Purism enables interdiction


#1

Purism doesn’t offer will call. From their ops:

“Hi [REDACTED],
We are shipping from San Francisco, California, United States. We do not offer an option for personal pickup.
Best regards”

It’s extremely common for customers to pick up high expense items like vehicles, computers, art or other items in person. It requires little to no added work for the company, and completely negates any interdiction concerns. I guarantee customers would travel from well out of state to receive their items. Purism has neglected to act on interdiction concerns:


I suggest that this is not an accident. I charge that a malicious actor within the company has snubbed out interdiction prevention each time it has come up, facilitating interdiction for their external ties. There is no need to compromise the entire company, only the 1-2% of products going out to people that actually matter, and leveraging existing interdiction logistics systems would be the best way to do this.


#2

Do you actually belief this garbage?


#3

Interdiction happens in bulk, but I doubt that’s the case for brown box shipments going out to individuals.

These people do not have limitless resources. They are not gods.


#4

Kyle Rankin was discussing making tamper evident BIOS verified by a Librem Key to verify the firmware hasn’t been tampered with while in transit. See the end of https://puri.sm/posts/the-librem-key-makes-tamper-detection-easy/.


#5

You don’t need to modify firmware for effective interdiction…


#6

You mean Chinese style?

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies


#7

Those can get by x-ray inspection, you wouldn’t need something as tiny or complex as that.

But yes.


#8

To be perfectly honest, I haven’t seen the “far side” of my Librem motherboard yet. There could be anything there.


#9

My Librem came with the wrong SSD and 3 months later I was sent the right model, making me wonder if my laptop was not tempered with in the factory or after being shipped.

I feel like yes for a privacy and security oriented company this situation is not ideal.