Protecting sensitive data when giving the laptop to a technician [duplicate]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite
1













This question already has an answer here:



  • Encrypt home drive after installation

    2 answers



Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.



I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.



Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




boot security encryption




share|improve this question












marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 2




    Encrypting just your home folder is a common solution.
    – muru
    Aug 16 at 5:58






  • 1




    get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
    – Sergiy Kolodyazhnyy
    Aug 16 at 14:06














up vote
4
down vote

favorite
1













This question already has an answer here:



  • Encrypt home drive after installation

    2 answers



Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.



I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.



Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




boot security encryption




share|improve this question












marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 2




    Encrypting just your home folder is a common solution.
    – muru
    Aug 16 at 5:58






  • 1




    get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
    – Sergiy Kolodyazhnyy
    Aug 16 at 14:06












up vote
4
down vote

favorite
1









up vote
4
down vote

favorite
1






1






This question already has an answer here:



  • Encrypt home drive after installation

    2 answers



Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.



I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.



Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




boot security encryption




share|improve this question













This question already has an answer here:



  • Encrypt home drive after installation

    2 answers



Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.



I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.



Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?





This question already has an answer here:



  • Encrypt home drive after installation

    2 answers





boot security encryption





share|improve this question











share|improve this question




share|improve this question










asked Aug 16 at 5:42









Erel Segal-Halevi

84931732




84931732




marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









  • 2




    Encrypting just your home folder is a common solution.
    – muru
    Aug 16 at 5:58






  • 1




    get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
    – Sergiy Kolodyazhnyy
    Aug 16 at 14:06












  • 2




    Encrypting just your home folder is a common solution.
    – muru
    Aug 16 at 5:58






  • 1




    get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
    – Sergiy Kolodyazhnyy
    Aug 16 at 14:06







2




2




Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58




Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58




1




1




get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06




get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06










1 Answer
1






active

oldest

votes

















up vote
4
down vote













Important to note:



  • If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.

Short answer to:




Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




  • Encrypt your HOME directory (Can't protect you against all possibilities)

What you have to do?



  1. Don't give it to anyone you don't trust

  2. If you have to:

    • Remove the important parts (like hard disk).

    • Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )


If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.



  • As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.

  • Change the programs on your root to find the passphrase of encrypted home directory.

  • Or real attacks like investigating your memory, cloning your hard disk.

In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.



After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.



And remember as my explanations suggests, the device could be physically compromised too.



  • So... Don't give it to a bad guy.





share|improve this answer






















  • how can a device be physically compromised???
    – BЈовић
    Aug 16 at 8:33






  • 1




    @BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
    – GroundZero
    Aug 16 at 8:52










  • @BЈовић stick in a keylogger inside the laptop
    – muru
    Aug 16 at 8:52






  • 1




    they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
    – Matt
    Aug 16 at 10:40

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote













Important to note:



  • If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.

Short answer to:




Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




  • Encrypt your HOME directory (Can't protect you against all possibilities)

What you have to do?



  1. Don't give it to anyone you don't trust

  2. If you have to:

    • Remove the important parts (like hard disk).

    • Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )


If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.



  • As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.

  • Change the programs on your root to find the passphrase of encrypted home directory.

  • Or real attacks like investigating your memory, cloning your hard disk.

In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.



After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.



And remember as my explanations suggests, the device could be physically compromised too.



  • So... Don't give it to a bad guy.





share|improve this answer






















  • how can a device be physically compromised???
    – BЈовић
    Aug 16 at 8:33






  • 1




    @BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
    – GroundZero
    Aug 16 at 8:52










  • @BЈовић stick in a keylogger inside the laptop
    – muru
    Aug 16 at 8:52






  • 1




    they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
    – Matt
    Aug 16 at 10:40














up vote
4
down vote













Important to note:



  • If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.

Short answer to:




Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




  • Encrypt your HOME directory (Can't protect you against all possibilities)

What you have to do?



  1. Don't give it to anyone you don't trust

  2. If you have to:

    • Remove the important parts (like hard disk).

    • Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )


If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.



  • As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.

  • Change the programs on your root to find the passphrase of encrypted home directory.

  • Or real attacks like investigating your memory, cloning your hard disk.

In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.



After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.



And remember as my explanations suggests, the device could be physically compromised too.



  • So... Don't give it to a bad guy.





share|improve this answer






















  • how can a device be physically compromised???
    – BЈовић
    Aug 16 at 8:33






  • 1




    @BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
    – GroundZero
    Aug 16 at 8:52










  • @BЈовић stick in a keylogger inside the laptop
    – muru
    Aug 16 at 8:52






  • 1




    they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
    – Matt
    Aug 16 at 10:40












up vote
4
down vote










up vote
4
down vote









Important to note:



  • If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.

Short answer to:




Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




  • Encrypt your HOME directory (Can't protect you against all possibilities)

What you have to do?



  1. Don't give it to anyone you don't trust

  2. If you have to:

    • Remove the important parts (like hard disk).

    • Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )


If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.



  • As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.

  • Change the programs on your root to find the passphrase of encrypted home directory.

  • Or real attacks like investigating your memory, cloning your hard disk.

In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.



After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.



And remember as my explanations suggests, the device could be physically compromised too.



