由 乔纳森·特拉西
2020 五月 15日, 9:58 上午
通过这个,本系列的第四个也是最后一个条目,你应该掌握信息安全基础知识。让我们先盘点一下,然后再继续往下探究。
您已经检查了多种攻击媒介以及关闭它们的方法。在观察它们的模式时,您已经了解了固有的在线暴露的弱点,因此需要干预。
您了解到,处理您的通信的任何软件或运营商都控制着它。信息安全打破这种保留。为此,您可以尽可能在可能时对中间商进行切除,或者在未这样做时通过它们加密连接。
在这个过程中,你还发现人类不擅长设计真正的随机输出,所以你不能假设你的大脑认为的密码是随机的。我们最明显的弱点是我们倾向于自动信任我们的本能评估。当人们要求敏感信息时,这种正常偏见也会降低我们的警惕。
第2类对手不可轻视,但他们的资源是有限的。如果你装备得够多了,他们会放弃,并转向一个更容易的目标。
在面对第3类的威胁时,你学到的一切都会升级到一个全新的偏执狂水平。第 3 类对手在功能上拥有无限的资源来追求顶级目标。
通常被称为"民族国家行为者"或"高级持续威胁"(APTs),他们背后有税收、国家主权和法律。
具有极端偏见的教皇
在继续之前,请考虑以下事项。
首先,我们系列的这一部分指南几乎肯定不适用于您。你可能会觉得它很有趣,你可能会从中获得些什么。但是,从统计学上讲,您永远不会面临这种程度的威胁。
如果由于某种原因,本指南确实适用于您,您将需要比我提供的更多的帮助。目前,我将无法抵御一个民族国家。我也没见过谁能抗拒一两个多月。
与其把本指南作为防御民族国家的权威之词,不如把它作为进一步研究的起点。我建议接下来学习电子前沿基金会的监视自卫手册,然后学习开源社会大学学位课程。
你应该咨询更多有价值的资源,但这些都是一个适度的开始。正如信息量所暗示的,你需要一个全面的计算机科学背景来抓住机会。
其次,即使您只练习本文介绍的技术,您的操作安全性 (OPSEC) 也必须无可挑剔。也就是说,你可能会失败。
OPSEC 是您遵守威胁模型规定的安全控制措施的纪律。正如我在本系列开始时指出的,安全以方便为代价,当您面临最终威胁时,牺牲便利是总体的。
这就是为什么最好的OPSEC从业者只让他们的追求者远离几年。所以,有一个应急计划以防你失败。只有你知道那是什么样子的。
那么,这个分期付款适用于谁呢?国家安全或国际事务记者,就一个。对于那些审查机密信息或敏感来源的人,这会加倍。秘密对民族国家来说是无价的,他们会不择手段地去追捕那些泄露出去的人。
高调的持不同政见者也会发现自己处于民族国家的十字线。这些持不同政见者主张政府认为极端到足以以任何手段证明沉默是正当的政策。
最后,军事技术研究人员应预测第3类攻击。民族国家同意工程师开发军事或经济优势的来源所有的时间,所以他们可以收集工作的副本并创造人人机会均等的局面。
相信没有 - 或零
理解计算中的"信任"非常重要。在这里,信任是不好的。具体来说,信任某样东西(如硬件或软件或维护它的实体)意味着您必须信任它来处理您的数据。在信任关系中,你无法抵御任何你信任的人:你只能希望它不会背叛你。
相反,采取不信任的姿态。如果没有信任,您就不必信任某些涉及数据的实体。通过实施措施,确保当实体试图破坏您时您不会受到伤害,从而达到此状态。
端到端加密是避免信任的一个示例。例如,VPN 使 ISP 无法窥探您,因此您不必信任它。
若要避免类别 3,您信任的实体数必须为零。
你的对手现在在军队里
政府对手是极其危险的,因为他们带来了政府承担的资源。
他们有巨大的预算。深口袋允许 ART 为专门的机构配备黑客。他们买得起昂贵的玩具,比如用于暴力攻击的超级计算机,或者零日漏洞(在灰色市场上找到)来制作定制漏洞。
民族国家享有的另一个优势是有权给予其代理人法律豁免权。用技术专家克里斯·索霍安(Chris Soghoian)的一种说,就像士兵可以在不坐牢的情况下杀人一样,政府黑客可以不受惩罚地危害你。这是黑客寻求有报酬就业的主要吸引力之一。
最后,政府行为者可以采用法律胁迫手段。简单地说,他们可以订购数字服务提供商来出卖你。法律支持的操作范围从请求您的数据到命令令人信服的服务提供商插入后门。其他程序中的代码片段允许根访问任何知道其工作方式的人,因此监视用户变得微不足道。
不可能详尽地列出民族行为者实际使用的技术。对他们来说,很少有壮举是不可能的。他们针对目标部署的武器是民族国家愿意采取什么行动来确定目标的问题。
