-
-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Hardware Section #1899
Comments
I like the idea, a few notes: On top of your suggestions I think we'd want to include something on home networking equipment as well. |
I agree that specific models is a slippery slope, but would you agree that it makes sense to recommend specific vendors? For example, to guide folks away from vendors that have been caught selling hardware that contains malware out-of-the-box and guide folks to vendors that have demonstrated a focus on privacy, trust, and--yes--commitment to LTS (eg via open firmware)?
These are basically just 3.5mm TRRS jacks with nothing connected to them. If you just take a pair of (preferably old & broken) pair of headphones w/ a microphone and cut off the jack, you have a microphone blocker. But they also sell them on privacy stores. Your laptop detects that a microphone is plugged-in, and it switches input from the built-in microphone to the plugged-in microphone, which doesn't exist. Simple. They also sell USB ones. Same thing: it identifies itself to the computer as a microphone, but there actually isn't one. Example:
Nice addition :) |
Interesting, thanks for the explanation on mic blockers, that seems like a good thing to make people aware of. The hardware vendor thing is concerning, maybe we'll recommend that people nuke the preinstalled OS and install a fresh version of windows/linux, since I think maintaining a comprehensive list of all the vendors caught doing that would give people a false sense of security if their computer is from a vendor that hasn't done that before. |
Should probably combine #1864 with this. |
Definitely
Well, the list of vendors doing bad things is exceedingly long. I don't think it's necessary to maintain that list, but I do think it's necessary to have a notebox that explains this risk and maybe a few citations for examples. On the other hand, the list of vendors who are privacy-focused and trustworthy is very small. That is a list that I think should be explicitly enumerated on privacyguides.org |
i doubt microphone blockers have any effect? software can just pick any mic? |
i think encrypted drives are a good addition here. |
If your OS is not compromised, it does have an effect. I am not an Android developer, but I don't think apps can choose which microphone to listen-to.
Definitely that's better. But I do think the mic blockers are a valid solution for many people who just want to stop non-malicious alexa, cortana, ok google, or whatever apps that are always listening from being able to hear for a bit |
personally, I think history shows that FDE belongs in software, not hardware. But I do think that HSMs (eg NitroKey) should be listed as privacyguides-recommended hardware for holding the keys for an encrypted disk, for example.
I'm skeptical of the efficacy of such tools. Regarding travel, I do think Haven deserves a mention, but probably not in the hardware section. On that (travel) note, I'm not sure if it's hardware, but I would consider glitter nail polish to be a reasonable addition to this list |
I definitely don't want to recommend anything unless it's absolutely proven effective, and I'm not sure that bug detectors fit that description. It seems like an effective bug sweep isn't feasible for the average person who isn't willing to drop thousands of dollars on equipment and training. Don't want to give people a false sense of security. Hotels usually have locks that only lock from the inside as well as the regular lock, so I'm not sure how necessary hotel alarms are. Haven looks interesting, although surveillance apps might be out-of-scope for PG. I like the nail polish idea. The anti-interdiction is nice, I think google has a similar thing? I can't remember. Edit: it's called insider attack resistance |
I have often been in hotels that do not have this door lock, it has proven to be effective in a personal case for me. |
As for hardware usb drives I tooted today: https://mastodon.social/@ph00lt0/109664857214746240 |
Might be good to mention it then, do you have any particular products in mind or are they all mostly the same?
Might have you write that part as I'm not familiar. |
I have a doorstop with alarm as not all handles have the same size. That works really well, not any particular brand just something cheap with a motion sensor. |
sure thing, just ping me when this issue is a bit further. I don't mind to help out. |
@mfwmyfacewhen It is unmaintained and most of its functionality no longer works |
Ah then I definitely won't mention it, thanks for the heads up. |
@maltfield I was looking on the GitHub for Buskill and I noticed the app seems to still be in beta, do you think it's fairly stable and usable? Generally we don't like to recommend beta software. |
@mfwmyfacewhen BusKill is in beta like Gmail was in beta (for 5 years, very stable, but with better features being added). It being "beta" is probably not what you think.. BusKill is fully functional on all three target platforms. Currently it's very simple, but it does what it says it does: it locks your screen when a (BusKill) USB device is removed and it's armed.
