
Purism builds a secure tablet with physical wi-fi and camera switches - jseliger
https://techcrunch.com/2016/05/20/purism-builds-a-secure-tablet-with-physical-wi-fi-and-camera-switches/
======
deftnerd
That's a ridiculous price. I just got an older tablet and installed an
aftermarket ROM without the Google frameworks. Then I put stickers over the
cameras, and opened it up to disconnect the microphone and sever the
electrical traces on the USB port so it only charges and doesn't allow for
data communications.

When I closed the case up, I put some globs of epoxy on the inside so it
wouldn't be possible to open it back up without major and obvious shell
damage.

I do something similar with my laptops. I use older Lenovos compatible with
Libreboot and just disconnect the microphones and cameras and seal up the
ports with DMA memory access (firewire, eSATA, etc) and seal up the case.

It makes it so I can't repair them if something goes wrong, but since they're
ancient machines they're very inexpensive.

~~~
Brakenshire
$600 for a 10" Atom tablet, 4GB RAM, 64GB SSD, including the keyboard.

$1300 for a 11" Core-M5 tablet, 8GB RAM, 256GB SSD, including the keyboard.

Honestly doesn't seem that bad to me, if the product is well made. It's
similar in price and processor specs to the Macbook (Core-M3, 8GB RAM, 256GB
SSD for $1300).

~~~
deftnerd
Oh, I agree that the $1300 tablet has great specs. It needs them to run Qubes
(which I run on my desktop machine)

I was just saying that if your primary goal is adding a bit of tinfoil to your
desire for security and privacy, it's easy to just get an old tablet and
modify it to remove some of the most common attack vectors and environmental
observation capabilities.

------
brian_herman
How do they deal with the intel management engine in all intel chips?
[https://libreboot.org/faq/](https://libreboot.org/faq/)

~~~
beedogs
AMD and ARM have them, as well. It's almost impossible to avoid these hardware
backdoors.

~~~
makomk
ARM doesn't have anything like the Management Engine. It has TrustZone, but
that's basically just a hypervisor-like mode that some manufacturers use to
run software above the OS level. A lot of the common hobbyist-friendly ARM
SoCs give the user full control over what if anything runs in TrustZone mode.

~~~
milcron
Related, a presentation by Raptor Engineering "The World Beyond x86" (video
and pdf slides)
[https://www.raptorengineering.com/TALOS/op_twbx86.php](https://www.raptorengineering.com/TALOS/op_twbx86.php)

They delve into x86's freedom and security issues, then discuss the pros and
cons of ARM chips versus OpenPOWER chips.

For an open laptop such as Bunnie's Novena, ARM is a fine choice.

For Raptor Engineering's Talos Secure Workstation, OpenPOWER was a better fit.

------
pgaddict
I'm a big fan of attempts to develop free hardware, despite the higher price
and other problems (serviceability etc.). But I really hope they'll make a
better job with the kill switches than on the Librem laptop.

Firstly there are no labels, so it's unclear which switch is for what, or even
the on/off position. Secondly, they've used switches that are entirely
unsuitable for exposing on the edge of the laptop - after 1 week of usage one
of the switches simply broke off when putting the laptop in a bag, and expect
the same thing to happen for the other switches soon.

And it's pretty easy to change the on/off positions this wa, which is a
problem because the camera/microphone has no led indicating the position.

------
dsr_
So it's a $1300 device, and they commit to building them if they get roughly
120 pre-orders.

That sounds like the sort of scale where the NSA will be intercepting every
delivery pro-actively in order to install hardware tapping devices or other
security bypasses.

edit: I would recommend that Purism take detailed photos of the insides, front
and back, and put signed copies of them on the website.

~~~
sounds
I like the idea of putting a small amount of glittery fingernail polish over
the screw, then taking a high res picture.

The idea is from Eric Michaud and Ryan Lackey's presentation at 30C3 (2013
CCC), but this is a decent writeup:

[http://www.wired.co.uk/article/data-security-nail-
polish](http://www.wired.co.uk/article/data-security-nail-polish)

~~~
noir_lord
That's ingenious, I like it, cheap and effective.

------
unhammer
"You have to be a certain kind of paranoid to want a hardware kill switch for
networking" – or just battle-weary from a shockpile of bad laptops where you
had to suspend-resume/reboot/unplug battery to get your wifi card back up

~~~
lmm
Those cases are usually where the driver has got confused, in which case the
hardware switch doesn't help much, IME.

------
fredley
And the microphone? I'm much more wary of microphone data being captured than
camera data.

~~~
bazzargh
The hardware spec says it's a Mic/Camera kill switch, so it does block that
too.

------
arm
Wow, I’m pleasantly surprised. They’re actually serious about their commitment
to privacy; their website¹ amazingly doesn’t contain _any_ third-party
trackers!

――――――

¹ — [https://puri.sm/](https://puri.sm/)

~~~
Nadya
I'm curious why they make a call to fonts.googleapis.com for Arial, sans-serif
though....I was also pleasantly surprised to see uBlock didn't block
_anything_ from their site.

For those curious: PureOS is a Debian fork. PureBrowser is an Iceweasel fork
which itself is a Firefox fork. [0] Assuming this is the official repo, there
are some concerns of mine that security updates are out of date.

[0]
[https://github.com/purism/PureBrowser](https://github.com/purism/PureBrowser)

 _> PureBrowser takes Debian's Iceweasel and includes a number of the changes
made for GNU's IceCat, along with some extensions that we like -
privacybadger, ublock, https-everywhere, html5-video-everywhere, and
decentraleyes.

