Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Meta-Issue: Hardware Section #904

Open
jonaharagon opened this issue May 5, 2019 · 36 comments
Open

Meta-Issue: Hardware Section #904

jonaharagon opened this issue May 5, 2019 · 36 comments

Comments

@jonaharagon
Copy link
Contributor

jonaharagon commented May 5, 2019

Description

I'm making this issue to track hardware related issues to build a new "Hardware" standalone recommendations section. We're also tracking these issues and pull requests in Milestone 2.

We need to split hardware into multiple sub-categories, because there's just too much to cover in a simple top 3 recommendations section. I'm writing down every recommendation here and linking to their respective issues, regardless of whether or not they'll actually be added. Discuss each recommendation in their own issue.

Hardware Recommendations

1 Recommended by FSF: https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

Hardware Comments/Other

More Info...

If you have a suggestion for a new sub-section or any ideas on how we should organize a new hardware section, please comment in this issue! If you have a concern with a specific recommendation, please go to the related standalone issue for that recommendation and comment there! If a standalone issue for a recommendation does not yet exist and you want to discuss it, please create a new issue and link back to here so we can get this list updated!

@asddsaz
Copy link
Contributor

asddsaz commented May 5, 2019

Some of the projects listed rely heavily on non-free software.
Please view: #616

Non-free List:

Google Pixel - I don't feel like I need to expand on this one.

1

There is a reason Purism chose NitroKey.
Haven't looked much into U2F Zero or Usb Armory.

Edit:
I would like to correct myself on the Tallos 2.
https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-respects-your-freedom-certification-by-pre-ordering-by-september-15

Sorry

@asddsaz
Copy link
Contributor

asddsaz commented May 5, 2019

If it is necessary to add a non-free phone.
I could stand by one of the old galaxy phones.
Maybe list the S2 or N2 or S3?

Fairphone isn't the worst?
https://blog.replicant.us/tag/fairphone/

Maybe just add to worth mentioning?

Edit:
Also the Librem 5 isn't released yet and I have doubt that it will actually be RYF certified.

Wifi/Bluetooth will be hard getting to work and even then the name is very similar to the other devices.
This might be a disqualification.

@asddsaz
Copy link
Contributor

asddsaz commented May 5, 2019

A device to add: EOMA68

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented May 5, 2019

  • Google Pixel w/ GrapheneOS (or other custom ROM) (Related: #832 (comment))

Must agree with @asddsaz Google Pixel is non-free regardless of how you look at it.

If I recall properly Yubikey is non-free.
Is USB Armory or U2FZero fully FLOSS to FSF standards?

A device to add: EOMA68

EOMA68 looks very intriguing. Not yet released though.

In relation to NitroKey: Nitrokey/nitrokey-pro-firmware#48

@jonaharagon
Copy link
Contributor Author

Of course the Google Pixel is non-free, but it's also the most secure option available out of any Android phone so I wasn't sure if that should factor in. Requirements are unclear.

@blacklight447
Copy link
Collaborator

Well first of all we want to seperate secure from free, and see what we see as more important, should one run libresoftware thats barely maintained, or rather run not fully libresoftware thats actively maintained and known to be secure.

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented May 7, 2019

Well first of all we want to seperate secure from free, and see what we see as more important, should one run libresoftware thats barely maintained, or rather run not fully libresoftware thats actively maintained and known to be secure.

Replicant has one of the worlds best bug tracking programs and is backed by the FSF.

More info: https://www.wikipedia.org/wiki/Replicant_(operating_system)#Security

As for Android devices, the Fairphone does a good job in the security department.
https://www.wikipedia.org/wiki/Fairphone_2#Software, https://archive.is/omCtt#Software
Read warning: https://blog.replicant.us/tag/fairphone/

Privacytools.io is supposed to recommend the best tools. Not all of them.

@five-c-d
Copy link

five-c-d commented May 8, 2019

I think that the hardware-section is a grand idea, but I would strongly suggest that it should be tied to the software-sections. People don't buy "hardware" what they buy is "something to run the apps that I need".

