Another day, another corporate surveillance story; this time it is Apple who decides to secretly send users’ call history, as well as messages, to the “cloud” (which in this case is iCloud servers, owned and controlled by Apple).
This brings up a number of issues we have spoken about before, that users who buy Apple products think they own the device, until the realization—through near daily stories reporting on Apple undermining the privacy of user data—that Apple actually owns the iPhone device, and that iOS users are simply renting it as well as the software and services that run on it.
Apple, like Google and Microsoft, controls the software that runs on your phone. Those companies will not relinquish control of their devices nor software because users continue to buy and finance their bad practices of exploiting users.
Use, support, and buy products that are completely free software, where the source code is available, so that all the software on your device can be controlled by the user, not the software giants who undermine digital rights.
Purism ships PureOS with its products, which is completely free software. Customers can also elect to have Qubes preinstalled, or to install their own operating sytsem. Purism hopes to get PureOS officially endorsed by the Free Software Foundation very soon. Additionally, in the long term Purism is working towards its ambitious goal to fully free its hardware and get hardware certification by the FSF, becoming the first manufacturer of “brand new” high-performance laptops to achieve this.
Today we learned once more why utilizing pure free software where the source code is available is critical to protect users’ rights to privacy, security, freedom, and anonymity.
The New York Times points out that this latest security breach “shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers.”
Let’s examine the problem and see what can be done about it. It’s not too late to stand up for your rights.
The Fundamental Problem
All phones and tablets on the market today suffer from the same problem: the code that operates those devices are a mystery to the users. In this specific case Google’s Android, but the same problem exists with Apple devices and Windows devices, where the operating system, software-updated firmware, and most software that runs on those devices do not have the source code available to verify that there are no backdoors sending your private data to unwanted third parties.
What this means is there is absolutely no way, for a user of Android, iOS, OSX, Windows, or any operating system that does not release all the source code, to guarantee he/she is not being illegally spied upon for nefarious reasons, corporate surveillance, government spying, and/or private data mining.
The tracking built into mobile devices is at every level imaginable. We need to create a better, digital rights respecting future for computing.
The Future of Computing
If we, as users, continue to morally and financially support Android, iOS, OSX, Windows or any other operating system that strip away the digital rights of users, we continue to advance a future where:
users are controlled for profit;
private data is mined for advertising revenue;
governments spy on people;
corporations capitalize on every user interaction;
security breaches involve staggering amounts of personal data, with enormous consequences for individuals—even worse than what we’ve been seeing in recent years.
Every time you purchase a device from hardware companies that pre-install Android, iOS, OSX, Windows, and other nonfree operating systems, you are contributing to the erosion of your rights. Buying an HTC device benefits HTC, Google, the carrier, and all software companies that preinstall their privacy-stripping binaries. Similarly, buying Apple benefits Apple, the carrier, and all software apps preinstalled or even later installed.
The Upcoming Purism Phone and services infrastructure
Subscribe to our newsletter (simply send an email to firstname.lastname@example.org to subscribe automatically) or follow us (see website footer for social links), then you will be notified when Purism launches the first freedom, security, and privacy respecting phone.
86.5% of Americans use a cell phone. When you purchased your phone, you most likely believed you owned it outright, just as you own your toaster, your electric razor, or your hair dryer. The device in your purse or pocket, however, is not your own–you are essentially renting it from companies such as Apple, Google and Microsoft. Once you purchase an Apple product, for example, you relinquish control of the device, thereby giving up your legal rights to Apple.
How was this allowed to happen? By agreeing to the terms of service and upgrades, along with the proprietary software pre-installed on the phone, you married yourself to a machine that is essentially controlled by these companies. The news of the collusion and voluntary surrender of information to the NSA of our data, emails, and phone calls–all of which were collected whether or not the information was needed–is fresh in our memory.
It appears Apple, Google and Microsoft would like the American public to forget they voluntarily and summarily collected and offered up all of our data to the NSA in the name of national security post 9-11; now, they would like us to believe they are protecting our rights and our privacy by refusing to allow the FBI access to the phone used by one of the shooters in the San Bernardino attack. While some believe Apple noble to not provide a bypass to the FBI, others are on the side of the government, thinking these companies should be doing whatever it takes to protect America. It is obvious, however, that both sides are missing the point.
