This guide to computer security for Christians is essential to anyone who plans on working as a minister, in any theological role, or even just a normal Christian working in a high profile or public role. Christians are under suspicion and attack in many countries such as Saudi Arabia, China and Australia where either religious extremists or militant atheists control the government.
This article will be broken down into multiple sections. We’ll start with hardware considerations, then move onto working with software, and then we’ll discuss network & general operational security. You’ll learn how to create a threat model, and if you follow these instructions you will be pretty safe from foreign attacks, sophisticated gangs & the Australian government who target every church in the world like they’re the enemy.
To begin, let’s talk about hardware. How much do you know about hardware? Hardware is more important than software. 99% of computer security experts, being bound by the limitations of their kind and limited to what they learn in school, spend all their time on software considerations. If you were to spend two years securing a computer on a software level, somebody could beat it by spending two minutes with physical access to your computer, where they put a tap on your monitor and then just fast forward through your screen.
If you need security or privacy for anything you do, I suggest buying a cheap computer to use in addition to your main computer. Having a secure and private computer means your system will be incompatible with most programs that you use on a day to day basis, and to avoid having to compromise your system you’ll want a dedicated computer. Get the cheapest you can find, and before you turn it on remove the camera and microphone. This requires only a small flathead screwdriver on most cheap computers, and all you have to do is Google the make and model to find detailed guides on how to remove them. If you require a mic & camera, just buy a cheap webcam and plug it in. I suggest Googling the make and model on a public library computer, otherwise you have made an unnecessary link between your normal computer and your secure computer, and if this guide is followed properly they should be entirely segmented.
Once you have removed the microphone and camera, remove the hard drive. If you want to be secure you’re going to have to run your operating system entirely in RAM & use detachable media. This removes the ability of a virus to live on your computer – if there’s no hard drive to store a virus in, they’ll have a very hard time giving you a virus. You’ll want to boot up your operating system from a CD or USB, preferably a CD, as you can get “write once” CD’s, ensuring your operating system will never be compromised. You can also checksum/hash a CD, ensuring that even if your CD is swapped out by some sheisty kangeroos, you can detect the change by hashing the CD from a backup operating system. In this way you can ensure the integrity of your operating system by using the right hardware.
PLEASE NOTE: IF YOU GET A CHEAP COMPUTER, MANY HAVE INTEGRATED MMC HARDRIVES. YOU CANNOT REMOVE THESE. Make sure you get one with a real hard drive that you can unscrew.
Please note if you’re resourceful & really think your place will be physically inspected regularly, you might consider having a computer with a monitor, just using your normal computer and then when it’s time to be secure, using a computer stick (you’ll have maybe get one custom without HD and extra RAM) with the monitor. That way you can carry your computer around with you, use it on the go, etc. To be honest a computer stick just by itself is a really good idea if you’re lazy, just go get one, plus they’re cool as fuck. I know someone who built a computer stick into their computer’s plastic & had the rest of the computer as a decoy computer, the more compact something is the more you can do with it.
Once your computer is set up, you’ll want to boot “Porteus Mate” from RAM, and check the settings for any kind of virtual monitor. Monitors are the least defended part of a computer & also by far the most fruitful, there are probably like 3 people (well, not many) that could remotely hack a really well secured computer in a way they could understand the data they could pull from it, it’s a headache and nobody cares or wants to do it. Whereas if you hack someones monitor you get that beautiful display, and Australia compromises monitors before they’re sold, so never buy an Australian monitor.
It goes without saying that keyboards are also a big target for the rabid spastics that will never leave you alone for no good reason even though you didn’t do anything wrong. From both a hardware and software perspective, keyboards are the main target, and I suggest using your keyboard for non-essential typing, and then using a virtual keyboard on your computer or copy paste for more sensitive stuff like passwords. If you’re using a cable keyboard (non-Australian, Australian keyboards are all compromised by default) your main concern will be physical access. Bluetooth and those Logitech receivers can be attacked by anyone within range of the signal, either through man in the middle or other attacks. If you do use those, make sure you’re using a good one with encryption built in, many of the older ones are totally insecure. For example if you used a Logitech mouse manufactured before a year or two ago, an attacker could not just take over your mouse, but also enter keystrokes and anything else a device connected to it could do, even if no device was connected to it.
