One of the most unique security features we offer at Purism is our anti-interdiction service. This is a premium add-on service that aims to help you detect attempts to tamper with your hardware in shipment, so you can have peace of mind that the hardware you receive is the same as when it left our custody. While we mostly have discussedanti-interdiction in the context of laptops (and you can read more about anti-interdiction options for the Librem 14 here) many people don’t realize that we also offer anti-interdiction for our Librem 5 and Librem 5 USA phones.
What you might also not realize is that at the moment I still work with each anti-interdiction customer personally, to assess the threats they face and help them custom tailor which anti-interdiction measures are right for them. As part of our anti-interdiction questionnaire, I ask the customer to explain any particular threats they face so we can customize the process with those threats in mind. While at first you might assume only security professionals, journalists, or other people facing strong threats would choose anti-interdiction, we actually have customers from all walks of life. Customers range from people who face no particular threat, but just want extra peace of mind that their computer is starting out clean, to folks who want to make sure customs officials don’t tamper with their computers, all the way to people with strong threats against their hardware.
We are almost caught up with all Librem 5 USA orders, and a surprising percentage of those have added anti-interdiction, which means I’ve been extra busy. We haven’t devoted much time to talking about anti-interdiction on the Librem 5 USA, and because the process is a bit different to suit the phones, I thought this post would be a good opportunity to explain those differences and the overall anti-interdiction process on the Librem 5 USA.
Obviously if you want to remove the back case yourself to replace the battery, insert an OpenPGP smart card, or otherwise access the components inside, you will have to disturb the glitter nail polish.
Is the general thinking that you would leave the nail polish in place unless and until you have a need to remove the back case?
I can see some arguments for leaving it in place - but maybe some for removing it.
Regardless, at the moment there are recovery procedures that document temporarily removing the battery (albeit removing the battery is technically only required in obscure, undocumented scenarios) so I can imagine that sooner or later a customer will want to remove the back case just for that purpose.
I wonder if it also has the glitter-bomb feature to catch porch pirates!
By the way, my son called to tell me he also got his L5 that he ordered in 2019. Albeit he upgraded to the USA version. I wonder if that sped things up? (I ordered mine shortly after he ordered his in 2019 but it remains the classic production model.)
It really depends on the person and their threat. Some folks just want to protect against interdiction during shipment, and they end up removing glitter nail polish once they receive the device (whether laptop or phone) while others leave it on. For the customers that leave it on, it’s generally a good idea to take your own pictures with your own phone in your home, because recreating the exact lighting, angle, etc in glitter photos can be difficult and if the lighting angle is different sometimes it’s tricky to make out the pattern because different glitter in that 3-dimensional blob might reflect.
Does Purism send photos of the nail polish to the buyer?
The people who do interdiction are very sophisticated from what I hear. Large warehouses and the like. I would think they could have enough tech to remove an existing polish and put on another (different) one on then send it on its way.
Yes, we send the pictures of the glitter nail polish if the customer requests them. The reason we use glitter nail polish in particular is because it creates a unique three-dimensional pattern of glitter that would be incredibly difficult (and time consuming and painstaking) to recreate if you removed it.
Curious what your thoughts are on the defcon defeat of glitter nail polish that basically removes and re-adds the same nail polish. https://m.youtube.com/watch?v=euOGB3GR7oo
Does purism use a small enough quantity that this would be infeasible or ???
Super interesting talk. The technique makes sense, but it would be interesting to see how well it would work in our case because as you suggest, we aren’t putting a giant glob of nail polish on there (of course the proportions in the slides are exaggerated intentionally to demonstrate the technique).
For Librem 5:
This would be easier to accomplish I think for the nail polish on the sides of the case, as it does sit proud of the surface (although I do wonder whether acetone might partially dissolve the plastic part of the case). I think it would be trickier for the screws covering the modem and wifi cards because of the tiny amount of nail polish used and also because the cover it goes on top of is plastic and it might be difficult to scrape off the nail polish (as well as use acetone) without damaging that plastic in some visible way.
For Librem 14:
There would be a similar challenge here because the screws are shy of the surface of the case when fully screwed in, and while it depends on how our technician does the task on a particular day, in reviewing a few photos of Anti Interdiction on Librem 14, in many cases the glitter nail polish sits inside the indent the screw goes into. Ie. it is not sticking up proud of the screw hole, where it would be easier to pry/scrape off.
Frankly, the biggest challenge with this technique is replicating the camera and lighting used for reference photos. I recommend that people who intend to rely on this technique past the anti interdiction shipping process, to take their own pictures using a camera and lighting they can more easily replicate. The angle and number of lights in a room, and the camera, really can affect which glitter reflects back, since the glitter is somewhat suspended within a three-dimensional space and will reflect differently depending on the angle of light.
It is probably not a bad idea to do this with other things too like usb cords and other small devices. They have fakes out there now that look just like the real thing but designed for hacking.