Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's exactly my motivation. I've been using these tunnels for a while, but I've never seen it packaged up neatly for anyone to use.


I think the ideal setup would be to have your laptop boot into a decoy "usable" install boot by default (autologin to admin, adjustable network settings), and have your actual install encrypted and completely locked down (i.e, have GRUB boot the decoy install without showing the menu, so you'd have to press Esc to show your other install).

That way, the tunnel wouldn't be running all the time, but if someone were to steal your computer, it would be available right away. For travelers, it'd also be useful at customs, since you could just show them your decoy install without raising any suspicion.

And of course, having regular offsite backups is a necessity regardless of what approach you take. This should only be a method of getting your hardware back, not your data.


My Cr-48 works like this now that I installed Ubuntu on it. Outside of developer mode, it only boots ChromeOS, in developer mode, I've set it up to still boot ChromeOS by default and I've got to run a pretty cryptic command to set the boot priority to Ubuntu. To the layman, the machine wouldn't appear to be anything but ChromeOS. Being cloud based, it's a great decoy OS (but provides no theft recovery options).


This is actually surprisingly hard to do with Macbooks. TrueCrypt currently only supports whole disk encryption for OSX and PGP Whole Disk Encryption's partition encryption is still somewhat experimental. Even if one does get this working, one needs to chain load PGP's BootGuard decrypter after one selects the alternate partition using the default EFI Boot screen when holding the option key - which the relevant bits for EFI configuration are for the most part undocumented and chainloading is not "supported" by the official PGP tools.

The next best option seems to replace EFI Boot with rEFIt and clone the behavior...

I can go on, but maybe you're beginning to see why this quickly turns into a bit of a rabbit hole.


Well, I was thinking of doing this with Linux, since that's what I use. I'd have Windows be the decoy install and use LUKS for dm-crypt to encrypt the Linux install at the system level. And setting up the default boot with no countdown in GRUB is trivial. All the pieces are there, and while there's no definitive guide on how to do it, I don't reckon it would be very difficult. Since I don't use Macs, I have no idea whether this approach would be feasible for them as well.

The main thing holding me back is that now that I've moved to an SSD, my laptop only 64 GB of space, so I'd rather not waste 10 GB on a decoy Windows install. Perhaps once I get a bigger SSD.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: