Trustworthy Peripherals? Things To Get Alongside a Librem


#1

I’m making a bit of a list of what I want to buy along with the Librem when I pull the trigger (currently I’m planning to do so when the Librem 15 v4 is released, whenever that may be - maxing it out on RAM and with NVMe Pro M.2 storage).

What I’m a bit hesistant about doing is introducing hardware to the device. Normally you don’t really think or care about this kinda stuff because you know your machine is probably littered with weird junk in the closed-source components anyway, but when you’ve finally gone far to protect your privacy and security by dropping some $3000 on an open-source laptop, you’re gonna become far more choosy about what you plug into it or what software you download, and for good reason.

You don’t care about introducing impurities to an already polluted lake. But you’d care a lot about introducing any to a pure spring. Especially if you paid for that spring.

For example, I don’t think I’ll be comfortable plugging just any old mouse into my computer. I currently use a Razer Taipan because I’m a gamer and it’s a nice mouse for that, but I know Razer isn’t exactly known for being trustworthy or private (quite the opposite for pushing “synapse”) so I wouldn’t want to introduce it to my secure laptop.

So I figured I’d create a bit of a thread asking for input on peripherals and what companies can generally be trusted when it comes to these.

I think I have my list in order, but I’m just wondering where to get the mouse from. I’ll probably use the internal keyboard, but if you have thoughts on that as well, let me know.

So far here’s what I’m planning on along with the lappy:

  • Netgate SG3100 (will be configured to use a VPN, adding a second layer to the VPN my end devices use. I may need to put a second wireless router running a different custom firmware upstream for others to use and for easily switching to a non-vpn network when needing to connect directly to the internet for whatever reasons as sometimes sites or services block or flag VPN or Tor users, or sometimes you need your full bandwidth for something. This will mean “turning off” VPN will be a matter of turning it off on the computer and then switching radios to the “parent”-most router. Will be sure to set them on opposite control channels).
  • IronKey S1000
  • UniFi AP SHD (wireless access point to be connected to NetGate router)
  • Mullvad or Windscribe VPN (kinda weighing between them right now, I contacted ThatOnePrivacyGuy for his thoughts, though I already know he likes Mullvad).

I don’t have anything else on my list yet, as I don’t really need much aside from a new router, a mouse, and a USB.

I figure Qubes 4.0 will be out by the time I buy, and that’s what the laptop will be running on if that’s relevant.

Let me know if you have any thoughts.

PS: If anyone at Purism didn’t see it, if anyone could weigh-in on this old thread I’d really love that. Just wanted to get a better idea of where you are in your roadmap really.

Thanks!


Is The WiFi freed, and is it 802.11ac capable?
#2

You are asking for something that nobody can give you. There is no such thing as a company that can be trusted. Perhaps Purism is just a front of the NSA to select all the paranoid people on the planet :slight_smile:.

Security needs to be designed from the start. Bolting it on top of a laptop with a lot of components that you don’t know about is already a lost cause in theory. Purism makes the list of components a bit smaller, but you still need to trust Purism, since you aren’t checking every nm size wire with an electron microscope, right? Even if you could, it would still be pointless, unless you had a live electron microscope with a resolution beyond what is probably physically possible to make.

You wouldn’t even consider USB in that case. You would just use PS/2 and physically destroy the USB ports.

Mullvad says they don’t have to log, because they are not an ISP. Providing a VPN is an internet service. The goal of internet legislation is to disallow untracked use of the Internet, so of course they have to log. To get them out of business, all you need to do is send a message to the telecommunications branch of your government.

A predecessor of The Kingston device you linked, has been hacked. Google for it.

Really, if you had the resources for real security, you wouldn’t be asking here. Have fun building your more secure system (and getting some experience with fancy tools), but don’t expect it to stop anyone of power.

If the goal is to keep a secret, do not put it in a computer.

I have no interest in a discussion; educate yourself if you want to care about this, but take it from me that security costs more than you can afford. Many governments can’t even afford it.


#3

Thanks for the completely unhelpful “it’s pointless” response…

That’s all I needed to know, and it didn’t even really need to be said.

I concede that there’s some truth to what you say, but if everyone thought they way that you do, things like Purism probably wouldn’t even exist to begin with. They’d just give-up and let the world do whatever it wants with them.

It’s true that you have to let go at some point, unless you yourself have all the skills and knowledge necessary to create the machine from the bottom-up, which you don’t. Modern computers are a culmination of decades of work by multi-billion dollar companies and thousands of workers, most of which each individual one is more skilled. Good luck trying to beat that, unless you’re some alien with superhuman intelligence.

