Image: iStockphoto/Blue Planet Studio

Every once in a while a company comes up with a solution for a problem that is so obvious in its design, but brilliant in its execution, that you have to think, “Why hasn’t someone thought of that before?”

Such is the case with Purism’s lo-fi approach to protecting the privacy of laptops during shipment.

Let me set the stage.

You’ve ordered a laptop from Company X, who then boxes up your hardware and ships it to your address. From point A to point Z, that laptop is handled by who knows how many people, with who knows what intent. Of course, you like to think those who handle the package aren’t going to open that box, fire up that laptop, and do malicious things with it like install malware, associate that MAC address with illegal shenanigans, or switch out those pricey components for knock-off parts.

Who would do such a thing?

You’d be surprised.

Case in point, way back in 2014 it was discovered that beacons were being implanted in Cisco routers during transport. Although this sort of thing isn’t reported often, it does happen.

To avoid such tampering, Purism came up with a brilliant scheme back in 2019.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

Mani/pedi anyone?

What Purism does is apply a small drop of glitter fingernail polish over the screws securing a laptop chassis. When your laptop arrives, if the nail polish seal is broken, your laptop has been tampered with.

Purism goes one step further by adding special tape around the bag containing the laptop that will reveal if the bag had been opened, after it was shipped. The polish and tape are not the only measure Purism takes. The entire list is:

  • Customized tamper-evident tape on the sealed plastic bag surrounding the laptop itself

  • Customized tamper-evident tape on the internal, branded box

  • Glitter nail polish covering the center (or all) screws on the bottom of the laptop

  • Pictures of all of the above, plus pictures of the inside of the laptop before sealing the bottom case

  • All pictures sent to the customer out-of-band, signed by Purism and encrypted against the customer’s GPG key

  • All coordination occurring over GPG-protected email

Back in 2019, Purism had this to say about using their anti-interdiction methods for all purchases: “It would be great to offer this kind of protection to each order, but as you can see these anti-interdiction measures require a lot of customization and additional work at our fulfillment center as well as a lot of back-and-forth coordination with each customer so it’s not feasible to make it the default at this point.”

That statement still stands. But for those that do want to add the anti-interdiction protection to your laptop, you can do so by selecting PureBoot Bundle Anti-Interdiction from the Firmware drop-down (Figure A).

Figure A

Adding anti-interdiction measures to your Purism purchase.

When you add the anti-interdiction measures to your purchase, it’ll tack on $249.00 USD to the price. Considering the lengths Purism goes to for this addition, it might well be worth the cost–especially for those genuinely concerned that someone might intercept their hardware and act upon it in such a way that could compromise your security.

Follow this trend

I don’t highlight Purism’s anti-interdiction measures to rouse paranoia in you, I do so to make you aware of a company that uses a lo-fi approach to avoid a hi-fi problem. Although such incidents aren’t wide-spread, they do happen. When you drop $1,200-$1,500 dollars on a laptop–especially one that’ll be used for business purposes–the last thing you want is some ne’er-do-well intercepting that hardware and installing a beacon or listening device.

With Purism’s simple approach, you could avoid this. More hardware companies should follow Purism’s lead and offer anti-interdiction measures for the shipping of laptops and smartphones. We live in a world where private information is a sought after commodity, one that certain groups will go to great lengths to acquire. Keeping that information safe should fall on the hands of the seller, the buyer, and everyone in-between.

Is the protection of your company secrets or personal information worth a mere $249.00 USD? If so, either go with Purism or demand the company you purchase from offer such options for the shipping of their mobile devices.