In the case of privacyToolsIO, we have a huge long list of all the apps that a privacy-conscious person might need. Thus, the key question that the hardware-section should answer, is: what is the maximally privacy-respecting hardware, that is compatible with a large percentage of the software listed in all the other privacyToolsIO listings?

And then, the reverse question: some particular person in the readership, is getting [software tool X] and is wanting to know, which hardware is the most privacy-respecting hardware, which is compatible with [tool X] specifically? Ideally, there would be some kind of a system where the enduser can tick checkboxes of the tools they like, in the /summary ...and then, when they get to the hardware-section, see some kind of indicator that tells them "of your 9 checkbox'd software tools, you will be able to use them on [samsung1 lg2 samsung3] smartphone simultaneously with [intel1 amd2 intel3] laptop" type of thing.

If I check the box for LineageOS in the mobile section, I want to see S9/S9+ listed, but I also want to see S5 listed (removable battery is a kinda-sorta form of baseband killswitch). If I am interested in Replicant however, it won't run on the S9/S9+ and that means I want to see the S3 listed, or whatever. TorBrowser only official runs on laptops and desktops, it is unofficial on mobiles. Signalapp probably won't run on the Librem5, at least on launch-day, because Librem5 is going to be a DebianPhone and signalapp only runs on android + iOS right now. Maybe the Librem5 will get an unofficial android-multiboot option, or maybe signalapp will get an unofficial volunteer-port to the Librem5, or maybe both. GrapheneOS is super-secure, but only runs on very specialized hardware: Pixel 1/XL/2/2XL/3/3XL, and is best on 2+ units.

My point is, the software-choices are what determine the hardware-choices, not vice versa. Because a lot of the privacyToolsIO listings are cross-platform (which is a very helpful feature), plenty of tools will run on most kinds of hardware. GrapheneOS has very specific hardware-requirements, but once you have a Pixel, you can run almost any Android-app as long as you are able to install FDroid and then Yalp, to get around the (purposeful and privacy-oriented) lack of playStore. Signalapp will work fine thataway, and so on. But you cannot run TorBrowser on your GrapheneOS device, unless you are okay with alpha-state software. You can run FirefoxFocus with one "fairly benign" tracker, or FirefoxKlar with zero-but-some-headaches. You can also install BraveBrowser, presumably, no trackers detected by exodus, but I'm not sure if that means zero or it just means none-detected.

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented May 8, 2019

@five-c-d Last I checked Replicant supported F-Droid. 1
Therefore F-Droid apps would be available to install. Plus, you can still install Yalp Store.

As for the other devices,
Most of the listed laptops/tablets/SoC ship with a Debian fork like gNewSense, PureOS, or Trisquel. These all support .deb packages.

If I recall correctly the rest utilize a more ARM-freindly OS like Parabola (based on Arch).

@five-c-d
Copy link

five-c-d commented May 8, 2019

Yeah, I think Replicant is decent in terms of software-support. Like with GrapheneOS, you start with FDroid, and if you need more than that, you can install Yalp/similar. The main limitation of Replicant, is that if you want to run replicant, you have to get very specific hardware: an old samsung S3, or whatever. You cannot just install Replicant on "any android handset" ... but once you do have a replicant-compatible handset, you can install "pretty much any android app" with the exception of apps needing hardware support that your handset/drivers don't provide and other normal issues like that.

By contrast, you can install Debian (and variants like Trisquel) onto pretty much anything: laptop, tablet, etc. Even the Librem5 will have a debian-distro. So when it comes to "picking hardware that will run debian" about the only thing that WON'T run debian one way or another, is an iphone-device. But not every piece of software in the privacyToolsIO list, works properly on Debian: there are privacy-addons for android, which are android-specific (and thus won't work on Librem5). Wireapp is unofficial on Linux, including Debian. Signal4desktop officially supports Debian, but only as a slave-device, without cryptocalling ability, and requiring an upstream ios-or-android when you first link the debian-slave. This is fine for debian-based-laptops, but not fine for debian-based phones like Librem5.

