I think there should be a section or guide on choosing a desktop or laptop computer, the advantages and disadvantages of using desktops, and maybe some recommended desktop or laptop computers. Desktops were not designed with security in mind and it’s advised to use a phone as much as possible and only a desktop for when one needs it. If anything, I believe desktops and laptops are becoming obsolete and many people don’t need one anymore. However, I still think this should be considered since a lot of people still need to use desktops and we already have a specific Android phone recommended: the Google Pixel.
I think the best laptops to buy would be a new Windows secured core PC, a Macbook, or a Chromebook. I do not recommend buying Thinkpads and installing Libreboot as all the Thinkpads that support it are completely obsolete by todays standards. Intel ME being backdoored is just a conspiracy theory.
I also think everyone should replace their devices every few years whenever they reach EOL instead of waiting as once a device stops receiving updates, it becomes increasingly insecure. Phones, desktops, and laptops are all disposable products and should be treated as such. Right to repair is just an excuse to use insecure, obsolete products and I don’t support it.
Yes, but even if you wanted to run Libreboot, it’s not possible on systems released after 2008.
Saying people should buy a new laptop every few years, is bad advice.
The comment about ME is also not valid, it’s true there is no backdoor, but that isn’t the reason why you remove ME. Multiple security vulnerabilities have been found in ME, including unauthenticated remote code execution, this is why most people want ME removed to reduce the attack surface.
Saying people should replace their laptops with mobile devices is completely unrealistic for most people, that need a device for more than just watching TikTok videos.
The reason we don’t recommend hardware is because it changes regularly.
We’re also not a hardware review site.
Rule of thumb though, would be to go with modern hardware, supporting modern security features, so looking at Windows 11 certification is a good start, even if you’re a Linux user. One of the requirements for that is TPM 2.0, which is starting to be of use with things like systemd-cryptenroll and potentially systemd-measure in the future. Windows 11 hardware certification also requires that vendors provide options for enrolling custom keys.
As far as firmware goes, you get what you pay for. My 2018 XPS still gets firmware updates in 2022. If you buy super budget hardware then there is the chance that vendors will stop supporting it sooner.
I also think everyone should replace their devices every few years whenever they reach EOL instead of waiting as once a device stops receiving updates, it becomes increasingly insecure. Phones, desktops, and laptops are all disposable products and should be treated as such. Right to repair is just an excuse to use insecure, obsolete products and I don’t support it.
I understand the sentiment—device security encompasses critical points-of-failure for the aim of securing the right to privacy (and, as @dngray pointed out, using modern hardware which supports modern security features is desirable)—but I disagree.
To claim that “phones, desktops, and laptops are all disposable products and should be treated as such” is woefully ignorant of the socio-economic and environmental factors that influence an obscenely large portion of the population (even in ‘developed’ nations).
I have included references to just some of the standout papers in my reading. Please consider reading them.
(Note: Dickson-Deane’s paper is actually a retrospective on a 1976 review panel).
Then just give some advice for choosing hardware like everything you said, using modern hardware with firmware updates, and maybe why Thinkpads and Libreboot aren’t recommended as they lack microcode updates like @Niek-de-Wilde said.
No. It’s not bad advice. Laptops need microcode updates and firmware updates to stay secure and after a few years laptops will reach EOL and stop receiving updates, which means it’s time to buy a new laptop. Hardening a Linux operating system like Fedora or Arch will only get you so far.
Smartphones can do a lot more than one might presume and I wouldn’t be surprised if they completely replace laptops in the future. Gaming can be done on a phone or tablet, and so can graphic design, coding, and a lot more.
I think it’s time we implement this, as this has been discussed so many times on this forum. I definitely think we need at least some rules of thumb, or features to look out for, this would be SUPER helpful!
This is still a huge hole in the knowledge base. However, this has been addressed for phones, where the Pixel 8 is recommended, as well as iPhones.
instead of a full on reccommendation maybe pg could do some sort of monthly or quarterly spotlight on privacy hardware that could be of use to the community. To @anon82677111 it does seem like discussion around hardware is pretty frequent.
nah, it will end like “This week in privacy”. A dedicated page is better because everyday we see a new open source BIOS firmware and it’s not like there are lots of good hardware out there that it will need to be updated frequently.
For desktop builds, are there reasons to prefer AMD to Nvidia GPUs? AMD to Intel CPUs? Should WiFi be avoided on desktops if only Ethernet is needed?
It seems like there would be some relevant answers to this, like the fact that Nvidia proprietary drivers are superior on Linux to open source drivers. Would this imply a preference for AMD?
Yes, linux users will find the Intel or AMD graphics drivers just work, while Nvidia needs the proprietary driver installed to unlock most of its performance.
AMD and Intel CPUs both work well on linux. Which you choose is up to your preference or use case. I guess Intel provides better security for linux because they ship many more microcode updates than AMD.
WiFi and ethernet both have pros and cons for privacy.
For Ethernet connections, randomizing your MAC address provides little (if any) benefit, because a network administrator can trivially identify your device by other means (such as inspecting the port you are connected to on the network switch).
Meanwhile, WiFi signals can actually be used to map physical spaces in detail, similar to x-ray or thermal imaging. This is, however, a novel technique that may not be getting used much yet.
Neither of those should really have any bearing on a normal personal home network setup.