What has changed in my setup (2023-edition)
HTML-код
- Опубликовано: 13 май 2024
- In this episode, we explore what has changed in my setup.
==============================
TL;DR
==============================
00:00 Intro
00:43 M2 MacBook Air
02:01 Hardened macOS Ventura
03:23 ThinkPad X1 Carbon Gen 6
04:57 Raspberry Pi 4 Bitcoin full node
05:49 COLDCARD Mk4
06:20 Electrum
06:32 iPhone SE2
07:11 Hardened iOS 16
08:20 Pixel 5 running GrapheneOS
09:06 KeePassXC + YubiKey 5C NFC
10:07 Superbacked
10:17 Yubico Authenticator
11:51 Hardened Firefox
12:33 Mullvad VPN
13:17 Proton Mail
15:19 Signal
15:47 Sparse-encrypted rsync backups
16:21 Borg backups to rsync.net
16:43 1984 hosting
==============================
SUGGESTED
==============================
Change 👉 • Change
How to spoof MAC address and hostname automatically at boot on macOS 👉 • How to spoof MAC addre...
Is Apple deliberately killing our batteries? 👉 • Is Apple deliberately ...
How to protect Mac computers from cold boot attacks 👉 • How to protect Mac com...
Why Tails is not only for hacktivists and whistleblowers and how to get started 👉 • Why Tails is not only ...
Trezor One vs Model T vs COLDCARD and how to safely source hardware wallet 👉 • Trezor One vs Model T ...
Apple’s iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes | WSJ 👉 • Apple’s iPhone Passcod...
Firefox privacy and security hardening guide (2022 revised edition) 👉 • Firefox privacy and se...
Tutanota review and why it’s one of a kind (compared to Proton) 👉 • Tutanota review and wh...
How to configure Borg client on macOS using command-line 👉 • How to configure Borg ...
==============================
LINKS
==============================
Tails OS 👉 tails.boum.org/
Little Snitch 👉 www.obdev.at/products/littles...
COLDCARD Mk4 👉 store.coinkite.com/store/mk4
GrapheneOS 👉 grapheneos.org/
Superbacked 👉 superbacked.com/?...
YubiKey 5C NFC 👉 www.yubico.com/products/yubik...
Yubico Authenticator 👉 www.yubico.com/products/yubic...
Mullvad 👉 mullvad.net/en
Tor Browser 👉 www.torproject.org/
Signal 👉 www.signal.org/
Borg backup 👉 www.borgbackup.org/
rsync.net 👉 www.rsync.net/products/borg.html
1984 👉 www.1984hosting.com/
For a while now i got obsessed with security i can't explain it but this rabbit hole never ends 😂
As long as you have money, you can try anything. You come back to google when you’re bankrupt 😂
That's the sweet thing about cybersecurity. It's a journey not a destination 🤟
Amazing man. Thanks for the update!!
These videos where you talk about your setup are your most invaluable. I really appreciate them.
Have you heard about Mullvad Browser? It's basically hardened firefox made in a collaboration between Mullvad and the Tor Project
Not yet but planning to… thanks for heads-up!
So librewolf?
@@sunknudsen curious about your thoughts on Brave browser over Firefox? Great content as always!
Glad to see a new video. I really enjoy your content
Yes! A video about physically disconnecting Wi-Fi and Bluetooth mechanisms would be very interesting; please make such a video if you are so inclined. I run my 2011 Mac Mini (running Mint 21.1) with Wi-Fi and Bluetooth antennae physically disconnected, too. I’ve not even tried to disconnect the antennae from my M1 Mac Mini (running Ventura).
