It’s a fact that FBI, NSA and other feds will create honey pots. They have in the past manufactured privacy phones that were a great success for the target audience which are people who want privacy.
Recently mossad put bombs into thousands of pagers. They boasted and bragged about how it’s impossible for anyone to know which devices are tampred by them because they will set up shell companies for shell companies. It was on a 60 minutes interview mossad were bragging about this and how they have total surveillance and know everything about everything. That interview is insane, it’s like listening to a bragging psychopath who can’t understand what he’s doing is evil.
I don’t have a source for this but it used to be common knowledge before in privacy communities that when u.s. feds are not allowed to do targeted surveillence such as recording phone calls, they will get one of their mossad agents to call the target and pretend it’s a wrong number. But that would give the feds the cause for targeted surveillance. Mossad and u.s. feds have strong teamwork.
There was also a presentation called “when cyber criminals with good OPSEC attack”. It’s on youtube you can search for it. It’s an old presentation but the feds said it’s okay for them to release all this information on the tools cyber criminals use because the information is already well known among that demographic.
What I would like to see from Qubes-certified laptop manufacturers is some info or tool new to the privacy and cryptography which we don’t already know about. Because feds are much more reluctant and might have rules to not give us something like that. They can only give us what we already have, they try to blend in with us.
But with all this said, I think u.s. feds and mossad would be very motivated to become a Qubes-certified laptop manufacturer. That’s precisely the thing they would do, they like to target these niche demographics rather than a mainstream manufacturer which would make them target an entire country.
This is not about the laptop manufacturer having their supply chain compromised. It’s about the laptop manufacturer working for the feds or mossad. I don’t think there is any way to know for certain. But if the manufacturer would do something more than just blend in among the other manufacturers, give us something new that we don’t already have which feds and mossad wouldn’t like us to have, that would increase the trust.
All valid points. Depending on your security posture, you’ve got to make some compromises. Maybe going the Schneier way and driving randomly to an auction and buying a used laptop is a better way to achieve your goals (though fewer and fewer shops and auctions are dealing with used laptops).
I like your questioning. If you want more control of each part that goes into your system I would recommend building a desktop pc, then you can buy parts from wherever and spread the risk across multiple stores. Trusting a certified laptop is a risk, and if you decide to go with a laptop then you at least must install qubes os yourself and don’t let anyone else set it up for you (for example the manufacture). Also maybe overkill but if you don’t trust the certified laptop manufacture, get the laptop barebone and install components yourself. I would install my own storage/network, might mitigate some risk but still not foolproof.
I do not understand what is your request is about:
This is not secure option. Everything that we do not know about is most likely insecure. That is why crypto algorithms are open source. Other clever people should be able to try to brake them first and this can take years.
Second, open the hardware yourself and examine it, find some bombs or whatsoever you are so scarry about…remove the battery use it only from charger. Measures have some counter reactions. This is I think a really nice option offered by companies selling the hardware with open sources firmware and privacy in mind: you can modify change components and the warranty does not wanish.
I don’t think that it is possible and needed to convince anybody to buy anything. Btw. as far as I understand, the purpose of qubes certification is to show that the hardware works with qubes flawlessly and the compony can preinstall qubes. Please read the qubes disclaimer to the certified hardware. Nothing guarantees you full security. This is a wild life.
But privacy is starting to be a selling point. If the business depends on the privacy concerns and the competition will be about the privacy and safety we will see improvements in the near future. And maybe our life will get a bit easier:-)
Buying used laptops could be fine but I think it’s a gamble because you have no idea who the previous owner was and how they used the laptop.
That is nice I agree but I don’t think it helps against this adversary. If the qubes-certified vendor is really working for u.s. feds and mossad then they can hide chips in the silicon so it’s impossible to find.
I said in the OP that u.s. feds and mossad are more likely to do this attack on niche and smaller demographics like people who use QubesOS. They are fine with collateral damage, they don’t care about that but they try to reduce the collateral damage because too much collateral damage will make it harder for them to get away with what they are doing. Their perspective is 99.9% of qubesos users are not criminals but it’s still a small demographic so it’s okay to hurt all these innocent qubesos users to catch the 0.1% of the bad users.
That is why I think it’s more secure to buy a new computer from a mainstream vendor. A local store that accepts cash and is a big brand who has been there for a long time. If you have to travel a few hours to get to such a shop that’s worth it. I think U.S. feds and mossad are least likely to do this kind of attack on such a shop because the collateral will be too great.
