We all know that by ensuring a stable power supply, avoiding mechanical as well as EM shock and overheating, you get a long way towards the healthy life of your electronic devices.

Some books try to evangelize certain technologies and/or hardware. As a Physicist I almost only care about transfer speeds and the reliability and security of my data (that it doesn't get corrupted by software-related or physical causes).

I have been trying to find a guideline about how to keep the disk of the box I use to access the Internet (with which you automatically relinquish any functional illusions about that thing they used to call "privacy") as read-only on a physical level by messing with the connector and/or cables themselves. Some pins of those connectors are responsible for the physical transfers of data into the disk. You can do similar things with network cables. I think some time ago high end ATA disks used to have a switch to make them read-only on a physical level. I don't think you can -reliably- do that with just a partition or using the OS.

That read-only core will hold the OS's baseline installation and configuration. rw disks and partitions will be used for editable and ephemeral data (all that js goo, other "page-requisites" junk and all kinds of etceteras you incidentally download onto your drive as part of browsing the Internet).

This is what I have in mind:

1) you get an install base, preferably a DVD (in order to keep a physical copy as a reference), say: Debian Linux
2) entirely disconnect yourself off the Internet (you should physically remove the internal wireless antennas in your computer and then and only then reset your BIOS)
3) install its encrypted self onto a disk
4) baseline the whole installation (using Linux find)
5) as part of §4 you include some data signature (say, md5) for each file
6) to the best of your ability (and that would be an ongoing process you will have to manage) you go into each application configuration and set up:
6.1) the basic configuration of each application as initially read by the core installation
6.2) for each user: all other configurations (save files to, ...) on to the rw zone, then.
7) -physically- disable access to that read-only core
8) then, and only then, you would connect your box to the Internet
9) if you need to install a new application you would:
9.1) download and keep the installation file somewhere safe
9.2) temporarily install it on a jail in the rw zone ...
9.3) use/test it and if "you like it":
9.3.1) go to §2 ...

I think the UNIONFS used by live systems would be helpful while implementing §9 seamlessly and the most hassling aspect is §6. All kinds of software make all kinds of assumptions but you could automate that process to a large extent either using start up parameters or the application’s own configuration files.

Such a physical and software configuration would not only protect your data and save you time due to interruptions, but is likely to extend the MTBF of your disk drives. I have never found a physical study explaining why disks fail so often and I think it might be due to abuse by OS and installed applications (including all kinds of junk all computers connected to the Internet are infected with).

I remember once Linus Torvalds himself saying that he never, "effing" ever connects his own work computer to the Internet (and he was putting all kinds of funny faces when he said that), but I think we should be able to do better than that. "Hackers" may still mess with your baseline either by using javascript to own your computer via your browser (javascript is being injected with algorithms to even decrypt your hard drive) or through a "black-bag" job, but you will make things much more difficult to them and you will be able to just restart your box with some pretty safe confidence about owning yourself.

The other day I had to switch again telcos (back to Verizon) and their sale’s representatives were selling me "privacy" (I am not kidding you!). At that moment I felt amused even like mocking, poking fun at them, but then when I thought about it I did notice that IT companies are now nefariously uglier than even mobsters selling you "protection".

Do you know of such ideas even if partially implemented and/or discussed?

Didn't read to the bottom of your post. Few will.

Try Tails, or possibly heads (heads = tails, but only uses open source software, so no firmware, so your peripherals don't work). There's all sorts of loopholes in modern software, e.g. cookies & javascript. If you don't allow javascript, surfing most sites is a bit like locking the door before you try to open it. If you do allow javascript, any <expletive deleted> anywhere can tell who you are and what you had for breakfast. Cookies aren't as bad, but quite invasive nonetheless. Your router is probably hackable, so is your cpu & peripheral microcode/firmware; The NSA wants back doors to everything, so programs you might trust are not trustworthy, and you want to shut them all out?

The clever way to do it is to stay under the radar, minimize annoyances and stay legal.Then relax, and sleep at nights. The web is dystopia, not utopia.

There is just so much wrong with pretty much all of your post that it's pointless to try to list it all.

First, let me state that any security system devised by a human can be defeated by a human . . . any. I suspect the same is true of computers. Second, the most secure system is one in a sealed room with no doors or windows, room encased in grounded copper mesh, no wires of any sort in or out, power provided by a generator in the room. Of course such a system would be of little use and would be dangerous besides (exhaust from the generator if nothing else). Also not very practical.

Now, what is good security? Believe it or not, in spite of what many people think, it is not denying access to whatever, period. It is denying access for as long as access would be useful to an adversary. In a military sense, the fact that an attack will start at dawn is only useful to the enemy until dawn. At that time the enemy knows the attack is starting, so security requirements are different from security requirements for, say, the nuclear launch codes.

I suspect you have not taken any of this into account.

I think if you try disconnecting part of a network cable you will have problems. Look at the wiring and the network protocols and you will see what I mean.

For your 'base' system, as you call it, the simple thing to do is put it on a CD or DVD (non-rewritable, of course) like the distribution live installation disks. For that you don't need a hard drive and it cannot be corrupted without physical access to replace the physical medium with a corrupted physical medium. For the dynamic data encrypt, encrypt, encrypt. Veracrypt can be your friend. Gnupg (or PGP) can also be handy (digital signatures).

But remember what you are trying to accomplish. A thousand years from now no one is probably going to care what you did on your computer today, so going to great lengths (and cost) to secure for that length of time when securing for a hundred years would be cheaper, faster and easier is counter productive.

Finally, decide what are you protecting, from whom, and why. You can go to any lengths you wish but I assure you if the NSA decides they want to know what you are doing, they will find out. Stories of a van sitting outside a building seeing everything that is done on a computer inside the building are not stories. On the other hand, your nosy neighbor probably wouldn't bother to go to that trouble (or expense).

Bottom line: I think you are trying to reinvent the wheel for no purpose. Look at security measures and procedures in use today and if wisely used I think you will find them adequate for the threats that you may face. As new threats emerge, new tools to meet them will also emerge.

Some folks complain about not enough information.....


If you are not connected to the internet then what do you need all this security for?

Once you connect to the internet you will find that your data is only as secure as the last patch.