We can use the only known legal precedent as an analogy. If you have a safe that requires a key to unlock it, a warrant is legally required to force the holder of that key to turn it over, thus gaining access to the contents of the safe. If, however, you have a combination safe, you can claim the 5th amendment, and no warrant, no court, can compel you to incriminate yourself, extracting the combination from your brain.
That same logic can be applied to the Apple v FBI case. Apple has the key to your phone, by controlling the operating system. Apple can, at any time, circumvent the security features that are supposed to protect you by simply upgrading the operating system.
Think of it this way: If you stay in a hotel, you are renting a room. When you check in, you are given a key to access that room; the hotel still has a master key. Apple is the hotel, and your phone is the room. You are renting it from Apple and they can come in, clean, look around, divulge, steal, expose your information, or not.
You don’t actually own your phone. If we truly owned our phones, court ordered warrants would be served directly to the owner of the phone. The warrants in the case of Apple v FBI were served to Apple, who actually has control of your phone.
The legal issue of whether Apple must give up the key, whether through legal maneuvering around the First Amendment, or an act of Congress, avoids the larger issue of control: if Apple loses this legal battle, all phones, tablets, and computing devices that are under the control of a company are then legally bound to comply with a warrant to give up the key that controls your device. If Apple, or any organization, controls your device, you are giving your legal rights over to that organization.
But if you control your device, there is no master key. Only you have the combination under your control, and never have to relinquish that control. This is the ultimate in security and privacy.
The discussion about whether or not Apple should be compelled to give up the master key is missing the larger point, that Apple should never have had the key to begin with. It is possible to control your device by using free software. With Purism products and the free software that comes with it, you own and control your device. Purism will never be issued a warrant to force us to give up anything relating to your device. Purism doesn’t control the products we sell—you do.
All Librem laptops come with a Hardware Kill Switch (HKS) which physically severs the circuit to the Camera and Microphone. The Librem laptops are the first to offer this feature and it works quite well. And in some cases, a bit TOO well.
Specifically a Librem laptop Camera and Microphone Hardware Kill Switch will work with any GNU/Linux OS, but only as long as one obeys these simple rules:
Rule #1: Always have the Camera/Microphone HKS in the ON position when booting the laptop. This ensures the kernel is aware the device is there. Once the OS starts up you can toggle the Camera/Microphone OFF and ON as you wish, but…
Rule #2: Always have the Camera/Microphone HKS in the ON position BEFORE starting a program that uses the Camera, like CHEESE. Once the program starts you can turn the Camera/Microphone OFF, but you will have to close and restart the program, with the HKS in the ON position, to get the Camera to work with that program.
If any of these rules are violated, the Camera may NOT work until a reboot.
The longer term plan is to develop proper kernel loading and unloading or software application polling of the devices, so the user flow becomes irrelevant. Obviously the kernel and software never took into account severing the circuit during operation, therefore we decided to post this to help user flow, and to provide a roadmap to ideal performance.
Here is the HARD truth about Hardware Kill switches on Librem laptops.
The Librem laptops are secure machines that respect and protect your privacy and freedom. To this end, we at Purism are intensely suspicious of several items on a standard laptop that could be used, either maliciously or accidentally, to violate your privacy and security. Specifically, these items are:
The laptop’s built in Webcam and Microphone.
The laptop’s WiFi and Bluetooth radios.
Almost all laptops on the market today have a way to turn off a laptop’s WiFi and Bluetooth radios. However, most do it via software on the computer (example: a special program in the operating system) or a soft switch in the computer’s embedded controller within the bios (example: using the keyboard combination of pressing at the same time the Function Key plus the F2 key). Due to the threats that still remain possible for malicious software to turn on these peripherals, we opt to solve this with hardware.
There is other NO laptop on the market today that has a physical means to turn off a machine’s built in Webcam and Microphone.
Thus, to protect you from the risks of these devices, the Librem laptops come with the ability to physically disable or turn off the Webcam, Microphone, WiFi radio, and Bluetooth radio via a Hardware Kill Switch (HKS).
