Make a section on how modern hardware (Intel post 2006 and AMD post 2012) should be avoided? #292
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#292
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Before anyone points that privacytools is only about tools, let me respectfully affirm that all these tools are only effective as long as the underlying hardware is not compromised.
This issue has not received the coverage that it needs, and I think we should at least mention it.
https://libreboot.org/faq.html#intel
https://libreboot.org/faq.html#amd
Edit: Just to be precise, it doesn't have to be an obligation "don't buy intel post /amd post... since X", we could just shed some light on this issue.
We should mention it, but know that our audience is non-expert -- they're not gonna build their own computer using open-source hardware. Those who should be concerned with HW already know everything that's on our website.
Probably not a big section like https://privacytoolsio.github.io/privacytools.io/#ukusa, but yeah, we should mention it somewhere.
Maybe you could provide links to secure hardware that runs open source/free software.
@0verk1ll
Thanks for your input. I've just added the new category: https://www.privacytools.io/#hardware
Let me know if you guys have anything to add.
I think this section requires a lot of research. How does Purism solve the ME problem with Intel processors?
It doesn't solve the problem. But it's still worth mentioning since there are no better alternatives at the moment.
Worth mentioning but not worth being the first option. There are open-source processors.
corna/me_cleaner
Purism uses coreboot which contains blobs. https://libreboot.org/
https://puri.sm/learn/intel-me/
pre-2013 AMD hardware sounds like a good recommendation.
Yeah, probably better than pre-2006 Intel hardware.
@Shifterovich I'm thinking we could do this in "partnership" with a guide/post on The Privacy Guide. I believe that we should just make people aware that just a computer is more than it's software, and they should take that into consideration when buying newer hardware.
On the Intel topic, we should make reference to the two Russian researches that are going to present a way to run unsigned code on the Intel ME chips during Defcon this year.
Yeah, I'm planning on writing something about secure HW anyway. I think I might have time for that this week.
Let me know if you need help with it, I'd be happy to help
Got Telegram?
@Shifterovich Purism recently solved the ME problem.
https://puri.sm/posts/deep-dive-into-intel-me-disablement/
@Shifterovich note on telegram
https://github.com/xdb6f/telegram-ipleak
Was posted on privacytools irc, I don't have another way to reach you so here it is.
@kewde It's what I use for general usable chat. For private conversations I obviously use OTR. Might add this resource to the website, though.
Yeah, Purim is doing very good job recently in the ME field.
You should also check their phone project, they finished a successful fundraising for a fully open source, privacy focused phone.
@privacytoolsIO
I can't see the hardware sections on privacytools.io - nothing in Firefox ESR, Waterfox or Epiphany.
Can only see the commits here on github.
After some thinking, the actual threat model for exploits like this is really high, and more then 99% of user would not have to bother with exploits on this level, saying that this hardware should be avoided will most likely confuse users and do more harm then good. there is also the issue that older hardware no longer gets firmware updates, so they will be less secure to spectre/meltdown types of exploits, which is why i don't think it would be wise to recommend avoiding modern hardware. closing issue, if someone think it should be reopened, then they can comment with new arguments that address the issues described above.