I’m kind of reluctant to get Purism products because it feels like an obvious vector for targeting those who want to ‘go dark’ that badly.
[The Purism] products might be compromised in a way that renders interdiction redundant. Just a hunch though–nothing substantial to base this on.
The same reasoning might apply to [software], but I think it’s much harder to compromise an open-source OS than it is to install a microscopic piece of hardware into a system (something the Bloomberg piece on China inserting hardware backdoors into servers showed).
A supply-chain attacker that’s inserting such a device would likely choose not to expose themselves to additional risk by inserting it in a sample/early batch, which is what the x-rays are usually of. Even if they did, the thing with hardware implants is that they can be microscopic and easily camoflauged (e.g. hidden between silicon layers), so it might not be visible even on a high-resolution x-ray.
[A] company that specializes in selling hardware to defeat snooping would naturally attract the attention of snoops, everywhere , since the hardware will likely be involved in things worth knowing about.
This is not my opinion. The post consists of quotes from Qubes forum. I am curious what the Purism community could answer to that.