**Security Features and Design of ORWell**

The ORWell system is designed with multiple layers of security to protect its users' information. When a user is authenticated, such as during boot up, the system exposes it briefly, but only for two-factor authentication purposes. Two-factor authentication adds an extra layer of security by requiring a second form of verification beyond just a password or PIN.

The ORWell system comes with two special key fobs that must be scanned on the machine before entering any numeric passwords. This scanning process uses NFC technology and is encrypted, ensuring that only authorized users can access the system. Once paired, the Java Card applet on the fob responsible for pairing is deleted, and the fobs communicate their distance from the ORWell over encrypted low-energy Bluetooth.

The machine locks down if a user gets more than 10 meters away from it, entering "lockdown mode." In this mode, the system's ports that are normally accessible for peripherals and power connections are shut off. This includes two 5Gigabit USB Type-C ports for power and peripherals and a Mini HDMI port for the display. The CPU is put to sleep unless the main board secure MCU's three-axis accelerometers and gyroscopes detect movement, in which case it will be powered completely off.

The system also has built-in security features to prevent physical tampering. It includes multiple pressure sensors that are designed to detect if someone is trying to drill holes around them or apply too much pressure. The entire system is also wrapped in a conductive dye shield with wire mesh barriers, which protects against side-channel attacks like over-the-air power analysis.

The ORWell system is also designed to be offline-capable for an extended period. In the event that the main board MCU's onboard battery runs out of power, the system can still function using its internal energy storage. This feature allows users to continue working on their device even without a power source.

**Thermal Testing and User Experience**

The ORWell system underwent thermal testing, which showed that it can operate for an extended period without overheating. The system also stays relatively quiet during operation, without throttling, making it suitable for everyday use.

However, the top-tier model of the ORWell system is still significantly more expensive than a similarly specced tablet computer. This might limit its appeal to some users, as it may be out of budget for those who need high-performance computing capabilities at an affordable price.

The ORWell system behaves like a regular computer once logged in, providing seamless and efficient performance. The fobs are rechargeable over Micro-USB, but they lack a battery indicator light, which can make it difficult to determine when the device is out of power.

**Conclusion**

In conclusion, the ORWell system offers multiple layers of security and protection for its users' information. Its design features, including the use of secure key fobs, encrypted Bluetooth communication, and physical tamper-proofing, ensure that the system remains safe from unauthorized access or manipulation. The thermal testing and user experience also suggest that the ORWell system is designed to provide efficient and reliable performance.

**TunnelBear: Secure Internet Browsing**

TunnelBear is a simple VPN app that makes it easy to browse privately and enjoy a more open internet. With TunnelBear, users can secure their Wi-Fi connection and keep their online activity private from their internet provider, advertisers, and anyone else looking to track them or profit from their data.

The VPN service has a top-rated privacy policy and does not log user activity, ensuring that users' online activities remain confidential. Users can try TunnelBear for free with no credit card required at tunnelbear.com. The link to sign up is available in the video description below.

**LTT Community**

If you enjoyed this video, be sure to subscribe to our channel for more tech-related content and tutorials. You can also hit that like button or check out the links to where to buy the featured products mentioned in the video description below. Additionally, link down there is our merch store, which has cool shirts like this one, as well as our community forum, which you should totally join.

**Disclaimer**

Note: This article is based on a transcription of a conversation and may not be an exhaustive or definitive overview of the ORWell system's features and functionality.

