View comment

PSA: If you're going to store customer data, at least use LibreOffice + Cryptomator

by /u/SteadySupplies · 0 votes · 20th July, 2018 22:33

LibreOffice is available in the repositories for both Tails and Whonix. Very easy to install and use. It has the ability to encrypt your files. If you INSIST on storing customer data, and REFUSE to be any more secure, at least do this much. It's a simple check box. In order to open your sensitive files, you'll at least need to enter a password. Make it a strong one.


If you'd like to increase your OPSEC, also install KeePassXC (keepassxc.org). There is an AppImage that can be easily run in Whonix and Tails. Use KeePassXC to generate a very strong 999 character password, and use that for your LibreOffice documents. You can even store the documents themselves in your KeePassXC database as backup, where they will be encrypted with an additional layer.


If you would like to add yet an additional layer of security/encryption, please install CRYPTOMATOR (https://github.com/cryptomator/cryptomator). With this application, it will create a mounted drive that will seamlessly encrypt anything saved to it. Save your documents, and generate a secure random password for your vault, and store that in KeePassXC as well. Do not store your KeePassXC database in your cryptomator vault, with the password in your KeePassXC database and not memorized. You will not be able to retrieve the cryptomator password once the vault locks.

If you would like to securely store your Cryptomator Vault in the cloud, you can sign up for a free 4GB account at Disroot.org, which also comes with logless email and XMPP. Have your vault saved within your Nextcloud folder, and everything you save to your vault will be seamlessly encrypted, and uploaded to the cloud. No need to trust any third parties, and this can all be easily routed over Tor.

Signing up for Disroot requires Javascript (as does ProtonMail), so it should be done securely from Whonix, rather than Tails or simply TorBrowser. Once you are signed up, you can easily access it via WebDav over Tor, XMPP over Tor, POP3over Tor, etc etc. (Unlike Protonmail)


With this setup you may securely use LibreOffice to handle customer addresses and orders, while maintain several sophisticated layers of security, and having everything backed up to the cloud.

Should you ever bork your Whonix or Tails installation, all you need to do is re-install OS with NextCloud and Cryptomator and KeePassXC, and as long as you remember your KeePassXC password you will be able to regain access to all your files and accounts.


You can store your KeePassXC password database in your NextCloud folder, to be saved on your Disroot account, in the cloud, but do NOT put it in the Cryptomator Vault.


If you install cryptomator using the debian packages, you can start the program by running

$/opt/Cryptomator/Cryptomator &

If you would like LibreOffice to be able to seamlessly edit/save files saved in your vault, after the vault is unlocked, run:

$sudo mount -t davfs -o gid=user,uid=user http://localhost:42427/Path-To/Vault /home/user/Path-To-Vault

(replacing with your actual path, which will prob be something like /home/user/Vault in the case of the latter, and some random chracter string in the case of the former)



Now you can store all your labels, and financial data, and customer order data securely. Should you ever get caught, LE will not be able to gain access to your files unless you leave them open or choose to cooperate (and thus rot in hell).



Thanks


Be Safe

User: /u/PelicanVendor

He down-voted his own comment so far so people couldn't see my qouted text. Whatsapp really.