Dear LibTech, I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. First, the security and operational models are very interesting. In fact, I think this is probably the most secure end-user laptop OS currently on the mainstream market. Namely, Chromebooks use verified boot, disk encryption (with hardware-level tamper-resistance,) and sandboxing. This compounds with a transparent automatic update schedule from Google's Chrome team, which already has (from my experience) a truly superb reputation for security management. I'm looking at you, Adam Langley! The operating system itself is minimal. There is *much* less room for malware to be executed or for spyware to embed itself on the OS level. The difference in attack vector size between Chromebooks and Mac OS/Windows appears phenomenal to me. Of course, Chromebooks still have a filesystem and users are allowed to plug in USB drives, but due to the minimal nature of the operating system, its highly unusual strength of focus on security, and its relatively new nature, even malware delivered from these mediums may end up being much less common than in other platforms (Windows/Mac). I also feel that the minimal nature of Chromebooks leaves security considerations out of the way while offering an interface that is accessible to activists and journalists around the world. This accessibility is also a security feature! (I've long argued that accessibility should be considered a security feature.) Now, for the obvious (and unfortunate!) downsides: Chromebooks natively encourage users to store all of their data on Google, leaving the company with an unbalanced amount of control over these machines, and attracting itself as a compromise target relevant to Chromebook users. Another downside: No Tor. No PGP. No encryption software. Cryptocat is available for Chrome OS, but I can hardly say that's enough at all! The restricted, minimal nature of the operating system and the security-focused design of both the hardware and boot process are really appealing to me, and are the brunt of what makes me write this email. Should Chromebooks be recommended for activists and journalists in dangerous situations? As I've disclaimed above, this is only a theoretical discussion, please feel free to disagree and don't take me seriously just yet. :-) NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE