Matt McCutchen's Web SitePersonal computing and information security  (Top, Bottom).  Email me about this page.

My personal computing setup and information security

Status: current; 1995-present (supersedes any conflicting remarks left on this page; see the home page for definitions)

The meta page covers methods of communicating with me and technicalities of this web site, including the security aspects in both areas.  Here are details of my email setup.

I've been passionate about information security for almost my entire life, though I often do a poor job of prioritizing security issues against each other or other things in life.  In childhood, my approach was "take every opportunity to set a password"; later I developed a better understanding of what measures are necessary and sufficient for security.  I grew up using Windows 3.11, then 95, then NT and 2000.  Around 2003, my parents bought me my own laptop and I began to dual-boot Windows and Linux: initially Red Hat Linux 9, soon moving to Fedora, which I have used ever since.  My use of Windows decreased over time, but even today, I use it regularly for applications I need that run on Windows but don't run well or at all on Linux, and I test my changes to certain software projects (as of 2020-09-02, Braid and Escape) on Windows.  I have never used Mac OS personally, though I used it at school for many years.

In parallel, I used a series of PDAs, at first rudimentary ones and then moving to Palm OS around 2002.  I synchronized my Palm OS PDAs first with the official Windows software and later with Evolution via gnome-pilot.  I was probably the last serious user of Evolution's Palm OS synchronization support, given that I was often the one to fix bugs introduced upstream that completely broke synchronization.  When Evolution finally dropped Palm OS synchronization support in 2012, rather than maintain it myself, I decided to move my mobile personal information management to Android.

A turning point in security came in 2008 when I enabled full disk encryption on my Linux installation, stopped entering login information for personal accounts into machines I didn't control, and began trying to isolate untrusted software on my machine, initially using another local Linux user.  As I had a greater need to interact with trusted and untrusted graphical applications at the same time, I wrote scripts to manage a VNC session to the untrusted user and regulate clipboard transfer back and forth, but there were serious security gaps I never plugged, most notably the ability of any local user to connect to sensitive services listening on the loopback interface.  Eventually I realized I was starting to make an inferior reimplementation of Qubes OS (thanks go to Manuel Amador for introducing me to it), and in October 2014, I took the plunge to Qubes OS.  At the time, it had numerous annoying bugs and limitations, but it has improved dramatically since then.  I heartily recommend Qubes OS if you can stand it; my dream for the future is to offer laypeople a smooth adoption path from application-based isolation with some safeguards sacrificed to usability, as seen in mainstream mobile OSes, to management of VMs containing custom combinations of applications with all safeguards in place, as in Qubes OS.

I currently use Qubes OS to wall off certain things I know I don't fully trust, but I still have one big "main" VM containing most of my personal data and customizations that date back to my initial adoption of Linux in 2003; any security compromise since then could still be affecting everything I do, though I have never detected any.  I have never made a "fresh start" to create a higher-security environment to which I could start doing the legwork to move critical processes, nor have I worked to reduce large attack surfaces like my browser and email client.  I hope to buy a new, trustworthy laptop and make a "fresh start" soon.

When practical, I avoid giving account credentials to a less-trusted VM if the account is used for anything unrelated to that VM, instead trying to find a way to allow the VM to access only the data it should.  My most common scenario is synchronizing a git repository in a less-trusted VM with a hosting service.  Either I manually pull the data into the main VM and push it to the hosting service (or the reverse process) or I use an ssh forced command to allow the less-trusted VM to access only the single repository on the hosting service via the main VM using the credentials stored there.

My main cell phone is a mainstream Android phone running LineageOS (that provided the best combination of practicality and security in 2015) and an absolute minimum of closed-source native applications, given my assessment that an acceptable (to me) level of isolation of privacy-sensitive data from native applications is infeasible on Android.  I run most closed-source applications, including Google Play Services, on a second Android phone that is turned on only while I'm using it.  I similarly hope to make a "fresh start" of my primary mobile environment with a mainstream Linux-based environment on a trustworthy phone such as the PinePhone, but keeping attack surface down on hardware not powerful enough to run Qubes OS will be hard.

All of my core personal information management processes store data locally and synchronize it directly between my laptop and my phone.  The way I currently achieve this is a pile of hacks (Android is clearly designed to favor the use of hosted services) but is holding together for now.  I used the classic "contacts, calendar, tasks, notes" silos for many years until I moved to Org in 2016, hoping to benefit from the true integration of events and tasks with notes, but unfortunately I never experienced enough value from that integration to be motivated to maintain events and tasks in structured form.  Org is still great for hierarchical notes.

There is much more I haven't bothered to write.  If you'd like to know more about anything, please email me.


Matt McCutchen's Web SitePersonal computing and information security  (Top, Bottom).  Email me about this page.
Modification time of this page's main source file: 2020-09-02 17:57:57 +0000
Except where otherwise noted, Matt McCutchen waives his copyright to the content of this site.  This site comes with absolutely no warranty.  Why?