>DuckDuckGo's search page is the default, as well as the homepage. _

------
DanielBMarkham
As a libertarian, I don't like unnecessary government intervention, but with
the case of physical switches, I'm willing to make an exception.

We need a legal requirement that you cannot sell a computer without physical
switches for camera, audio, networking, and wi-fi. I think selling gear in any
other configuration is too dangerous in a non-obvious way to the average
consumer.

We can stop this now, or we can go on for another decade or two and try to
stop it. It's easier done now, when we're first seeing how this is all going
to turn out.

~~~
jstanley
I'm a libertarian too, I don't like unnecessary government intervention, and I
think this case is no different to any other "save them from themselves" kind
of policy.

If people truly want to buy equipment that saves cost by removing physical
switches, there's no reason the government should be stopping them.

~~~
DanielBMarkham
If people want to engage in open and free trade and make an informed decision,
I'm all for it.

The problem here is that you are effectively making an open-ended, infinite
choice. You have no idea what that information could be used for. You might
have grandkids who could suffer. There's no reasonable exchange here that
makes sense for the individual.

So I just don't see how a free and informed choice could be made, since the
person making the choice has no idea what they are choosing. This is a similar
question to asking if people have the right to sell themselves into chattel
slavery. I think the answer in that case is also "no". Indentured servitude,
perhaps -- but that's a discussion for another day.

------
asymmetric
I'm confused as to which OS this is running.

~~~
dandelion_lover
Qubes OS

[https://puri.sm/posts/purism-partners-with-qubes-security-
fo...](https://puri.sm/posts/purism-partners-with-qubes-security-focused-
hardware-and-software-together/)

------
puddintane
They should offer a pick-up option to prevent any tampering in transit to make
it seem more worthwhile.

I mean if someone is required to be that concerned about security I'm certain
they will justify the costs to go pick-up a device versus risking having it
compromised.

------
mrfusion
Why not just make a case that does this? It could have doors that slide out to
block/unblock the camera and microphone. And make it a faraday cage to block
wifi and gps until you open the case.

------
ams6110
The only way to be secure is to not be online. If the NSA is targeting you,
you've already lost.

------
peteretep
Am I silly for preferring the herd security provided by using vanilla iOS?

~~~
bahjoite
What security do you think you get from being in the herd?

~~~
peteretep
\- No signalling effect

\- Quick and reliable disclosure of and turn around on vulnerabilities

~~~
laumars
> _" No signalling effect_"

Can you explain this point please. I've not heard it used in this context
before.

> _" Quick and reliable disclosure of and turn around on vulnerabilities_"

Sadly there's only a very loose correlation between the popularity of a
product and the corporations ability or willingness to disclose
vulnerabilities or release patches in good time, nor even patch them at all
(in the worst cases).

An apt example of this is how poor many OEMs are at pushing Android updates to
popular tablets and smartphones. However I do appreciate you specified iOS and
Apple are generally better at supporting older devices than many Android OEMs.
But I'm replying to the "herd" point more generally.

~~~
peteretep

        > Can you explain this point please. I've not heard it
        > used in this context before.
    

What I was poorly trying to explain was my feeling that there's sufficiently
little data flowing through Tor, and probably sufficiently interesting data in
there, that my guess it's it's seen a lot of scrutiny for all sorts of
attacks, and there's a real possibility nodes are storing traffic for future
decryption when vulnerabilities are shown. I try and lock almost all of my
data down to HTTPS over a VPN (F-Secure's Freedome), which my gut feeling is
is probably a lot less exciting.

In the same vein, a device that's meant purely for TOPSECKRITDATA?! and has a
small install base feels like a much bigger target as I'm signalling I have
something I am explicitly trying to hide.

    
    
        >> "Quick and reliable disclosure of and turn around on
        >> vulnerabilities"
    
        > I do appreciate you specified iOS
    

Yeah, I probably didn't express this very well. But I _do_ trust Apple to take
it seriously, and I don't think I could take seriously the idea of running an
Android device these days from a security and privacy perspective, which is
sad.

~~~
laumars
Thank you for the explanation. Your signaling argument sounds an awful lot
like _security through obscurity_ [1], which I do read a lot and sympathise
with to an extent, but unfortunately it can also be easily debunked.

Pragmatically, security needs to match the circumstances in order to get a
fair balance between usability and security. For most people, hiding inside
the noise is "good enough". However the issue arises if any one person gets
the limelight thrust upon them for whatever reason. And we've seen examples of
this with the phone hacking scandals in the UK and how some journalists also
search social media accounts of previously unknown individuals who might hit
the headlines. In situations like this, you can no longer hide your signal
amongst the noise of the internet as you're not being specifically targeted.

So I guess the point I'm trying to make is the signaling argument only works
because the odds are in your favour. But like with any game of chance, there's
always the slim chance that you might be unlucky.

At least with stronger levels of security, your comms might be more visible in
some circumstances, but at least very little can be ascertained from those
comms. Generally speaking of course. However going back to your VPN vs Tor
argument specifically, I do agree with you that the security benefits of Tor
are largely overstated, so it's not something I use personally myself either.

[1]
[https://en.wikipedia.org/wiki/Security_through_obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity)

~~~
adrianratnapala
> Pragmatically, security needs to match the circumstances

> in order to get a fair balance between usability and

> security. For most people, hiding inside the noise is

> "good enough".

I'd say it is different. This "herd security" business only matters if your
adversary is the NSA. In which case you will need a complex security strategy
that goes way beyond just picking OS.

If on the other hand you just want devices that behave reasonably, then you
should select your devices based on their behaviour.