I was where you are 15 years ago. The massive amounts of details you need to remember were easy because you work with them daily or frequently. When you finally decide to retire because you reach the age where you realize the number of days you have left give you the clarity to give each day the value it deserves; you will be doing other things. You will less and less work with all the tech you once did. And your memory will no longer be as good as it once was. At some point you will reach the state where you can no longer remain facile with managing the systems you now employ. The end result will be that as much as you understand the value of security; you will no longer be capable to manage the machinations necessary to achieve it. You will make compromise after compromise because you will require simplicity in order to manage your life. But you are at the stage where trading simplicity for security doesn’t seem like a big deal. And while at that stage what I allude to seems like it will/can never happen. I would suggest it might be valuable to read “The Myth of Tomorrow” for perspective. Best of luck.
Sweater is the biggest upgrade. Thanks for the updates, Sun!
I like the lighting in your place its calming.
This was fun! Thank you!
Salut Sun. Merci pour ton contenu, c’est vrm utile et intéressant
that was a lot! :D but I want the episode regarding vpn!!!! can't wait
Thanks for sharing 💪🙏
+1 on the Thinkpads review
I would like to see a "Starting from scratch" episode where you walk through what you would do if you were targeted by an AI capable of hacking major providers and infrastructure, programmed to look for your data identifiers.
Thanks for all the research you do and the top quality information you put out there. I must say though, I really am craving a video about the Brave browser and maybe a comparison with Firefox. I would also like to know what you think of ProtonVPN, as it's so convenient to just buy into Proton entire ecosystem. Thank you again 🥰
I just loved this episode, I like to use PGP on my computer with Kleopatra and GnuPG, and on my phone I use OpenKechain to manage PGP stuff
I would pay for a course pack on all the latest protections and setups you do, all bundled together in a comprehensive packet of sorts. Like the book Extreme Privacy but with everything you need to do in a simple way. You could even have tiers to it since it is daunting to do everything at once. Break it up into chunks. Like password management, mobile, internet traffic. And have all of those lessons grouped in a cohesive way that is easy to wrap your head around. Because me as a casual user it is so daunting and seems to sprawl all over. But if there was a simple way to slowly “seal up your life” over time, that would be useful. Like Eagle Scouts having merit badges. Eventually you’ll get there, one cluster of information at a time. Whatever you can manage to tackle on a weekend or a holiday.
Same. There so much i barely have an overview. After seeing this video i feel like i don't even own a front door 😂
YES!!! PLEASE SUN
You could do all of these steps and then some and there would still be no real privacy... This is what our world has devolved into.
+1
Thanks for another amazing episode, Sun.
I would be interested to hear what you are doing regarding search engines on all your devices?
Also, I have been using the PreSearch search engine for the past 1.5 years now and really like it. Are you familiar with the search engine? Would love to hear your thoughts on this also. Cheers
Hey man, thanks for all the great videos. Quick Q: I feel a bit hesitant with downloading browser extensions that can read my data in combination with inserting my passwords with the fear of them reading/storing my passwords with the potential of those extensions being leaked/hacked. Is that a legitimate fear or aren’t they storing anything and can I securely install privacy badger, multi containers, https everywhere & ubluck origin? Could also differ per extension probably. Happy to hear your thoughts.
Salut Sun, superbe contenu comme toujours ! Du coup si j'ai bien compris tu n'utilises plus l'app mobile OTP Auth pour le 2FA ? Tu passes maintenant par Yubico ?
Est-ce que tu recommandes l'utilisation de Yubico Authenticator sur téléphone pour faire "air gap" si l'on utilise pas tails sur un autre ordi ?
Dernière question: Est-ce que si tu recommandes cette approche, il faut 2 yubikey différentes (1 pour le password manager avec keypassxc et une autre pour Yubico sur téléphone ?)
Hey Sun, loving your videos and implementing alot of what you do. Do have any suggestions for digital wallets ( having cards on your phone/ computer? are they a no no or are there some service that are safer? apple wallet a no no? thanks so much!
