Kyle Rankin

Chief Security Officer
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social

It was only six months ago that we formalized our anti-interdiction services so instead of being a “hidden menu item” that you had to ask about, it was available as a drop-down along with the PureBoot Bundle. While some vendors offer tamper evident tape to their boxes, to my knowledge we are the only hardware vendor to offer such a complete suite of custom anti-interdiction measures including:

  • Glitter nail polish on screws
  • Customized tamper-evident tape on a bag surrounding the laptop and its box
  • PureBoot Bundle (to detect firmware/OS tampering) with a custom PIN
  • Shipping the Librem Key and laptop separately (optionally to separate addresses) to further frustrate interdiction
  • Customized threat model coordinated over encrypted email
  • Sending pictures of the laptop measures we performed over encrypted email

We’ve processed a lot of orders between now and then and I thought now would be a good time to look back on the last six months and talk about how the program has gone so far and what I’ve learned.

A close-up of the unique pattern of blue glitter nail polish on the center screw.
A close-up of the unique pattern of blue glitter nail polish on the center screw.

Surprisingly Popular

When we first announced formal anti-interdiction services I expected it to be a fringe upgrade that only a small number of people in high threat situations would pick (like me actually, we tested an early version of the anti-interdiction procedure before the days of PureBoot and before I worked at Purism with my personal Librem 13v1 order). I have been surprised by just how many people from all walks of life have upgraded to our anti-interdiction services. While some people are definitely picking it because they are in a high threat situation, others just want the peace of mind that comes with knowing their laptop won’t be tampered with in transit without their knowing about it. We’ve also seen orders from Enterprise customers who are considering adding this service to all their future orders.

Glitter is Gold

The glitter nail polish measure is also very popular and just about every anti-interdiction order opts for glitter nail polish on either the center screw or all screws of the laptop. We offer a range of colors customers can choose from and our customers have selected just about every option at this point, with silver and blue the most popular (although orange is my personal favorite–it looks great against the black finish).

Anti-interdiction glitter nail polish on all screws
Anti-interdiction glitter nail polish on all screws

Diverse Threat Models

One of the other things that surprised me (but maybe shouldn’t have) was the diverse set of threat models I saw from anti-interdiction customers. For each anti-interdiction order, we work with the customer to figure out their threats and build a simple threat model that we address with the custom anti-interdiction steps we pick. At first I expected most of the anti-interdiction customers would be the ultra-paranoid who are already familiar with encrypted email. So far I’ve seen a wide range of threats from very low (the customer is just curious about the procedure and wants peace of mind) to very high (the customer has already experienced interdiction in the past by a strong adversary).

The custom nature of this process means we can adapt the measures to the threat and as you might expect the average case has fit somewhere between the two extremes. For instance, communicating over encrypted email isn’t strictly required depending on your threat. In the case the customer doesn’t have the means or expertise to set up encrypted email, we adapt how we communicate so that it’s still reasonably secure even without encryption. In that case we only disclose sensitive information (such as pictures or a custom PIN we’ve generated for the customer) after they have received the hardware. On the other hand the average customer tends to have some familiarity with email encryption and often already has a key set up, but doesn’t necessarily have a specific threat in mind.

Process Keeps Getting Faster

Adding anti-interdiction measures to our laptops is rather labor-intensive between all of the email back-and-forth and all of the extra steps we perform. We have tried to set a price that captures all of that extra, custom labor and when we processed some of the first orders I did question whether we charged enough. The first few orders took a lot of extra effort and time and as a result the first anti-interdiction customers often had to wait an extra few weeks to get their order depending on how fast they responded to emails.

As time has gone on patterns have emerged and the whole process has become more streamlined and faster so that now, adding anti-interdiction adds only a small delay. Most of the delay simply comes from the fact that most customers choose to wait to ship their laptop until they have confirmed they have received the Librem Key.

What’s Next

Six months on I would have to say that the anti-interdiction service has been a success. We have processed far more orders than I initially thought and for a very diverse range of customers. Now that the process has become more streamlined we should be able to complete future anti-interdiction orders even more quickly and are looking for other ways we can make it even faster. We have also expanded anti-interdiction services beyond laptops and adapted it to Librem Server, Librem Mini, Librem 5 and Librem 5 USA. If you want to find out more about our anti-interdiction services, check out this blog post.

Recent Posts

Related Content

Tags