This repository has been archived by the owner on Jun 24, 2022. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 384
Hardware Section! #1713
Open
jonaharagon
wants to merge
15
commits into
master
Choose a base branch
from
hardware
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Hardware Section! #1713
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
842964d
Initial hardware section recommendations
jonaharagon ba1ec95
iPhone Clarification
jonaharagon c22d4f5
Titan M
jonaharagon 233c9b5
Add Turris Omnia
jonaharagon f32b63e
Corrections
jonaharagon d6a555c
Transparent Solokey Image
jonaharagon d4525df
PrivacyBeast X230
jonaharagon 7ac234d
Classic view
jonaharagon 6651970
Add to homepage
jonaharagon c499337
Add Nitrokey to Worth Mentioning
jonaharagon f8351e3
Add crypto wallets
jonaharagon e02784d
Correction
jonaharagon 14a182e
Don't recommend the Ledger Nano S
jonaharagon bf4e916
Clarifications
jonaharagon 3576e36
Add Galaxy Note II
jonaharagon File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
<h1 id="mobile" class="anchor"><a href="#mobile"><i class="fas fa-link anchor-icon"></i></a> Mobile Hardware</h1> | ||
|
||
<p><em><strong>A note from the team:</strong> It is important to remember that you can only truly have privacy if the devices you use are secure. This includes security against both remote and physical attackers, and passive and active attacks. In the mobile computing space this dramatically limits your available options to devices that many would consider to be unsafe by default. You will need to make both software and lifestyle modifications to make these devices privacy-respecting. If you are unable or unwilling to do so, consider using mobile devices as little as possible, as they are at odds with your privacy almost by design. Please understand that we will never recommend any "privacy-respecting" mobile hardware that sacrifices your security.</em></p> | ||
|
||
<div class="container-fluid"> | ||
|
||
<div class="row mb-2"> | ||
<div class="col-lg-3 col-sm-12 pt-lg-5"> | ||
<img | ||
src="/assets/img/png/3rd-party/pixel-3-xl.png" | ||
data-theme-src="/assets/img/png/3rd-party/pixel-3-xl.png" | ||
height="70" | ||
width="200" | ||
class="img-fluid d-block mr-auto ml-auto align-middle" | ||
alt="Pixel 3 XL"> | ||
</div> | ||
<div class="col"> | ||
<h2>Google Pixel</h2> | ||
<p>The <strong>Google Pixel 3/3 XL</strong> and the <strong>Google Pixel 3a/3a XL</strong> are the only secure Android devices currently on the market that can be made privacy-respecting. They have hardware-backed keystores, verified boot functionality <em>with custom ROMs</em>, attestation support, as well as proper ongoing support for their firmware and proper ongoing support for software specific to the hardware used in the device, which is necessary for <em>complete</em> security updates.</p> | ||
|
||
<h5><span class="badge badge-danger">Google OS</span></h5> | ||
<p>Google Pixel devices come with a modified version of Android specific to Pixel devices. This software comes with added functionality specific to Pixel devices, but also is heavily linked with Google and Google Play Services. Using the stock ROM on a Google Pixel device is <em>strongly discouraged</em>. We recommend the use of either GrapheneOS or LineageOS to "de-Google" your device.</p> | ||
|
||
<h5><span class="badge badge-success">GrapheneOS Support</span></h5> | ||
<p>The Google Pixel supports GrapheneOS, the free and open-source mobile operating system <a href="/operating-systems/#mobile_os">we currently recommend</a> for use on mobile devices.</p> | ||
<p>Note that using a custom Android operating system means you have to make the compromise between app availibility and stability, and having decent security and privacy. This operating system does not come with Google Play Services by default, nor is it possible to install Google Play Services or microG. We recommend using F-Droid for app installations as needed, and to avoid third-party apps as much as possible. For this reason, a Pixel with GrapheneOS may not be the best choice for less technical users and users requiring the use of many third-party apps.</p> | ||
</div> | ||
</div> | ||
|
||
<div class="row mb-2"> | ||
<div class="col-lg-3 col-sm-12 pt-lg-5"> | ||
<img | ||
src="/assets/img/png/3rd-party/iphone-11-pro.png" | ||
data-theme-src="/assets/img/png/3rd-party/iphone-11-pro.png" | ||
height="70" | ||
width="200" | ||
class="img-fluid d-block mr-auto ml-auto align-middle" | ||
alt="Mullvad"> | ||
</div> | ||
<div class="col"> | ||
<h2>iPhone 11</h2> | ||
<p>The <strong>iPhone 11 Pro</strong> and the <strong>iPhone 11</strong> are the most secure and tested mobile devices on the market. They support verified boot, strong sandboxing, and strong hardware security (Secure Enclave). They also receive regular and frequent security updates, and they will receive updates far longer than competing Android devices.</p> | ||