Cool stuff! I am actually very conflicted with using newer versions of MacOS and upgrading to M-based Macs. With the recent news that Apple has a daemon scanning your media in Finder, and certain apps being not fully optimised for ARM, I am not looking forward to upgrade despite the cutting-edge hardware in new Macs. On the other hand, I am stuck on Mojave that is not getting security updates anymore, but at least I have proper support for apps like little snitch.
hi I'm , still now in the same situation as you..stuck to mojave..because of those reason you said..did you upgrade? just wondering!
Hello. Nice video.
Can you provide us a guide to startup macOS MacBook intel with spoofed Mac ? Or to spoof automatically on startup.
What would you recommend regarding anti malware for Mac? I hear that the AV suites can be very invasive. Would you recommend something like little snitch for monitoring and blocking dodgy connections, likely caused by the presence of malware, and combining that with decent backups so that you can recover should the worst happen?
Is there actually any need for a full out av suite, like Norton, bitdefender or something a bit more lightweight, such as MalwareBytes?
Hey Sun. Thanks for sharing your ecosystem. What about Session as a private and anonymous messenger app ? Any opinion about that one ? Any scheduled review ?
How do you store your PGP/GPG keys on the YubiKey? Do you use the YubiKey Manager? Can you please link a guide? (there are many different guides and approaches online, some are quite old).
Since you are talking about ProtonMail, what is your opinion about Fastmail? (in regard to privacy, not security).
What do you think about Quad9 DNS or the use of iCloud VPN + DNS ? and why Mullvad VPN compared to proton or IVPN ? Thanks for good content !
Can you go more in depth for what and how you use both windows and Mac?
Why did you turn on the Significant Locations toggle? I watched your iOS privacy guide years ago and I remember clearly you said it was the scariest feature on iOS.
Thoughts on Fastmail for email and calendaring?
Yes, please! Would love to hear your thoughts regarding Mullvad VPN and why you use it less and less (as well as what you do end up using it for if you still do)!
Done!
having used more up to date iphones it is not at all "required" to use any biometric whatsoever. the option in there yes. But you can setup your phone without ever using faceID or even touch ID.
Would love to see a laptop centric video with HW and SW setup.
It would be interesting to see a video about private options we have nowadays, especially looking on the smartphones topic
I also appreciate being able to disable setting: Lock Screen -> Show user name and photo
can you do on airgaped usage and is it worth it . what software and how do u use it
Whats your thoughts on security for "Lightning node connect"?
Have you tried using Al Dente for battery management? That gets you away from having to rely on Apple's location services for the battery of all things.
Haven’t but likely should… thanks for reminding me.
Have you ever run or considered running a node on something a little more powerful like a mini pc, eg intel, dell, Lenovo micro form factor stations? As they are more powerful they could also run more easily personal server application. Or do you personally prefer to run bitcoin node separately from this use case?
Great question… I typically do IBD on a more powerful computer. That said, I really like the limited attack surface of a single-purpose computer for the node (running node on a VM also solved this issue if all other use cases run in isolated VMs).
Great video, quick question what is the name, or where can I find that dust cover for that Samsung bar USB?
www.amazon.com/dp/B08TT1W16B
Thank You! I've been looking for some for a long time@@sunknudsen
How does Significant locations turned on in mac or iPhone impacts on battery-life and privacy?
Proton over Tutanota, is that because of the calendar? Very curious. I went with Tutanota a few days ago, mostly because of their current "buy one year, get one free" deal, which made its new pricing competitive with Proton's versus features.
No longer using borgbase?
Any particular reason for the switch?
Could you please explain how to manage Yubikey? It is really difficult to understand how to do it via their website(
Great vid, just ordered rubber band for my SE2 :)
I use Google Authenticator. Do you know whether these codes are stored on iPhone itself or on Google acc? I want to back them up regularly.
Sun can you recommend a good source for learning more about “ legitimate PC security” from a basic level, then graduating up to the more experienced levels. I appreciate your videos, I have an electronics background with some computer building and enhancing using hardware. I need more informationon network-centric knowledge and principles. Can you be of help to me, thanks…BD.
