[liberationtech] Chromebooks for Risky Situations?

Jacob Appelbaum jacob at appelbaum.net
Wed Feb 6 14:16:27 PST 2013 

T N:
> The word "Linux" doesn't refer to anything, other than maybe the kernel.
> 
> Chrome OS is linux.  But it's a massively stripped down "distribution" that
> has a radical design, including the fact that it will ONLY run if all of
> the cryptographic checks are verified from the root of trust.  That root of
> trust is Google's massively large PKI public key that is burned into the
> firmware.
> 

It runs software that is in Debian, the GNU/Linux operating system. I
know, I've written some of it (eg: tlsdate). They do a good job of
locking things down but it is basically just another distribution of Linux.

> For a journalist in the field, that's a great reassurance.  Take your
> Chromebook to China.  The Chinese government can not alter what you are
> running without either (a) modifying your hardware, which means they take
> possession of it for a period of time and manage to do something that is
> tricky to do (i.e. circumstances under which you'd no longer trust your
> computer anyways) or (b) you will know they tried to hack it and your
> Chromebook will refuse to boot, and will instead wipe away the hacks and
> update itself and won't boot unless the update is a legitimate one signed
> by Google.

This is hilarious.

I would *never* use a laptop that lacks a way to protect all your
traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious
surveillance as an at risk person. Not only because the remote systems
will have your exact geographic location and because a lack of anonymity
allows for targeted attacks, but also because the local network is well
known to be seriously hostile!

A persistent backdoor on your Chromebook is not actually impossible. I
have a few ideas for how to make it happen and I've discuss
security/development issues with the ChromeOS team on a nearly daily basis.

> Yes, you can't compare Chrome OS's attack surface to a typical linux
> distribution, or even a highly customized linux install which doesn't have
> the hardware root of trust.
> 

Actually, I think you can compare it - one major advantage is that you
can protect your network traffic and compartmentalize your risk with any
Secure Boot enabled Linux distro. You can also do it without secure boot
and it isn't terribly hard as long as you draw arbitrary lines like "the
EFI firmware blobs and hardware are out of scope" which is what happens
with Secure Boot systems anyway.

All the best,
Jake

> 
> 
> 
> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> 
>> The biggest (and very important) difference between Linux and Chromebooks
>> is the hugely smaller attack surface.
>>
>>
>> NK
>>
>>
>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <brianc at smallworldnews.tv>wrote:
>>
>>> Andreas,
>>>
>>> Plenty of Syrians do have internet access, and use it on a regular basis.
>>>
>>> Also, lack of appropriateness for one use-case doesn't necessitate lack
>>> of appropriateness across the board.
>>>
>>> Linux is a great solution for many use cases, but as has been elaborated,
>>> quite a terrible one for many others.
>>>
>>> Brian
>>>
>>>
>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <noergelpizza at hotmail.de>wrote:
>>>
>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote:
>>>>> Nadim, I'm with you.  I'm not sure it's the perfect solution for
>>>>> everyone, but like Nathan said, if you already trust Google, I think
>>>>> it's a good option.
>>>>>
>>>>> On 6 February 2013 07:12, Andreas Bader <noergelpizza at hotmail.de>
>>>> wrote:
>>>>>> Why don't you use an old thinkpad or something with Linux, you have
>>>> the
>>>>>> same price like a Chromebook but more control over the system. And you
>>>>>> don't depend on the 3G and Wifi net.
>>>>> We started with the notion of Linux, and we were attracted to
>>>>> Chromebooks for a bunch of reasons.  Going back to Linux loses all the
>>>>> things we were attracted to.
>>>>>
>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux
>>>>> - The architecture of ChromeOS is different from Linux - process
>>>>> separation through SOP, as opposed to no process separation at all
>>>>> - ChromeOS was *designed* to have you logout, and hand the device over
>>>>> to someone else to login, and get no access to your stuff.  Extreme
>>>>> Hardware attacks aside, it works pretty well.
>>>>> - ChromeOS's update mechanism is automatic, transparent, and basically
>>>>> foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
>>>>> true of Linux.
>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware
>>>>>
>>>>> Something I'm curious about is, if any less-popular device became
>>>>> popular amoung the activist community - would the government view is
>>>>> as an indicator of interest?  Just like they block Tor, would they
>>>>> block Chromebooks?  It'd have to get pretty darn popular first though.
>>>>>
>>>>> -tom
>>>>> --
>>>>>
>>>> But you can't use it for political activists e.g. in Syria because of
>>>> its dependence on the internet connection. This fact is authoritative.
>>>> For Europe and USA and so on it might be a good solution.
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Brian Conley
>>>
>>> Director, Small World News
>>>
>>> http://smallworldnews.tv
>>>
>>> m: 646.285.2046
>>>
>>> Skype: brianjoelconley
>>>
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list