Market Forces and Open Hardware
03-11-2021, 01:11 AM
I'm still not sure I understand your threat model... This is what I think I understand:
1. You expect some external actor to be "spying on their daughters" - who?
2. "There's a windows guy" - so actors in your network with closed-binary devices?
3. "I mainly want to protect privacy on principle." - against? Advertisers, state actors?
Without really understanding exactly who you are protecting your system from, it is hard to coherently build a threat model. Of course some state actor with near infinite resources is one of the more tougher attackers to fend off, with script kiddies being among the easiest.
> It's nearing its EOL, and I'm hunting something safe and cheap.
Honestly if you are running Linux and it's up-to-date, don't worry so much.
> Them System76s are pricey, but at they do have good rep as far as integrity -- I don't think they're installing spyware...
Sure, I think they even disabled Intel ME (security engine). What you say about price kind of brings about my original point on the Pine range though...
> Do you have any other recommendations as far as reputable manufacturers with minimized blobs?
Not without knowing exactly who you are fending your system from. If you assume some state actor might be adding backdoors into binary blobs, your options become much more limited.
Your biggest problem is of course networking, so I would be looking at a decent firewall that can do some threat detection - as well as open-source WiFi/networking stacks. This is kind of what the PineCone Nutcracker project is all about.
1. You expect some external actor to be "spying on their daughters" - who?
2. "There's a windows guy" - so actors in your network with closed-binary devices?
3. "I mainly want to protect privacy on principle." - against? Advertisers, state actors?
Without really understanding exactly who you are protecting your system from, it is hard to coherently build a threat model. Of course some state actor with near infinite resources is one of the more tougher attackers to fend off, with script kiddies being among the easiest.
> It's nearing its EOL, and I'm hunting something safe and cheap.
Honestly if you are running Linux and it's up-to-date, don't worry so much.
> Them System76s are pricey, but at they do have good rep as far as integrity -- I don't think they're installing spyware...
Sure, I think they even disabled Intel ME (security engine). What you say about price kind of brings about my original point on the Pine range though...
> Do you have any other recommendations as far as reputable manufacturers with minimized blobs?
Not without knowing exactly who you are fending your system from. If you assume some state actor might be adding backdoors into binary blobs, your options become much more limited.
Your biggest problem is of course networking, so I would be looking at a decent firewall that can do some threat detection - as well as open-source WiFi/networking stacks. This is kind of what the PineCone Nutcracker project is all about.
