This photo is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0) license by Jason Beaird.

Administering Chromebooks

For teams traveling to complex and hostile environments

Seamus Tuohy
Oct 11, 2017 · 4 min read

If you are traveling to hostile or complex environments the phrase “use a Chromebook” has become the “use Signal, use Tor” of border crossing device security. Nearly all of the individuals who work in these environments knows that, as with everything, it’s more complex than that.

I recently decided to look take a look at the configurations that needed to be done to make Chromebooks travel ready for complex and hostile environments. There are more than a few narrative summaries of Chromebook security available. But, there didn’t seem to be any source to look at the security implications for each specific configuration option.

Over a period of a few months worked on a personal project to document the administration and configuration considerations for using Chromebook’s in a range of complex and hostile environments. The project that came out of it was simply my personal Chromebook setup and configuration notes running amok.

I created a 33 page spreadsheet where I compared each Chromebook user and device against the assumptions, requirements, threats, and mitigations one might put in place when protecting a globally distributed team operating in a range of complex and hostile environments.


Q&A

I have concerns about mitigations that promote the use of fake user accounts to fool border officials who force travelers to login to their devices and online services. But, I had not put together any public analysis of an alternative. I used this project as an opportunity to explore an alternative mitigation. (See the Proof of Inaccess mitigation for more information.)

Not likely. This was a personal project done in my free time and will continue to have gaps in its assessment based upon my level of interest in digging into those topics. That is why I included the URL of the sources I used and long-form comments about my decisions for each user and device setting.

The Workflow page shows how to use this project to inform a Chromebook program.

The Index has suggestions for various ways to explore this project.

I wanted a chance to explore different methods for supporting risk management documentation using Google Sheets. This project proved to me that it’s more than possible to leverage Google Sheets to do all sorts of automated risk management comparison and evaluation.

At the same time, I would not recommend using this spreadsheet as a guide. There are a lot of things I would have done differently if I was doing this to support risk management tasks.

For two reasons:

  1. It took a lot of time to consider each option and I wanted to save my colleagues from having to do their own research from scratch.
  2. I’m not going to have time to work on it for a while so I figured I would share it out instead of hoarding a 1/2 finished project forever.

Does it cover anything other than configs? (Yes!)

Seamus Tuohy

Written by

I’m Seamus Tuohy, a technologist and researcher focused on bringing my expertise to bear on solutions at the intersection of the public interest and technology.