This discussion is entertaining, but it probably belongs to its own thread (just like Discussion on Purism). @deeplow do you agree?
You are of course entitled to your opinion, but consider some official democracy rankings and the like designed by scientists, which clearly show the difference between China and USA and explain it.
I disagee. If the discussion is around choosing the hardware to trust (just like for Purism), then it should belong to the general forum topics. Otherwise Purism discussion also ought to be moved to All around Qubes, like any future discussion of any company. In the latter case the current thread will look unfinished and shallow to me…
I’m always charmed by the way that people advocate for the US.
In terms of global geopolitics I doubt there is a cigarette paper between
the US/UK/Israel and other democratic states, and the bogeymen of China
and Russia. In terms of attacks on privacy and security the US has
a long and inglorious record.
To try to pull back to the issue in hand, there’s very little that can
be concluded from an alleged targetted attack. The fact that the CIA
tried to kill Castro with poisoned cigars tells you nothing about the
safety of buying a cigar off the shelf.
In another thread, I think, someone said “It’s turtles all the way
down” - but it isn’t. Turtles all the way down is a reductio of such
arguments. Most people are very bad at assessing risk, and responding to
it.
Which is more likely? The CCP has inserted backdoor chips in to every
lenovo laptop and is gathering data on a global scale from every lenovo
user, or the CIA has targetted the small production line of a laptop avowedly
aimed at “privacy” - i.e those it considers will have something to hide.
We really need to start teaching people about security and risk in a
sensible way.
I do not wish to stray any further from the topic, so all I will say further on this subthread is that I do not consider such rankings to measure much of anything and that I fundamentally object to the abuse of the term “democracy” in mainstream political discourse, whose common definition has not resembled anything close to actual democracy for at least a couple centuries. While there are some differences between the United States and China, including regarding their relationship to “democracy”, little understanding of that can be gained through hegemonic narratives generated by actors with strong material and ideological interests in weaponizing concepts such as democracy for the purpose of perception management.
Understanding this helps place issues like hardware trust and brand credibility in a more comprehensive context, since the usual assumptions we may be making about the criteria by which we judge these things may themselves be products of social control, and so inadvertently result in conclusions against our interests and for those of our adversaries. This is why such considerations are relevant to topics such as trustworthy hardware brands, though I admit that they may still be off-topic due to the generalizing effects it has on the discussion.
If anyone would like to discuss the off-topic political dimensions of this, you are free to message me in private and I will respond when I have time, or we can start an #all-around-qubes thread if it is not deemed too off-topic for even it. I only pray this message itself is not taken as a continuation of any off-topic tangents here; it is meant to conclude them and assert their general relevance in assessing trust and risk in subjects such as hardware security.
Respectfully,
John
With that said, I wish I had more to contribute to this thread, but I am personally very pessimistic about the state of hardware security, as I said above, and I do not have high opinions of any hardware vendor, whether Purism or Lenovo or others. Those for which I have no particular concern, if only because I am not very familiar with them such as Raptor Computing Systems, I still have general concerns such as those related to the above. So, my unhelpful and unsatisfactory answer is “None”.
I would love to explain and defend which hardware vendor I can trust to secure Qubes OS and respect my privacy and freedom, but I do not have one and I doubt one exists. I am critical of thinking in terms of brand trustworthiness, as well, since brands tend to tell us nothing about the merits of the company and only the perceptions they have manufactured. Trust is something earned and very few companies have done anything to warrant any trust at all, at least when it comes to security and especially hardware security.
I do think favorably toward older Lenovo Thinkpads due to some of the qualities I appreciate in them, such as their repairability and ease of (dis)assembly and powerful computing relative to their competition; and I do admire the apparent efforts that companies like Purism make toward transparency and securing the supply chain and delivery; but I would not go so far as to say I trust those products or their vendors, especially not as brands. Would I prefer them over other options? Probably, but not necessarily for reasons related to hardware security, even though their hardware is more open and verifiable than most.
Nonetheless, I intend to be installing Qubes OS on a Thinkpad and a part of me wants a Librem 14 (but will never buy it due to cost), and I would consider Dell Latitudes as an alternative to Thinkpads. I suppose the best I can say on these matters is that there are some vendors and products I can distrust less (and mainly because I am more able to implement means of distrusting them more, like corebooting 
), even though I cannot say I really trust any of them.
When it comes to hardware security, however, often what is more important is how and where you acquire a particular piece of hardware and not who produced it. For example:
As I said before in the Lenovo trustworthiness thread, I extend “distrusting the infrastructure” to the endpoints and that includes the hardware, so I am more concerned with securing myself against the hardware on the assumption that it is untrustworthy and compromised (without any alternative) than with whether I can trust it at all. One can still want verifiable hardware security and a vendor one can trust, as I do, but the absence of that should not spell the end of one’s approach to hardware security (not that anyone is saying otherwise). So for me, I am less interested in brands and vendors, which I can trust only as far as I can throw them, and more interested in what they offer and how I can get it. Maybe that is implied in the topic question, but to me this is an important difference. Just some food for thought.
Regards,
John
Sub-discussion continuing in China vs USA in trustworthiness (category only available to long-time forum members)
It was moved as the discussion at and was getting too off-topic (and the public forum section is only for Qubes-related). Feel free to continue discussing here “Hardware brands which you trust to run Qubes”.
I think the question is not Qubes related at all, as Qubes can’t save you from bad/corrupted/compromised hardware…
An unfortunately there is no real (usable) open-sourced hardware out there - and probably newer will. So we have to make a compromise when selecting a harwdare. Moreover turst is not something measurable, and it is very much subjective.
So for me it is about tho choose the best available option in the time I buy a new hardware. But this always will be limited to you budget, and the market in your area.
I’m personally not trusting any of the vendors, but accepting the risk involved using their product.
Strongly agree. Nothing in this thread was Qubes specific and when you remove the “to run Qubes” form the subject line it is essentially the same as https://forum.qubes-os.org/t/how-can-we-ever-trust-our-hardware-supply-chain-attack/2846?u=sven
@deeplow I see you already split but in addition I think we should close down this thread or even move it in it’s entirety maybe?
I do love this thread and would like to see it continue, but not in this category.
How is this the same? Those are totally different threat models. In the supply chain attack, the company may be secure, while its suppliers are compromised. Here we discuss whether to trust companies themselves.
This is why I called it “brands which you trust”. It does not matter whether you trust the brands whose supply chain is compromised.
Fine. In any case this entire thread belongs into “all around qubes” and if I could move it I would. My point is that there is absoultely nothing Qubes specific about this thread and it’s the kind of thing we created “all around qubes” for.
Edit: I just realized that this thread did start in “all around qubes” and then was moved here by @deeplow following your suggestion. Although I disagree I do not mean to challenge that move. Let’s have it here.
https://frame.work/ … this poped up on ars today. Looks pretty nice, but there is not enough information there yet.
“Built-in hardware privacy switches give you complete control over access to the camera and microphones. Our embedded controller firmware is fully open source, and we don’t preload any extra software. You can even install a privacy focused OS on a Storage Expansion Card and take it with you.”
It seems they are focusing on repairability and longer lifetime.
But still using Intel CPU with ME included(?)
I assume they are not capable to create their own BIOS/EFI - so it will still include untrusted binary blobs from their chosen suppliers.
I Would be very surprised if the end result will just able to run Linux and supports all their hardware components…
There was several attempts to create “better” computers - but at the end, the users will choose the cheapest acceptable model on the market.
The enterprise is another question, their deals are based by political decisions only.
That’s what I see in the last 20 years - would be happy to se some changes, but…
Ivy and below Lenovo laptops are killer machines with amazing standards when it comes to manufacturing and really great support. But the argument is not about trusting Lenovo, because you obviously can’t/won’t trust Lenovo.
