FWIW: one of the other main issues with the project as it neared its end was the move to mandatory SSL connections. By its nature, LibraryBox has to be able to work entirely offline, and trying to sort out how to manage SSL connections in that situation without also causing potential security issues in sensitive use situations...well, we tried and couldn't come up with a reasonable, usable solution to those overlapping issues.
butterbox|2 years ago
I've considered shipping a unique-to-device certificate for e.g. box123.comolamantequilla.com with each box. It doesn't solve the evil maid scenario of someone copying it, but it at least provides TLS. Realistically, our users are offline and mostly not going to verify that comolamantequilla is owned by the organization they're intending to trust.