To me, this is what the new 'hardware section' should help to highlight: hardware choices that are going to let you run all the stuff you want to run from the other listings, AND be secure (from an infosec standapoint and maybe an opsec standpoint) whilst doing so, ideally with a high-quality support community and ideally-ideally with libre-licensed drivers/firmware/etc. Some kind of pricepoint indication is also needed: ~$50 used S3 to install Replicant, is somewhat cheaper than ~$100 mid-grade s7 running LineageOS, which is much cheaper than ~$300 Pixel2 needed for Graphene, versus the Librem5 ~$600 pre-order. The VPN provider and webmail providers give exact pricing, but the hardware-pricing will have to be 'street prices' since cost will vary depending on where the enduser lives.

@blacklight447
Copy link
Collaborator

We should indicate notify the users what the criteria were once this is all set and done, so it might be worth writing a blog post on what we chose and why, and put a link to that above the hardware section.

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented May 8, 2019

@five-c-d Debian isn't really made for mobile.

And if privacytools.io is gonna recommend hardware they can recommend hardware with support for Replicant. This doesn't mean that users cannot install LineageOS.
Plus most if not all Replicant devices are also supported by LineageOS.

Not sure what the question is.

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented May 8, 2019

We should indicate notify the users what the criteria were once this is all set and done, so it might be worth writing a blog post on what we chose and why, and put a link to that above the hardware section.

@blacklight447-ptio I'm a big fan of the RYF Certification process.
Sets things out pretty clear: ryf.fsf.org

Unlike other certifications like OSHWA, IMHO it is very reasonable,.
Basically it must be free software, must not be easily confused, no reported spyware, no DRM, and must have a bounty program.

@Atavic
Copy link

Atavic commented May 14, 2019

Concerns with Intel ME (#844)

The concerns should be with Intel as a whole, see Zombieload, another weird bughole.

@asddsaz
Copy link
Contributor

asddsaz commented May 16, 2019

@Atavic Hopefully Risc-V and projects like the EOMA68 will be better.

@Mikaela
Copy link
Contributor

Mikaela commented May 16, 2019

The concerns should be with Intel as a whole, see Zombieload, another weird bughole.

and cpu.fail

@jonaharagon jonaharagon pinned this issue May 18, 2019
@privacytoolsIO privacytoolsIO unpinned this issue Jun 3, 2019
@privacytoolsIO privacytoolsIO pinned this issue Jun 3, 2019
@danarel
Copy link
Contributor

danarel commented Jun 6, 2019

I would suggest removing Purism, at least from the mobile part because their phone doesn't seem anywhere near completion and most of the specs are listed as TBD. Right now, they are just asking for money for a product with no real or serious timeline.

@danarel
Copy link
Contributor

danarel commented Jun 6, 2019

Also, is there a reason System76 isn't listed? Not sure if I missed part of that conversation or not.

@five-c-d
Copy link

five-c-d commented Jun 7, 2019

[purism] phone doesn't seem anywhere near completion

They keep slipping the schedule, yes, but there are test-handset-hardware in the hands of developers is my understanding (since early this year). Supposed to be 2019 Q3 that they release, last I heard, but the hardware-section is still "under development" just like the Librem5. Maybe it is listed because the hardware-section won't be done until the phone ships? :-) But yes, agree the Librem5 should not be listed until an everyday enduser can actually order one and receive it a few days later, which is not the case as of June 2019. Librem13+Librem15 laptops, and LibremKey, should be listed now however.

System76

Agree, apparently the OryxPro has disabled ME, and it ships with 18.04 LTS out of the box. To me that means it is worth listing, though it is not aiming at the libre-market it is aiming at the linux-programmer-and-sysadmin market.