<p>An iPhone does not make people compromise between the avalibility of third-party apps and having strong security and privacy from their device. | ||
|
||
<h5><span class="badge badge-danger">iCloud</span></h5> | ||
<p>It is important to note that iOS comes with numerous iCloud integrations, many of which are enabled by default. We recommend advoiding the use of iCloud whenever possible to avoid your personal information being stored on Apple's servers, and we only recommend the use of an Apple ID for App Store use.</p> | ||
<p>Contrary to popular belief, iCloud device backups are currently <strong>not</strong> End-to-End Encrypted. You should only backup your device using iTunes.</p> | ||
|
||
<h5><span class="badge badge-success">No Known Exploits</span></h5> | ||
<p>There are no <em>known, major hardware</em> exploits for the iPhone 11 series, making them a safer choice over older iPhone models. All iPhone models up to and including the iPhone X are affected by <strong>checkm8</strong>, a permanent unpatchable bootrom exploit that <em>may</em> compromise your device's security.</p> | ||
</div> | ||
</div> | ||
|
||
</div> | ||
|
||
<h3>Worth Mentioning</h3> | ||
|
||
<ul> | ||
<li><a href="https://devices.ubuntu-touch.io/device/FP2">Fairphone 2</a> <span class="badge badge-info">Ubuntu Touch</span> - The Fairphone 2 is an interesting look into modular, ethical, and sustainable mobile devices with an emphasis on open source. This our preferred hardware if you wish to run Ubuntu Touch, however using older and less tested hardware like this inherently forces you to make significant security compromises.</li> | ||
<li><a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300">Samsung Galaxy S3</a> <span class="badge badge-info">ReplicantOS</span> - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.</li> | ||
</ul> | ||
|
||
<h1 id="u2f" class="anchor"><a href="#u2f"><i class="fas fa-link anchor-icon"></i></a> U2F Security Keys</h1> | ||
|
||
{% include cardv2.html | ||
title="YubiKey 5" | ||
image="/assets/img/png/3rd-party/yubikey-5c.png" | ||
description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), OpenPGP, and smart card functionality. It is available in a variety of form factors for desktop or laptop.' | ||
website="https://www.yubico.com/products/yubikey-5-overview/" | ||
github="https://github.com/yubico" | ||
%} | ||
|
||
{% include cardv2.html | ||
title="Yubico Security Key" | ||
image="/assets/img/png/3rd-party/yubico-security-key.png" | ||
description='The Yubico Security Key is a budget option for secure two-factor authentication, supporting the U2F and FIDO2 protocols to protect your accounts against remote takeovers.' | ||
website="https://www.yubico.com/products/security-key/" | ||
github="https://github.com/yubico" | ||
%} | ||
|
||
{% include cardv2.html | ||
title="SoloKeys" | ||
image="/assets/img/png/3rd-party/solokey.png" | ||
description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices.' | ||
website="https://solokeys.com/" | ||
github="https://github.com/solokeys" | ||
%} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
layout: page | ||
permalink: /hardware/ | ||
title: "Hardware" | ||
description: "Your privacy is only as strong as the devices you use." | ||
--- | ||
|
||
{% include sections/hardware.html %} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest changing this:
Samsung Galaxy S3
(ReplicantOS)
- This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.to something like this:
Samsung Galaxy S3 or Galaxy Note II
(ReplicantOS) (postmarketOS)
- This is the best hardware available if you wish to run ReplicantOS or if you want to run a GNU/Linux mobile OS such as postmarketOS, however using older hardware like this inherently forces you to make significant security and usability compromises.IDK if Samsung Galaxy S3 and Galaxy Note II are any worse than the Pinephone or the Librem 5, they both have modem isolation and are capable of running mainline Linux.
other links:
https://wiki.postmarketos.org/wiki/Samsung_Galaxy_SIII_LTE_(samsung-i9305)
https://wiki.postmarketos.org/wiki/Galaxy_Note_II_(samsung-n7100)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The worth mentioning devices were specifically chosen because of our recommendations here: https://www.privacytools.io/operating-systems/#mobile_os
If you want PostmarketOS recommended, that is worth opening as a separate software issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, done (issue # 1742).
We can still change this:
Samsung Galaxy S3
(ReplicantOS)
- This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.to something like this:
Samsung Galaxy S3 and Galaxy Note II
(ReplicantOS)
- This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.