有这么多的目标,你,假想的猎物,不太可能是接近APT的榜首。因此,你有一个开口:让它如此繁重的攻击你,以至于它不值得战略回报。你不一定知道临界点是什么, 但如果你确定你被 Apt 追捕, 你必须尝试。
话虽如此,让我们深入探讨对策,并一路上解释它们要对抗的目标。对第 3 类的防御涉及两个注意事项:使用的工具和使用它们所需的 OPSEC。
这是我的电脑。有很多人喜欢它, 但它是我的。
真正理想的方法是通过木屑器运行您的设备,在高炉中焚烧碎片,将遗骸扔进海洋。如果这不是一个选项,请继续阅读。
如果你为了保护您的计算机而努力,那是因为你需要它来进行通信。所有通信由某些提供商进行调解,首先选择一个致力于保护用户隐私的通信。
一个好的赌注是选择一个电子邮件提供商,聊天服务器等纳入你的敌人的管辖范围之外的物体。然后,您的对手政府必须让提供者的政府执行记录请求,而后者不会总是默许这些请求。
接下来,您应该要做的是将所有通信路由到 Tor。Tor 是一个网络,旨在通过在将用户流量路由到正确的目的地之前对所有用户流量进行洗牌来使用户匿名。
本质上, 它把一个 VPN 类固醇.VPN 的弱点是,一个中等能力攻击者可以绕过它。VPN 对可以看到客户端连接到 VPN 或 VPN 服务器连接到 Internet 的对手有效,但两者不能同时看到。
ISP 适合此配置文件,因为他们只看到您的设备连接到 VPN。但是,在顶级类别 2 处或上面的敌人可以观察 VPN 两侧的流量。如果他们看到您的设备点击VPN,然后瞬间看到VPN点击一个网站,他们可以把两个和两个放在一起。
Tor 使用三个连续代理,而不是像 VPN 那样通过一个代理进行路由。从逻辑上看,您的流量从设备到 Tor 节点 A,从 Tor 节点 A 到 Tor 节点 B,从 Tor 节点 B 到 Tor 节点 C,最后从 Tor 节点 C 到目的地。
沿着这条路径,您的连接被三步加密:B-C 腿用 C 的密钥加密,A-B 腿加密与 B 的密钥,设备-A 段与 A 的密钥,按此顺序加密。这样,虽然 A 知道你是谁,但不知道你要去哪里。相应地,C 将知道您的连接将位于哪里,但它不会知道是谁提出了请求。
这使得通过 Tor 网络跟踪流量变得困难,使在 VPN 上起作用的关联攻击复杂化。 哦,为了好,Tor 每五分钟切换一次您使用的节点。
Tor 提供 Tor 浏览器,这...允许您通过 Tor 浏览。但是,这仅保护您的 Web 浏览,因此我并不是在谈论此内容。您必须配置您的系统,以路由所有互联网流量通过 Tor。这过于依赖于系统,不能在这里描述,但有关于如何做到这一点的指南。
但是,设置一旦设置好,您的设备通过 Tor 发送或接收所有筛选器。假设您不做任何对自己的事情(OPSEC 的问题,下面讨论),这会使您的流量在功能上匿名。
使用 Tor 并不排除一个民族国家监视你,但它确实迫使它攻击 Tor 本身,而不是要求第三方的记录或嗅探您的连接关闭点击互联网主干。这些源包含您的活动跟踪,但不包括您。
与 Tor 一样,隐藏通信源需要 MAC 地址欺骗。MAC 地址是设备网络接口控制器 (NIC) 的唯一硬件序列号。
您的设备 NIC 将其 MAC 地址捆绑在它发送的每个数据包的元数据中。使用 MAC 欺骗,您的软件将任意 MAC 替换为数据包中的硬件 MAC。没有这一步,一个知道你的 MAC 地址的民族国家不会被 Tor 愚弄。
对抗高口径的对手,你还必须把你的加密交易到PGP。尽管存在学习曲线,但 PGP 密钥仍提供一些功能最强大、功能最全的加密技术。
简而言之,PGP 密钥成对工作:一个可以解密其他加密的任何东西。如果您将其中一个二重奏交给任何想与您沟通并保留其他内容的人,任何人都可以加密只有您才能解密的邮件。
PGP 密钥的优势在于它们可以在任何地方加密任何内容。无论是电子邮件内容、文本文件、视频和音频,还是发布到 Web 上的文本,PGP 都可以对其进行加密。另一个巧妙的技巧是,它可以对数据进行签名,以肯定地将其归于密钥的创建者。如果使用得当,PGP 将被证明是高度可靠的。虽然它从90年代就已经存在了,但到今天,它仍然不间断。
任何抵御 ART 的希望也意味着切换到开源操作系统 (OS)。实际上,这意味着在桌面设备(即台式机或笔记本电脑)上安装 Linux 或 FreeBSD。安卓不够好 (我稍后再解释) 。开源 OS 不一定比专有的更安全,但由于其源代码可供公众使用,因此可以对其进行审核以发现篡改。
开源的 性 OS 在很多司法管辖区开发,因此您保证在对手的掌握之外找到一个。与域外通信提供商一样,OS 外国开发人员将它们与法律命令隔离。
无论您选择什么操作系统,也启用全磁盘加密。我已说了很多关于加密通信的很多问题——传输中的数据——但您也可以在休息时加密数据。如果没有加密,硬盘上的数据以可读形式存储,这意味着任何抢夺硬盘的人都可以看到您的所有文件。加密硬盘不仅可保护用户文件(如文档、视频等),还可保护操作系统的核心文件。
不幸的是,这仍然是不够的 - 它不是那么简单。想想看:如果计算机磁盘上的整个操作系统被炒了,您的计算机如何知道如何启动?答案是不会的。因此,实际上,即使在全磁盘加密下,OS 的一小部分启动数据也是未加密的。
这让你可以攻击,如果你的对手部署了一个团队闯入你的家,弹出你的硬盘驱动器,用自己的 boot code with ,替换你的启动代码,并弹出它回来。每次后续启动,您的计算机似乎都会正常运行,但会无形中执行对手想要的任何操作。不好
输入安全启动。基本上,安全引导是一个主板固件过程,只有在未加密的启动扇区上的签名检查出来时,才允许启动。大多数现代计算机默认这样做,但使用制造商的密钥,这意味着您信任它。尽管这很棘手,但您可以创建自己的加密密钥,对操作系统的启动扇区进行签名,然后将密钥闪存到安全启动寄存器。
这里也有障碍如果你的对手对你的硬件本身有错误,那么到目前为止,你所做的一切都不能帮助你。为此,有开放的硬件。这目前不如开源成熟,但它体现了相同的概念:透明规范允许检测篡改。
打开硬件处理的漏洞不是理论上的。这是孩子的发挥,重新闪烁计算机的BIOS(主板固件)与后门看起来像。国家行为者也可能以某种方式破坏英特尔的管理引擎,一个微小的,完全不透明的操作系统运行在您的计算机的操作系统下。如果这不起作用,你的政府可以只拦截你的新电脑,或者把它拿到你现有的电脑上,并在它插入一个错误。
虽然我刚刚触及第 3 类攻击媒介的表面,但所有这些缓解措施都是必要的,而且比例应该表明,这些对手不是玩笑。
OPSEC: 锐化战士, 而不是武器
OPSEC 是民族国家威胁模型的另一半。没有无懈可击的OPSEC,你所有的工具都一文不值。
首先,扔掉你的手机。配备蜂窝基带的设备(统称为"移动设备")经过完美优化,可以跟踪您。首先,您的移动设备在实时向运营商报告您的位置时,会显示不可欺骗的硬件序列号。
这让你从暴露你的一举一动到一个法律秩序。如果您的移动设备就在附近,桌面设备是否安全。然后,你的对手总是可以打开麦克风。
那么,为什么不重复一下你为桌面所做的呢?你不能
第一,您不能安装完全开源的软件。在没有专有驱动程序的情况下,在移动设备上安装纯开源 Android 几乎是不可能的,根据法律,蜂窝基带必须包含用于射频合规性的专有固件。
第二,移动设备不允许使用自定义密钥运行安全启动。
三、移动开放硬件未做好黄金时段的准备,所以必须信任硬件。
最后,在体系结构上,SIM 是移动设备的主控,它可覆盖您所做操作的任何事情。随着移动设备充满了致命的,不可避免的漏洞,在这个奇怪的游戏中,唯一的制胜动作是不要玩。
此外,请仔细选择您的网络。显然,你不应该从你的家庭网络连接,但不要把所有希望都寄托在 Tor 上。始终假设您的 IP 已暴露。切也切从不登录到同一网络两次。相反,在不留下模式的情况下,在公共网络中旋转。
由于您将前往使用网络,您还需要练习基本的反智能技术。能够判断您是否在物理空间中尾随。
不过,反情报并没有止步于此。您还必须知道如何确定您的联系人是否已泄露。联系某人的最简单方法是通过他们的同事。在数字上下文中,这通常不是被变成间谍惊悚片,而是有一个设备被泄露,以监视您的互动。
这里的补救措施是确保您的联系人忘记您,或者他们一起练习本指南中的一切。沟通是双向的。如果您的同事在这些步骤中失败,则结果与失败相同。
如果你希望保持"正常"的生活,你必须严格地分叉你的"安全"和"正常"生活。切不可在此划分的设备、帐户或平台之间传输任何文件、消息或其他数字项目。
此外,不要在每个"生活"中以类似的方式行事。模式,如同时打开选项卡的内容或访问网站的顺序足以识别您的唯一行为。
总之,除非您完全考虑通过,否则不要采取行动。
路径在哪里结束,荒野开始
在这一点上,我已经说了我的所有。。一个人可能面临第 3 类威胁的原因如此之多和个人,只有您才能确定如何最好地应用此处的工具和技术。
