Which is more secure ?
I think that both have secure enclaves and verified boot but what about the rest ?
And which is more secure, macOS with M1 or ChromeBook ?
Google Pixel Stock OS is more secure than ChromeOS
1 Like
Can we get any arguments for this claim? I have no idea myself, I have never looked into ChromeOS as I think it’s useless if you do not use Google Drive etc. But no idea about its security, so perhaps you could explain?
2 Likes
I am wondering too.
I’m in the same boat as well and currently trying to decide.
Chromebooks are awfully cheap compared to similar specced Windows/Mac laptops, but I’d love to know what user privacy and user security experts think of Chromebook hardware in general and even perhaps, if Chromebook hardware has some advantages over Windows/Mac laptops?
EDIT:
I was going to make a thread asking about Chromebooks specifically but I didn’t want to take up forum space!
These should be addressed separately.
I have limited knowledge about Chromebooks (because I’ve never been even remotely attracted to them for many reasons), but I think there is a case to be made for Chromebook security (for users who don’t care about, or don’t prioritize privacy)
I don’t imagine anyone who prioritizes privacy highly would be attracted to or advocate for the use of ChromeOS (in contexts where privacy matters). I am curious about ChromiumOS though. Beyond knowing it exists, and an unverified assumption that the relationship between ChromiumOS and ChromeOS, is similar to Chromium and Chrome Browsers, I know nothing about it.
3 Likes
From what I’ve seen, it seems that a lot of people agree that mobile (smartphone/tablet) devices tend to have been built to be more secure than desktop/laptop devices. In my experience, I often will hear cybersecurity experts echo this sentiment. There are far too many instances of experts making such claims that I can’t remember off the top of my head, but I could at least cite one example of this. Both the Google Pixel and iPhone/iPad devices are often revered for their top-notch hardware security. The same could be said for their respective operating systems, Android and iOS.
It’d be cool if someone could do a deep-dive into everything that makes them stand out in contrast to other devices, but unfortunately I’m not aware of any one article which does so. Instead, I only know of bits of information which are scattered in different places.
When it comes to security features, Chromebooks running ChromeOS could be considered a decent option by some. Even one of the previous articles I linked to recommended Chromebooks (along with MacBooks and Secured-Core PCs) if you’re looking for a desktop/laptop device. Privacy Guides also has information on the “Choosing Your Hardware” page. However, having modern security features ≠totally private and secure. For starters, it shouldn’t come to anyone’s surprise that Google has a terrible track record of various abuses, including a disregard for privacy. The same could be said for the jurisdiction(s) they are subservient to, which seems to be especially bad for ChromeOS. Needless to say, Chromebooks/ChromeOS probably isn’t a great option for journalists, activists, or really anyone who cares about mass surveillance or freedom.
Ultimately it depends on your threat model and what you value. If you have a great amount of trust and confidence in Google and the various governments it may be forced to work with (including the U.S.) and they do not pose any meaningful threat to you, Chromebooks could be a decent cheap option for a more secure desktop/laptop device compared to any random cheap PC. If that is not the case, you’re kind of limited in options. You could use some cheap PC (like an old ThinkPad) to run something like Fedora Workstation, but if you’re concerned about hardware/firmware security, I’m not sure of how well they’d compare to Chromebooks or the more expensive MacBooks and Secured-Core PCs.
TL;DR there aren’t great options that check off every box. You’ll have to compromise somwhere. Whether it be in price, privacy, freedom, or something else.
3 Likes
I appreciate your replies!
It’d just be nice if there were more hardware options than the limited 3 choices we currently have…
I’ve been trying to look up Chromebooks on PrivacyGuides but they seem to be barely even brought up anywhere…
I’m looking at the most expensive Chromebooks and the prices are really good:
https://www.officeworks.com.au/shop/officeworks/p/lenovo-13-ideapad-duet-5-snapdragon-7c-8gb-256gb-chromebook-leduet5cb
EDIT:
This link you posted is from 2022. Can an article this old still be trusted or have times changed where information from 2022 is now outdated?
recommended Chromebooks
EDIT2:
Okay I did a lot of searching and I found this very recent August 2024 list of the most powerfully specced Chromebooks. It just seems like with Chromebooks you’re 100% reliant on being connected to the Internet? Or are Chromebooks no longer 100% reliant on a constant internet connection?
I just came across something I’ve never seen before: “ChromeOS Flex” and my searches indicate it’s never been mentioned on PrivacyGuides.
ChromeOS Flex is completely separate to ChromeOS. It seems great because it offers up to date security for old hardware that don’t support the most recent WindowsOS or MacOS:
Differences between ChromeOS Flex and ChromeOS - ChromeOS Flex Help
EDIT:
I thought ChromeOS Flex deserved a new thread, but I didn’t want to waste space on the forum!
Totally agree. I’m of the opinion that until we can get devices which are truly open source and secure-by-design from the ground up, there will always be non-ideal devices that people are forced to choose from. To my knowledge, the only organization building the foundation for open source and secure hardware is lowRISC. With the growth of RISC-V, hopefully such devices could become practical in the not-too-distant future?
1 Like
I appreciate your reply!
It just seems like a bad idea to lock yourself into only one company’s products doesn’t it?
