Hi everybody !
My pcs (ubuntu), my smartphones (android) and even my internet boxes have been hacked for monthes by perverse and skilled hackers who could spy me through microphones and webcams, steal some texts I’ve wrote, spy my web activities despite of my VPN (Nordvpn), ‘play’ with my internet boxes as well as the screensavers and the fans of my pcs, etc. I’m pretty sure it’s still the case despite of the re-installation of Ubuntu on one machine and Qubes on the other.
Once a machine has been hacked, it’s better to buy another… So I intend to compound my own machines : one for my work totally offline (with no wifi/bluetooth card), and another (with no microphone and no webcam ) exclusively reserved for my web activity (researches on startpage and/or duckduckgo, mails, bank operations, buying/selling stuff, downloading images, documents and updates/upgrades and packages for my offline machine, uploading some work, etc.). Of course, I will chose the hardware configuration to be able to take these machines with me everywhere I go, to avoid any physical access.
Assuming that I’m personally targeted by skilled hackers, which configuration should be the best to protect myself from spying my web activities, datas exfiltrations and corruption of the packages destined for my offline machine : Tails with Tor over VPN, or Qubes + Whonix Vm over VPN ?
In fact, I see 3 advantages in using Tails :
_ the rapidity due to no virtualization and the usage of the RAM.
_ the possibility of avoiding any admin access by setting no admin password at the start of a session.
_ the possibility of avoiding corruption of the Tails image by installing it on a usb key with write protection.
What bother me in Qubes is its persistent aspect : once Qubes is corrupted, it’s definitively dead. And we can’t know if Qubes is corrupted or not. Whereas if Tails is installed on a usb key with write protection, if I store and install nothing persistent (except the official Tails updates/upgrades), even if hackers manage to corrupt a session, I am sure to have a new clean session at every start. So I can manage things like this : when I am at home, my hackers knowing my IP address can probably corrupt my Tails session and spy me, so I have to avoid sensitive web activity. But every new session will be clean, which will force them to start all over again. And I’ll only need to launch a new clean session from a public spot hazardously selected to dodge my hackers. (unless if they can steal my MAC address and are able to find me thanks to it : is it possible ?)
If I launch Tails from a usb key with write protection, if I store and install nothing persistent (except the official Tails updates/upgrades) and if I launch each session with no admin password to avoid any admin access, is it possible to corrupt my Tails session and steal my datas, spy my web activities, corrupt packages downloads, etc. ? Is it possible to corrupt my machine (Bios…) ?