A good and simple tactic, applicable to much more than keyboards, is when you first buy a keyboard, take it apart according to instructions, and take a photo of the inside. This isn’t perfect but at least you’ll be able to compare it visually from it’s factory state, to it’s post-access state. Similarly with USB’s and SD’s, a simple photo of the unique identifier will prevent it being swapped out. To compromise an existing device, they need to take the device, work on it, then put it back. This could take any amount of time and is hard to do, because it requires them knowing you’ll be away for a specific time and them banking on nothing going wrong that wastes time. Whereas swapping out takes one moment, you can work on a replica device for a week and swap it out in 5 minutes. You can also swap out using non-professionals, for example you can pay someone’s girlfriend or housekeeper to swap a device, you couldn’t pay them to compromise a device. So swaps are way more common. For example, when I arrived in Alice Springs, I went to Qantas freight to pick up my cat. There was nobody there, but every door was open. As I walked through the reception, into the building, through every part and out onto the tarmac, it occurred to me how easily somebody could just walk in there like they own it and swap out some packages. This is the kind of stuff nobody seems to care about but it pisses me off – doesn’t Pine Gap use Qantas freight? Does nobody care about security anymore? Just leaving a goddamn airport unstaffed for no goddamn reason, probably just to annoy the fuck out of me and stop me from getting my cat on time when I have a cab out front and the meters running, bleeding me of my hard earned money.
You’ll also want to buy a privacy screen. A privacy screen works by making the screen very hard to see from any other angle besides right in front of it, just Google the size you want and get one. All this is irrelevant if someone is looking over your shoulder! By buying a privacy screen and laying or sitting at an angle where you know there’s no camera behind you, it saves throwing a blanket over yourself to stop the illuminati from stealing your gospel research.
For your phone and other smaller computers, you’ll also want a faraday bag, these block the signals from leaving your phone. Your phone is constantly emitting signals, and these give a detailed accounting of wherever you’ve been. If you have an android or other phone, you can also buy audio blockers to put in your headphone jack, they’re small but trick your phone into recording audio from the “microphone” plugged in, instead of the internal mic, but the trick is there’s no mic plugged in it just simulates on so you get some small privacy there. Does not work for iPhone. If you’re working in a secure room, there is also faraday paint, which you can paint the walls with to interrupt signals leaving the room in general. Please note this just makes it harder to tap you, if there’s even a window or the floor signals can still get out, but for example this ruins a few non-electric listening devices that require direct whatever.
If you’re securing the room in general, consider playing some sort of generated background noise as well, most casual electronic listening devices only record when sound is detected to save battery, this drains the battery, interrupts text to speech and just generally is annoying.
If you’re using ethernet, like you should be if you care about security, you can also put a faraday casing on your computer, or have some box you put the computer in. This isn’t that hard, but buying an off-the-shelf solution will cost like thousands of dollars & nobody cares that much, but if you’re bored as fuck you could do that, like it’s possible not recommending it.
If you have some sort of low energy emitter, you can also put it in the faraday bag with your electronics, that way you’re alerted when the bag is open, the signal being blocked otherwise, unless they know that you’re doing that, and block the signal themselves.
Buy a yubikey or something similar – additional hardware verification never hurt anyone, but make sure you don’t buy the yubikey from Australia, because they flash them in Australia, and you know exactly what that means.
Your computer should have some sort of condom between the computer and your network – for an off the shelf solution, I recommend Tiny Hardware Firewall – but any hardware firewall is really useful, combined with a software firewall nobody is coming through anything. Your router, when you select it, needs to be compatible with third party firmware – at the very least Merlin, but hopefully something better like PFSense if you can be bothered learning how to use it. So DuckDuckGo to make sure that your router can support third party firmware, otherwise you won’t be able to run a VPN on your router, which you’ll need as a basic blanket shielding your network from prying eyes. You never want a computer level VPN, for reasons we’ll discuss later.
TO BE CONTINUED LATER, IT’S NEARLY 5 & I HAVE TO SHOWER & GET READY FOR CHURCH.