I say this because I keep reading about users here sticking to one company for their hardware and software…?? 
1 Like
Android is more secure because of the hardware security features that are available to it and utilised by it on the Pixel. Chromebooks do have decent hardware security and chromeOS does have some additional hardening over other Linux distributions (a recent example being chromeOS having patched a security issue in the bluez bluetooth stack while other distributions didn’t), but as far as I know, they don’t beat Pixel security.
2 Likes
There is something to be said about keeping all your eggs in one basket, but I think whether that is entirely a bad thing depends on a lot of technical details. However, what I would say is that users should avoid proprietary software or software that attempts to force vendor lock-in since it restricts your ability to switch to an alternative should you wish to do so in the future. Even if you decide that proprietary product X is suitable for you today, it may not be suitable for you in the future.
1 Like
I put my hands on a Chromebook for the first time today and I felt that it was not that bad.
There are a lot of privacy toggles to turn off, you can create a Google account without personal information (fake name, …) and avoid using their apps (photos, Gemini, NotebookLM, keep, …).
You can use alternatives (brave, ente, Proton, …) and conmect to a VPN that blocks (some?) telemetry.
You can also turn off synchronization to your Google account or select what you want to be synced (apps, settings, networks, wallpapers).
You can delete most Google apps except Chrome (but you can change the default browser), and even log out of Google Drive (with the computer still logged in your main Google account).
For file synchronization/backups, you can use Cryptomator (paid) in conjunction with an unencrypted drive solution (Google Drive, Dropbox, kDrive…), or use a third party drive solution (Proton,…) that integrates in the files app like on Android.
And I feel that you keep some of the openness of Linux/Android because you can still sideload Android and Linux apps easily. The Linux environment is surprisingly very easy to setup (btw this was in fact my first contact with Linux desktop).
They are very cheap and I feel that apps open much faster and I like that there are 10 years of updates. I will consider one when my Macbook stops receiving updates. (If ChromeOS still exists lol, Idk what will happen with the rumors of Android desktop and the teams of ChromeOS and Android fusionning).
1 Like
I think the main points are:
- App sandboxing by default
- Secure element based brute force protection.
- Secure element based secure boot is integrated for much longer then on most desktop system
I’ve used chromebooks as my daily driver for the past decade and am typing this response from one. I am a fan although they used to be much more of a bargain back in the day.
There are actually more options than just ChromeOS Flex and ChromeOS btw but there is a triple constraint going on too (there are three ideal characteristics but each option only has two of the characteristics):
ChromeOS
- Security: Best of the three options without you having to do anything. Automatic updates, rollbacks of failed upgrades, everything sandboxed by default, etc.
- Modern Tech: You can use the latest and greatest Chromebooks
- Privacy: Controversial but I would argue that they might be worse than Windows. Windows gets a (deserved) bad rep for shoving ads in the OS, but ChromeOS silently tracks everything you do, and instead of inserting that data into the OS, they insert it into every website you visit when they auction your marketing profile to the highest bidder. Since marketing/ads are their main money-maker, IMO they need to know what you’re doing even more than Microsoft so they have a greater incentive to claim privacy while they track you in Incognito Mode or lie about tracking cookies. There are some privacy-respecting toggles in the ChromeOS settings, but AFAICS, that doesn’t negate what data they also collect as an OS and they do not have an OS-specific privacy policy listed online. Additionally, the industry appears to be moving towards “implied consent w/ no opt-out” model for AI which is concerning.
- Privacy: Linux so the privacy is best in class
- Security: Great but only once you’ve pick a hardened distro or do your own hardening
- Modern Tech: Appears to be a 1-2 year delay before a chipset is made compatible w/ the project. This isn’t a huge issue since Linux doesn’t need much horsepower and they have a few Chromebook Plus models. If you have an AI-heavy workload or want a brand new model, this will be an issue.
- Privacy: Linux so the privacy is best in class
- Modern Tech: All modern amd64 chromebook are compatible. ARM support is still case-by-case but growing momentum and can be confirmed in their repo)
- Security: Average at best. You have to pick a hardened distro or do your own hardening, but you still will have a reasonable attack surface with submarine because, given the (quick and easy) hacky nature, secure boot cannot be enabled. A year or two ago, the general consensus for LInux users was that secure boot was just leftover Microsoft bloat, but the tides are shifting and it is seen as an important security step as Linux - and malware - grow in popularity.
Personally I used ChromeOS until 2023 and have been on a Chrultrabook ever since. Now that I’m used to Linux/privacy, ChromeOS is a nonstarter.
TL;DR
- Budget-Tier - Device supported on the Chrultrabook site that uses the Intel Geminilake
- Mid-Tier - Device supported on the Chrultrabook site that uses Jasper Lake
- Upper Mid-Tier - Device supported on the Chrultrabook site that uses AlderLake-N
- Power User-Tier - Device supported on the Chrultrabook site that uses AlderLake, especially “Plus” models
- AI Dev/Overkill Tier - Use Submarine on a Chromebook released < 6 months w/ an AI Chip
There are sizeable discounts to be had if you’re into buying used too btw.\
1 Like
For now, you can fully opt out of AI features. They are on by default though.
1 Like