I don't understand your proposed threat model anyway. You're suggesting that there will be a sophisticated targeted attack involving an attacker spying on you to the extent that they are aware of your purchase and target you. In that case, they would target a laptop too...
Conversation
Single purpose tool (even technically advanced), with high potential of valuable intel can be targeted much more easily than the multipurpose, free, anonymous, linux tool. It simply makes more sense to attack one publicly known HVT vendor and its infrastructs.
1
Supply chain attacks on laptops with a complex list of trusted parts are far more likely and don't have less of a reward for the attacker. I'm not sure how buying a computer with Linux is supposed to be free or anonymous or how Linux is even relevant to your proposed attack.
2
1
I don't know what point you're trying to make. If you want to go back to the original topic, it was me responding to whonix.org/wiki/OpenPGP#G and pointing out that an 100% Free Software hardware option with a deniable passphrase feature and on-device key gen with recovery exists.
2
You mentioned that "full blown linux environment would dramatically less secure". It is simply not ☺ Depends who uses it and how and under what sec asumptions.
1
It is dramatically less secure. That's the reality, sorry. It has massive attack surface and the proposed usage of encryption loses the nice properties of the passphrase implementation. You could of course use software with a similar approach on it but it doesn't change the rest.
1
If you feel this way and it fits your real world sec asumptions and models, enjoy ☺ It doesnt fit mine.
Trezor is beyond any doubt, an excellent technical solution. It makes it but an excellent, one point failure HVT target, with high ROI potential for an attacker.
1
twitter.com/DanielMicay/st
It's objectively far more secure against an online attack, offline attack or coercion than the proposed alternative. Running the Trezor firmware on hardware with an SoC more hardened against tampering would be a step up for offline attacks too.
Quote Tweet
Replying to @Ishan_Ishana @DusanDuda and 2 others
The proposed approach is objectively far less secure against an online attack, offline attack and coercion. A targeted attack on an individual is easier with a laptop. Your only argument is your theory that a supply chain attack on Trezor is more likely than $LAPTOP_VENDOR.
1
In terms of supply chain attacks, there's a trade-off between purchasing a specialized device with a tiny number of components and a far more complex general purpose device with much more exposure to a compromise. I don't think that has a clear cut answer.
2
1
It seems to me that you just want to be a contrarian by focusing solely on the niche of supply chain attacks and ignoring that it's not clear cut. Ignoring the far more realistic, basic threat models shared by everyone (online attacks, coercion) doesn't make much sense to me.
I am concentrating on the today's real world situation, running law proposals and determination and resources of the adversaries.
1
You can say that but I can't understand focusing solely on a sophisticated supply chain attack while ignoring far more accessible and realistic attack vectors. Laptops are much more complex (many components) and aren't tamper evident so there's a lower bar for those attacks too.
2
Show replies