But that begs the question, is any high-end laptop which offers Linux worth listing? If we want something for everyday endusers, we could list Lenovo+RHEL:

RedHat Ubuntu ThinkpadModelsWithThinkShutter
maybe?   (y?)    	E495  Type 20NE
maybe?   (y?)    	E490s Type 20NG
maybe?   (y?)    	E490  Type 20N8, 20N9
RHEL7.5  18.04 	A485  Type 20MU, 20MV
_______   18.04  	A285  Type 20MW, 20MX

(yes?)   (y?)       	T590  Type 20N4, 20N5
(yes?)   (y?)       	T490s Type 20NX, 20NY
(yes?)   (y?)       	T490  Type 20N2, 20N3
RHEL7.4  16.04 	T580  Type 20L9, 20LA
RHEL7.4  16.04 	T480s Type 20L7, 20L8
RHEL7.4  16.04 	T480  Type 20L5, 20L6

(yes?)   (y?)       	X395  Type ??
(yes?)   (y?)       	X390Y Type ??
(yes?)   (y?)       	X390  Type ??
RHEL7.5  18.04 	X1 Ex Type ??
RHEL7.4  16.04 	X1 C6 Type 20KH, 20KG
RHEL7.4  16.04 	X1 Y3 Type 20LD, 20LE, 20LF, 20LG
RHEL7.4  16.04 	X280  Type 20KF, 20KE

RHEL7.5  18.04 	P1    Type 20MD, 20ME
RHEL7.5  16.04 	P52   Type 20M9, 20MA
RHEL7.4  16.04 	P52s  Type 20LB, 20LC

Thinkpads with RHEL-or-Ubuntu have the 'ThinkShutter' to physically slide over the webcam when it is not in use (handy way to save on post-it notes). Should they qualify, as privacy-respecting laptops? They are definitely more aimed at everyday endusers than most of the hardware-listings mentioned up until now.

Most places on the interwebz also have Dell Precision and Dell XPS in the "best linux laptop" listings, though I dunno whether Dell has any especially-privacy-oriented features.

@ghbjklhv
Copy link
Contributor

ghbjklhv commented Jun 15, 2019

Also, is there a reason System76 isn't listed? Not sure if I missed part of that conversation or not.

System76 isn't really privacy focused.
They aren't even a listed Coreboot vendor yet. They also do not state if they require non-free firmware.
Plus, PopOS is based on Ubuntu which has had privacy issues in the past.

@jkhgvfgvsth
Copy link
Contributor

I would propose a rule being added to the contributing guidelines requiring hardware not not depend on non-free drivers. Otherwise OSes like Trisquel would not work and even vanilla Debian might not work.

Users need to be able to run whatever OS that want, even Linux-Libre.

@ggg27
Copy link
Contributor

ggg27 commented Jul 15, 2019

Google Pixel w/ GrapheneOS (or other custom ROM) (Related: #832 (comment))

Google Pixel requires non-free drivers. So do like 99% of modern phones, but unless I'm mistaken it can't even boot without non-free software.

Ya'll are kinda limited to some old Samsung deices and maybe the Golden Delicious GTA04 board.

Good resource: https://www.wikipedia.org/wiki/Replicant_(operating_system)#Likely_additions

I have high hopes for the Librem 5, possibly too high as others have stated.

@Mikaela
Copy link
Contributor

Mikaela commented Sep 15, 2019

@JohnGLFour
Copy link

For people wanting to include Fairphone, here is a warning.
Fairphone only ship to EU countries, not internationally.

@Zcr34
Copy link

Zcr34 commented Feb 2, 2020

For people wanting to include Fairphone, here is a warning.
Fairphone only ship to EU countries, not internationally.

Technically EBay exists, but the Fairphone is rarely found outside of Europe.

Plus, they do have a fairly large presents in Switzerland.

Edit: There have been some reports of users getting the Fairphone to work in the United States:

@ian-tedesco
Copy link

ian-tedesco commented Feb 15, 2020

Lindy USB port locks: It's basically a lock for your USB ports which unlocks with some weird kind of key. It's used to prevent evil butler/maid attacks.

Mic-Lock microphone blocker: It tricks the device into thinking that there's a microphone plugged in, therefore rendering useless the in-built one. This is only useful against BigTech tracking since an attacker with the ability to inject malware could easily select which microphone to use.

Anti-Spy RF scanner: This is used to detect hidden cameras, microphones and anything that creates a radio signal, it may detect other types of signals too, someone should check better.

PortaPowUSB data blocker: It's a USB condom, it prevents anything except electricity over the USB wire. It's used to charge your device when you are in an unknown or public space.