You trust the “community” of older Lenovo laptops, because that community has formed around quality and extensible laptops that are suitable machines for daily use and for these machines the community has cleared up BIOSes, made replacements and tested them. It’s really ridiculous the amount of modding that has gone to x220 and x230 and how many resources you can find on these compared to any other laptop model. But you don’t trust Lenovo, it could be any Company/Model combo.
On Hardware Brands for the original question, whatever Nitro will make in the future passes my standards and ofc Purism. Olimex also but no support for Qubes.
A voice of reason.
This sounds like the beginning of a misleading marketing misdirection.
What was the precise HW backdoor you are taking about? Does it work only if you run Windows upon it? (I mean from the whole stack point of view)
I recall something like that, but it was about an HW backdoor that could be used only by the crappy softwares with the default Windows installation.
Ive been lurking around in here for a while looking for a good/private solution for hardware and ive come to the realization that there is nothing secure out there and never will there be something we can trust.
I have many questions and many theories, all of which id like to share with everyone here.
I read somewhere (in here i think or somewhere else) that there have been new additions of coreboot devs paid/funded by the gov or something to that extent to “contribute” code to the project. Apparently this is why there was a branch-off to libreboot. (correct me if im wrong) And since one would like to use libreboot, apparently it doesnt work with QubesOS. My question here is, how on earth can you even trust coreboot to begin with? This seems to get more complicated and can be a whole thread on its own if you get into it, but nevetherless id like to discuss it.
Im not a fan of using old hardware, i personally like getting newer hardware. Whats the point of using old hardware if you need to use more resources? I currently have a very old Sony vaio i7 laptop. and im getting over-heating issues using Ubuntu, imagine if i were to use QubesOS. Is using old hardware really worth it for you guys using QubesOS even though years are passing and you are missing out on the tech behind AMD’s new Ryzen CPU’s that i would love to take advantage of?
My one theory is around QubesOS itself, relating to hardware as well. Lets assume all hardware is backdoored. Lets also assume we want to use a new PC/Laptop and QubesOS works perfectly, and we wont bother with Coreboot (because of my first 2 questions above).
Since our MB is backdoored, does this mean that as soon as we boot up and go online, it will immediately activate some kind of beacon to let the three letter agencies know that we are using QubesOS? This has been on my mind lately. Maybe this is a possibility? Maybe we are better off using something like Debian, so we can hide between the many users and not alert someone that we are using a very privacy related OS? Is hiding between the masses a better idea? How do you deal with this knowing that this could be an issue? Has anyone ever thought about this scenario or is it just me?
Dont get me wrong, i really really want to use QubesOS, thats why im here as ive been using Ubuntu on the laptop like i said and as soon as i open up a second VM, the laptop freezes. If someone can explain if my above concern could be a reality then what is the point of a privacy OS at the end of the day?
ive read from a lot of users in this forum and other places how that if you buy purism, or laptops that are “privacy-ready” that somehow you are safe? This makes me laugh because theres nothing worse than buying a “privacy-ready” laptop or phone. How can one even begin to trust that those devices have not been “hardware honey-potted” by any gov to end up spying on you for sure? I mean, again am i the only one that has thought about this?? or am i being stupid? Why do people on privacy-concious forums think that going “all-in” on buying hardware from a “privacy-concious” company that its the ideal solution to not get tracked? In my opinion thats like literally asking to get caught, “Caught doing what” is irrelevant. The point is that a company could deliberately be placing backdoors for you, or in transit after you buy from online. Anyone’s opinions on this would be great.
I also keep hearing “it depends what your threat model is”. What is this even supposed to mean? Just because my threat model is that i don’t want companies to spy on me and neither to be spied on by people/hackers in general, doesn’t mean that i want a government spying on me or that im ok with it? So to be clear my threat model is to not be spied on from anyone. I understand that this might not be realistic, but if people say that they don’t mind being spied on by the gov is beyond me.
