Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Hardware Section! #1713

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Hardware Section! #1713

wants to merge 15 commits into from

Conversation

jonaharagon
Copy link
Contributor

@jonaharagon jonaharagon commented Feb 16, 2020

Description

https://deploy-preview-1713--privacytools-io.netlify.com/hardware/

This is a WIP draft but it's a start. TODO:

Closes: 904 (Actually we should probably merge this PR and add laptops/desktops at a later date)
Closes: #616 (supersedes, we will try to eventually import the useful content from that PR here)
Closes: #989 (supersedes)
Closes: #420
Closes: #1714
Closes: #1731
Related: https://github.com/privacytoolsIO/privacytools.io/issues/832#issuecomment-489236848 (Pixel+Graphene info)

@jonaharagon jonaharagon added 🆕 software suggestion WIP active work in progress, do not merge or PR (yet)! 💻 hardware labels Feb 16, 2020
@jonaharagon jonaharagon added this to the Hardware Section milestone Feb 16, 2020
@netlify
Copy link

netlify bot commented Feb 16, 2020

Deploy preview for privacytools-io ready!

Built with commit 3576e36

https://deploy-preview-1713--privacytools-io.netlify.com

@ian-tedesco
Copy link

ian-tedesco commented Feb 16, 2020

Were any of my recommendations useful?

Why Nitrokeys, which are the only FLOSS option, are not listed?

@nitrohorse
Copy link
Contributor

Nice; glad to see a PR for a new hardware section!

@jonaharagon
Copy link
Contributor Author

jonaharagon commented Feb 16, 2020

@5a384507-18ce-417c-bb55-d4dfcc8883fe link? Yes, possibly. I haven't had a chance to go through them yet.

Copy link

@ian-tedesco ian-tedesco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So is PTio going to be listing cryptocurrencies related information or just hardware wallets? Check this hardware wallet btw: https://shop.cobo.com/

@github-userx
Copy link

github-userx commented Feb 18, 2020

Fantastic first draft if you ask me! Great work guys!

Is this really a good phrase to use?

The iPhone 11 Pro and the iPhone 11 are the most secure and tested mobile devices on the market.

Wouldn‘t it be better to say „one of the most secure“ instead of „the most secure“ ?

Also: Doesn‘t the FairPhone2 come with a modified Stock Android by default? Or does it really come with UbuntuTouch preloaded?

Apologies, I don’t really know how to participate here on github or with this repo properly..

@github-userx
Copy link

NitroKeys is open hard- and software as far as I know?

But YubiKey‘s Hardware/firmware has never been OpenSource or audited:

https://www.yubico.com/blog/secure-hardware-vs-open-source/

The YubiKey hardware with its integral firmware has never been open sourced

Yubikey also had security issued if I remember correctly: https://www.schneier.com/blog/archives/2019/07/yubico_security.html

Good to see onlykey being mentioned as well. Don’t understand why Yubikey as closed Hardware is being privatized over onlykey.

@blacklight447
Copy link
Collaborator

@github-userx thats because we still have some issues with only key, mainly the points raised in #428

@github-userx
Copy link

github-userx commented Feb 18, 2020 via email

@ian-tedesco
Copy link

@blacklight447-ptio and why no nitrokey?

@blacklight447
Copy link
Collaborator

@github-userx sorry that should have been issue #489 , typo on my part, sorry about that.

@blacklight447
Copy link
Collaborator

@5a384507-18ce-417c-bb55-d4dfcc8883fe nitrokey is going to be added.

@Peter-Easton
Copy link

Do you own one yourself? Do you happen to know whether the 24-word recovery seed backs up keys like PGP, U2F, etc., or only crypto wallets?

Yes, I own one myself and can confirm that the recovery memnonic and password will back up and restore things besides the crypto wallet. At this moment, subkey functionality with GPG is not usable with keys generated from the Trezor, only with regular keys, and you would need to find a way to set the U2F counter correctly for restoring U2F so that adds another element to using it as a U2F token. Regenerating your GPG private keys also requires either a copy of the public keys, or knowing the exact timestamp at which they were created on. Customizing keying options such as cert digest algorithm for self signatures on your PGP public key certificate is also not available. However, the core functionality for GPG certifying, signing, and encryption works at this moment, experimentally. It is at this point in time likely to change and in the future could change in ways that are not going to be backwards compatible, but it does work and could be expanded upon in the future. Some ssh functions like rsync and scp aren't working as of yet; scp is currently working but it requires a bit of an odd way and I haven't figured out how to get it to sync directories yet.

