I’m planning to purchase a Pioneer from Mouser Electronics (as opposed to Olimex directly, due to the shipping/refund/currency fiasco I posted about previously), but they couldn’t answer the questions I had about product integrity. Can anyone here tell me what precautions, if any, are taken to prevent or show tampering by third parties? (Frankly, I wouldn’t put it past the U.S. to proactively alter, modify, or inject each FreedomBox that crosses the border.)
Perhaps the broader question (one which I’m really not equipped to discuss) is how to check suspicious hardware without contaminating a trusted system – or better yet, how to create a trusted system to begin with, and safely migrate one’s data to it.
But, if we figure (say, via at-home testing with guidance from users here), that a given Pioneer is “safe enough”, then my question becomes: Would its hardware also be suitable for use as a small desktop PC, to form the basis of said trusted system? In that case, I might want to buy two.
I tried with Debian (with LXDE) and with Parabola (with fvwm, no desktop environment).
The environment looks fine and you cand do things. Sylpheed works fine for email. For XMPP, profanity (command line) is ok, other things not great.
Loading even a rather light web page with Firefox (or any similar web browser) can take 100% CPU for 10 to 20s, so if you expect to use that kind of web browser, my answer is no. Epiphany is not better. If you are happy with dillo, this works ok.
If you tell me what software from Debian free repository you want to use, I can try it (I will not install anything not from Debian free repository, that includes anything from third party repositories for which Debian includes installers).
Based on your experience of Firefox, it looks like I’ll need something stronger, then.
I’m still hoping for answers about resellers, imports, and tampering, if anybody has recommendations about that. (Sure, maybe there are security how-to’s out there, but how does one find what one doesn’t even know the terminology for?)
Is the topic of tampering something that is covered elsewhere? FreedomBox is promoted as an all-in-one, easy-to-use, privacy-enhancing device, no? It seems like there would be some very clear-cut instructions on how to maintain end-to-end integrity of the product itself. What am I missing, here?
If you trust the sender and want to ensure that a product was not intercepted by some third party and modified, I guess you could ask the sender to ship with some kind of sealing with a number of non-trivial marks that will be modified if the package or the hardware is unsealed and that you can reveal, e.g. by comparing with pictures made by the sender and provided to you.
One hardware vendor which is doing that (but not for things like Freedombox) is Purism. If you don’t already have your own idea on how to do, you could look at what they say they do (I never ordered anything from them so I don’t know). However, you will have to convince a vendor for a special treatment like you require.
I don’t know whether I really understood what you are looking for.