What hardware do you use?

We are working on a hardware section for privacytools.io, and I want to know what devices you all use on a daily basis. We are especially interested in:

  • Mobile devices
  • Laptop hardware
  • Security keys

But, it could be any kind of hardware that serves some privacy-related purpose. Routers, IoT devices, cameras, USB accessories…

Thanks everyone!

2 Likes

I’m going to re-post for anyone who doesn’t use GitHub so they can give their opinion on whether or not my recommendations are useful.

Lindy USB port locks: It’s basically a lock for your USB ports which unlocks with some weird kind of key. It’s used to prevent evil butler/maid attacks.

Mic-Lock microphone blocker: It tricks the device into thinking that there’s a microphone plugged in, therefore rendering useless the in-built one. This is only useful against BigTech tracking since an attacker with the ability to inject malware could easily select which microphone to use.

Anti-Spy RF scanner: This is used to detect hidden cameras, microphones and anything that creates a radio signal, it may detect other types of signals too, someone should check better.

PortaPowUSB data blocker: It’s a USB condom, it prevents anything except electricity over the USB wire. It’s used to charge your device when you are in an unknown or public space.

Tableau forensic bridge kit: From the Amazon URL "The T8u is the first Tableau Portable Family forensic bridge that supports write-blocked imaging of USB 3.0 devices through a SuperSpeed USB 3.0 host computer connection. T8u’s powerful combination of a new, high-performing product architecture and USB 3.0 technology provide the speed you need to image USB 3.0 flash drives, multi-terabyte hard drives, or all USB 2.0/1.1 drives conforming to the mass storage “bulk-only” specification. Using controlled, real-world configurations and modern forensic imaging software, we’ve measured forensic data transfer with the T8u in excess of 300 MB/second (while simultaneously calculating MD5 and SHA-1 hashes). No other USB write-blocker can match the T8u’s forensic performance and value. "

StarTech 1:5 USB flash drive duplicator and eraser: It’s used to erase various thumb drives at the same type, it supports different protocols for this and you can also duplicate them.

StarTech 4-bay drive eraser: It is used to erase HDD/SDD, it supports up to 4 at the same time and it has different “erasing methods” or something like that (maybe it encrypts the data before deleting it?).

Lowell Destruct hard drive eraser: It is USB kind of thing that factory-resets your HDD/SDD when plugged in. I think it only supports windows.

Apricorn Aegis Padlock Fortress FIPS USB 3.0 hard drive: This one is so damn cool. It is a hard drive which has a keypad to unlock it and encrypts the data.

Brick House Security stuff: It’s a company that sells a bunch of stuff to prevent unwanted spies.

BusKill: A Kill Cord for your Laptop: It’s a rubber ducky that if unplugged from your laptop it self-destructs it.

White Noise Audio Jammer AJ-34: This one is from my favourites. If you have been tapped and there’s a posibility that someone’s listening to you, this will generate a white noise that doesn’t allow recording devices to capture clear audio.

Faraday Bags: A bag that prevents any kind of signal of going in or out.

Camera blockers: It blocks the camera of different devices.

6 Likes

Do the links work for you people?

No, the SP proxy links don’t work.

Mmm, okay, I’m going to find the original ones then, I didn’t want to redirect to Amazon.

3 Likes

iPhone 11 and ThinkPad W-series laptop for me.

Maybe this is still alive?


How to make your own USB condom:

I recommend https://system76.com/desktops

4 Likes

I’m using a throwaway account because of gasp privacy concerns.
I just wanted to contribute to this, as it seems to be more of a survey-esque situation and I’m always interested in being a part of those. I’ll mention what I am currently using as well as what I’m working towards.

Current Setup

Mobile Devices

  • Google Pixel w/ LineageOS 16.0 (Daily Driver) - bought second-hand off a UK EBay seller.
  • Nokia C2-01 w/ PrepaidSIM (Protest Phones) - bought second-hand off several Easter European EBay sellers and some CeX’s when traveling in Europe.
  • Motorola Moto G4 Play w/o Front Facing Camera, GPS Unit, Internal Microphones & Cellular Antenna (Backup Phone) - bought new in a Belgium electronics superstore / recently gave it away to a friend.
  • Raspberry Pi 3 w/ PirateBox (Protest FileSharing Library) - donated from a HackerSpace in Portugal.

Laptop Hardware

  • Lenovo ThinkPad X240 w/ Pop!_OS (Personal Laptop) - Bought second-hand off of a UK Refurbished Business Laptop seller.
  • Custom Desktop PC w/ 2x Windows LTSC (Videography & Gaming Computer) - bought second-hand off a hobbyist in The Netherlands through an online marketplace.

Security Keys

  • None

Idealized Set-Up

Mobile Devices

  • Google Pixel w/ LineageOS 17.1 (Personal Phone)
  • Google Pixel 3 w/ GrapheneOS (Activism Phone)
  • Google Pixel w/ GrapheneOS & desoldered microphones (Protest Phone)
  • Nokia C2-01 w/ PrepaidSIM (Protest Phone)

Laptop Hardware

  • Thinkpad P50 w/ Windows LTSC & Pop!_OS (Videography & Personal Laptop)
  • ThinkPad X240 + Tails USB Pen (Activism Laptop)
  • Custom Desktop PC w/ 2x Windows LTSC (Videography & Gaming Computer)

Security Keys

  • YubiKey 5 NFC

Note: I haven’t done enough research or understand enough about modems and routers to express even what my ideal for that set-up would be. Currently I use only ethernet cables and public WiFi’s to connect to the internet.

5 Likes

just as an info, there is an Open Source alternative to YubiKey https://www.nitrokey.com/

3 Likes

Lenovo ThinkPad X230 (i7-3520M, 16GB RAM, 1TB Samsung 860 Evo SSD) running Qubes OS. ISO image was downloaded as a torrent, and it’s signatures were checked across an untrusted machine, previously trusted machines, as well as under Tails OS. Laptop firmware integrity is verified using a Purism Librem key with HOTP on bootup.

General path from Qubes to the Internet:

  • Qubes->Mirage Firewalls->WireGuard VPNs->corridor->Tor

Additionally, I have network connection route for accessing and managing devices on my network

  • Qubes->Mirage Firewall->(nas-access, pihole-access, router-access)

All connections to the Mirage Firewalls are configured using a whitelist approach to the IP addresses and port numbers of the WireGuard servers/network devices they connect to.

Web Browsers:

  • Tor Browser (primary) in a Whonix DVM.
  • Firefox (secondary) with the privacytools.io about:config with the extensions: Cookies AutoDelete, Decentraleyes, HTTPS Everywhere, Temporary Containers, uBlock Origin (advance user, all third party content blocked and JavaScript disabled), and Vim Vixen. Used where Tor isn’t and that’s not Uni-related.
  • Ungoogled Chromium (Uni only) with Cookies Auto Delete, same uBlock Origin setup, and cVim.

Search Engines:

  • SearX
  • DuckDuckGo

Password Manager:

  • KeePassXC in a dedicated VM

Account 2FA:

  • KeePassXC in a dedicated VM

Office:

  • LibreOffice
  • OnlyOffice Desktop Editors

Notes:

  • Standard Notes with 2FA enabled and local app password protection in a dedicated VM

Calendar:

  • Tutanota desktop app in a dedicated VM

RSS:

  • newsboat in a dedicated VM

Programming:

  • Emacs + EVIL mode

Messaging:

  • Signal Desktop in a dedicated VM

Media Playback:

  • newsboat with YouTube channel RSS feeds + youtube-viewer + mpv in a dedicated VM
  • mpv for video
  • Quod Libet for music in a dedicated VM (+ mpc in VM to control music using shortcuts in Dom0)
  • Vocal for Podcasts in a dedicated VM

Emails: My personal email within a dedicated Qubes VM and my Uni email using my Uni VMs. My correspondence ProtonMail address is accessed using ElectronMail in my personal-email VM.

My Posteo emails are downloaded with POP3 over SSL using getmail into a locally stored repository. For Uni, I use mbsync to download and sync my emails with IMAP. Those emails are sent using msmtp, and read using neomutt with HTML emails converted to plain text using w3m. Emails are sent in plain text too. All attachments (PDFs mostly) are opened in DisposableVMs.

