privacyguides.org icon indicating copy to clipboard operation
privacyguides.org copied to clipboard

Published 20 hours ago verified publisher icon privacyguides

Add hardware guide to knowledge base

Open dngray opened this issue 1 year ago • 15 comments

Resolves #1899, resolves #1989, resolves #1864

  • [x] Laptop vendors shipping malware/adware
  • [x] Hardware keys
  • [x] Dead man switches
  • [x] USB "condoms"
  • [x] TPM's/hardware security chips
  • [x] Biometrics
  • [x] Webcam/microphone blocking
  • [x] Privacy screens
  • [x] Routers/Networking devices
  • [x] Encrypted Drives
  • [x] Anti-Interdiction

See previous discussion: https://github.com/privacyguides/privacyguides.org/pull/1939

  • [x] I have disclosed any relevant conflicts of interest in my post.
  • [x] I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
  • [x] I am the sole author of this work.
  • [x] I agree to the Community Code of Conduct.

dngray avatar Aug 17 '23 06:08 dngray

Deploy Preview for privacyguides ready!

Name Link
Latest commit c3685488191ff9b7e529e77129b0498d698d23f0
Latest deploy log https://app.netlify.com/sites/privacyguides/deploys/6607f18a93476f0008845c4d
Deploy Preview https://deploy-preview-2268.preview.privacyguides.dev
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

Lighthouse		 4 paths audited
Performance: 67 (🔴 down 9 from production)
Accessibility: 91 (🔴 down 1 from production)
Best Practices: 81 (🔴 down 17 from production)
SEO: 90 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] avatar Aug 17 '23 06:08 netlify[bot]

Regarding hardware switches for laptops, should we put a notice that some switches in laptop are purely a software based switch which technically give you a false sense of security, since malware can turn it on?

Other then that, this seems all very comprehensive and correct, great job guys.

blacklight447 avatar Aug 17 '23 10:08 blacklight447

The best way to prevent a targeted attack against you before a device is in your possession is to purchase a device in a physical store, rather than ordering it to your address.

Unfortunately, I tried doing this recently and found that no stores sold high-quality (business-grade) laptops. They only sold shitty cheap consumer-grade hardware in-store. All the stores I went to said that their business-class laptops were only available on their website. I think this is something that was exacerbated during the pandemic, when purchases online shot through the roof.

Maybe it's a good idea to mention "Proxy Shops" here as a means to buy hardware online anonymously.

Amazon has lockers that technically would allow you to ship hardware to yourself anonymously, but if you create a new account and load it with an anonymously-purchased giftcard, they'll close your account before your order goes-through (citing "fraud"). But there is a proxy shop in the US that accepts Monero and will order hardware on your behalf (they originally were created to buy cryptocurrency hardware wallets) and ship it to an amazon locker.

  • https://anonshop.app/

There's also another great proxy shop in Germany that will accept crypto- or fiat-currency and either forward the item to you via post or let you pick it up at their location Leipzig.

  • https://proxysto.re

I think it would be worthwhile to mention Proxy Shops for users who live in a country where they cannot buy the security hardware that they need at a physical brick-and-mortar, yet they need to purchase it anonymously to avoid a targeted interdiction attack.

maltfield avatar Aug 17 '23 12:08 maltfield

The Hardware Security Programs has one paragraph about Windows and one paragraph about Mac.

I think we should add a third paragraph mentioning Linux machines, with specific focus on distros that are designed for security. I think it would be wise to mention QubesOS in this section, and to include a link to the PrivacyGuides.org article on Qubes

  • https://www.privacyguides.org/en/os/qubes-overview/

As this is a section on hardware, I think it would be good to also link to Qubes' Hardware Compatibility List

  • https://www.qubes-os.org/hcl/

maltfield avatar Aug 17 '23 13:08 maltfield

One more thought, should we mention the possibility of using speakers as a microphone, there is research out there showing its possible, but I would guess its a very unlikely thing to happen even to niche very high threatmodels.

blacklight447 avatar Aug 18 '23 08:08 blacklight447

@blacklight447 can you link any such research? While electrically microphones and speakers are the same, as soon as you plug them into a chip that only does one of ADC or DAC that feature is completely lost.

namazso avatar Aug 19 '23 17:08 namazso

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/separate-decisions-and-reactions/15021/1

privacyguides-bot avatar Nov 14 '23 20:11 privacyguides-bot

@habibm1361 I removed your comment for spam. The link you posted looks like an affiliate link too.

Nothing privacy friendly about a notebook that is bundled with ChatGPT. ChatGPT literally works on the premise of sending data away to a remote server.

dngray avatar Nov 27 '23 09:11 dngray

Why there is no info about coreboot and open hardware?

inson1 avatar Mar 21 '24 12:03 inson1

Anyway I think its still improvment, why it isnt merged?

inson1 avatar Mar 21 '24 12:03 inson1

@inson1 see

  • https://github.com/privacyguides/privacyguides.org/pull/1939
  • https://github.com/privacyguides/privacyguides.org/issues/1899

It looks like the first PR was merged. That PR and this PR are both are called "Add hardware section"

I know there was some hesitation to recommend devices with coreboot (due to it mostly being old devices), but the vendors putting it on newer devices were OK'd for listing. And imho it would benefit this guide to recommend those vendors specifically and why coreboot is important (though not sufficient) for privacy hardware.

maltfield avatar Mar 21 '24 15:03 maltfield

maybe add an anti-theft recommendation

I think "Dead man switches" (like BusKill) are the anti-theft recommendation. Or did you have something else in mind?

maltfield avatar Mar 24 '24 15:03 maltfield

Your preview is ready!

Name Link
Latest commit 88681291b4e5c039d7314b6d33c58833e1411d50
Preview https://2268--glowing-salamander-8d7127.netlify.app/

github-actions[bot] avatar Mar 30 '24 11:03 github-actions[bot]

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/laptop-fur-linux/17633/8

privacyguides-bot avatar Apr 02 '24 02:04 privacyguides-bot

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/add-a-desktop-hardware-section/259/10

privacyguides-bot avatar Apr 24 '24 09:04 privacyguides-bot

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/2024-07-28/19709/1

privacyguides-bot avatar Jul 28 '24 02:07 privacyguides-bot

At https://www.privacyguides.org/en/basics/hardware/#routers could you emphasis how bad ISP provided routers are? Here's a good resource https://www.routersecurity.org/ISProuters.php. The same author written another article about consumer routers https://routersecurity.org/consumerrouters.php.

jermanuts avatar Jul 28 '24 11:07 jermanuts