One of the factors for the U2F key recommendation specifically is probably convenience. Neither Trezor nor Ledger products seem to be super convenient in the same way that a Yubikey might be with USB-C functionality, keychain form factor, NFC functionality for mobile devices, etc...

I agree, it's definitely not nearly as convenient. There's no NFC, it's larger and much clunkier than the other key tokens and it's not nearly as durable. The touchscreen is definitely going to be a fragile part of it, so I wouldn't ever try to do something like put it in my pocket alongside anything like a coin or a key. I'm glad to see it is still there though!

@onlykey
Copy link

onlykey commented Feb 20, 2020

@jonaharagon I wanted to follow up here as I didn't get a response to my previous message. I need to be able to understand the threat model you are referring to in regards to "developers don't understand how hardware security works" in order to be able to respond to your concerns.

Actually I'm going to remove OnlyKey from being mentioned at all. I'm very concerned after reading #489 that the developers don't understand how hardware security works.

In terms of OnlyKey hardware security we have a similar approach to that of Trezor, SoloKeys, and NitroKey. Of course its never an apple to apples comparison with hardware and these are all great products but I do want to point our a couple of key differences.

  1. Those devices all use STM32 MCUs with flash security. A flaw has been identified in STM32 MCUs that permits bypassing the flash security and dumping the contents of flash as shown in the kraken post here
    OnlyKey is the only one out of the 4 devices not using an STM32 MCU as OnlyKey utilizes a Freescale mk20dx256vlh7 MCU.

  2. While the attack mentioned by Kraken has only been demonstrated on the Trezor's STM32, it most likely affects the Nitrokey and Solokey to some extent as they use similar STM32 MCUs. We specifically decided not to go with STM32 in our products because of these vulnerabilities. In contrast there are no known vulnerabilities in OnlyKey's Freescale flash security.

So I am trying to understand why OnlyKey, the only one of the 4 devices listed that does not use the vulnerable STM32 architecture is not being included in the list here. Additionally, OnlyKey is the only device of the 4 that requires a PIN code, Trezor supports a passphrase but it is not required by default. Giving OnlyKey another layer of security for data at rest.

Specifically, I don't understand how they can make the claim that private keys can only ever exist on the device, while also allowing you to back up your keys from the device 🤔

I read through #489 and don't see there being any mention of claiming that private keys can only ever exist on the OnlyKey. We mentioned that private keys are stored offline, in separate hardware, but no, there are plenty of cases where your private key would exist somewhere else temporarily. I.e. You could export your private key from Protonmail and import to OnlyKey, you could export from Keybase and import to OnlyKey. We do provide specific instructions for user's that when loading keys to only do so from a trusted computer.

No technology is perfect but we do take user's privacy and security seriously, and if you find a vulnerability in OnlyKey we have a bug bounty program that will pay. The bounty is $1000 USD for things like extracting secrets from flash.


<ul>
<li><a href="https://devices.ubuntu-touch.io/device/FP2">Fairphone 2</a> <span class="badge badge-info">Ubuntu Touch</span> - The Fairphone 2 is an interesting look into modular, ethical, and sustainable mobile devices with an emphasis on open source. This our preferred hardware if you wish to run Ubuntu Touch, however using older and less tested hardware like this inherently forces you to make significant security compromises.</li>
<li><a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300">Samsung Galaxy S3</a> <span class="badge badge-info">ReplicantOS</span> - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.</li>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest changing this:

Samsung Galaxy S3 (ReplicantOS) - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.

to something like this:

Samsung Galaxy S3 or Galaxy Note II (ReplicantOS) (postmarketOS) - This is the best hardware available if you wish to run ReplicantOS or if you want to run a GNU/Linux mobile OS such as postmarketOS, however using older hardware like this inherently forces you to make significant security and usability compromises.


IDK if Samsung Galaxy S3 and Galaxy Note II are any worse than the Pinephone or the Librem 5, they both have modem isolation and are capable of running mainline Linux.

other links:
https://wiki.postmarketos.org/wiki/Samsung_Galaxy_SIII_LTE_(samsung-i9305)
https://wiki.postmarketos.org/wiki/Galaxy_Note_II_(samsung-n7100)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The worth mentioning devices were specifically chosen because of our recommendations here: https://www.privacytools.io/operating-systems/#mobile_os

If you want PostmarketOS recommended, that is worth opening as a separate software issue.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, done (issue # 1742).

We can still change this:

Samsung Galaxy S3 (ReplicantOS) - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.

to something like this:

Samsung Galaxy S3 and Galaxy Note II (ReplicantOS) - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.

