This is only a Preview!

You must Publish this diary to make this visible to the public,
or click 'Edit Diary' to make further changes first.

Posting a Diary Entry

Daily Kos welcomes blog articles from readers, known as diaries. The Intro section to a diary should be about three paragraphs long, and is required. The body section is optional, as is the poll, which can have 1 to 15 choices. Descriptive tags are also required to help others find your diary by subject; please don't use "cute" tags.

When you're ready, scroll down below the tags and click Save & Preview. You can edit your diary after it's published by clicking Edit Diary. Polls cannot be edited once they are published.

If this is your first time creating a Diary since the Ajax upgrade, before you enter any text below, please press Ctrl-F5 and then hold down the Shift Key and press your browser's Reload button to refresh its cache with the new script files.


  1. One diary daily maximum.
  2. Substantive diaries only. If you don't have at least three solid, original paragraphs, you should probably post a comment in an Open Thread.
  3. No repetitive diaries. Take a moment to ensure your topic hasn't been blogged (you can search for Stories and Diaries that already cover this topic), though fresh original analysis is always welcome.
  4. Use the "Body" textbox if your diary entry is longer than three paragraphs.
  5. Any images in your posts must be hosted by an approved image hosting service (one of: imageshack.us, photobucket.com, flickr.com, smugmug.com, allyoucanupload.com, picturetrail.com, mac.com, webshots.com, editgrid.com).
  6. Copying and pasting entire copyrighted works is prohibited. If you do quote something, keep it brief, always provide a link to the original source, and use the <blockquote> tags to clearly identify the quoted material. Violating this rule is grounds for immediate banning.
  7. Be civil. Do not "call out" other users by name in diary titles. Do not use profanity in diary titles. Don't write diaries whose main purpose is to deliberately inflame.
For the complete list of DailyKos diary guidelines, please click here.

Please begin with an informative title:

Let's start here:  do you use Windows?  Or an Apple operating system on your computer?  You're hosed.  The NSA owns you.  They own every thought, all your dreams and aspirations.  They own your relatives, your friends, every plan you've ever made and how it turned out, every word you've ever written, every dime you've spent.  If they want to be inside your computer watching what you do in real time... yeah:  they can do that too, if they want to.  But maybe posting with a fake user name on a non-threatening site like DKos... maybe you're flying totally under their radar?  Mmmph.  You are owned.

Do you use Linux?  1000 to 1 you're hosed.  It's possible to lock Linux down, but it's very difficult - almost impossible - and intensely geeky (do you speak Snort?).  And while locking down Linux against incursions by some of the very best hackers in the world - those friendly folks at NSA - is actually possible (it isn't with Windows or iOS - period), it's constantly in flux.  And keeping up is a labor of love - it does take considerable work.

There is a way, though:  a way that is possible for we mere mortals.  I don't really expect much traction on this - but I feel an obligation to at least make the effort.  And if just one person gets it and does it... well, I'm a happy camper.


You must enter an Intro for your Diary Entry between 300 and 1150 characters long (that's approximately 50-175 words without any html or formatting markup).

So I posted a diary a few days ago about an NSA-proof email system called BitMessage.  But, thinking about it, securing our email is really just a small part of what we need to do to keep ourselves safe from our own government.

Complacency is not a characteristic that is naturally selected for.

There is this operating system.  It is called QubesOS.  It looks like Red Hat Linux; and it is, sort of - but really, it's a Xen hypervisor.  And all that fancy stuff doesn't matter.

You can install it with very little trouble - like any other version of modern Linux - and the only thing that's really important is picking compatible hardware to install it on.  There's VT-x and VT-d to keep in mind... blah, blah, blah.  Just look at the hardware compatibility  list.  Download the file.  Follow the destructions.

Download (Version 2 Beta 2 works well - Ver. 2 is just about ready.  Unlike BitMessage, this is mature software.)

Unpack it onto a DVD or thumbdrive.  (I'm not 100% sure, but I think Windows users can use Unetbootin to burn ISOs onto a thumbdrive)


Read the Manual!

OK - now this is what you've got:  you have a computer that is made up of several Domains.  Domains can be thought of as virtual machines; like when you use Oracle's VirtualBox or Apple's Boot Camp to run one operating system inside another.  These Domains are assigned various levels of trust:  and stuff in Domains with lower levels of trust cannot get to higher levels.  For example, the Network Domain (and it is the network where bad things usually happen) has zero trust - and cannot access anything.  There are 'throwaway' Domains - so you can open a web browser, do some secure surfing, and when you're done it all disappears.  There are Domains integrated with VPNs, and Tor.  And should any Domain with network access become compromised or get infected by something nasty, it can't affect the rest of your Domains.

[And of course, as with all versions (called 'distros') of Linux, you get the FOSS (Free, Open Source Software) stuff:  a full office suite, the ability to watch DVDs and play music, a few tens of thousands of free software packages (everything from a couple hundred versions of solitaire to the packages needed to build your very own supercomputer), and so on.  Fair disclosure:  QubesOS, at the moment, won't play graphically intensive games.]

Your main and most important Domain is called Dom0.  All the others are launched from there, and it is secure to a T - nothing touches Dom0.  Nothing.  It has no network; and while it fully controls all hardware, it is not exposed to that hardware.  You use Dom0 to create, delete, launch and control other Domains.  This level of hardware security is why VT-d and VT-x is required on your motherboard, by the way - it allows for complete hardware isolation.

Just as an aside, the idea of isolation is critically important to the lead developer of QubesOS;  Joanna Rutkowska.  Security by Isolation is an approach that is newer, and very effective.  Ms. Rutkowska has a fascinating history that is worth looking into - you can get to her personal blog via links on the QubesOS page.  She was a black hat hacker of considerable repute, who is now a white hat.

I'm going to stop the nerd-fest now.  The links to QubesOS and the others - to instructions, hardware lists, and so on - are pretty good.  They're not inscrutable and dense geek-speak.  They're quite accessible, actually - for the most part.  I just noticed that there's even a Wikipedia page - that's new...

You can install QubesOS on a small, fresh hard drive in less than half an hour.  Just take the defaults, and accept encryption of your Home Directory:  give it a decent password.  Using it is no different than Windows or Apple, except it's prettier and more customizable:  sometimes things are in different places or have different names - but it's just an operating system, and they all work the same.

Yeah.  It takes a little effort, and you'll have to learn a few new things.  Learning is good - and it's not that hard.  Really.  The thing is this:  it is possible to secure your computer to the point that nobody - even the NSA - can get into it from the outside.  We actually can have privacy, and own our lives.

Let me repeat myself:

Complacency is not a characteristic that is naturally selected for.

4:48 AM PT: Update:  Thank you, whoever, for the Wreck List.  It's kind of like lancing a boil...

Extended (Optional)

Originally posted to Jaime Frontero on Fri Jul 12, 2013 at 09:21 PM PDT.

Also republished by The First and The Fourth.

Your Email has been sent.