It was only six months ago that we formalized our anti-interdiction services so instead of being a “hidden menu item” that you had to ask about, it was available as a drop-down along with the PureBoot Bundle. While some vendors offer tamper evident tape to their boxes, to my knowledge we are the only hardware vendor to offer such a complete suite of custom anti-interdiction measures including:
We’ve processed a lot of orders between now and then and I thought now would be a good time to look back on the last six months and talk about how the program has gone so far and what I’ve learned.
When we first announced formal anti-interdiction services I expected it to be a fringe upgrade that only a small number of people in high threat situations would pick (like me actually, we tested an early version of the anti-interdiction procedure before the days of PureBoot and before I worked at Purism with my personal Librem 13v1 order). I have been surprised by just how many people from all walks of life have upgraded to our anti-interdiction services. While some people are definitely picking it because they are in a high threat situation, others just want the peace of mind that comes with knowing their laptop won’t be tampered with in transit without their knowing about it. We’ve also seen orders from Enterprise customers who are considering adding this service to all their future orders.
The glitter nail polish measure is also very popular and just about every anti-interdiction order opts for glitter nail polish on either the center screw or all screws of the laptop. We offer a range of colors customers can choose from and our customers have selected just about every option at this point, with silver and blue the most popular (although orange is my personal favorite–it looks great against the black finish).
One of the other things that surprised me (but maybe shouldn’t have) was the diverse set of threat models I saw from anti-interdiction customers. For each anti-interdiction order, we work with the customer to figure out their threats and build a simple threat model that we address with the custom anti-interdiction steps we pick. At first I expected most of the anti-interdiction customers would be the ultra-paranoid who are already familiar with encrypted email. So far I’ve seen a wide range of threats from very low (the customer is just curious about the procedure and wants peace of mind) to very high (the customer has already experienced interdiction in the past by a strong adversary).
The custom nature of this process means we can adapt the measures to the threat and as you might expect the average case has fit somewhere between the two extremes. For instance, communicating over encrypted email isn’t strictly required depending on your threat. In the case the customer doesn’t have the means or expertise to set up encrypted email, we adapt how we communicate so that it’s still reasonably secure even without encryption. In that case we only disclose sensitive information (such as pictures or a custom PIN we’ve generated for the customer) after they have received the hardware. On the other hand the average customer tends to have some familiarity with email encryption and often already has a key set up, but doesn’t necessarily have a specific threat in mind.
Adding anti-interdiction measures to our laptops is rather labor-intensive between all of the email back-and-forth and all of the extra steps we perform. We have tried to set a price that captures all of that extra, custom labor and when we processed some of the first orders I did question whether we charged enough. The first few orders took a lot of extra effort and time and as a result the first anti-interdiction customers often had to wait an extra few weeks to get their order depending on how fast they responded to emails.
As time has gone on patterns have emerged and the whole process has become more streamlined and faster so that now, adding anti-interdiction adds only a small delay. Most of the delay simply comes from the fact that most customers choose to wait to ship their laptop until they have confirmed they have received the Librem Key.
Six months on I would have to say that the anti-interdiction service has been a success. We have processed far more orders than I initially thought and for a very diverse range of customers. Now that the process has become more streamlined we should be able to complete future anti-interdiction orders even more quickly and are looking for other ways we can make it even faster. We have also expanded anti-interdiction services beyond laptops and adapted it to Librem Server, Librem Mini, Librem 5 and Librem 5 USA. If you want to find out more about our anti-interdiction services, check out this blog post.