Hi @Schinzo,
I’m Piotr Król, Founder of 3mdeb, the company behind Dasharo. Thank you for your questions about Dasharo.
According to Nitrokey and 3mdeb agreement announced during Dasharo User Group #2, MSI Z690-A are sold only with Dasharo Entry Subscription. May I know what concerns you regarding the subscription?
It depends on what you mean by that and to what extreme anonymous you want to be. Anonymity is not a binary state but a spectrum in the same way as privacy and security. We (3mdeb) don’t get any of your data except the email to which the firmware update would be sent when released. If you want to avoid firmware updates and don’t care about our support, provide a fake email; our messages will not bother you.
- If you decide to provide an email, which, with certain precautions, may be completely disconnected from your real-life identity, we will send update notifications to that email address.
- You can download binaries from our self-hosted Nextcloud instance. Please consider going through VPN and Tor to mask your IP address if 3mdeb self-hosted infrastructure is concerning in your threat model.
- To download binaries, you must use the received password (we are working on improvements to make it passwordless). If you don’t like or don’t trust pre-built binaries, there are various extremes you can go with:
- You can decide that buying hardware with flashed Dasharo is dangerous; you can buy the same hardware in another shop and compile the source code yourself. Code is publicly available on GitHub (please note that Github may log your IP, etc.).
- You can decide that buying hardware from Nitrokey is not an issue, but downloading binaries from the 3mdeb server is, so then you can compile binaries yourself when you decide it makes sense to do an update and flash them using delivered tools or your method of choice,
- You may decide you don’t trust the tools provided by 3mdeb. Those are also open-source and available publicly and can be compiled from source; all documentation for that is available in Dasharo Documentation
Please let me know if I missed anything regarding your concerns about the anonymous usage of Dasharo. We would be glad to extend the Dasharo FAQ so all potential users can learn the best practices for using Dasharo anonymously.