But the problem is QubesOS doesn’t work on most computers. It really would be great if the qubes-certified vendors could be trusted, that’s why I made this topic hoping that there is something I haven’t thought about or don’t know about.
This course of action will definitely reduce the chance of being the victim of an attack on the “certified hardware” by the 3-letter agencies. Buy a random used laptop, flash the BIOS, remove the WiFi & Bluetooth radios, use your own drive purchased separately, and you’re reasonably sure that you are not a victim of hardware-targeted exploits.
Now for the software… Will Qubes even run? If you choose carefully, yes.
Everything is made in China nowerdays…not sure about trust if you really want a hypothetical extreme….And there is no vendor who produce the hardware themself. Clevo is a vendor in some cases.
Interesting. That has not been my experience. It’s not always easy to install (or ever - but I must have just picked the right PCs on which to install Qubes. Of course, the faster and more robust the better.
Maybe you were lucky. I made a list of all the laptops that are in stock and can be bought for cash. Then I used the list on qubesos website to see if they are good or not. Only 1 out of all the laptops would work with QubesOS without problems but it was very expensive and I would need to travel a few hours to go there.
I am still thinking if I will travel there and pay the expensive price. Or maybe I will just use Linux with qemu/kvm instead. It’s much easier to find laptops that work with Linux running qemu/kvm. And I think it’s important to be able to easily replace a laptop and restore backup to it. It would be difficult to switch from qubesos to linux if the qubesos laptop was stolen because backups are different. Think about if you are a journalist who travels different countries. It will be very difficult to replace a QubesOS laptop.
But linux with qemu/kvm is less secure and takes a lot more work to learn how to configure. For example disposable app VMs. Open a .PDF with a disposable VM. Transfer a file from 1 guest to another guest. It’s all possible but it will take time to learn how to configure. It would be better to use QubesOS.
Maybe you are right but it’s hard for me to know because I’m not experienced enough to say. But it’s not only about threat from feds, it’s also from cyber criminals. I just don’t know enough about firmware security. The bios chip is not the only place for malicious firmware to hide. There is also embedded controller. And your suggestion to remove Wifi and bluetooth is good but it’s also a problem for those who need wifi and bluetooth. Then there is keyboard firmware too.
I’m trying to learn more about system security but it takes a lot of time to learn about this from the ground up and I have so many more pressing things to spend time on as well.
I also don’t know if we are underestimating how many political dissidents there are in our communities. How many people in your neighborhood might be making posts about how corrupt the government is when they are at home? Or maybe they get angry during all this election times and talk about civil war and prostesting. They could say something and become a target by feds and then you buy their computer. Especially now with all the crypto currencies people might be talking too freely online and attracting attention and becoming targets by both feds and cyber criminals.
What do people here think of the idea that (analogous to what I think the security community call “Chain of Trust”), most people should start by choosing something they trust, such as the “Qubes Team”?
Then since the “Qubes Team” trust their “Qubes-certified computers”, we are better off using a Qubes-certified computer".
Two arguments could be made for this…
The Qubes certification process itself reduces the chance of problems, making the Qubes-certified computer a better bet (even when not running qubes).
Since the risks associated with the qubes team and their hardware to (to some extent) overlap, the additional risk in using choosing the same hardware is reduced.
After all if you run Qubes on a Microsoft machine, your risk is the sum of that of Qubes and the unrelated risk of using Microsoft.
We can even continue the logic by arguing that Qubes trusts Red Hat’s Fedora, Fedora trusts Firefox, Firefox trusts the certification authorities, and the certification authorities trust our https bank urls etc.
I remembering being relieved when, coming from the early Microsoft world (*where the big question was whether our machines would be slowed down too much by running Two!! antivirus programs in parallel) - I eventually discovered the very different philosophy of qubes, and could make security decisions in the much simpler way described above.
I think this is in line with FranklyFlawless saying “…what are you going to trust…”,
but I would be interested in what people think about other approaches, such as minimizing “attack surface”, and perhaps other risks, such as associated with my current difficulty making backups.
The only other thing is even if I would trust the qubes-certified vendor then the anti-interdiction services are not reliable enough. But that would be a different topic to discuss.
I also found out that the only new laptop that I can buy for cash and I thought could run QubesOS without problems, actually does have quite a few big problems with QubesOS.
I don’t think there’s much reason for this discussion to continue because that post I found and linked to already has a great and long discussion about trusting qubes-certified vendors. I don’t think there’s much more to be said that hasn’t already been said in that discussion. I linked to it in case it can help someone else.