Tableau forensic bridge kit: From the Amazon URL "The T8u is the first Tableau Portable Family forensic bridge that supports write-blocked imaging of USB 3.0 devices through a SuperSpeed USB 3.0 host computer connection. T8u's powerful combination of a new, high-performing product architecture and USB 3.0 technology provide the speed you need to image USB 3.0 flash drives, multi-terabyte hard drives, or all USB 2.0/1.1 drives conforming to the mass storage "bulk-only" specification. Using controlled, real-world configurations and modern forensic imaging software, we've measured forensic data transfer with the T8u in excess of 300 MB/second (while simultaneously calculating MD5 and SHA-1 hashes). No other USB write-blocker can match the T8u's forensic performance and value. "

StarTech 1:5 USB flash drive duplicator and eraser: It's used to erase various thumb drives at the same type, it supports different protocols for this and you can also duplicate them.

StarTech 4-bay drive eraser: It is used to erase HDD/SDD, it supports up to 4 at the same time and it has different "erasing methods" or something like that (maybe it encrypts the data before deleting it?).

Lowell Destruct hard drive eraser: It is USB kind of thing that factory-resets your HDD/SDD when plugged in. I think it only supports windows.

Apricorn Aegis Padlock Fortress FIPS USB 3.0 hard drive: This one is so damn cool. It is a hard drive which has a keypad to unlock it and encrypts the data.

Brick House Security stuff: It's a company that sells a bunch of stuff to prevent unwanted spies.

BusKill: A Kill Cord for your Laptop: It's a rubber ducky that if unplugged from your laptop it self-destructs it.

White Noise Audio Jammer AJ-34: This one is from my favourites. If you have been tapped and there's a posibility that someone's listening to you, this will generate a white noise that doesn't allow recording devices to capture clear audio.

Faraday Bags: A bag that prevents any kind of signal of going in or out.

Camera blockers: It blocks the camera of different devices.

@strypey
Copy link

strypey commented Apr 6, 2020

Minifree is a casualty of COVID-19. Leah is fine but she is shutting down the company and is crowdfunding to keep the lights on.

This is an index of companies selling hardware with GNU/Linux preloaded:
https://linuxpreloaded.com/

@strypey
Copy link

strypey commented Apr 6, 2020

There is also Pine64.org, who are developing and selling a range of ARM-based single-board computers, including PineBook, PinePhone, PineTab (tablet), and PineTime (watch). Like Purism, their production and shipping has been affected by COVID-19 restrictions, but they are publishing updates on the status of each of their lines on a monthly basis. They've just announced pre-orders for a UBports version of the Pinephone:
https://www.pine64.org/2020/04/02/pinephone-ubports-community-edition-pre-orders-now-open/

@alexjmccoy
Copy link

alexjmccoy commented Jun 17, 2020

In terms of laptops it's hard to imagine any recommendation of currently available software than a Librem 13 or Librem 15. When it becomes available, the Librem Mini should be a good recommendation for a desktop PC.

As the proud owner of both an x200 with Libreboot and an x230 with Coreboot and cleaned Intel ME, I can confidently say they cannot be recommended to the average user. No one except hobbyists are going to use an SPI flasher to flash aftermarket firmware and run me_cleaner. Even if you can get one of these machines into their hands, they are outdated in terms of performance relative to any 2020 laptop. They're just too old.

I think the privacy community over-emphasizes an absolutist vision of privacy based on unrealistic purity tests rather than what can reasonably be expected in 2020. There is no such thing as a fully open source computer. Worse, there are many recommendations made in the name of "privacy" that sacrifice security. The Librem 5 is a great example: Purism used what is essentially a loophole in the FSF's recommendations to secure an endorsement. The phone's (closed-source) firmware is not writeable, meaning if a security vulnerability is discovered in device's hardware, it cannot be patched! You really have gone too far down the purity test hole if you're so concerned with the idea of "freedom" that your device is plagued with security vulnerabilities that have available patches because you insist on maintaining "control" over your device, whatever that means.

