I just got my Librem 14 in the mail. I noticed the box’s sticker was tampered with, it was obvious. Half of the sticker seal had been tampered with, when I got it, it was dirty and had some grime stuck to it, and was discolored thus it did not stick well to the box. The other half of the sticker was normal looking without any evidence of tampering.
I do not suspect any reason why I would be targeted. I am suspicious that my package has been intercepted. It was also delayed significantly by FedEx. I asked specifically about the tracking number and the clerk said there was no record of the package being intercepted.
My question is, how can I verify that the hardware and software is legit and has not been tampered with in anyway. I did get a Librem key prior to receiving the laptop, but the USB Vault was missing. I did purchase the Librem key security feature with the Vault to be shipped ahead of time.
I have been reading a lot of articles on when and how the NSA has been intercepting civilian laptops and cell phones dating back as far as 2017, from what I can see. I have read several reports to the point it is concerning. I am aware that your products do have anti tamper evident software, be it HEADS with the Librem key, but I would not be so confident to say that they cannot still inject malware, Trojans, to gain them remote access.
I need to know 100% if my machine has been tampered with, and if it has, I will plan on selling it. What can I do and to what degree would that achieve in verifying that there is no malicious doing in the purchase, transit of my product?
I appreciate any help you can provide.
It sounds like something that you should raise directly with Purism.
If discussing publicly here, it may help to indicate to which country your device has been sent but I understand if you would be reticent to do that (and all the more reason to discuss privately with Purism).
You should make clear what Anti-Interdiction options you chose in your purchase. Again though, if you are interested in Anti-Interdiction and you face state-actor threats then discussing privately may be better.
LOL. I’m pretty sure that if the NSA is intercepting a package, they either don’t tell the transport company to record it in their systems and/or the clerk would be sworn to secrecy and lies by legislation.
hello, did you contacted us via email to: email@example.com
That would be the preferred way to deal with this.
I have not. I know my email is compromised and didn’t know how else to reach out. There is no phone number to the company, and afaik, there is no way to pay in cash if say I was to drop on by one afternoon. Or else I would have purchased this anonymously, cash, monero. But getting anti interdiction with known address and shipping, payment, emails all being surveilled, there is no anonymity when purchasing your products.
I love the machines I got, I really don’t want to send it back, but I would like to verify that the hardware and software is legit. If I have to ship it back, then so be it but we all should know its common knowledge that the NSA intercepts packages on the daily on products, especially computers and phones. I as unaware of this level of interdiction. The NSA and other intel communities have agreements with companies, like dell, hp, apple, etc, to aid in their intercepting packages with intent to inject hardware or software malware into regular every day citizens products.
I have done extensive research on this topic in the past two months and I cannot put enough aluminum foil on my head, but its really happening. This has been an everyday thing since 2005. If I could swap both the computers I got this summer for new ones having taking a bus to Cali store front, I would 100% be willing to do that so I can ensure I got a product that was not dicked with.
I spend over 3k$ at your company last year, and both machines I assume to have been compromised.