I recently made a post on r/privacytoolsIO and r/Purism and I’m wondering what you guys think of this issue. Assuming the US government is a threat to you, how legitimate is this threat? And does Purism have any way of mitigating this threat?
I was thinking it’s possible that Purism sets up “proxy organizations” which order parts from their own respective addresses so that the manufacture and hopefully intelligence agencies don’t really know that Purism is ordering them. Maybe that wouldn’t work, I’m not sure. What do you guys think?
Bulk hardware interdiction (putting backdoor implants into every piece of computer hardware) would be illegal across the board for US govt to do to a US company with US customers. This kind of action wouldn’t pass the smell test for anyone at approval levels for such a program in the US govt. Beyond that, physical interdiction at that scale would be challenging to pull off indefinitely. This would be a completely different level of intrusion (and different level of effort) than bulk collection of communications on fiber optic lines or in peering locations for the Internet. There’s just something about physical intrusion of a US company (instead of just listening in on a wire) that raises eyebrows of govt. officials.
If a company were in Europe or another non-five-eyes country however, it would be fair game. This is the fact that always amuses me when people suggest it would be more secure to move Purism to <insert person’s European homeland>. Beyond the fact that it would lengthen the supply chain in many cases (the shorter the supply chain the better for security), what restrictions there are to what the US govt. can do on US soil to US citizens both when it comes to physical and digital surveillance are completely removed when you move to a different country, so these same agencies would be able to perform mass tampering at scale via an insider at a factory outside of the US on devices intended for a non-US customer.
The idea of physical implants is exciting for many, but as I’ve argued on this forum in the past, most of the time nation states who would have that capability tend to not use it because detection is much more difficult to explain away than the case of a software implant. The bigger threat is a software backdoor in firmware that, if detected, could be explained away as a developer mistake (“Oops I left debug mode on!”) or as a security bug. It’s harder to explain a chip on a motherboard that isn’t supposed to be there, and the only mainstream report I’ve seen on large-scale hardware implants seemed to be pretty shaky in the evidence department, however there are many examples of software implants in BIOSes and other firmware.
Regardless, the more likely threat is targeted implants for hardware that are going to specific foreign customers (if by the NSA) or domestic customers suspected of a crime w/ a warrant (if by the FBI) and in those cases it would be accomplished with interdiction of the completed, packaged hardware while it’s in transit (they couldn’t know ahead of time which particular computer on a shelf would be used for a particular customer). This would be where our anti-interdiction services would come in.
a) I would assume that many governments are a threat to you.
Probably the only governments that aren’t a threat to you are those that don’t have the resources / infrastructure / expertise to be a threat.
Each customer needs to look at a personal threat model though.
b) I wouldn’t assume that components are coming from the US. Some may be. Some may not be.
So one mitigation is: There is a published schematic.
Hence you can start by analyzing what components are being used and then maybe guess as to where the components are coming from - and you can verify an actual phone against the schematic. That is already 100% better than a blackbox phone.
Perhaps item (b) is not relevant if your threat model is that only the US government is a threat to you but then under that questionable assumption, you probably ought not be buying a phone from the US at all.
Hopefully updated X-ray images for Dogwood (and Evergreen, when delivered) will also be published.
In a sense this item is looking more at tampering with the assembled product rather than an individual component. A motivated, sophisticated attacker could presumably substitute a visually indistinguishable, functionally identical apart from bonus backdoor, component.
you know what else could be a threat ?
can you guess what this is ?
hint - it can sniff a verbal conversation taking place in a car from a few hundred feet away
who says there is a requirement to go to so MUCH trouble to force a supply chain “hack” of a personal tech product when you can “snipe it” directly as it comes out of your mouth … sting rays ? this one puts them to shame if used by the “right” people …
This concludes our danse macabre
Portions of the proceeding were recorded
As for the rest of it, I’m very much afraid it was all in your mind
I don’t intend to indulge in any post-mortem
If you haven’t been murdered, I can only say
Better luck next time
If you have been, goodnight wherever you are
Thank you for your reply. Now that I think about it, it is sort of silly for the NSA or CIA to implement a super-secret high-tech backdoor into every single piece of hardware being sent to Purism just for the hope that one of their customers will turn out to be some whistleblower.
Even then, I doubt a hardware backdoor engineered to be secretive would even beacon any information out, so such a backdoor may not even be useful unless they have a specific device they know they want to target.
You can’t listen to someone if you don’t know who they are or where they are.
But that’s besides the point. Yes of course there are all sorts of threats, but I don’t see how that’s really relevant when discussing a specific threat.
The best defense against government snooping of a secutity-purposed, open sourced phone would probably be having enough of them out there, that it’s more than just a few of us who are watching. If the privacy/linux trend catches-on, Purism could become a leader in the cell phone business. But then before you know it, Samsung and Apple will start having competative privacy oriented products, not because they believe in privacy, but to compete. Eventually, everyone is watching and then legislation to ensure that the privacy that the customer pays for is not stolen from them by the government or by anyone else. Many hands (eyes in this case) make light work of ensuring privacy.
But that’s part of the fun of it. Trying to figure out who and where. We used to start with HFDF to find out where they were. Then cell phone towers fixed all that. When it came to who, it was traffic analysis. Same concept as metadata nowadays.
Agreed. But then it is then copied to backup. So there are least two copies. (Yes and collected only once.)
I remember an apocryphal story of one of their reel-to-reel tape libraries. They had bought an auto retrieval system for n-thousand tapes. Then one day the machine hit the wall (it was built on a rail). It backed up and hit the wall again. It repeated over and over. The Engineers just stood staring at it through a window.
The punchline of the story is it was built for n-thousand tapes. Someone had requested a tape number over that amount. (n+1 apparently).