I think a Librem 13/15 with PureBoot and a decent, hardened operating system such as Arch Linux with the linux-hardened kernel and AppArmor support would be a great recommendation. I use this setup on my x200. It's resistant to most kinds of attack that your average user would be worried about, Arch Linux gets very up-to-date security patches very quickly, and the machine is modern and will be usable for years to come.

By the way, I'll be using GrapheneOS on my Pixel 4 XL as soon as it's available. GrapheneOS is another excellent recommendation for a modern phone: extremely secure and extremely private while still being very usable relative to other modern options.

@ph00lt0
Copy link

ph00lt0 commented Jun 17, 2020

Maybe add: https://esolutions.shop
They sell phones with /e/ on it directly. A good solution for non techies in need of a smartphone that does limit a lot of spying from Google.

@ph00lt0
Copy link

ph00lt0 commented Jun 17, 2020

Mic-Lock microphone blocker: It tricks the device into thinking that there's a microphone plugged in, therefore rendering useless the in-built one. This is only useful against BigTech tracking since an attacker with the ability to inject malware could easily select which microphone to use.

Not sure how that helps. If I would make a surveillance to I surely would make it record all available mics, not just the default.

@ph00lt0
Copy link

ph00lt0 commented Jun 17, 2020

Apricorn Aegis Padlock Fortress FIPS USB 3.0 hard drive: This one is so damn cool. It is a hard drive which has a keypad to unlock it and encrypts the data.

Seems like a knockoff of https://www.securedrive.com/

@asarkanyfole
Copy link

asarkanyfole commented Jun 26, 2020

Maybe add: https://esolutions.shop
They sell phones with /e/ on it directly. A good solution for non techies in need of a smartphone that does limit a lot of spying from Google.

I bought one of these. A refurbished Galaxy S7 Edge running /e/ has been my primary phone for about a year now (I was among the very first to get one of these). Minor hiccups aside, it has been a very good product / OS / service ... it is not quite 100% private/secure/deGoogled, but it's close (or at least, it wasn't the last time I checked, 6-8 months ago ... they may have improved since then). They are trying to hit a "sweet spot" between truly private and non-techie-user-friendly.

I generally recommend them (/e/) to anyone looking for a deGoogled phone.

I'm willing to provide details on my experience with it, if it would help determine whether or not to recommend /e/Phones on PT.io.

Edit: The /e/ OS is FOSS and available to anyone anywhere, as is most (all?) the associated services they provide (like private cloud-based data backup/sync) ... but the "buy a phone with /e/ pre-installed" option is still only available in Europe.

@strypey
Copy link

strypey commented Jun 26, 2020

Signal4desktop officially supports Debian, but only as a slave-device, without cryptocalling ability, and requiring an upstream ios-or-android when you first link the debian-slave. This is fine for debian-based-laptops, but not fine for debian-based phones like Librem5.

Add these to the long list of reasons not to use Signal.

EDIT: I've always picked which mobile apps to commit to on the basis of how well they support desktop GNU/Linux, because it's a signal (pun intended) of how well they'll be supported on mobile GNU/Linux.

@GETandSELECT
Copy link

thank you very much for the effort of creating software recommendations. They helped me to choose the right alternative!

I would love to see hardware listed as well. Especially people who have little experience with hardware will benefit from this.

Is there an update?

@freddy-m freddy-m unpinned this issue Nov 27, 2020
@Kohoshi12
Copy link

There is also Pine64.org, who are developing and selling a range of ARM-based single-board computers, including PineBook, PinePhone, PineTab (tablet), and PineTime (watch). Like Purism, their production and shipping has been affected by COVID-19 restrictions, but they are publishing updates on the status of each of their lines on a monthly basis. They've just announced pre-orders for a UBports version of the Pinephone:
https://www.pine64.org/2020/04/02/pinephone-ubports-community-edition-pre-orders-now-open/

The pinephone is so interesting compared to the devices runnings the Android custom roms, because to install the systems there's no necessity to root and no risc of breaking the phone and it's totally libre. The list of mobile systems should be updated as well with systems for this device and others, because everthing developed for the Pinephone will work well on other devices.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests