Does anybody have suggestions to protect privacy on the Librem 11 for cameras and microphone becuase there are no kill switches?
It’s hard to believe the Purism has manufactured this device without kill switches. Very disappointing and troubling to say the least.
It is OK it is for Linux-FOSS Peoples. 
Well, if I had the Librem 11, I would heat the back to remove the adhesive, disassemble the Librem 11, then physically remove the camera module and microphone. Note that this procedure may void your warranty.
For the average consumer, you can toggle the camera or microphone on or off within the Settings app, provided that you trust PureOS.
Thanks, that is a great suggestion and I would really be interested if anybody had removed the camera module and microphone and would share details on their experience in doing that. Does anyone know if OpenSnitch can be used to block the microphone and camera?
OpenSnitch is a firewall that monitors network traffic; it is not designed for blocking any hardware devices.
Probably when the Librem 11 v2 comes out.
Thanks sounds like my old sysadmin skills will pay off to do this. BTW have you identified the module names for camera & mic that you could share?
I think that using Qubes OS is almost as good as using the hardware kill switches, because it relies on hardware virtualization to isolate the devices.
I do not think it is anywhere near as good, as the hardware kill switches’ ability to physically disconnect the hardware’s power current cannot be internally bypassed by software, firmware, or hardware.
In case of Qubes, only hardware could bypass it. And if you don’t trust it, you’re in trouble…
It is why I trust hardware kill switches more than most other tools at the moment, and learned about fortifying and defeating physical security after the pandemic.
My solution was to remove the modules for camera and microphone and create custom modprobe script that prevents from loading them. Note that after kernel upgrades, i created a script to automate this by just running the commands to remove all the necessary modules. I tested the camera and says no device found. Sound and microphone do no work using the sound recorder but if i want sound i need ot use a bluetooth device.
Are you willing to share these custom scripts for others to benefit?
create & run the following script after each kernel update because new module will be created:
#!/bin/bash
#get current kernel
KERNEL=$(uname -a | awk ‘{print $3}’)
#backup modules
sudo cp /lib/modules/$KERNEL/kernel/sound/pci/hda/snd-hda-codec-realtek.ko /home/purism/extra/kernel_modules/backup/
sudo cp /lib/modules/$KERNEL/kernel/sound/pci/hda/snd-hda-codec-generic.ko /home/purism/extra/kernel_modules/backup/
sudo cp /lib/modules/$KERNEL/kernel/drivers/media/v412-core/videodev.ko /home/purism/extra/kernel_modules/backup/
#remove modules now
sudo rm -rf /lib/modules/$KERNEL/kernel/sound/pci/hda/snd-hda-codec-realtek.ko
sudo rm -rf /lib/modules/$KERNEL/kernel/sound/pci/hda/snd-hda-codec-generic.ko
sudo rm -rf /lib/modules/$KERNEL/kernel/drivers/media/v412-core/videodev.ko
put this configuration file in /etc/modprobe.d/local-dontload.conf
blacklist snd_hda_codec_generic.ko
blacklist snd_hda_codec_realtek.ko
blacklist videodev.ko
install snd_hda_codec_generic.ko /bin/false
install snd_hda_codec_realtek.ko /bin/false
install videodev.ko /bin/false
requires reboot to take effect.
testing:
open the cheese and check if there is “no device” for cameras. if so, this is working as expected.
download and open the soundrecorder app and try recording a test. also, check the sound settings that only a dummy device is present (no device). NOTE, you must use bluetooth for audio now.
I unplugged and discarded into parts bin the camera module and mic on my laptop. There are inexpensive USB webcam/mic available that with a quick 3D print can be easily clipped onto the lid of the laptop for teleconferencing then unplugged. There is no good reason for a built in camera or mic to be left intact, a slide shutter for the cam is probably ok. Kernel module idea is a software solution but there is no easy way to know if those modules get re-loaded by some process or hack unless you are running a script scanning and sounding an alarm.
6 posts were split to a new topic: Secure private open AI