@ian-tedesco
Copy link

I think "Browser" should be moved within the "Software" section since there isn't more space on the nav bar when you are using Tor, or using Firefox with "privacy.resistFingerprint" activated. And I guess that PTio cares about Tor users.

Image of how it looks.
https://upload.vaa.red/2cogLr#35ceab28cc612e7397ff3ea35a67cb92

@jonaharagon
Copy link
Contributor Author

Works for me with privacy.resistFingerprint enabled. Might just be your screen resolution, lower than most? We can maybe still switch it though.

@ian-tedesco
Copy link

Works for me with privacy.resistFingerprint enabled. Might just be your screen resolution, lower than most? We can maybe still switch it though.

Mmm, yeah, my monitor is quite small. Still, I think it would fit better but that's just m opinion.

@blacklight447
Copy link
Collaborator

Works for me with privacy.resistFingerprint enabled. Might just be your screen resolution, lower than most? We can maybe still switch it though.

Mmm, yeah, my monitor is quite small. Still, I think it would fit better but that's just m opinion.

I would argue that it would be better to create a seperate issue for it, as its a bit offtopic for this pull request.

@kaushalyap
Copy link

kaushalyap commented Mar 17, 2020

@jonaharagon Why no desktops, laptops hardware recommendations (in deploy preview)?

@jonaharagon jonaharagon removed the WIP active work in progress, do not merge or PR (yet)! label Mar 31, 2020
@jonaharagon jonaharagon marked this pull request as ready for review March 31, 2020 16:12
@jonaharagon jonaharagon requested a review from a team March 31, 2020 16:12
@jonaharagon
Copy link
Contributor Author

@kaushalyap it's difficult to find laptops and desktops that are actually good. @privacytoolsIO/editorial I think we should probably merge this PR now to have something on the site, and add PCs at a later date. More research required for those recommendations (we might even shy away from products and recommend certain components, like "look for a Ryzen laptop" for example, idk)

Copy link
Contributor

@Mikaela Mikaela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't those pictures supposed to be svg rather than png?

I have read the page through and commented what I noticed. I am not sure whether to request changes to this, but I would like some of my feedback addressed before I would approve.

I am not certain my approval would be good here as I am not much of a hardware person, but if my approval is required and no one disagrees, I will grant it.

CC: @privacytoolsIO/editorial

Comment on lines +53 to +54
<p>There are no known, major <em>hardware</em> exploits for the iPhone 11 series, making them a safer choice over older iPhone models. All iPhone models up to and including the iPhone X are affected by <strong>checkm8</strong>, a permanent unpatchable bootrom exploit that <em>may</em> compromise your device's security.</p>
<p>This does not mean an exploit is impossible: <strong>unc0ver</strong> is an iOS 13 software exploit that affects even the iPhone 11, however it has been patched in iOS 13.3.1. Always keeping your device up-to-date is the most important step to take to keep your devices secure.</p>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are checkm8 and unc0ver? Could they be links somewhere?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

checkm8 [is an] a permanent unpatchable bootrom exploit

unc0ver is an iOS 13 software exploit

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unc0ver has been re-updated to support all version between 11.0 and 13.5, it has been patched in the 13.5.1 and 12.4.7 update. This line need some updates.


<ul>
<li><a href="https://devices.ubuntu-touch.io/device/FP2">Fairphone 2</a> <span class="badge badge-info">Ubuntu Touch</span> - The Fairphone 2 is an interesting look into modular, ethical, and sustainable mobile devices with an emphasis on open source. This our preferred hardware if you wish to run Ubuntu Touch, however using older and less tested hardware like this inherently forces you to make significant security compromises.</li>
<li><a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300">Samsung Galaxy S3</a> and <a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyNote2N7100">Samsung Galaxy Note II</a> <span class="badge badge-info">ReplicantOS</span> - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.</li>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe specify the model number? I happen have a Samsung Galaxy S III which apparently is incompatible with Replicant as it's i9305, not i9300 and the difference seems to be i9305 having 1GB more of RAM and maybe 4G.

{% include cardv2.html
title="SoloKeys"
image="/assets/img/png/3rd-party/solokey.png"
description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices. It is less feature-rich compared to the YubiKey 5 lineup, but at $20 it is a great starting point for securing your accounts, or backup U2F authenticator.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if the site is using $ and € and mixing them up at times?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see Euro

title="YubiKey 5"
badges="info:Upgrade Pick"
image="/assets/img/png/3rd-party/yubikey-5c.png"
description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), and OpenPGP smart card functionality. It is available in a variety of form factors for desktop or laptop.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Form factors?