Have you heard of blockstream satellite? Privacy gains are fairly robust, but obviously security requires a tiny bit more work to verify chain tip…
Your input on Brave Browser would be great!
Hello , please can you suggest now days which is the best macos option taking into account what you had said in the clip "Down the “Your Computer Isn't Yours” rabbit hole and how to patch macOS" ? im stuck on Mojave and want to upgrade! i also use LS ..thank you!
Thank you Sun.
What do think about Brave vs Firefox in terms of privacy?
I actually use both but I don’t know which one is more private.
I use Brave for video conferencing as Chromium-based browsers tend to be more stable for WebRTC. Also my Firefox browser is too hardened for WebRTC. That said, as a daily browser, haven’t dug into Brave enough to comment.
@@sunknudsen Thank you Sun for your reply.
You guys recommend Proton VPN ????? Or is MULL
VAD that much better?? - Thanks
What do you think about the M chip vulnerability, GoFetch?
I recently came across your channel. It's all stuff I'm interested in, but I am far, FAR from having even 5% of this stuff in place. I do use KeePass and super long crazy passwords for everything, but that is about all things (hundreds of accounts).
One thing I'm wondering is how you do any work? Like just regular spreadsheets and docs. Do you do everything local (open office?) then backup to cloud? I assume you don't trust google docs/sheets at all? This is one thing I'd have a hard time with. I super depend on google drive, and I really wish I didn't. Anyhow I'll dig through your past videos!
Why keepass instead of a selfhosted bitwarden instance?
@Sun Knudsen
Looking forward to a updated dedicated video on the entire crypto storage system, including Raspberry Pi 4 Bitcoin full node.
Please do a video.
random question - is there a way to spoof a mac address on something like an nvidia shield pro android tv box?
You had a whole episode recommending Tutanota over Protonmail. What made you switch?
Please make episode about post-quantum cryptography and keys that possible to generate by means that available nowadays. Thank you
where did you get that Samsung bar drive cover?
Is 1Password 8 still the best password manager?
I see Mullvad has a browser now. It will be nice to se a review on that one.
I want to ask: Where did you get these rubber sleeves for the usb drive and yubikey?
Hey sun, lot of people Prefer brave browser than Firefox about privacy, what's your opinion about it? And why you still using Firefox? And thank you. Keep going
I'd love to know what the Raspberry Pi case is. It looks amazing
Hey, case is a argon40.com/products/argon-neo-case-for-raspberry-pi-4 without the cover.
@@sunknudsen thank you very much! Love the videos!
Instead of old Thinkpads I‘m using a Tuxedo. You can open and maintain them yourself and some models can be ordered without wireless hardware.
Can you run VM tails or whonix in VM, and use that for to buy stuff on open markets and will apple record the events or have anyway to identify the action took place?
For sensitive use cases, it is not recommended to run Tails within a VM… see tails.boum.org/doc/advanced_topics/virtualization/index.en.html.
@@sunknudsen Thank you for this link
I've recently started to use cryptee for my photos backup. It should be interesting to hear your opinions about it. Is it truly safe? Is it a good compromise for people who aren't tech savvy enough to self-host with nextcloud?
Could you please update your "How to configure macOS for privacy" video? The more I watch your videos, the more things I see changing.
Where did you get those dust covers for the Yubikey and Samsung Bar?
www.amazon.com/dp/B08TT1W16B
Episode on DNS: more so on why Mullvad DoT and not using VPN, like your current setup with it?
Bc DNS isn't necessarily to provide privacy, where VPN does provide that to a degree.
Do you sync your keepassxc database to iOS? If so how if there is HMAC authentication on your Yubikey? If no, what solution are you using?
Hey, I don’t sync… trying to use my smartphone as little as possible given how little one can do to harden it.
Why not use a repairable laptop like the Framework laptop that has removable HDD, RAM, Network Card etc?