Who knows, the whole universe could be a giant simulation and we’re all being had and none of this even really matters. But still have to try my damndest anyway.

Thus, not really looking for cynical and nihilistic responses like that. Kinda feels like it goes against the spirit of this project even.

While there’s some truth, there’s a reason that these things exist. It’s because it often works, and because it does often make a difference. At the very least, it makes things far more difficult for those that want to invade my life. Plus, I’ve always had the opinion that I’d rather die fighting against a force I have no chance of winning against than to live under their rule.

I feel like there’s some truth to a cynical perspective, but at the same time it’s a lot of lazy nay-saying that doesn’t really help anything. Sounds like the opinion of someone who’s tired of trying and has just given-up.

There’s a cynical perspective to everything in life, including a cynical perspective and approach to life itself. They often bear their fair share of truth, but also seldom ever really solve anything or contribute much to the discussion. It’s almost always a counter-productive attitude to have.

If you think you’re screwed any which way then I don’t even understand what you’re doing here or why you’d care about this entire project.


#4

OMGA!!! If the universe is a simulation how can we ensure it’s running on an ethical and open system?! How ironic to exist only as the product of some kind of cosmic OSX or MS Windows.


#5

The peripherals I have for my laptop are… Um… A $10 mouse from the supermarket and a cheap zip up case to stick it in when I’m on my bicycle.

I do use Mullvad sometimes but I know I’m not really secure. It’s a bit like putting on clean underpants then when I get smashed at least I can maintain a bit of respect (debatable I know)

Hardware that’d be nice to have for me might include, half a dozen more raspberry pi’s for more random stuff; a home-made usb 5 lead ECG machine; a data projector; a new external hdd, my existing one is slightly rusty and lives in a jumble of tape and wires crammed in a plastic lunchbox.

Sorry your post isn’t really getting very helpful responses yet. If I think of any actual good widgets made by good people I’ll come back and let you know.


#6

Eh, it’s fine. I figure I may not be getting many replies simply because I’m overthinking things. Guess I should just use whatever, just wondered if there was any better ideas out there.

I’ll probably use some cheap old mouse as opposed to the one I have though. I think it tries to inject a driver through the USB connection itself or something, but Razer Synapse will pop-up even on a computer that has never been connected to the internet before. Seems shady to me.


#7

There is always a reasonable approach to the security. Of course when speaking of security - even if all possible security measures are applied, one should always accept/acknowledge residual risk for unknown vulnerabilities/exploits. Measures are reducing the risk, by mitigating known security flows and attack vectors. That decreases probability of the breach, but never the implication.
Now, speaking about the mouse for example. On linux you have means to control the behaviour - eg. you can see which USB profiles are currently active on each connected device. If the mouse is HID - it’s safe enough to use it with known (in-tree) HID drivers. But bear in mind that connected device may dynamically switch the profiles. Eg it may switch to CDC mode on the fly while it’s idle. Then it’s up to you whether you have CDC drivers (modules) (builtin | whitelisted | blacklisted | etc.). Which means - again, you have a control over the behaviour (or system response to device behaviour).


#8

@Alex what cinderella was speciffically refering to is SECRETS - the kind that are top level crossed out with dark multiple lines. TOP SECRETS.

of course that very FEW people can AFFORD GOOD SECURITY but that doesn’t mean you don’t put a door and a lock on your residence at ALL times. maybe even a monitoring camera at all entry points. what happens when you live in a castle so large and complex that you barely remember how to get to the kitchen and toilet and then back to bed ? would it be as easy to secure as a small apartment ?

how would we define what is trustworthy and what is not ? based on what principles ?


#9

please don’t even type s**t like this. smiley faces or not. :slight_smile:

this seems to suggest without proof that Purism and any other company that tries to stand up for any kind of ideal tangible or not is just a HOAX. please do not belittle ideals and people without proof.

even if at some point someone would bring TRUTHFUL EVIDENCE to suggest something like this we would in the end still get a librem 5 smartphone that runs DEBIAN on supported hardware. something that will NEVER happen in any proprietary ecosistem. so yeah even if worse comes to worst it’s STILL BETTER than what we currently have.

the OPs point is - yes - somewhat vague in that he doesn’t specify a certain type of peripheral in the title but let’s not poison readers with “perhaps” in sentences that end with a smiley face.