<div class="col">
<h2>Turris Omnia</h2>
<p><strong>Turris Omnia</strong> is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).</p>
<p>Turris Omnia was created by <strong>NIC.CZ</strong>, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.</p>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure that is entirely correct about NIC.CZ, https://www.nic.cz/page/351/ as it seems to be focusing what they are into a single task?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not clear to me what you are claiming is incorrect?

{% include cardv2.html
title="Trezor One"
image="/assets/img/png/3rd-party/trezor-one.png"
description='A fully open-source cryptocurrency wallet with support for over 1,000 coins/tokens. Trezor also has password manager functionality, supports GPG and SSH key storage functionality, and can act as a U2F key, making it a great backup for your U2F key (or vice versa).'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GPG or OpenPGP?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dngray I forget what we prefer to use. OpenPGP?

Comment on lines -44 to +52
description="The PrivacyTools team is proud to launch a variety of privacy-centric online services, including a Mastodon instance, search engine, and more!"
%}

{% include card.html color="danger"
title="Donate"
icon="fas fa-donate"
iconcolor="dark"
page="/donate/"
description="We can't operate this site without the generous contributions we receive from our viewers. If you love privacy and our website please consider donating."
description="We are proud to operate a variety of privacy-centric services, including Mastodon, Matrix, and more!"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like something that should be in its own PR, but ok.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well it cannot be because the change was made to fit the new hardware card in the existing layout, so this is a part of this PR.

@Mikaela
Copy link
Contributor

Mikaela commented Apr 9, 2020

I wonder if the recommendations should also have a date on when were they recommended as I imagine hardware recommendations evolve a lot more than software recommendations as the physical device won't get improved while software does?

@ian-tedesco
Copy link

https://github.com/joeycastillo/The-Open-Book

As a society, we need an open source device for reading. Books are among the most important documents of our culture, yet the most popular and widespread devices we have for reading — the Kobo, the Nook, the Kindle and even the iPad — are closed devices, operating as small moving parts in a set of giant closed platforms whose owners' interests are not always aligned with readers'.

The Open Book aims to be a simple device that anyone with a soldering iron can build for themselves. The Open Book should be comprehensible: the reader should be able to look at it and understand, at least in broad strokes, how it works. It should be extensible, so that a reader with different needs can write code and add accessories that make the book work for them. It should be global, supporting readers of books in all the languages of the world. Most of all, it should be open, so that anyone can take this design as a starting point and use it to build a better book.

@danarel
Copy link
Contributor

danarel commented Apr 22, 2020

If we come up with some criteria for desktops and laptops, I can begin talking to manufacturers about their products that meet those criteria to see if we want to list them.

We have Pine64, System 76, etc. They are only Linux systems, but you get my drift. Though I can't see us listing Macbooks (though we will iOS) or Windows systems.

@danarel
Copy link
Contributor

danarel commented Apr 22, 2020

https://github.com/joeycastillo/The-Open-Book

I like this, but I think we need to decide where the hardware line is. Not saying it's here, but we need to figure that out.

@ian-tedesco
Copy link

I like this, but I think we need to decide where the hardware line is. Not saying it's here, but we need to figure that out.

Yes, I know it doesn't quite fit with the rest of the recommendations, but it's a really good project and it's the only alternative so far to e-readers with privacy in mind. I say you shouldn't add it for now or only as worth mentioning, y'all should talk through those details.

@ph00lt0
Copy link

ph00lt0 commented May 5, 2020

The Google Pixel supports GrapheneOS

Shouldn't it be reversed?

@ph00lt0
Copy link

ph00lt0 commented May 5, 2020

https://solokeys.com/

Connects to facebook.com without consent of user. I don't think we should recommend websites of products that do this.

Copy link

@turkytmt turkytmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

@122oa
Copy link

122oa commented Oct 4, 2020

Description

https://deploy-preview-1713--privacytools-io.netlify.com/hardware/

This is a WIP draft but it's a start. TODO:

Closes: 904 (Actually we should probably merge this PR and add laptops/desktops at a later date)

Closes: #616 (supersedes, we will try to eventually import the useful content from that PR here)

Closes: #989 (supersedes)

Closes: #420

Closes: #1714

Closes: #1731

Related: https://github.com/privacytoolsIO/privacytools.io/issues/832#issuecomment-489236848 (Pixel+Graphene info)

@bionfinc
Copy link

Just curious, what's holding up this pull request?

@freddy-m
Copy link
Contributor

@bionfinc several things, though mainly the fact that none of our PRs our building right now.

@youdontneedtoknow22
Copy link

Instead of tresorit, I would rather choose Disroot with Lufi

#2406

@jonaharagon jonaharagon requested a review from a team as a code owner June 24, 2022 13:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet