Re: [liberationtech] Chromebooks for Risky Situations?

6 Jul 2018

      The word "Linux" doesn't refer to anything, other than maybe the kernel.

Chrome OS is linux.  But it's a massively stripped down "distribution" that
has a radical design, including the fact that it will ONLY run if all of
the cryptographic checks are verified from the root of trust.  That root of
trust is Google's massively large PKI public key that is burned into the
firmware.

For a journalist in the field, that's a great reassurance.  Take your
Chromebook to China.  The Chinese government can not alter what you are
running without either (a) modifying your hardware, which means they take
possession of it for a period of time and manage to do something that is
tricky to do (i.e. circumstances under which you'd no longer trust your
computer anyways) or (b) you will know they tried to hack it and your
Chromebook will refuse to boot, and will instead wipe away the hacks and
update itself and won't boot unless the update is a legitimate one signed
by Google.

Yes, you can't compare Chrome OS's attack surface to a typical linux
distribution, or even a highly customized linux install which doesn't have
the hardware root of trust.

On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi  wrote:
...
The biggest (and very important) difference between Linux and Chromebooks
is the hugely smaller attack surface.
NK
On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley wrote:
...
Andreas,
Plenty of Syrians do have internet access, and use it on a regular basis.
Also, lack of appropriateness for one use-case doesn't necessitate lack
of appropriateness across the board.
Linux is a great solution for many use cases, but as has been elaborated,
quite a terrible one for many others.
Brian
On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader wrote:
...
...
Nadim, I'm with you.  I'm not sure it's the perfect solution for
everyone, but like Nathan said, if you already trust Google, I think
it's a good option.
On 6 February 2013 07:12, Andreas Bader 
wrote:
...
Why don't you use an old thinkpad or something with Linux, you have
On 02/06/2013 04:24 PM, Tom Ritter wrote:
the
...
...
same price like a Chromebook but more control over the system. And you
don't depend on the 3G and Wifi net.
We started with the notion of Linux, and we were attracted to
Chromebooks for a bunch of reasons.  Going back to Linux loses all the
things we were attracted to.
- ChromeOS's attack surface is infinitely smaller than with Linux
- The architecture of ChromeOS is different from Linux - process
separation through SOP, as opposed to no process separation at all
- ChromeOS was *designed* to have you logout, and hand the device over
to someone else to login, and get no access to your stuff.  Extreme
Hardware attacks aside, it works pretty well.
- ChromeOS's update mechanism is automatic, transparent, and basically
foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
true of Linux.
- Verified Boot, automatic FDE, tamper-resistant hardware
Something I'm curious about is, if any less-popular device became
popular amoung the activist community - would the government view is
as an indicator of interest?  Just like they block Tor, would they
block Chromebooks?  It'd have to get pretty darn popular first though.
-tom
--
But you can't use it for political activists e.g. in Syria because of
its dependence on the internet connection. This fact is authoritative.
For Europe and USA and so on it might be a good solution.
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Brian Conley
Director, Small World News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

T N

tags

participants (1)