The HKS is a real physical switch that either:
Cuts the signal or power line to the device, as in the case of the Webcam and Microphone HKS, or,
Disable the chip running them, as is the case of the WiFi and Bluetooth radios HKS.
To give you an idea how this is done, let’s look at the HKSes on a Librem 13.
The HKS themselves
The HKSes are located in the hinge cover of a Librem 13. The HKS themselves are Double Pole, Double Throw (DPDT) switches with a switch function of ON-ON and have six leads on them.
Different Devices, Different Challenges
For starters, it helps to look at the motherboard on a Librem 13 and see where the various devices connect to it.
To physically shut off each of the questionable devices with a physical switch we broke the problem down into three parts:
Kill the Webcam
Kill the Microphone, and,
Kill the WiFi and Bluetooth radios
The reason for this is because each of the above devices has a different interface and thus requires a different solution to ensure it is really OFF.
Kill the Webcam
The webcam on a Librem 13 is located above the laptop’s screen and connects to the motherboard via connector EDPCON1, a x30 pin connector that also contains all the wiring for the laptop’s display. The webcam itself uses a USB 2.0 interface, meaning there are four wires on EDPCON1 that are just for the camera. Two of the four wires are for data, one is for a +3.3 volt DC signal to power the camera, and the last wire it the ground.
To kill the Webcam with a HKS, we insert a HKS and circuit during assembly, wiring the +3.3 volt DC power wire for the USB connection directly into the HKS.
With the HKS in the OFF position, no power gets to the Webcam, and thus making it impossible for the webcam to be used (in fact it is not detected by the kernel nor operating system when off).
Kill the Microphone
The microphone on a Librem 13 is located right next to the Webcam above the laptop’s screen and connects to the laptop’s motherboard via connector MIC_COM1. But unlike the Webcam, the microphone has only two leads: One for the microphone’s signal and the other for the microphone’s ground.
To kill the microphone with a HKS, we wire the microphone’s signal wire directly to the HKS.
With the HKS in the OFF position, no signal from the microphone gets to the motherboard, thus making it impossible for the microphone to send any signals to the laptop.
One Switch for Two
Both the Webcam and the Microphone are wired to the same HKS, so both devices are OFF at the same time.
The WiFi and Bluetooth radios are wired to a second HKS.
Kill the WiFi and Bluetooth Radios
To fully understand how to disable the WiFi and Bluetooth radios, it is necessary to gain some insight into the PCISIG M.2 NGFF standard and how it is used to turn OFF the devices. The PCISIG M.2 NGFF connector has 75 positions with up to 67 pins, each with a specific function. Some are used for data, some are used for power and ground, and still others are used for control signals. But for the HKSes, the two PCISIG M.2 NGFF pins of interest are pins 56 and 54, which control PCISIG M.2 NGFF functions called W_DISABLE#1 and W_DISABLE#2 (respectfully).
The WiFi/Bluetooth Hardware Kill Switch works by applying to pins 56 and 54 an input of one of two DC signals:
To turn the radios ON: Apply a Ground (GND) or +0 V signal.
To turn the radios OFF: Apply a +3.3 V signal.
Note that this standard is a bit counter intuitive with Voltage high (+3.3 Volt) = OFF and Voltage low (0 Volts or GND) = ON.
In a Librem 13, the M.2 NGFF connector pins 54 and 56 cannot be accessed directly on the NGFF connector, for it is much too small for any solder connections. Instead the pins are accessed via two 0402 Surface Mount Device (SMD) pads on the motherboard itself (pads R609 and R629).
So for the WiFi/Bluetooth HKS, wires are soldered from the SMD pads to the HKS. Then one side of the HKS is wired to a +3.3 volt signal with the other side wired to ground. The end result looks like this:
With the HKS in the +3.3 Volt position, pins 54 and 56 in the M.2 NGFF connector will receive a HIGH voltage, and the radios on the WiFi card will be turned OFF. With the HKS in the Ground (GND) position, pins 54 and 56 will receive a LOW voltage, and the radios will be turned ON.
Our Hard Work to Protect Your Privacy
As you can see, it is not a trivial matter to manufacture these HKSes. A lot of research and hard work went into the effort.
Purism believes in your rights to privacy, security, and freedom, and will continue to work hard for users’ rights.
