Join GitHub today
Offline is the new normal. Open Source and Free Software and Open-Source Hardware is eating the world in the war on general-purpose computing (HN). Encrypted everywhere. Secure by design. Defence in depth. Legal. Allowed to do business. - xet7 2017-05, implementing GDPR
Disclaimer: All these opinions are my own, and I'm implementing this for myself. This has nothing to do with my previous, current or future employers. Everything is subject to change, as this is a process. I'm not a lawyer. I have not read the full regulation yet, I'm just starting from the very first basic steps. GDPR has different requirements for different industries etc so this may not apply to you. I don't even know what all parts apply to me yet.
I xet7 was this week at Drupalcamp Nordics 2017 and got more details about this regulation, so I started implementing this yesterday in the way I understand it currently, using technologies I'm most familiar with: Wekan, Sandstorm and Qubes OS. All hardware and software is subject to change if better alternatives are found.
|Date||Requirements||Sanctions if not ready|
|2017-05-13||Started documenting project. This wiki page history is also used to show versions of process.||Unable to do business legally if not documented everything, including process of preparing to regulation|
|2017-07-31||Need to find missing keys||Pay for expensive changing of locks|
|2017-||Find from home all harddrives, USB sticks, etc||Not known yet|
|2017-||Downloaded all data from Internet||Not known yet|
|2017-||Sorted and moved all data on offline computer to different Qubes OS AppVMs named by person||Not known yet|
|2017-||Found all required alternatives to propietary software from Qubes OS and Sandstorm||Not known yet|
|2017-||Converted all propietary file formats to free software file formats, like JSON etc.||Not known yet|
|2017-||Implemented exporting of all data to file download, and deleting of persons data in web interface||Not known yet|
|2018-04-25||All data stored securely following GDPR||Unable to do business legally|
I need to know exactly where all my data physically is. It's not OK to spread it all over Internet in cloud services Google/AWS/Amazon/Dropbox etc. I need the abitily to absolutely have the proof and knowledge that when I delete one person's data, it's gone, totally, completely, from everywhere.
a) Current version 3.x of Qubes OS, if hardware supports it. Laptop/Desktop hardware should be silent, otherwise it disturbs work. Qubes-certified laptops are nice, it has hardware switches to turn off wireless. Alternatively desktop PC that has not any wireless WLAN, Bluetooth etc device integrated.
b) If hardware does not support Qubes OS, I will install some of these:
For me it shows Intel AMT is present, AMT is unprovisioned, so I need to:
- Install English ISO of Win7 or Win8.1 or Win10 to USB stick
- or Install Finnish ISO of Win7 or Win8.1 or Win10 to USB stick
- or convert evaluation VM of Windows to RAW image using instructions that I contributed to Qubes documentation, and use dd command to write it to USB stick
- Install patch from HP website
- Check all other hardware and disable AMT where possible.
Qubes 4.x certified hardware when it becomes available.
Raspberry Pi or similar ARM device without built-in wireless, so it can be used offline. Fanless preferred to keep it completely silent. I don't know is there any writeable firmware in RasPi at all, is SD card only writeable storage. AFAIK RasPi hardware does not have any hardware virtualization or Rowhammer protection features.
I need to keep multiple encrypted offline backups. Otherwise some ransomware will just encrypt all my files and demand that I give money, bitcoins, etc to get my files back. Malware exists for most Operating systems, including Linux.
a) Write-only, like DVD-R
I need to test Qubes compromise recovery.
Porting software to Sandstorm. Not all ports are up-to-date yet, but they are anyway protected by Sandstorm high-end security features, security audit with fixes already implemented and also authentication and clustering.