尽管第 3 类目标还有许多需要做的事情,但无论面临什么威胁,阅读此目标的人都应该具备重新评估威胁模型并扩展工具集的能力。
安全是一段旅程,但只有部分路被开辟。祝你好运,愿你有锋利的砍刀。
How to Stay Safe on the Internet, Part 4: Fighting the Power
By Jonathan Terrasi May 15, 2020 9:58 AM PT
How to Stay Safe on the Internet, Part 4: Fighting the Power | Web Apps | TechNewsWorld
By this, the fourth and final entry in this series, you should have a grasp of information security basics. Let's take stock of them before continuing down the rabbit hole.
You've examined a variety of attack vectors and ways to close them off. In observing their patterns, you've learned the weak points that are exposed inherently online, and thus require intervention.
You've learned that any software or operator handling your communication controls it. Information security comes down to breaking this hold. To do that, you either excise intermediaries when that is possible, or you encrypt your connections through them when it isn't.
In the process, you also discovered that humans are bad at devising truly random outputs, so you can't assume that passwords your brain thinks up are random enough. Our most glaring weakness is our tendency to trust our instinctual assessments automatically. This normalcy bias also lowers our guard when people request sensitive information.
Category 2 adversaries are nothing to sneeze at, but their resources are finite. If you armor up enough, they will give up, and move onto an easier comparable target.
In confronting the threat of category 3, everything you have learned ratchets up to a whole new level of paranoia. Category 3 adversaries have functionally unlimited resources for pursuing top targets.
Often called "nation-state actors" or "advanced persistent threats" (APTs), they have tax revenue, national sovereignty and the law behind them.
Pontificate With Extreme Prejudice
Before continuing, consider the following.