A visitor to the Purism site contacted us with a question. It’s a question that we sometimes encounter when we’re with friends or at events, and so we thought we’d share the response to his query.
Q: On your website, you state:
“All other laptops use hardware chips coupled with software that can betray you. News stories have shown how these chips can surreptitiously transmit voice, networking, picture or video signals. Other chips are used to install spyware, malware or viruses.”
I know about software vulnerabilities, but I had not heard of hardware itself having built-in backdoors. Could you provide any news articles to back up this assertion?
Computerworld—a sober, technical publication—has an article outlining 17 Exploits the NSA Uses to Hack PCs, Routers and Servers for Surveillance, providing many links to original sources. It concerns their Tailored Access Operations Program (TAO) and reports from the Snowden Archive are six years old. Thus what we know of today is almost certainly worse that what’s current. And what we know now is very, very troubling.
As the computer trade magazine notes, before giving four screens of examples:
Some of the exploits are deployed remotely and others are physically installed. Those hands-on operations may occur while the product is being shipped; it could be snagged during shipping so an obscure group like an FBI black bag team can do the NSA’s domestic dirty work. There are too many exploits listed in the leak to cover in one post, but I thought you might like to know about some that target servers, routers and PCs. Please note, however, that ANT can exploit nearly every major software, hardware and firmware.
Noted computer security authority and journalist Jacob Appelbaum referenced exploits used to spy on Americans and foreigners alike – with the data-sharing agreements in place, it’s important to recognize this is fast becoming an academic distinction – by observing, “This is Turnkey Tyranny and it is here.”
Videos for the 30th Chaos Communication Congress, where Mr. Appelbaum’s two lectures (and many more covering this topic) are here.
In the tech field, what a few do today, more will do tomorrow and nearly everyone will be doing next week. Even if you trust intelligence agency bureaucracies – yours or others – to not spy too much on you, your family and your friends, it’s not “just” them. It’s those that will follow that will also be able to spy on you and yours using similar techniques, for much cheaper.
Just since June ’15 alone, the OPM hacks purportedly by Chinese agents and—the irony—the Italian Hacking Team itself getting hacked proves our blog article’s concerns were, if not prescient, accurate. Smaller agencies than the NSA/GCHQ and even private parties—both who can categorically be characterized as not being particularly protective of American or even European citizens’ rights, security or well-being—are using similar exploits.
It’s code. It’s protocols. It doesn’t check first for the proper badge before running. There is no “magic golden key” allowing only The Good Guys™ from executing code.
All of this leaving aside the issue that hardware and software are becoming more conceptual categories than practical ones. Securing one or the other is no longer a guarantee of safety. You need to have both secured. And, given the complexities involved, the only reliable way to do this is to use the F/LOSSH (Free/Libre Open Source Software and Hardware) model. Since without verification, there can be no trust. Since, even though we may trust an institution or person now, we can’t have faith that five years from now, these organizations will be the same, or the people we trusted still in place.
We genuinely wish we lived in a world where our caution we have for our customers was unjustified or even, hysterical. We genuinely wish there wasn’t a need for someone like Purism to develop verifiably secure, transparent ways for people to organize their thoughts then share them. The world would be a better place. We’d probably all enjoy a bit more extra sleep. But that’s not the world we’ve inherited. So instead, we’re energized at the challenges we all face. And we’re excited at the opportunity to do our small part in correcting this very unwelcome change in our digital environment.
During our Librem 15 campaign, we asked backers what they would prefer:
A keystroke combination that kills the camera and microphone and a second keystroke combination to kill wireless and BlueTooth in software.
A function key that kills the camera and microphone and a second function key to kill wireless and BlueTooth in the BIOS.
A physical kill switch that kills the camera and microphone and a second physical kill switch to kill wireless and BlueTooth in hardware, severing the circuit entirely.
In what was a near unanimous vote from a very vocal audience, are proud to be adding option #3 physical kill switches, which are single pole double throw toggle slider switches to both the Librem 15 rev2 and the Librem 13.
A brief video showing the Purism Kill Switch for Microphone and Camera in action. As you can see from the terminal output, the circuit is severed, removing the USB device from the kernel, and adding it back in again. Simultaneously, you can also visually see the video displaying a ‘device not found’ message when the Purism Kill Switch is toggled off.