"WEBVTTKind: captionsLanguage: enlet's say for a moment that you're the kind of person who takes cyber security super serial you use a password manager with multi-factor everything you keep all your programs and operating systems up to date and you're constantly keeping a vigilant eye out for phishing attacks that is all really good stuff that we should actually all do but none of it will do you a bit of good if an attacker actually gets your hardware in their hands like physically that is unless you're using a tamper-proof orwell computer from design shift a pc that needs a password and a fob just to boot up and that apparently will disable itself permanently if we mess with it challenge accepted by the way speaking of challenges this was a challenging segue to ek water blocks phoenix lineup is their next generation high performance all-in-one cooler check it out now at the link in the video description named for george orwell every one of these tiny yet shockingly heavy little machines has its own unique encryption key one that is totally unknown even to the manufacturer design shift it's a time rotating rsa 4096 key so that is over 4 000 bits long and what it means is that it is practically impossible to brute force so for reference the largest rsa number that's ever been factored was only 768 bits long and that took hundreds of computers over two years to figure out now this encryption key is not stored in main memory or on the self-encrypting ssd but rather in a security microcontroller that only exposes it briefly when a user is authenticated like as you're booting up as for how to authenticate well two-factor of course orwell comes with two special key fobs that must be scanned on the machine before you'll even be prompted to enter your numeric password using orwell's oled display and only then does the machine boot up and then you will still need to enter credentials for windows ubuntu cubes os or whatever your fobs use nfc for the initial setup then once they're paired the java card applet on the fob that's responsible for pairing is actually deleted and from then on the fobs communicate their distance from orwell over encrypted low energy bluetooth and the machine will actually lock down if you get more than 10 meters away in lockdown mode orwell's ports that's two five gigabit usb type cs for power and peripherals and a mini hdmi for the display are shut off so no one can plug in their stuxnet flash drive or boot the computer using an external device and the cpu is put to sleep that is unless the main board secure mcu's three axis accelerometers and gyroscopes detect movement at which time it will actually be powered completely off forcing a potential hacker to build their lab around the machine rather than carrying it away to be prodded at in privacy okay then linus what if i go around the mcu by freezing it with a spray refrigerant well since the mcu also monitors for drastic temperature changes freezing it will actually result in orwell destroying the encryption key and even if you could freeze the ram for example which typically retains information for a few seconds after being powered down you'd have a hard time reading anything from it because it is soldered onto the board and going at it the other way isn't an option either the boot sequence is designed to wipe the ram before post to prevent attackers from somehow inserting code into the memory during boot i mean most of that stuff though is kind of hypothetical anyway because you probably would never get that far the entire system is physically tamper proof and i'm not talking about a handful of pressure sensors that you can just drill holes around and disable no no the entire system in addition to the main board mcu and the mcu and the fob the system is wrapped in a conductive dye shield with multiple pressure switches and a wire mesh barrier this protects against physical ingress and certain side channel attacks like over-the-air power analysis since no meaningful power leakage will make it through the die shield and if you disturb any of that stuff the encryption key gets nuked and all of this works even without orwell being plugged in since the main board mcu's onboard battery can actually last for several months now to be clear security features like this have been around for years in some industries but design shifts pitch is that they're delivering bank level information security for everyone without changing the overall user experience and they're actually mostly there the fobs are a little too bulky right now in my opinion and while they are rechargeable over micro usb they lack a battery indicator light so when they die and your orwell locks down you're gonna have a bad time but once you're logged into orwell it behaves just like a regular computer as advertised so that's really cool but i still think their audience will end up being somewhat limited the orwell breezed through our thermal tests staying relatively quiet without throttling but even the top tier model sticks you with a mobile processor eight gigs of ram and integrated graphics and that's at three times the cost of a similarly spec'd tablet computer to be clear that could be considered cheap compared to some of the other options that are out there and there are definitely going to be customers for this tech but i just have to wonder if the next step for design shift has to be a notebook to give extra flexibility to anyone who wants to take his or her secure computing on the road alright then with all that out of the way let's see if we can lose our data after this message from tunnelbear tunnelbear is the simple vpn app that makes it easy to browse privately and enjoy a more open internet with tunnelbear turned on your wi-fi connection is secured and your online activity is kept private from your internet provider advertisers and anyone else looking to track you or profit from your data tunnelbear has a top rated privacy policy and does not log your activity so go try tunnelbear for free with no credit card required at tunnelbear.com ltt we're going to have that linked below do so thanks for watching guys if this video sucked you know what to do but if it was awesome get subscribed hit that like button or check out the link to where to buy the stuff we featured there it is at the link in the video description also link down there is our merch store which has cool shirts like this one and our community forum which you should