I use a multiple Posteo aliases that are completely segregated from the email used to register the account. One is considered my “professional” email for my current job. The other aliases are for AnonAddy accounts. One of them is used for purposes like job applications. The AnonAddy accounts has my public GPG key in order to encrypt emails before they are received at my inbox. This is to mitigate against the recent laws in Germany with Tutanota having to give up unencrypted emails for accounts issued with a court order. In addition, I use a different email alias (whether Abine Blur or AnonAddy) for each online account I create. That way, when that information gets sold, traded, etc., it can be easily traced back to who sold the information.

Abine Blur is for accounts that don’t need to be associated with my real name, such as online shopping on Amazon under an alias, then ship to address that I don’t live at, but that I can visit with no problems. The Abine Blur account uses an AnonAddy random word alias to avoid tying my AnonAddy username to Abine Blur. (Don’t use a UUID alias from AnonAddy as a recipient email address with Abine Blur.)

iPhone 6 32GB with all stock apps uninstalled with the following apps:

  • Firefox Focus (secondary browser)
  • maps.me
  • MySudo (alternate phone numbers)
  • Onion Browser (primary browser)
  • ProtonMail (personal communications)
  • S.Notes (Standard Notes)
  • Signal
  • Slide (Reddit)
  • Strongbox (KeePass client)
  • Tofu (2FA)
  • Tutanota (for calendar only)
  • WireGuard

Small details with my devices:

  • Front and back of phone covered with a Silent Pocket removable webcam sticker
  • Internal microphones of phone desoldered with a wired headset used instead
  • Laptop camera removed and microphone array desoldered
  • Laptop and phone inside a Mission Darkness Dry Shield 15L Faraday tote bag whenever they are not in use
  • Phone in Silent Pocket Medium Faraday sleeve when I don’t have my Faraday tote bag.
5 Likes

Really nice set up, except for the part that you use a VPN to connect over Tor, or maybe I understood wrong. But… I think the idea of the post was hardware, not set ups, don’t take it personally but I think there’s more information than need it here.

The Nitrokey is cool, although I have some thoughts on it that will likely prevent it from being a main recommendation. Probably worth mentioning section material.

1 Like

I use Tor over VPN yes. But that’s also because I trust my VPN provider (M***vad, at the top: https://www.privacytools.io/providers/vpn/). And it’s also because I live in Australia and want to hide Tor usage from my ISP, and to minimize metadata collection (https://www.news.com.au/technology/online/new-data-retention-laws-begin-today-this-is-what-you-need-to-know/news-story/28ea2dc1b01d15e53f474e21b6d68501).

Using Tor over a VPN is never a good idea, stop doing it. If you want to hide your usage of Tor from your ISP use a tor bridge, you can choose one from the browser settings.

K.

And no, I won’t. I’m aware of some of the concerns with Tor over VPN (https://matt.traudt.xyz/p/mRikAa4h.html). And they don’t bother me. My goal is for my traffic to be far disconnected from my originating IP address, for my Tor usage to be masked from my ISP, etc.I believe this is met pretty well. And I haven’t had good success with Tor bridges. At least for me with Whonix under Qubes OS.

Why would you not have success with bridges?

There seems to be no Nitrokey that supports all features since Nitrokey UG (the small German company behind it) basically forks already-existing open-source solutions, puts them on other hardware, and sells them as a “Nitrokey something”. For instance, the Nitrokey FIDO U2F is a forked U2F Zero. The Nitrokey FIDO2 is a forked Solokey. Only the Nitrokey Pro, Start and HSM seem to be original products by Nitrokey UG. We tested some of their products (see our blog posts) and the user experience wasn’t that great. For some use cases, there are even no applications that help you configuring the Nitrokey, or it is nearly impossible for non-tech-savvy users to do.

  • Security tokens: Yubico Security Key, Yubico Security NFC, YubiKey 5C Nano, YubiKey 4C. Besides, we own some Nitrokeys and a Google Titan Security Key but they are not primarily in use. Features in use: U2F for online accounts and local authentication, OATH-TOTP for online accounts, OpenPGP key storage.
  • Routers: Turris Omnia (2 GB variant).
1 Like

What’s the status of hardware section?
I am very interested in this.

Thanks to all.