Absolutely yes. It's been stable at least since v0.4.0 was released on Oct 16, 2020. Here's a video demo showing v0.4.0 being used on all 3x platforms: The video is a year old. The hardware has changed a bit, and there's been a couple newer versions of the software. But it's all stable. Disclaimer: I'm the founder of the BusKill project. |
Thanks! Just wanted to make sure. |
@ph00lt0 Ready for you to write about encrypted drives if you have the time |
Re: https://discuss.privacyguides.net/t/please-add-hardware-recomendation-section-all-categories/11616
I've always wondered if there was actually a wireless microphone and/or wireless speaker on the market that was designed from the ground-up with security in mind |
In the link above, the user also mentioned Purism.
Today I discovered a list of "competitors" to purism, which they openly linked-to from their blog because they considered them "friends & allys" over competition.
source: https://puri.sm/about/competitors/ Again, the list of privacy-friendly laptop manufacturers is so small, I think it's worthwhile that we actually enumerate them in this guide. |
Keep in mind we won't be recommending any "libre" laptops aka ancient Intel platforms (3rd gen) in the name of privacy. We do not want to give off the signal that you need these laptops for any kind of privacy, because that simply isn't true for most threat models. Further I think some of these schemes may very well be buying refurbished stock and selling them at a very high price to grift users. There may be more room for vendors like Purism (which is at least 10th gen), System76, Starlabs, the latter two supporting latest CPUs and Coreboot as well. It looks as if Framework may support coreboot in the future. |
I would be very happy if we could just link to Purism, System76, and Starlabs. Most people literally don't know there are options besides the major players like HP, Dell, Lenovo, Asus, Acer, Apple, etc. I do hope we can link to at least a few of those privacy-focused alternative vendors so that users are aware that better alternatives are out there.. |
@mfwmyfacewhen I have some very strong differences of opinion of sbeve's comments on the forums, so please take anything they say with a grain of salt. They're giving very bad advice that's not appropriate for high-risk users (journalists, whistleblowers, activists, human rights defenders, crypto traders, etc) When I give OpSec trainings to these high-risk folks, I link them to privacyguides.org because the privacy guides, historically, has been good for both the general population and high-risk groups. |
How are those vendors better? They mostly overcharge for little benefit imo. I wouldn't include them, personally. |
Transparency, libre software/hardware, security features, and privacy. Purism, afaik, is the most secure vendor out there. I don't know of any other vendor that's FSF certified and integrates Heads into their boot setup to cryptographically verify the authenticity and integrity of the firmware using keys that you control. They also have gone through great lengths to neutralize and disable the IME. Also, again, most all of the mainstream vendors have been caught injecting malware into their machines. It's important to purchase from a vendor that values your privacy over their profits. |
FSF certification isn't a positive, really. In fact, for me it's usually a red flag. FSF values free software, not security. The two could coexist in theory, but almost never do in practice. Also, "dsabling" the IME does more harm than good. I am diametrically opposed to recommending marketing fluff and urging people to buy overpriced, insecure devices just because people have been duped into thinking they're somehow special. |
Just wanted to chime in and ask if the tools listed here are considered. |
Hey all. Heads maintainer here. I would love to pinpoint everyone to this issue which explains differences of architectures and platforms supported by Heads project: The point here, with Purism/Insurgo/Nitrokey and other makers jumping into coreboot now, is that coreboot alone is not a guarantee of privacy. Intel ME neutering is a thing, deactivating is another. And depending of ME features provided, it may or not break features to remove or deactivate it, depending of how it is done as well. RYF certification from FSF won't happen in newer hardware for reasons I covered under Qubes forum numerous times. Unfortunately with current state of things, I would agree that RYF certification is not a guarantee for privacy, since privacy is bound to security until a certain point, where all laptops/servers outside of kgpe-d16 and Talos II are not providing microcode update because of FSF policies, and that is currently endangering privacy to some extent. I would love to invite discussions into where those hardware recommendations/endorsement should happen, and that is upstream in projects that are integrating coreboot for security/privacy reasons. Its hard to recommend a platform versus another in current days. Newer platforms require non neuterable ME on Intel and FSF blobs inside of coreboot which is not initializing the hardware itself anymore. AMD is rarer outside of Chromebooks which come with a different way of computing, considering everything is cloud based and not offering sufficient storage nor ram to be useful outside of promoted usecase. Its complicated but if the goal is to have a discussion on those topics, I would have a lot to say. Threat modeling. Threat modeling. Threat modeling. Insurgo here, feel free to contact me from details on my webpage. Putting linuxboot/heads#692 in clearer terms is a goal. And complex. I would love to make a workgroup on that, with the privacy conscious guild. |