totally joinlet's say for a moment that you're the kind of person who takes cyber security super serial you use a password manager with multi-factor everything you keep all your programs and operating systems up to date and you're constantly keeping a vigilant eye out for phishing attacks that is all really good stuff that we should actually all do but none of it will do you a bit of good if an attacker actually gets your hardware in their hands like physically that is unless you're using a tamper-proof orwell computer from design shift a pc that needs a password and a fob just to boot up and that apparently will disable itself permanently if we mess with it challenge accepted by the way speaking of challenges this was a challenging segue to ek water blocks phoenix lineup is their next generation high performance all-in-one cooler check it out now at the link in the video description named for george orwell every one of these tiny yet shockingly heavy little machines has its own unique encryption key one that is totally unknown even to the manufacturer design shift it's a time rotating rsa 4096 key so that is over 4 000 bits long and what it means is that it is practically impossible to brute force so for reference the largest rsa number that's ever been factored was only 768 bits long and that took hundreds of computers over two years to figure out now this encryption key is not stored in main memory or on the self-encrypting ssd but rather in a security microcontroller that only exposes it briefly when a user is authenticated like as you're booting up as for how to authenticate well two-factor of course orwell comes with two special key fobs that must be scanned on the machine before you'll even be prompted to enter your numeric password using orwell's oled display and only then does the machine boot up and then you will still need to enter credentials for windows ubuntu cubes os or whatever your fobs use nfc for the initial setup then once they're paired the java card applet on the fob that's responsible for pairing is actually deleted and from then on the fobs communicate their distance from orwell over encrypted low energy bluetooth and the machine will actually lock down if you get more than 10 meters away in lockdown mode orwell's ports that's two five gigabit usb type cs for power and peripherals and a mini hdmi for the display are shut off so no one can plug in their stuxnet flash drive or boot the computer using an external device and the cpu is put to sleep that is unless the main board secure mcu's three axis accelerometers and gyroscopes detect movement at which time it will actually be powered completely off forcing a potential hacker to build their lab around the machine rather than carrying it away to be prodded at in privacy okay then linus what if i go around the mcu by freezing it with a spray refrigerant well since the mcu also monitors for drastic temperature changes freezing it will actually result in orwell destroying the encryption key and even if you could freeze the ram for example which typically retains information for a few seconds after being powered down you'd have a hard time reading anything from it because it is soldered onto the board and going at it the other way isn't an option either the boot sequence is designed to wipe the ram before post to prevent attackers from somehow inserting code into the memory during boot i mean most of that stuff though is kind of hypothetical anyway because you probably would never get that far the entire system is physically tamper proof and i'm not talking about a handful of pressure sensors that you can just drill holes around and disable no no the entire system in addition to the main board mcu and the mcu and the fob the system is wrapped in a conductive dye shield with multiple pressure switches and a wire mesh barrier this protects against physical ingress and certain side channel attacks like over-the-air power analysis since no meaningful power leakage will make it through the die shield and if you disturb any of that stuff the encryption key gets nuked and all of this works even without orwell being plugged in since the main board mcu's onboard battery can actually last for several months now to be clear security features like this have been around for years in some industries but design shifts pitch is that they're delivering bank level information security for everyone without changing the overall user experience and they're actually mostly there the fobs are a little too bulky right now in my opinion and while they are rechargeable over micro usb they lack a battery indicator light so when they die and your orwell locks down you're gonna have a bad time but once you're logged into orwell it behaves just like a regular computer as advertised so that's really cool but i still think their audience will end up being somewhat limited the orwell breezed through our thermal tests staying relatively quiet without throttling but even the top tier model sticks you with a mobile processor eight gigs of ram and integrated graphics and that's at three times the cost of a similarly spec'd tablet computer to be clear that could be considered cheap compared to some of the other options that are out there and there are definitely going to be customers for this tech but i just have to wonder if the next step for design shift has to be a notebook to give extra flexibility to anyone who wants to take his or her secure computing on the road alright then with all that out of the way let's see if we can lose our data after this message from tunnelbear tunnelbear is the simple vpn app that makes it easy to browse privately and enjoy a more open internet with tunnelbear turned on your wi-fi connection is secured and your online activity is kept private from your internet provider advertisers and anyone else looking to track you or profit from your data tunnelbear has a top rated privacy policy and does not log your activity so go try tunnelbear for free with no credit card required at tunnelbear.com ltt we're going to have that linked below do so thanks for watching guys if this video sucked you know what to do but if it was awesome get subscribed hit that like button or check out the link to where to buy the stuff we featured there it is at the link in the video description also link down there is our merch store which has cool shirts like this one and our community forum which you should totally join\n"