I've been thinking for a long time on how solve this problem. I have no work issued laptop but I have the ability to WFH, and I like to have the ability to access work when on personal travel. Basically I need to: a) Have a personal laptop in compliance with corporate IT policy. b) Ensure that the corporate account can never spy on my personal activities. c) Protect from adversaries and enemies like CBP who want to seize and search your electronics because they are Nazis. My solution after months of cracking my head is: - Dual boot windows and Ubuntu. Use Windows for corporate work and Ubuntu for personal stuff. Seems to be safest option because windows cant read Linux file systems. I'm not doing separate windows users because who knows what kind of spyware windows has installed. Doesn't help that my employer is MSFT. Both windows and Ubuntu will have their own full disk encryption. - To prevent unwarranted seizures when crossing borders I'm going to zero wipe both OS before reaching customs. I'll have a USB key with a zero wipe software. This will be done the day before crossing the borders because it takes hours. - After crossing the border, I'll restore the OS. Will use an imaging software like Macrium and image both OS in their encrypted state, so if these files are stolen it's ok. Could put the image files in a large flashdrive or on a separate encrypted partition. - To avoid suspicion, after zero wiping I will also have a spare image of a lightly used windows OS with no personal or corporate data. I'll restore this image, which will be active during border crossing, and present it to CBP if requested. - In case of seizures, all image files are stored in an encrypted partition or are encrypted themselves. The adversary will get a fresh windows OS. Previous data should not be recoverable because I did a zero wipe before that and the original OSes for both work and play were encrypted. Really convoluted, but it's a solution that allows me to bring my work on international trips and allows me to safely surf kinky porn without my employer, or the govt ever knowing. What do you guys think? Any loopholes or flaws in the plan?
Fail, it won’t work.
Why not put your laptop in check in albeit of less physical security. But do not have to go through all the cbp nonsense
If you just want to surf porn why does the OS need to be persistent? Look up tails. If you need persistence look up Qubes.
I just checked. It's some live OS that boots from flash drive? I searched further and it looks like their are live OS with encrypted persistence storage and so that will work!!
Get a company laptop. Use for work. Reimage your personal laptop, and use for personal shit. Some high tech solutions just aren't worth the trouble.
RDP into your work machine in corp using corp's gateway, that way you can access from anywhere. As for your personal things, CBP can and will ask for credentials, so if you are so focused kn not having it seen, continue wiping your laptop before crossing.
Why not just encrypt your drive and refuse to give them the password?
Use VMware or HyperV for work OS. Keep personal laptop. Upload work docs to OneDrive if you're worried about the border. Honestly, you're worrying about it too much.
If you're REALLY worried about porn, do both personal and work on separate VM instances, use native only on time sensitive apps like games. Hard encrypt both for border crossings. (It's unlikely that they would root around for VMs on a machine unless you left the icon pinned or you were a person of interest in another vector, so just unpin for crossing, show gamer setup laptop.) Done, and a lot less painful than your solution.
Don't work for msft, Jason.
Lol even if it was another employer I would still do the same. There's no telling what kind of backdoor, trojan or keylogger employer software will install.