I’m kind of reluctant to get Purism products because it feels like an obvious vector for targeting those who want to ‘go dark’ that badly.
[The Purism] products might be compromised in a way that renders interdiction redundant. Just a hunch though–nothing substantial to base this on.
The same reasoning might apply to [software], but I think it’s much harder to compromise an open-source OS than it is to install a microscopic piece of hardware into a system (something the Bloomberg piece on China inserting hardware backdoors into servers showed).
A supply-chain attacker that’s inserting such a device would likely choose not to expose themselves to additional risk by inserting it in a sample/early batch, which is what the x-rays are usually of. Even if they did, the thing with hardware implants is that they can be microscopic and easily camoflauged (e.g. hidden between silicon layers), so it might not be visible even on a high-resolution x-ray.
[A] company that specializes in selling hardware to defeat snooping would naturally attract the attention of snoops, everywhere , since the hardware will likely be involved in things worth knowing about.
This is not my opinion. The post consists of quotes from Qubes forum. I am curious what the Purism community could answer to that.
That person wouldn’t be the first I’ve heard to call Purism a honeypot for wrongdoers/dissenters, but in my opinion if even Purism was that compromised, there would be no point in even trying to challenge the balance of power, even if that means submitting to some extremely unpleasant fates.
I’m not much of an optimist, but for someone in my position at least (i.e. a nobody), in the face of those possible fates, giving up and ceding my computer to big data is scarier than taking the risks.
This to me is just plain panic making, sorry. The quoted Bloomberg story was a big thing in 2019 and totally underscored the FUD against China that the former administration spread. Fact discovered later on was that this whole story was simply not true, there were no compromised motherboards, end of story. This was all made up fantasy.
That should not dismiss the risk. Risks are there and there are possible attack vectors, no doubt. But these are by far more complicated to exploit than just adding a mysterious chip somewhere or even adding “silicon layers” - however this is supposed to work.
We are working in this industry for many years now and never have I encountered with our partners any mysterious discussions about parts or such. To us everything from our sources is totally transparent and we have influence on every single component used in our products. There is nothing in them we would not know about.
Of course there is the theoretical possibility that someone malicious could replace a well know part with something that could break certain security measures. But this is so super complicated since this would have to be pretty specific for a certain usage scenario and would involve deep influence into production of chips = silicon that is super expensive and complicated and would require silent cooperation of such fabs. Not likely to happen.
I am not much concerned about our fabrication partners anywhere. What I am concerned about is governments weakening encryption, forcing backdoors into products at the lowest possible level like the main CPUs themselves (@Intel etc.) and putting gags in place to muffle leaks. Then all the best supply chain does not help, you get compromised chips and you’re done. We buy CPUs from Intel and NXP and we have to trust them to be OK and make the rest as secure as possible to be able to detect security issues ourselves, like PureBoot etc.
The safest device is the one that you do not have to trust. Strong encryption in software is a key part of that. Key handling and storage is the weakness.
Just my $.05 - this is not a Purism statement, this is my personal statement
By the same token, a company that publishes its schematics with a free/open license, releases x-rays of its products, offers anti-interdiction services, and installs 100% free software attracts people who are going to scrutinize every aspect of the phone and are far more likely to detect and publicize any security holes or tampering.
People who care about security and privacy are likely to buy the phone and check for any flaws. They are likely to make their own x-rays and compare them with the published x-rays to see whether any of the hardware has been changed. They are likely to look at the schematics and verify what is the purpose of every component on the phone. They are likely to reinstall everything from scratch from sources with checksums to verify that nobody has inserted any spyware on the phone. They are likely to look for any flaws or tampering and publicize any flaws that they find, so all that extra attention is actually a good thing from a security perspective.
If you are going to attack a phone, would you chose the one where it is easy to detect tampering and you know people are scrutinizing it for security holes? When there are millions of clueless people using Android and iOS phones and it is very hard to detect tampering and security holes with those phones, there are much better and easier targets for hacking than the Librem 5.
@amosbatto The original discussion was not about the phone but about the other devices. I tried to reflect it by choosing Librem category (instead of Librem 5), but it probably wasn’t very clear.
Most of your arguments still hold though, thank you!
It is not easy to compromise such a system designed for high security but it might be worth it because of the high value targets. I don’t think that it’s happening now in case of Purism. So this stays theoretical here.
On the other side we have incidents like operation Rubikon which tells us how impudent state actors are and how far they might go.
Also I always thought that the Snowden revelations were not only an event causing several messengers to be born which calling themselves secure. It also would have been a good point in time for intelligence services to create an own pseudo secure messenger as honeypot. Just a thought. I have no solid indicators in that direction. So this is speculation.
In other words, it depends on whether it is targeted and what the motivation is.
Criminals won’t target Purism products because the payoff is many orders of magnitude poorer than targeting Microsoft / Apple / Google products.
Corporate and government criminals might target Purism products but more likely if the specific person of interest is known to be using Purism products.
Trying to backdoor the supply chain would lead to a lot of noise, a lot of false positives, a much higher risk of detection before mission completion.
Canaries are in place to detect government-mandated secret backdoors, albeit that there is always a window of opportunity of up to 3 months. (Does this mean that if you are a high risk individual, you should purchase the device and then not use it, not even power it on, until the next quarter commences?)
Trying to backdoor through interdiction is more focused. Purism’s anti-interdiction service in no way stops targeted interdiction. It intends to detect interdiction. If you are a high risk individual, use the anti-interdiction service.
If you are at high risk of targeted interdiction, I don’t see how you are better off using products from companies that haven’t even thought about these problems. ???
If that is the concern then you are a potential customer for the Librem 5 USA Edition.
One more comment: Be an early adopter. Governments are usually reactive, and slow to cotton on to things. Get your device before governments wake up. Get your Purism order in now.
So is Zyxel (software not hardware), so is Juniper at the NSA’s behest and Huawei thinks (FT.com paywall) the USA ditched them because there are no US-backdoors in Huawei products.
Not that I condone anyone’s backdoors, but I don’t think it is as easy as China bad, USA good (or Europe for that matter, see e.g. British GCHQ hacks into Belgacom (German))
Just out of curiousity, is Purism on their own servers? Self hosting? That seems to be the easiest way to take down their site and ability to sell, as well as credit cards, paypal, etc blocking them, as they did with Gab, who then had to build their own infrastructure, even their own email. I just don’t underestimate big tech’s reach, and what they are willing to do, and their apparent ability to get away with it. Then maybe big tech strong arming manufacturers, suppliers, etc.
Maybe there’s a bigger picture and multiple ways to hinder their production and sales?
And while they may not present a big threat now, maybe prudent to begin preparing now, as I am certain Purism is.
on their Librem one page they say they use PureOS to HOST their services but they don’t say what cloud-provider they are using and certainly nothing about the underlying infrastructure ( no virtual-machine/container, bare-metal information, etc.)
PureOS is all well and good … what about the rest ?
Further discussion on the Qubes forum led to the famous (to Purism community) Interview With Zlatan Todoric and Jay Little posts, which were discussed here many times. I am sure I’ve seen most of the claims debunked, but I have a hard time finding that. Perhaps @amosbatto could help?
If this was triple letter agency backed and they wanted to get the things into the hands of dissenters they would have ensured the thing was available in mass numbers and wouldn’t have customers lined up now reading about how the guy who ordered two years ago just got notification his will be shipping soon. I think the theory can be debunked on that alone. Looking forward to getting mine.
If I continue the line of conspiracy here, then this topic was created with a sole purpose to whitewash the company from the agency, as now one would argue - agency would not allow a topic questioning the authenticity of the cover story on this forum.
Which means you’re an employee of the agency ordered to reinforce the cover and disprove any suspicions/doubts.
And since I’ve started ridiculing this question and the author of the question - that means I’m an employee of the meant organisation, which means whatever I’m saying is part of the whitewashing strategy.
the LEFT and the RIGHT are there to make one forget about the MIDDLE … if you’re focusing your attention on the arms you will have a harder time figuring out what the rest is doing …