  • So... Don't give it to a bad guy.





share|improve this answer














Important to note:



  • If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.

Short answer to:




Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?




  • Encrypt your HOME directory (Can't protect you against all possibilities)

What you have to do?



  1. Don't give it to anyone you don't trust

  2. If you have to:

    • Remove the important parts (like hard disk).

    • Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )


If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.



  • As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.

  • Change the programs on your root to find the passphrase of encrypted home directory.

  • Or real attacks like investigating your memory, cloning your hard disk.

In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.



After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.



And remember as my explanations suggests, the device could be physically compromised too.



  • So... Don't give it to a bad guy.






share|improve this answer














share|improve this answer



share|improve this answer








edited Aug 16 at 14:00

























answered Aug 16 at 5:58









Ravexina

25.8k136288




25.8k136288











  • how can a device be physically compromised???
    – BЈовић
    Aug 16 at 8:33






  • 1




    @BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
    – GroundZero
    Aug 16 at 8:52










  • @BЈовић stick in a keylogger inside the laptop
    – muru
    Aug 16 at 8:52






  • 1




    they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
    – Matt
    Aug 16 at 10:40
















  • how can a device be physically compromised???
    – BЈовић
    Aug 16 at 8:33






  • 1




    @BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
    – GroundZero
    Aug 16 at 8:52










  • @BЈовић stick in a keylogger inside the laptop
    – muru
    Aug 16 at 8:52






  • 1




    they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
    – Matt
    Aug 16 at 10:40















how can a device be physically compromised???
– BЈовић
Aug 16 at 8:33




how can a device be physically compromised???
– BЈовић
Aug 16 at 8:33




1




1




@BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52




@BЈовић One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52












@BЈовић stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52




@BЈовић stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52




1




1




they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40




they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40


-

這個網誌中的熱門文章

Is there any way to eliminate the singular point to solve this integral by hand or by approximations?

圖片
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite 1 $$int_0^1 (1+(x^-p-1)^1-p)^frac1pdx, pin mathbbR, pge 1$$ I find that $x=0,1$ are singular points(discontinuous points of this integral), is there a way to eliminate those singular points to make sure that this integral can be calculated by hand or by Taylor approximations. In either cases, what are those steps of calculating the integral? calculus real-analysis analysis approximation share | cite | improve this question edited Sep 11 at 5:07 asked Sep 11 at 4:48 Mclalalala 126 8 1 What is $p$? Please give more information to make it complete. – xbh Sep 11 at 5:02 @xbh already fixed it, thanks for reminding. – Mclalalala Sep 11 at 5:10 Seems that $0$ is not singular here… [I might compute wrong] – xbh Sep 11 at 5:30 @xbh can you show me how to get the close formula for the integral above? – Mclalalala Sep 11 at 5:33
閱讀完整內容

Why am i infinitely getting the same tweet with the Twitter Search API?

圖片
up vote 0 down vote favorite My code workes perfectly for other queries, but for one query I am infinitely getting the same tweet. I can't understand what the problem is. API call: query='Allergic asthma OR Nonallergic asthma OR Occupational asthma OR EIB OR Exercise-induced bronchoconstriction OR Nocturnal asthma OR Cough-variant asthma' new_tweets = api.search(q=searchQuery, count=100, since_id=since_id, lang='en',tweet_mode='extended') if not new_tweets: print("No more tweets found") break for tweet in new_tweets: if True: print(jsonpickle.encode(tweet._json, unpicklable=False)) my_file = open('searchTweets.txt','a') my_file.write(jsonpickle.encode(tweet._json, unpicklable=False)+'n') my_file.close() else: continue Output in file: https://pastebin.com/JmRCsTeE These are the JSONs of the same Tweet. Other queries that work: Breast cancer OR Prostate cancer OR Colon cancer OR Lung cancer Type 2 dia
閱讀完整內容

Carbon dioxide

圖片
"CO2" redirects here. For other uses, see CO2 (disambiguation). Carbon dioxide Names Other names Carbonic acid gas Carbonic anhydride Carbonic oxide Carbon oxide Carbon(IV) oxide Dry ice (solid phase) Identifiers CAS Number 124-38-9   Y 3D model (JSmol) Interactive image Interactive image 3DMet B01131 Beilstein Reference 1900390 ChEBI CHEBI:16526   Y ChEMBL ChEMBL1231871   N ChemSpider 274   Y ECHA InfoCard 100.004.271 EC Number 204-696-9 E number E290 (preservatives) Gmelin Reference 989 KEGG D00004   Y MeSH Carbon+dioxide PubChem CID 280 RTECS number FF6400000 UNII 142M471B3J   Y UN number 1013 (gas), 1845 (solid) InChI InChI=1S/CO2/c2-1-3   Y Key: CURLTUGMZLYLDI-UHFFFAOYSA-N   Y InChI=1/CO2/c2-1-3 Key: CURLTUGMZLYLDI-UHFFFAOYAO SMILES O=C=O C(=O)=O Properties Chemical formula C O 2 Molar mass 44.01 g·mol −1 Appearance Colorless gas Odor Low concentrations: none High concentrations: sharp; acidic [1] Density 1562 kg/m 3 (solid at 1 atm and −78.5 °C) 1101 kg/m 3 (liquid at
閱讀完整內容