When using LiveUSB, if using Persist Root static mode, or using Persist Home which is always in static mode, all your browser sessions would be persisted on the USB disk. And each time you boot from this USB, antiX does NOT require you to type your account password. That would mean if you happen to lost your usb disk, and someone finds it, they can boot into your desktop and resume all your browser signed-in sessions (Gmail, online-shopping, online-banking, etc.), all without ever needing to try your password!
I personally stick with root persistence without saving changes most of the time, so I would be fine. (FWIW, previously I was using TENS Linux for similar LiveUSB usage pattern, but I gave it up due to it was designed to be fully locked down so there was absolutely no way to customize it.)
I figure this might be a potential security risk that worth fixing or at the very least worth mentioning in the GUI when setting up home persistence, before new users notice it too late.
This topic was modified 1 year, 10 months ago by rayluo.