Add hardware guide to knowledge base

[dngray]

Resolves #1899, resolves #1989, resolves #1864

• Laptop vendors shipping malware/adware
• Hardware keys
• Dead man switches
• USB "condoms"
• TPM's/hardware security chips
• Biometrics
• Webcam/microphone blocking
• Privacy screens
• Routers/Networking devices
• Encrypted Drives
• Anti-Interdiction

See previous discussion: #1939

• I have disclosed any relevant conflicts of interest in my post.
• I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
• I am the sole author of this work.
• I agree to the Community Code of Conduct.

[netlify]

✅ Deploy Preview for privacyguides ready!

Name	Link
🔨 Latest commit	c368548
🔍 Latest deploy log	https://app.netlify.com/sites/privacyguides/deploys/6607f18a93476f0008845c4d
😎 Deploy Preview	https://deploy-preview-2268.preview.privacyguides.dev
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	4 paths audited Performance: 67 (🔴 down 9 from production) Accessibility: 91 (🔴 down 1 from production) Best Practices: 81 (🔴 down 17 from production) SEO: 90 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[blacklight447]

Regarding hardware switches for laptops, should we put a notice that some switches in laptop are purely a software based switch which technically give you a false sense of security, since malware can turn it on?

Other then that, this seems all very comprehensive and correct, great job guys.

[maltfield]

The best way to prevent a targeted attack against you before a device is in your possession is to purchase a device in a physical store, rather than ordering it to your address.

Unfortunately, I tried doing this recently and found that no stores sold high-quality (business-grade) laptops. They only sold shitty cheap consumer-grade hardware in-store. All the stores I went to said that their business-class laptops were only available on their website. I think this is something that was exacerbated during the pandemic, when purchases online shot through the roof.

Maybe it's a good idea to mention "Proxy Shops" here as a means to buy hardware online anonymously.

Amazon has lockers that technically would allow you to ship hardware to yourself anonymously, but if you create a new account and load it with an anonymously-purchased giftcard, they'll close your account before your order goes-through (citing "fraud"). But there is a proxy shop in the US that accepts Monero and will order hardware on your behalf (they originally were created to buy cryptocurrency hardware wallets) and ship it to an amazon locker.

• https://anonshop.app/

There's also another great proxy shop in Germany that will accept crypto- or fiat-currency and either forward the item to you via post or let you pick it up at their location Leipzig.

• https://proxysto.re

I think it would be worthwhile to mention Proxy Shops for users who live in a country where they cannot buy the security hardware that they need at a physical brick-and-mortar, yet they need to purchase it anonymously to avoid a targeted interdiction attack.

[maltfield]

The Hardware Security Programs has one paragraph about Windows and one paragraph about Mac.

I think we should add a third paragraph mentioning Linux machines, with specific focus on distros that are designed for security. I think it would be wise to mention QubesOS in this section, and to include a link to the PrivacyGuides.org article on Qubes

• https://www.privacyguides.org/en/os/qubes-overview/

As this is a section on hardware, I think it would be good to also link to Qubes' Hardware Compatibility List

• https://www.qubes-os.org/hcl/

[blacklight447]

One more thought, should we mention the possibility of using speakers as a microphone, there is research out there showing its possible, but I would guess its a very unlikely thing to happen even to niche very high threatmodels.

[namazso]

@blacklight447 can you link any such research? While electrically microphones and speakers are the same, as soon as you plug them into a chip that only does one of ADC or DAC that feature is completely lost.

[privacyguides-bot]

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/separate-decisions-and-reactions/15021/1

[dngray]

@habibm1361 I removed your comment for spam. The link you posted looks like an affiliate link too.

Nothing privacy friendly about a notebook that is bundled with ChatGPT. ChatGPT literally works on the premise of sending data away to a remote server.

[inson1]

Why there is no info about coreboot and open hardware?

[inson1]

Anyway I think its still improvment, why it isnt merged?

[maltfield]

@inson1 see

• Add hardware section #1939
• Add Hardware Section #1899

It looks like the first PR was merged. That PR and this PR are both are called "Add hardware section"

I know there was some hesitation to recommend devices with coreboot (due to it mostly being old devices), but the vendors putting it on newer devices were OK'd for listing. And imho it would benefit this guide to recommend those vendors specifically and why coreboot is important (though not sufficient) for privacy hardware.

[oppressor1761]

maybe add an anti-theft recommendation

[maltfield]

maybe add an anti-theft recommendation

I think "Dead man switches" (like BusKill) are the anti-theft recommendation. Or did you have something else in mind?

[jonaharagon]

I pushed a commit to move this to the KB instead, and renamed the page. Otherwise just a few small changes I'd still make here.

[privacyguides-bot]

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/2024-07-28/19709/1

[jermanuts]

At https://www.privacyguides.org/en/basics/hardware/#routers could you emphasis how bad ISP provided routers are? Here's a good resource https://www.routersecurity.org/ISProuters.php. The same author written another article about consumer routers https://routersecurity.org/consumerrouters.php.