

Each of the layers is created by researching and selecting best available software in given category. Programs are configured to use and reinforce each-other to fit nicelly (e.g. email uses Tor, Tor can use VPN, grsecurity contains any exploits, apt-get uses all of above to be sure). User applications are also preconfigured and ready to use in most secure way. Entire System - from hardware, kernel, throught system, VM creation, up to applications is secured. Show technical details: ⇨ ⇦ click checkbox to open Hardware - Selected parts. Coreboot BIOS. Protected RO boot +mbr. Own OpenHW: HWRNG , pin/ pgp-keyboard , anti-breakin case. RFID (auto-lock, auto-erase on theft).

Open CPU ( OpenRISC ?) for selected tasks in future (keygen, most secret messages, bitcoin wallet).

BIOS. Protected +mbr. Own OpenHW: , pin/ , anti-breakin case. (auto-lock, auto-erase on theft). Open CPU ( ?) for selected tasks in future (keygen, most secret messages, bitcoin wallet). kernel - Currently Linux kernel. Hardened with Grsecurity +PAX (instead just SE Linux). Slim , just few drivers (secure/FOSS). Custom paranoid patches (memory scrub, AES key in CPU registers etc).

+PAX (instead just SE Linux). , just few drivers (secure/FOSS). Custom (memory scrub, in CPU registers etc). System - LUKS and other full-root encryption. Hidden filesystem. One-time, PIN, USB-key passwords. New SysRq instant lockdown. RBAC file-access profiles and PAX flags .

Graphics - X with light WM/DE ( XFCE ?) patched to block driver exploits ( ioport ).

encryption. filesystem. One-time, PIN, USB-key passwords. instant lockdown. file-access profiles and . Graphics - X with light ( ?) patched to block driver exploits ( ). Mempo manager - create VMs , isolated users . Manage all protections in one place (optional GUI).

Backup and sign allerts . Log all events (encrypted). Show information in not-distracting way (GUI).

Multi-sign apt-get; verificable binary builds. White-list database antivirus.

Signing binaries. Adding custom binary ( TPE , for developers). Run program in One-time VM or user.

, . Manage (optional GUI). Backup and . Log all events (encrypted). Show information in not-distracting way (GUI). apt-get; binary builds. database antivirus. Signing binaries. Adding custom binary ( , for developers). Run program in or user. VM, Isolation - all programs can be completly isolated, both as VM and user chroot .

Full compartment of every program×user is now feasible, or isolating² - again inside VM.

Heavy isolation - by running in VM ( Xen, KVM ), similar to Qubes-OS.

Light and strong - by running as separate unix user chroot /isolated , with Xnest/VNC , iptables/ grsecurity-RBAC .

Copy/paste across VMs/users, also share file/text (local encrypted tunnels/SFTP/xmpp).

. Full compartment of every is now feasible, or - again inside VM. - by running in VM ( ), similar to Qubes-OS. - by running as separate , with , iptables/ . Copy/paste across VMs/users, also share file/text (local encrypted tunnels/SFTP/xmpp). Networking - Tor, Freenet, I2P, VPN or normal. With stacking (Freenet+VPN; I2P+VPN).

Selectable per each VM and user. Toggable server-mode, cover traffic. Auto profiles (work/home/travel/gsm).

or normal. With stacking (Freenet+VPN; I2P+VPN). Selectable and user. Toggable server-mode, traffic. (work/home/travel/gsm). Encryption - PGP , good default settings (keyserver over Tor). Preinstalled keys of Mempo. QC resistant crypto. Multi-crypt (stack e.g. AES+QC1+QC2 ). Secure random generator (HWRNG, entropy to VMs, bigger pools).

, good default settings (keyserver over Tor). Preinstalled keys of Mempo. (stack e.g. ). Secure random generator (HWRNG, entropy to VMs, bigger pools). Applications all preconfigured to use above tools. Chat and VoIP: Pidgin , Jitsi, Mumble, Linphone - using Tor/VPN/I2P OTR /PGP. E-Money: Bitcoin , Namecoin, Alt-coins . Tor/VPN/I2P, backup (to RAID, to remote). Log of all operations. Isolated wallet: in VM (encrypted), fast-bootstrap. Email: Thunderbird, Kmail - using Tor/I2P/VPN PGP , also Freemail . Web: Firefox with privacy plugins (https everywhere, Adblock, privoxy, more). No-Javascript/plugins in selected profiles. Easy usage of services: OpenStreetMap, DuckDuckGo , StartPage, YACY .