Also, I'll add that since our discussion above, I did get a chance to play with Heads (via PureBoot) myself. I found the PureBoot docs to do a lot of handwaving, so I published the following guide that outlines Coreboot, Heads, and the tech that went into it (eg TPMs and "boot measurements"), which I think will be beneficial for anyone who needs a quick background of this tech |
@maltfield I reiterate that this write up is a must read. Yet again I have mixed feelings when I read it myself for the 5th time. Heads is the master project. Others are forks integrating different tweaks for the users they serve. After that, the platforms, or mainboards implementing it will differ in terms of TCB. And that is where things get more complicated. |
Thanks for the suggestions! After looking over the list: Lindy USB port locker: As a lock picking lawyer subscriber, the claim that this will somehow protect your USB ports from a government agency seems dubious. I don't want to recommend something that will give people a false sense of security. Mic blocker: as covered earlier in this thread, the currently selected audio device isn't really a security feature and might get bypassed. The proper solution is sandboxing with a microphone permission enforced by the OS, or if you're really concerned, then you should be using a device that doesn't have a built-in microphone. Anti-spy RF scanner: Discussed something like this in the issue. Being able to reliably detect devices based on RF signals takes proper training and experience. I don't want to give the impression that you can just buy one of these off the shelf and find any malicious devices near you. USB data blocker: I'd rather just tell people to plug their phone into the wall using a wall adapter or a battery pack rather than recommend these products which or may not properly protect the device. Modern phones also require you to explicitly grant permission before allowing data access. Tableau forensic bridge kit: This just seems like a forensics tool, not sure what the privacy benefit of it would be. StarTech 1:5 USB flash drive duplicator and eraser: This is just a USB duplicator. Again not sure the privacy benefits here. Any computer can erase a flash drive as well, it's not necessary to buy a dedicated device to do that. StarTech 4-bay drive eraser: Same thing but for hard drives. I don't think there's any privacy benefit here. Lowell Destruct hard drive eraser: If you want to erase a hard drive, then you can just do that in your OS, don't need a dedicated device. Seems like it's just some janky software set to autorun when you insert it? Not really something I want to recommend to people. Apricorn Aegis Padlock Fortress FIPS USB 3.0 hard drive: Looks fine, I did write a bit on FIPS drives. I don't really want to recommend a specific one since it's a standard. Brick House Security stuff: Looks like they sell GPS trackers and hidden cameras and whatnot? This is antithetical to privacy and won't be recommended. BusKill: Already recommended, although I need to expand on it a bit. White Noise Audio Jammer AJ-34: Not sure how effective this one is in practice. I imagine if it's loud enough to stop microphones from being able to hear you, then it would stop the person you're talking to from being able to hear you as well. Also it's just a speaker that makes noise. That could be achieved with any speaker that you already have laying around. Faraday bags: These are fine but they require good construction and there can't be any gap bigger than the wavelength of the signal from your phone or it's useless. Between relying on the construction of the bag and user error potential, I don't think these are reliable solutions. Really, if you don't trust your device to not send signals when you want it to, then you probably should be using a different device. Camera blockers: Already mentioned. Let me know what yall think. |
Request: Add "Hardware" Section
Can you please add a "Hardware" section to the Privacy Guides website?
Why?
Good operational security also includes careful selection of hardware, especially for hardware that's used to generate/store private keys.
Not all of this hardware is created equal. Some is more open. Some is more trustworthy. And some vendors, well, we have historic reasons to distrust them.
Examples
Some examples of privacy/security-related hardware:
Meta
(meta: when creating an issue on GitHub, the
Suggest a New Provider or Software
option links to a page that says the page doesn't exist https://discuss.privacyguides.net/c/suggestions)The text was updated successfully, but these errors were encountered: