Recommend a budget-friendly laptop for privacy

Currently looking at the Pinebook Pro and I think it suits my needs. I’m not really into gaming so I don’t need anything incredibly powerful. I’ll be using it for school for sure, but should I just use a separate laptop for that? I see privacy folks mentioning they have laptops they leave at home and one that can tag along with them for maximum privacy. I have to admit, that’s a luxury I wish I had!

Over at the subreddit, I see a lot of people suggesting Thinkpads but I really don’t want to use eBay. I’d also appreciate what the deal is with Intel ME and ARM? Apparently the Pinebook doesn’t have an Intel ME so that’s good?

I know the OS is just as important, I really wanna run QubeOS (just because that’s what Snowden uses) but if there are smarter options I’m all ears!

You cannot feasibly put Pinebook Pro and Qubes on the same machine because Qubes relies on virtualization layering - it is in a way emulating computing machines on top of the actual hardware. That in of itself is a computanionally intensive process on a regular desktop x86 processor. The Pinephone Pro is on an ARM processor, which is a much simpler machine and cannot do virtualization.

Qubes is yet to be ported on ARM. It is also for a more extreme use case and not really a system designed for daily driver usage for normal people. Your current laptop with any Linux-based operating system is a far better and sane solution. You just have to check for compatibility of its components (particularly Realtek Wifi and if it using the hybrid Optimus display technology).

Intel IME (if i recall correctly) has to have 3 requirements in order for it to be potentially remote-accessible: 1- It has to have an Intel processor. 2 - It has to have Intel LAN or maybe Intel Wifi as well. 3 - It has to has to have the IME chip in it. These days, AMD Ryzen is the rage so… why even go for an Intel machine, even on laptops?

1 Like

Maybe laptop from system76

3 Likes

What are your requirements regarding “privacy”? This is a really vague statement, similar to “recommend a budget-friendly secure laptop.”

If you talk about data connections/network traffic, this mostly depends on the operating system on top.

2 Likes

It would also help to know what your budget actually is. Pinebook Pro seems like a decent option for the price but don’t forget is targeted at people who like to mess with computers and may not fit your expectations as a daily driver.

For reference here’s a Pinebook Pro review and an additional review combining with Raspberry Pi. To be honest it does look quite nice for something like studying, etc.

If you can and are willing to spend a little bit more I would go for something like the Star Lite Mk III. Personally I like the 11-inch size and that is really light which is ideal if you’re going to be carrying it around, and at home you can plug it to a larger monitor. It’s still in pre-order but should be available soon.

As far as privacy goes, if you are planning to use this for daily use I think QubesOS is overkill unless you have a very good reason for it. Keeping your privacy is often how you use the technology, rather than what technology you’re using so just pick any distro and adjust slowly from there.

I’m looking for a laptop that doesn’t have anything in it’s firmware that could keep tabs on me. As far as I know I should avoid anything with an Intel ME. Disabling that is something I’m unaware of so I was thinking of getting something like the Pinebook that I can trust right out the box. If I had the cash, I would go for a Librem because they carry the same sentiment and are more powerful.

I might actually consider the Starlite! Thank you. From what I understand, it still uses an Intel ME. Should that be a problem or is it taken care of by the guys at Star Labs?

I’m just converting my currency out of the internet but my budget is around $415.

Regarding QubesOS, I guess I was just bewildered with the idea that I could have everything separate from each other. I should probably watch some videos on the other distros and see what works.

Numerous processors are running their own firmware in a laptop. Most firmware is proprietary. So it is likely hard to find a computer with completely transparent firmware.

Then, you likely also want to avoid AMD CPUs as they contain similar features, and smartphones come with a baseband processor that has its own life in the device …

Just a side note: Most security vulnerabilities discovered in Intel, AMD, or any other CPUs are irrelevant. Some require a virtualized environment (e.g., a vServer) to work; others can only be exploited locally when having physical access to the device. Besides, for many of these security vulnerabilities (e.g., Spectre, Meltdown), we do not see any real-world exploitation, but only the initial reports written by security researchers in a controlled environment. This doesn’t mean that we want to downplay any security vulnerability, though. Keep your devices up-to-date, including any firmware, if possible.

Interesting news
https://www.phoronix.com/scan.php?page=news_item&px=Dell-Hardware-Privacy-Linux
In my opinion, average user should not care much about Intel’s ME, AMD’s PSP, etc. Just take any regular PC and standard distro, and it’s already way better than Chromebook, Windows, OS X…

According to this support article, System Labs disables the Intel ME. Note that this refers to the Lite MK II which is the previous model so you may want to reach out to confirm the new model has it disabled as well. The cool thing about this brand is that you can choose from a variety of distributions installed for you out of the box, many of which are very beginner friendly so I would definitely recommend something like this.

If you feel like messing around a bit more there’s even a much cheaper option and that’s to install GalliumOS on refurbished Chromebook. Chromebooks have a very nice quality for the price, especially older models from ~2014 to 2016 (at least in my experience) and you can find many of them, refursbished, for around $100 online. You have the option to install a custom firmware.

One final option for you is to purchase a certified computer from the Free Software Foundation. You can be sure these are free of any firmware but at the same time compatibility with other proprietary devices may not work as expected e.g., printers, graphics cards, etc. I have never tested any of these machine so I can’t really say much about them.

1 Like

What I’m doing is stalking reputable secondhand forums, and try and snatch a matching design with a discount.