If the 3 letter agencies can see what everyone is doing on their pc regardless of what OS they have because their hardware is backdoored, then howcome they cant find all hackers that become a nusance to them like when the 3 letter agencies keep getting hacked by chinese/koreans/russians? Do you honestly think all hackers have coreboot on their hardware? i hardly think so. Also howcome they dont find all the bad people doing terrible things on tor? The only ones they find are the ones being monitored by the exit nodes. At least thats what i believe.
And why would they even bother indexing and collecting data from companies like google, microsoft, yahoo, etc if they can already log into our pc’s via IME or AMD’s PSP ??
It feels like ive rendered every privacy solution useless in my post, however its not, it all boils down to hardware. If you can find trusted new hardware that you can use, then everything else can be sorted out.
I realize my post could sound very negative but it is also realistic and id like some clarification/opinions on these things, or what your view points are.
This is a bit of off-topic here, since this post is explicitly about which brands people choose. You went to the meta level and suggested that there can be just no such brands at all. This is more a topic for a different discussion and probably different forum (because it’s not strictly speaking about Qubes). I am still replying, but I don’t think that this discussion should continue here.
Did you actually read everything above?
It was also discussed:
This is not exactly true. Coreboot contains proprietary blobs which are required to run the CPUs, Libreboot is “pure”, without any blobs (and can’t work on modern CPUs for that reason). The blobs is of corse a problem from a security point of view. See also: https://forum.qubes-os.org/t/intel-me-real-threat-for-ordinary-persons/7693/2.
According to many people here, Qubes OS runs fine on all hardware listed here: Community-recommended computers. Fast SSDs and more RAM often help more than faster CPUs.
I feel you and totally agree. However, you have to be realistic with how much effort you can put against the government spying and how few actual improvements it would bring to your security. For this reason, the threat model is not just what you want to achieve but also what you realistically can achieve. If you put the effort to verify all software you run, you can miss, e.g., the threat of Spectre and Meltdown vulnerabilities and it’s game over™. So try to use your resources carefully, which is why threat modeling is important.
https://forum.qubes-os.org/t/intel-me-real-threat-for-ordinary-persons/7693
old hardware
You should realize that most of the CPU performance increases of the last 10 years depend on technology that is disabled in Qubes OS by default for security reasons (speculative execution). Also that most CPUs, most of the time sit around idle waiting for input. So moving that data quickly (or not at all) is advantageous. Hence you might be better off spending your money on a high performance, high quality SSD (they are NOT all the same by a long shot!) and buying as much RAM as you possibly can. Finally, temperature/cooling has effects on CPU performance too and is worth looking into.
laptops that are “privacy-ready” that somehow you are safe?
The idea here is that you can detect tampering. If you don’t trust those companies (something I have a lot of understanding for) then build your laptop yourself. Inspect the hardware yourself, build and flash coreboot/heads yourself. Perfect? No, but as good as it gets for now.
“it depends what your threat model is”
As you concluded: there is no absolute security. Rather the more countermeasures/detection you want to have in place the more expensive (not only money, but also effort/attention/learning) it gets. You could spend your whole life worrying about security 24 hours a day and do nothing else. But you wouldn’t get much done. How much effort are you prepared to put in to defend against what?
If nation states and three letter agencies are part of your threat model, you will have to do a lot: do not use phones of any kind, never sleep in the same place twice, only use cash, avoid public places/ATMs/toll roads, change your appearance daily, don’t make friends, don’t stay in the same place for long, never get drunk, never relax, never trust anyone … sounds fun – right?
Hence a lot of us, who are fortunate enough to be of no substantial interest to the aforementioned entities have made the decision to consider them “residual risk”. The things I actively worry about are mostly my own stupidity, criminals, script kiddies and some low-level forms of corporate espionage. I also try to avoid warrant-less mass surveillance and surveillance capitalism to a reasonable degree.
Your situation may vary. If you fight for human/animal rights and against suppressive regimes or corporations I wish you all the best. If you are just looking to not pay for your entertainment or engage in substance or other forms of abuse … not so much. I might actually root for the other guys then 