaged before a trip. This will
later allow you to see if they compromised the machine in an obvious
manner while say, you were out at the pool or not near the laptop.

All the best,
Jake