We at Purism are doing what users want, respecting rights to freedom and privacy. The Purism Kill Switches are just one of the many ways we are challenging the status quo, improving the way we interact with our digital world.
Introducing the Librem 13, a beautiful, svelte notebook computer built to respect and protect your privacy, security and freedom. It’s the world’s first laptop computer with every feature and application designed specifically around your security and privacy the minute the box is opened. There are no “backdoors” or “mystery code” in the hardware, kernel, operating system or software. Verifiably so. Once the Librem is powered on, there are no additional software applications or utilities required to protect your privacy.
Purism Kill Switches
Innovative slider toggle switches, placed near the Librem’s hinge, ensure that the electrical circuits for Bluetooth, wireless, camera and microphone are physically severed. These hardware kill switches prevent digital adversaries from eavesdropping using the microphone or accessing the camera remotely. Another switch severs the over-the-air connections, reducing the possibility of remote access. On ordinary computers these features – and their purportedly fail-safe LED indicator lights – are activated via software. Malicious entities have already been proven to remotely surreptitiously use these devices while bypassing their LED. With the Librem 13, you have the ability to toggle one, either or both of the hardware kill switches.
“With massive data breaches of users’ private financial information happening seemingly weekly, we cannot afford to trust our most personal data to ordinary computers anymore. This is why we created the Librem, the first truly private personal computer, to protect and respect users’ rights to privacy, security and freedom,” says Purism CEO Todd Weaver.
The Librem 13 ships without “mystery code” or proprietary software of any kind, offering users complete transparency into the source code and control over all software.
Purism’s own PureOS is a secure, user-friendly Linux-based OS built using entirely Free/Libre Open Source software (F/LOSS). PureOS ships with hundreds of free software applications, all respecting users’ rights to privacy, security and freedom.
PureOS also included LibreOffice, a F/LOSS office suite, including spreadsheet, word processor, presentation & drawing programs. These programs maintain file compatibility with Microsoft Office, ensuring users will work productively with MS Word, Excel, and Powerpoint files, as well as Adobe PDFs. Maintain workgroup compatibility without a monthly subscription or an always-on network connection.
PureBrowser is provided by default within PureOS, a completely secure and private web browser, is based on the Firefox browser. Also pre-installed on your Librem 13 is the anonymity-preserving Tor browser.
Conventional computers ship with proprietary software pre-installed. These proprietary software updates contain “mystery code” (hidden, proprietary software without source code) or “binary blobs” (compiled binary files without source code). This “mystery code” creates a vulnerability that adversaries, data thieves and criminals can exploit to access your data.
Numerous examples – just from the past year alone – illustrate threats Librem computers will prevent:
Corporate Exploits – Lenovo, a major Microsoft Windows-based manufacturer, was caught secretly installing the “Superfish” man-in-the-middle malware. All secure communications were intercepted, including user’s bank login credentials.
Social media – Over 2 million Facebook, Gmail, and Twitter accounts were intercepted from keylogger malware.
Spying – There have been numerous reports of stalkers remotely activating user’s microphone, webcam, or recording VoIP services.
Backdoors – Government entities creating software and hardware entry points that other countries – even groups not even feigning to serve a higher purpose – used for their own, nefarious purposes. Even destroying innocent users’ hardware in their attempts to compromise personal computers.
Data-mining – Third-party and ad trackers gather personal information about users’ browsing habits, selling the information far beyond the limited scope many assumed they’d agreed to.
Ransomware – Malware such as CryptoLocker and CryptoWall, encrypt users’ drives, forcing them to pay for a decryption key to retrieve their data within days or their hard drive will be “bricked”. Antivirus applications cannot prevent these threats.
These violations are recent. More will follow. Some will be done by nations or politicians you won’t trust as much, if you trust those doing it are doing it now. Inevitably, these techniques be common enough that casual groups will form this threat.
Our lives are digital. It’s how we learn. How we express ourselves, with who, when. Who inspires us. Who we strive to become. Strangers – corporate, governmental or criminal – will no longer entitled to be part of deeply personal process.
Years ago, your computer being compromised by viruses was a routine. No longer.