One of the downsides of a Mac is that if it is physically damaged you are stuck with a repair that is almost impossible to perform yourself - whether it be a broken display or motherboard. You have to physically give up your device to be repaired.
A framework laptop can be repaired yourself using tools it comes with and spare parts that are sold to the public.
I am puzzled by the wifi comments. Unless you are talking about thinkpads - many modern machines have replaceable wifi cards.
Is a fresh new phone better than an used phone found off the online market?
Depends on use case… for most people, new is good. That said, depends if KYC is an issue.
@@sunknudsen so in regards of the app Signal, would it be better to get a new phone, or an already used phone? (including doing other private business on there aswell)
Answering this properly requires nuance but if phone is factory-reset and updated to latest OS, both should be fine.
OMG, turn some lights on.
How do you access yours passwords from Keepass on IOS and GrapheneOS?
For iOS, I type them… I know… horribly inconvenient. For GrapheneOS, I use camera app to scan password from QR code generated using Superbacked.
Sounds like a business idea to me.
Also… there are KeePassXC-compatible apps on iOS which can open database synced via iCloud (which is encrypted and can be synced over end-to-end encrypted iCloud when Advanced Data Protection is enabled). That said, I personally prefer the air gap.
@@sunknudsenyess, feels like one is moving the problem, but its a feasible option.
You are in Bitcoin but don't lightning set up? If you are about privacy, lightning is another great layer to obscure transactions.
12 month update of this video, how about that?
Don’t put anything on your key chain unless it’s very durable. I had a thumb drive that got utterly demolished in my pocket.
did he stop making videos? whats going on here?
Signal has been compromised.
Bruh, Firefox's DNS over HTTPS leaks DNS... Not very secure.
What do you mean? Can you please expand and include sources?
set network.trr.mode to 3
Hello, I stumbled onto your YT channel in a roundabout way. Starting with your take on using VPNs. I'd love to have a conversation with you about 'Change' as I am an old Technology Warhorse from the late 70s. I've determined to do some act1v1$t traveling and photo journalism around the world and am looking to create a bastion bubble for my data and identity to more easily post and Pr0t3st. If you are amenable i would love to chat. (ps) I find your take refreshing and I have loved Casey' work since the early Social Media Days. LFTHFY Brad
I would like more cryptocurrency videos about Monero, and maybe talk about Bitcoin Cash a Bitcoin fork but although is transperent it incorporates opt-in privacy futures like CashFusion which is an improved version of CoinJoin, and BCH's RPA future (Resusable Payment Addresses) similiar to Monero's Stealth Addresses
Hey “new guy” here 👋
I noticed on this episode no profanity !!!👍🤙👌
I love your content, the profanity not so much…
I will tune in more as a tech challenged Christian ⚡️
Its\ ok\ i\
ha5ve didgatal aids\ too
You give up all that privacy once you’re on a mac. It’s all for nothing.
Hey, have you watched whole episode? Spoiler alert: I don’t use macOS for all use cases.
Constructive criticism:
1.) No need to say "actually" before each statement of fact.
2.) Pronounce 'th' correctly. 'Through' is not 'true'. 'The' is not 'dee'.
Work in progress… I would add say “eeeee” less.
Are you really giving someone shit over their accent?
@@sunknudsen I once watched a video of myself. Painful.
To anyone reading this… even if it is painful, embrace change and get your message out there. This episode is performing better than the last 10 I published. The message is what matters.
@@sunknudsen exactly .
Thanks a lot for sharing the detailed insights. Unfortunately you shared too much info, in case FBI wants to acess anything @ Superbacked they now know which YubiKey is to go for.
I use a Lenovo for work. The fact that it is a Chinese company gives me serious pause as I really don't like using or certainly buying anything from PRC based entities regardless of how good they happens to be.
sun, first of all thanks for making us more concerned about our privacy and security I found your video on firefox security very helpful. I know we should'nt trust apple or google devices but just out of curiosity wanted to know your take on samsung devices.@Sun Knudsen