building a new computer. want to be able to trust it 100% for at least a moment. i can't figure out how to "buy" a trusted copy of any linux and don't have any machines i have 100% trust in (who does), so can't burn it. current plan is to buy a chromebook solely for the purpose of downloading and burning ubuntu. alternatively, buy MSWindows, install on the new machine, burn, and then replace
but this mental exercise has convinced me that security is almost impossible in this day and age
One thing that helps a lot in this situation is to plan based on threat model. There’s no such thing as 100% trust, but you can have a computer which is safe for e.g. <thing>. It’s pretty crucial to pick one or two specific <thing>s and focus only on those.
If you just want to browse the darknet and see what the markets are like, for example, Tor on your current computers is fine.
If you’re wanting to make a purchase and you’re worried that your existing computers will narc on you, your plan of buy laptop + use ubuntu is A+.
If you want a computer to store information on, Edward Snowden style, you’ll need to take increasingly serious steps. Use tails as a baseline. (Note: I’ve been out of the game since 2016, so take this with salt.)
If you’re literally dodging the NSA, you need to put on a full face mask in winter, plan a route to a store you’ve recon’d, buy clothes with cash from goodwill, carry them in a trash bag as you walk out of your neighborhood, sneak in between two houses in the dead of night and put the outfit on + mask, walk to a taxi, have it take you near (but not to) the electronics store, buy yourself a burner phone + a few USB wifi dongles + anything else you want completely unlinkable to you (you’re on cameras), pay for all of it while getting some strange and worried looks that you’re going to rob something, then do the entire process in reverse until you’re back at your house with your untraceable electronics.
I did all that, and even then I was likely making some small mistake that would’ve blown everything.
Yet the city wide surveillance drones (god eye) will still have a nice little record of you that they can ID you with. And you sneaking around in the middle of the night putting on masks will probably get you in serious trouble. It never really occurs to you when you’re doing this sort of thing to stop and consider whether you’re just doing crazy things. (It’s tempting to believe the answer is “no,” especially the more you want to believe it.)
Suffice to say, threat modeling is key, and it’s worth thinking carefully about what exactly you want to accomplish.
> If you’re literally dodging the NSA, you need to...
Or just make friends with an developing-world advance-fee scammer, and then pay them to have one of their cash mules buy and send you (that is, an empty house somewhere in your city) a laptop.
That's an interesting idea I hadn't considered. But it involves a lot of the same problems: you need to get from where you are to where the laptop is, and back, without popping up on any sensors.
There are a lot of sensors. Gait detection + god eye is what convinced me this is probably impossible.
In my case, I was using NSA as a threat model for added security against the actual threat (cartels), so I wasn't as paranoid as I needed to be for NSA dodging. But in your case, you have quite a chicken-and-egg problem of getting that laptop to your doorstep in an untraceable way.
One optional step that I took, which is probably useless, is to live close to a wifi source that you can tap into from long range. I used a directional wifi antenna to a local restaurant. That way, if you do screw up and blow your opsec, it's traced to somewhere close but not equal to you.
(It's probably useless because once your physical location is traced, you're basically doomed – all they'd have to do is realize that someone's using the restaurant as a proxy. It's also quite unethical, since you're illegally using someone's equipment in a way that could very well land them in prison, depending on what you're doing. "Reasons not to fight the cartels" could fill up several notebooks, which is what ultimately persuaded me to stop trying.)
> you need to get from where you are to where the laptop is, and back, without popping up on any sensors.
Why? As far as They can tell, you're going to a house you've never been to before with no precedent for why, picking up an unlabelled brown box, and returning home.
The NSA would know you did that — but they wouldn't be able to connect it to a laptop in order to intercept/MITM it into being an insecure device (or to note down its MAC address for when you go online with it), since the "logistics chain" would be one entirely disconnected from you right until the moment you showed up at the house. To bug the laptop, they'd have to literally rip it out of your hands. Until the moment you pull into that house's driveway to pick up the parcel, they don't know it's your laptop (or what it is at all, really) so they don't know they should be trying to intercept it.
(And yes, They would likely have footage showing some other person dropping the unlabelled brown box off in the house's parking lot — but that would be a person who is not flagged as a Person of Interest in any NSA system, but rather some bright-eyed innocent college kid who had started a "new job" to "earn money fast" by "delivering parcels" just the day before. Parcels they pick up and re-box at AirBnB single-day rentals, rented just for the purpose of receiving that one parcel by the money-launderer.)
Replace "laptop" with "box full of dirty money" and this exact thing is done hundreds of times every day, with the NSA being able to do roughly zilch about it. "Cash mule" wouldn't exist as a profession if the transactions they facilitate could just be deanonymized+disintermediated in real time.
Point being, it's not foolproof. If some clever undergrad is thinking about dodging the suits, win by fooling them, not by fighting them.
If you do insist on fighting, though, start at https://www.whonix.org/wiki/Mental_Model and then read the entire Whonix wiki https://www.whonix.org/wiki/Documentation. It's what I used when I was serious about dodging the cartels, and that knowledge will protect you as much as anything will.
(You'll hopefully conclude that the protection is too brittle to risk your life, as I did.)