Defending Against Spyware Like #Pegasus – #Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
https://puri.sm/posts/defending-against-spyware-like-pegasus/
@praveen I have ordered the Librem 5, but I think it won't protect you there very well. At the moment the L5 is a niche product and due to this and it's features like the separated modem it is secure against this attack. But as soon as more people would have it the Librem 5 wouldn't protect you against such top-notch spyware. I think you wouldn't have a chance as a REGULAR user, even with a Librem 5. Politicians and journalists are no IT experts who track their own traffic.
@praveen But I think that this wouldn't detect for example if the attack uses a bug in an application with root privileges. They could gather information without changing the kernel or boot sector. Or do I understand this wrong? I have no idea how such attacks work 😅
@zwerg12
Well, theoretically it can never be 100% safe. This is a cat and mouse game. The question is only how hard we can make it to penetrate or how easy we can detect it.
@zwerg12
We could possibly run every service inside containers so even the vulnerable apps can be contained. But it all depends on the threat model of each person, what Librem 5 offers here is no artificial barriers to how much we can secure ourselves to as the keys to our security is with us.
@zwerg12
There is already such an OS, https://www.qubes-os.org/ so you can just run it on Librem 5 and a vulnerable app can't compromise other parts of the system.
@zwerg12
Librem laptops already comes with Librem keys, so if any tampering in bootloader or kernel is detected, you will be alerted. This could be extended to Librem phone and all software or even files too. The key has our gpg key, so if they want to hide tampering, they will need to compromise the Librem Key as well, which is only physically connected to phone. So there are ways to detect tampering that still keeps the user in control. See https://docs.puri.sm/PureBoot.html