First, the guidance in this part of our series almost certainly doesn't apply to you. You may find it interesting, and you probably will gain from it. However, statistically, you will never face this level of threat.
If for some reason this guide does apply to you, you are going to need significantly more help than I can provide. At present, I would fail at fending off a nation-state. I don't know anyone who could resist one for more than a month or two, either.
Rather than taking this guide as the authoritative word on defense against nation-states, use it as a jumping off point for further research. I recommend studying the Electronic Frontier Foundation's Surveillance Self-Defense manual next, followed by the Open Source Society University degree track.
There are many more worthy resources you should consult, but these are a modest start. As the volume of information implies, you need a thorough computer science background to stand a chance.
Second, even if you practice only the techniques that this piece presents, your operational security (OPSEC) must be impeccable. That is, you will probably fail.
OPSEC is your discipline in following the security controls prescribed by your threat model. As I noted at the outset of this series, security comes at the cost of convenience, and when you are facing the ultimate threat, the sacrifice of convenience is total.
That's why the best OPSEC practitioners keep their pursuers at bay only for a few years. So, have a contingency plan for when you fail. Only you will know what that looks like.
So who does this installment apply to? National security or international affairs journalists, for one. This goes doubly for those reviewing classified information or sensitive sources. Secrets are invaluable to nation-states, and they will stop at nothing to hunt down those that leak out.
High-profile political dissidents also can find themselves in nation-states' crosshairs. These dissenters advocate policies that governments view as extreme enough to justify silencing by any means.
Finally, military technology researchers should anticipate category 3 attacks. Nation-states compromise engineers developing sources of military or economic advantage all the time, so they can glean a copy of the work and level the playing field.
Trust No Ones - or Zeroes
It's important to understand "trust" in computing. Here, trust is bad. Specifically, trusting something, like hardware or software or the entity that maintains it, means you have to trust it with handling your data. In a trust relationship, you can't defend against whatever you're trusting: You can only hope it doesn't betray you.
Instead, adopt a no-trust posture. Without trust, you don't have to trust some entity that touches your data. You reach this posture by implementing measures ensuring you're not harmed if the entity tries undermining you.
End-to-end encryption is an example of obviating trust. A VPN, for instance, renders an ISP incapable of snooping on you, so you don't have to trust it.
To stave off category 3, the number of entities you trust must be zero.
Your Adversaries Are in the Army Now
Government adversaries are extremely dangerous because they bring a government's resources to bear.
They have enormous budgets. Deep pockets allow APTs to staff dedicated agencies with hackers. They can afford expensive toys, like supercomputers for brute force attacks, or zero-day vulnerabilities (found on the gray market) for crafting custom exploits.
Another advantage nation-states enjoy is the power to grant their agents legal immunity. To paraphrase technologist Chris Soghoian, just as soldiers can kill people without going to prison, government hackers can compromise you with impunity. It's one of the main attractions for hackers who seek gainful employment.
Finally, government actors can employ legal coercion. Simply put, they can order digital service providers to rat you out. Legally supported actions can range from requests for your data to orders compelling service providers to insert backdoors. Snippets of code inside other programs allow root access to anyone who knows how they work, making it trivial to spy on users.
An exhaustive listing of the techniques nation-state actors actually use is impossible. Few feats are impossible for them. The weapons they array against their targets are a matter of what nation-states are willing to do to nail a target.
With so many targets, it's not likely that you, the hypothetical prey, are near the top of an APT's list. Thus, you have an opening: Make it so onerous to attack you that it's not worth the strategic payoff. You can't necessarily know what the tipping point is, but if you are sure you are hounded by an APT, you have to try.
With all of that said, let's dive right into countermeasures, and I'll explain along the way what they aim to counter. Defense against category 3 involves two considerations: the tools to use, and the OPSEC required to use them.
This Is My Computer. There Are Many Like It, but This One's Mine.
The truly ideal approach would be to run your devices through a woodchipper, incinerate the shards in a blast furnace, and throw the remains into the ocean. If that's not an option, read on.
Odds are if you are laboring this ardently to secure your computer, it's because you need it for communication. All communication being mediated by some provider, start by picking one that is committed to protecting user privacy.
