# Privacy and anonymity from the US government

## grell

Hello, I was wondering what the best way is to stay safe from government (i.e. the NSA and such) eavesdropping on my computer/Internet activities.  I think I can safely assume that since Gentoo is 100% open-source and based on source code (as opposed to binary packages) and that there are no backdoors in it to speak of.  Is this indeed the case?  Also, is this the case with the Chromium web browser as well?  I know Chromium is said to be 100% open source.  I want an OS and browser that I can use without having to worry about the government eavesdropping on me.  Please tell me the best solution, things are getting pretty scary here in the States and I want to evade the government as much as humanly possible.  Thanks in advance guys.

----------

## Keruskerfuerst

It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks).

If you want to check the source code, control these parts, which connect to the network. E.g.: kernel, glibc, X-Server and so on.

From your country, where you live.

USA: e.g.: Red Hat or Fedora.

Before you install/use Linux, you should read a manual of your distro.

And some books about bash use and so on.

You can also use TOR. This slows down the internet speed much.

But: some goverment institutes use quantum computers to decrypt the crypted internet traffic.

These computers are very expensive (~1.000.000,00€).

If you want to be safe, use the following:

1. highly encrypted electronic mail

2. "normal" mail, registered mail, mail by courier or "high speed" mail.

----------

## NeddySeagoon

grell,

If the US government wants your sekrits, they will send you to the experts at Guantánamo Bay, Cuba to extract them from you.

Its much faster that eavesdropping.  You can make it harder for the government though

Use encrypted email.  These means that all your correspondents need to generate and use key pairs.

Use a paranoid firewall, that stops things going out as well as stops things coming in.  This means that some nasties that do get in cannot phone home.

Use a hardened system.  It makes all sorts of exploits harder to accomplish. 

Check your logs.

Rent a VPS outside of the reach of the USA government and use a VPN tunnel to route all your traffic through it.  This is like TOR but faster and with less/no anonamyity.

In the end, security is like the layers of an onion.  You need to assess your perceived threat(s) and put in place measures you are prepared to tolerate to combat the threat.

All security measures compromise usability.  You choose where you draw the line.

Consider not using the internet for anything ever.  That makes electronic eavesdropping really hard but not impossible.

----------

## Keruskerfuerst

If you have problems with the goverment, just call federal police.

They arrive within 5 seconds...

----------

## steveL

 *Keruskerfuerst wrote:*   

> It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks).

 

This is simply untrue; a bindist is far more likely to contain a root-kit, and also much easier to break since everyone's using the same binaries.

Placing ease of system-administration, a completely orthogonal concern, above security, in a thread asking about security, seems very strange to me.

Besides which, Gentoo is much easier to administer in the longer-term, because it's as close to vanilla-upstream configs as possible, and you're always on a recent version, both of which mean it's much easier, and more pleasant, to get support direct from the upstream support channels, like IRC.

They're not frustrated by the fact that you're running a heavily-patched distro-monstrosity based on something they obsoleted 5 years ago (or over a decade ago in the case of mawk on debian; the default OoTB awk on that distro.)

WRT to the OPs question, be advised that there are blobs in the tree, so review ACCEPT_LICENSE in man make.conf and license_groups in man portage.

Consider also the deblob USE flag for gentoo-sources; I've never had an issue with it. You can still use proprietary graphics drivers if you must; though I don't think you want to, if you're concerned about the NSA. It still reduces the vectors.

----------

## depontius

Look up the term "rubber-hose cryptanalysis."

Besides, the government is not your biggest fear, in practical terms.  There are commercial entities far more likely to abuse your rights and privacy.

----------

## gentooP4

Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright?  Just curious

----------

## Keruskerfuerst

 *Quote:*   

> Besides, the government is not your biggest fear, in practical terms. There are commercial entities far more likely to abuse your rights and privacy.

 

The answer ist M.

----------

## depontius

 *gentooP4 wrote:*   

> Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright?  Just curious

 

If you're really being paranoid, the moment you start using TOR, you stick out like a sort thumb.  Again, if you're truly paranoid, assume that a non-trivial number of TOR exit nodes are compromised and monitored, and even though content, and in-TOR metatdata are both encrypted, entry/exit metadata cannot be.  The minute you touch a compromised TOR entry point, you become "interesting" to whoever compromised that node.

----------

