Are there any tamper-evidence shipping service available to public?

I really need such service(similar to Purism’s anti-interdiction) to protect me when shopping online. And I prefer it will work globally. Does that exist?
Thank you.

1 Like

It depends on what your threat model is. The best anti-interdiction is end-to-end but that means that it can’t really be offered as a shipping service.

Wanting it to work globally is a very big ask, as you are basically expecting one of the major global shippers (like DHL) to provide this. It depends on what “globally” means. Does “globally” mean … the source country can be any country (wherever you shop online) but the destination country is one specific country (where you are physically located)? or does “globally” mean any-to-any?

To bypass customs? Smuggling or shipped by an embasy?

1 Like

Easy then. Create fictitious country, establish diplomatic relations with the destination country and the source country, and use the diplomatic shipping container. Ha ha.

Technically there is a difference between bypassing Customs (smuggling) and tamper-evident. The goal of the latter is not to deny access to Customs but merely to detect access by Customs. For that purpose, the outer surface may deliberately not detect tampering while the inner, important, surface does.

Can’t the NSA get into any phone anyhow?

The original question may go way beyond phones.

Again, the point isn’t necessarily to stop the NSA getting into the phone (may be impossible) but to ensure that the NSA can’t get into the phone without being detected.

1 Like

sure they can … if it’s the kind of situation that requires it they simply do it the old fashioned way … black-bag-over head then drive to abandoned location where a spoon is shown to the person being interrogated and then “please unlock your phone or else …”

Except we are talking about interdiction, where the owner of the phone hasn’t yet even taken custody of it, and may not yet be able to unlock it.

So the NSA has hooks into the shipping company, diverts the parcel temporarily, tampers with it, and then allows the parcel to resume its journey. No need for old-fashioned thuggery.

would such a short window allow for hw implants or mallware only or both ?

Who said it’s a short window? Both.

The original question talked about shipping globally. That can easily take weeks anyway. So if the NSA holds the parcel for 48 hours while they do sw and/or hw “implants”, would you even notice the delay? Add an extra week to the expected delivery date for “unexplained reasons” (bad weather at source or destination location / transport accident / industrial action / backlog (sheer volume of parcels) / global pandemic) and the NSA has a heap of time to do their worst.

so by that logic what would you estimate to be their current MAXIMUM “infection” rate potential ? would 1 in 4 people who order anything gadgety-techy online have a possible “infected” “toy” ? what would you say has the LEAST chance of this type of mallware being installed ? proprietary things or open-source things ?

since the 3 letter agency came up again i’d like to not miss the chance to link to another AV-docu

it has some US military intelligence propaganda in it but overall i think it helps to keep the paranoia level just right :sweat: :grimacing: :mask:

I would just be guessing but I think destination country would be a significant factor in attracting 3 letter agency attention. Another significant factor would be a person or company on a “watch list” (and that applies at both ends). For tech companies that are under effective agency control and where the toy has internet access, the malware could be implanted retrospectively.

I would just be guessing but I wouldn’t think that the agencies have resources anywhere near enough to tackle 1 in 4 gadgets, nor would there be much point. Amazon alone delivers a few billion parcels a year. Admittedly, not all of those are gadgets.

the point of the above linked AV-docu was to let people know that there are OTHER players in the world who are actively involved in this so it’s not just US, China, Iran, Russia but others as well. they talk about some infrastructure that already suffered the power of these attacks (mainly financial damage but rather SEVERE)

also they insisted on the fact that carrying out these types of attacks is usually cheaper than the expected damage. what i didn’t understand very clearly is what kind of collateral are we talking about here ?

1 Like

Didn’t Snowden(sp) say the government or others don’t need to intercept phone/computers/etc to spy on anyone they want to after we have said devices? ISPs are obliged to give them access and others too? Google is a major funding source for Firefox. And on and on.
Have parts/components shipped separetly directly to you and assemble it yourself? Almost a losing battle sadly to say. I just want my cool Linux Librem 5. Theres been some disturbing movies about thie government/corporations spying on us. Our government collaberates with other governments too sharing back and forth our phone conversations and such. Sorry to kill a dead horse.

but democracy still lives right ?

That’s what my cat Feefee tells me

I never said give up. You got to have some hope. Government reform? That is a complete fantasy. You cannot legislate thinking. Like what is going on currently.

is Snowden still in Russia ? that’s where the book stopped anyway …

He has been granted a stay until 2022 in Russia

let’s leave people to watch and decide for themselves what they want : < av-docu-full-shadowgate-1.0 < av-intv-full-binney-bergey-1 < av-docu-full-shadowgate-2.0
waiting for 3.0 …