A good bet is to choose an email provider, chat server, etc., that is incorporated outside your enemy's jurisdiction. Your adversary government then has to inveigle the provider's government to execute the records request, to which the latter will not always acquiesce.
The next thing you should do is route all your communications through Tor. Tor is a network designed to make users anonymous by shuffling around all user traffic before routing it to the proper destinations.
Essentially, it puts a VPN on steroids. A VPN's weakness is that a moderately competent attacker can get around it. VPNs are effective against adversaries that can see either the client's connection to the VPN, or the VPN server's connection to the Internet, but not both.
ISPs fit this profile, since they only see your device connecting to the VPN. However, foes at or above the top tier category 2 can observe traffic on both sides of VPNs. If they see your device hit the VPN, and then an instant later see the VPN hit a website, they can put two and two together.
Instead of routing via one proxy, as VPNs do, Tor uses three consecutive proxies. Schematically, your traffic travels from your device to Tor node A, from Tor node A to Tor node B, from Tor node B to Tor node C, and finally from Tor node C to your destination.
Along this path, your connection is triply encrypted: the B-C leg is encrypted with C's key, the A-B leg with B's key, and the device-A leg with A's key, in that order. This way, although A knows who you are, it doesn't know where you're going. Correspondingly, C will know where your connection is going, but it won't know who made the request.
This makes it difficult to follow your traffic through the Tor network, complicating the correlation attacks that work on VPNs. Oh, and for good measure, Tor switches the nodes you use every five minutes.
Tor offers the Tor Browser, which… lets you browse via Tor. However, that protects only your Web browsing, so I'm not talking about that. You have to configure your system to route all Internet traffic through Tor. This is too system-dependent to delineate here, but there are guides on how to do this.
Once this is set, though, everything your device sends or receives filters through Tor. Assuming you don't do anything to out yourself (a matter of OPSEC, discussed below), this makes your traffic functionally anonymous.
Using Tor does not preclude a nation-state from spying on you, but it does force it to attack Tor itself instead of demanding records from a third-party or sniffing your connection off taps on the Internet backbone. These sources contain traces of your activity, but are not attributed to you.
Along with Tor, concealing the source of your communications requires MAC address spoofing. A MAC address is a unique hardware serial number for your device's network interface controller (NIC).
Your device NIC bundles its MAC address inside the metadata of every packet it sends. With MAC spoofing, your software substitutes an arbitrary MAC for your hardware MAC in the packet instead. Without this step, a nation-state that knows your MAC address won't be fooled by Tor.
Against high-caliber adversaries, you also have to trade up your encryption to PGP. Despite their learning curve, PGP keys provide some of the most powerful and versatile encryption around.
In a nutshell, PGP keys work in pairs: One can decrypt anything the other encrypts. If you hand out one of the duo to anyone who wants to communicate with you and keep the other for yourself, anyone can encrypt messages that only you can decrypt.
The strength of PGP keys is that they can encrypt anything, anywhere. Whether it's email content, text files, video and audio, or even text posted on the Web, PGP can encrypt it all. Another neat trick is it can sign data to affirmatively attribute it to the key's creator. Properly utilized, PGP will prove highly dependable. Though it has been around since the 90s, to this day it remains unbroken.
Any hope of fending off APTs also means switching to an open source operating system (OS). In practice, this means installing either Linux or FreeBSD on your desktop device (i.e. desktop or laptop). Android isn't good enough (I'll explain later). Open source OSes are not necessarily more secure than proprietary ones, but because their source code is available to the public, it can be audited to discover tampering.
Open source OSes are developed in so many jurisdictions that you are guaranteed to find one outside your adversary's grasp. As with extraterritorial communication providers, OS foreign developers insulate them from legal orders.
Whatever OS you choose, enable full-disk encryption, too. I've said a lot about encrypting communications -- data in transit -- but you also can encrypt data at rest. Without encryption, the data on your hard drive is stored in readable form, meaning anyone who snatches your hard drive can see all your files. Encrypting your hard drive protects not just user files like documents, videos, etc. but your OS's core files as well.
Unfortunately, that's still not enough -- it's not that simple. Think about this: If your computer's entire OS on the disk is scrambled, how would your computer know how to boot? The answer is it wouldn't. That's why, in reality, a small bit of your OS's boot data is unencrypted even under full-disk encryption.
This leaves you open to attack if, say, your adversary deployed a team to break into your home, pop your hard drive out, replace your boot code with its own, and pop it back in. Every subsequent boot, your computer will seem to run normally, but will invisibly execute whatever it is your adversary wants. Not good.
Enter secure boot. Basically, secure boot is a motherboard firmware process that allows a boot only if the signature on the unencrypted boot sector checks out. Most modern computers do this by default, but with the manufacturer's key, meaning you're trusting it. Although it's tricky, you can create your own encryption key, sign your OS's boot sector, and then flash the key to your secure boot register.
There's a snag here, too. If your adversary bugs your hardware itself, nothing you've done so far can help you. For that, there's open hardware. This is currently less mature than open source, but it embodies the same concept: transparent specifications allow the detection of tampering.
The vulnerability that open hardware tackles is not theoretical. It's child's play to re-flash a computer's BIOS (motherboard firmware) with a backdoored lookalike. Nation-state actors also could somehow breach Intel's Management Engine, a tiny, totally opaque OS running underneath your computer's OS. If that doesn't work, your government can just intercept your new computer, or get its hands on your existing computer and insert a bug in it.
Although I've barely scratched the surface of category 3 attack vectors, the fact that all these mitigations are necessary and proportionate should make it clear that these adversaries are no joke.
OPSEC: Sharpening the Warrior, Not the Weapon
OPSEC is the other half of the nation-state threat model. Without unassailable OPSEC, all of your tools are worthless.
First and foremost, ditch your phone. Cellular baseband-equipped devices (collectively "mobile devices") are perfectly optimized to track you. For one thing, your mobile device expresses un-spoofable hardware serial numbers as it reports your location to your carrier in real time.
This puts you one legal order way from having your every move exposed. It doesn't matter how secure your desktop device is if your mobile device is nearby. Then there's always that microphone your adversary can turn on.
So, why not just repeat what you did for your desktop? Well, you can't.
One, you can't install fully open source software on it. It's practically impossible to install purely open source Android on a mobile device without proprietary drivers, and by law cellular basebands must contain proprietary firmware for radio frequency compliance.
Two, mobile devices don't allow you to run secure boot with custom keys.
Three, mobile open hardware is not ready for prime time, so you have to trust the hardware.
Finally, architecturally, the SIM is the master of your mobile device, letting it override literally anything you do. With mobile devices brimming with fatal, unavoidable vulnerabilities, the only winning move in this strange game is to not play.
Additionally, choose your networks carefully. Obviously, you never should connect from your home network, but don't pin all your hopes on Tor either. Always assume that your IP is exposed. Never log onto the same network twice. Instead, rotate through public networks without leaving a pattern.
Since you'll be traveling to use networks, you'll also want to practice basic counterintelligence techniques. Be able to tell if you're being tailed in physical space.
Counterintelligence doesn't stop there, though. You also must know how to figure out if your contacts have been compromised. The easiest way to reach someone is through their associates. In the digital context, this usually isn't being turned à la spy thriller, but having a device compromised to monitor interactions with you.
The remedy here is to ensure either that your contacts forget you or that they practice everything in this guide along with you. Communication is a two-way street. If your associates fail at any of these steps, the outcome is the same as if you failed.
To the extent that you hope to retain a "normal" life, you must bifurcate your "secure" and "normal" lives strictly. Never transfer any file, message, or other digital artifact between devices, accounts or platforms across this divide.
Moreover, don't behave in similar ways in each "life." Patterns like the contents of concurrently open tabs or the order in which you visit sites are enough to identify your unique behavior.
To summarize OPSEC, don't make a move unless you've completely thought it through.
Where the Path Ends, the Wilderness Begins
At this point, I've said about all I can. The reasons one might face category 3 threats are so numerous and personal that only you can determine how best to apply the tools and techniques herein.
Although there is much left for the category 3 targets to do, everyone who reads this should be equipped to reevaluate your threat models and extend your toolset, no matter the threat you face.
Security is a journey, but only some of the trail is blazed. Good luck, and may you have sharp machetes.
