• [deleted]

Maybe in a few years, if fuchsiaOS is released on PC...

No other OS combines the qualities of GrapheneOS: security, privacy, comfort and compatibility. About what is available today, I would say chromeOS.

    A Pixel tablet with Graphene OS or a Graphene OS virtual machine would be superlative.

    I know it's a complex question but what are your opinions: are M1 Macs or property configured Windows on a secured-core PC inferior to iPad and Chromebooks?

      • [deleted]

      We have zero interest in desktop security as it's broken and a lost cause.

      junction They're still inferior options, and largely inferior out-of-the-box. In the case of Windows, a hardened WDAC policy would make it way better though, but that's going to require a lot of work and in the end, it might not be as usable as Android/iOS/ChromeOS which have a saner app ecosystem.

      game4hr I have much respect for the OpenBSD team and they have fantastic projects. But common *BSD distributions lack way too many exploit mitigations even Linux has. Beyond that, OpenBSD is still a traditional operating system with an overly permissive security model. You might be interested in giving this a read.

      What is your thoughts on a chromebook or windows machine with uefi secureboot, compared to say Qubes os machine lenovo or librem 14 with pureboot. For overall security and privacy?

      If you know how to use Qubes effectively, I would say its better than windows.

        [deleted]

        On the chromeOS recommendation, would you not fear google having visibility into everything going on? I’ve never used it, so not sure if there are ways to disable tracking, but would love to learn more.

          • [deleted]

          Kenny33
          On everything, I don't think so, you can always disable some telemetry.
          Personally, I wouldn't necessarily feel comfortable using chromeOS, that's why I'm waiting to see if the pixel tablet will be supported by GrapheneOS.
          However, having an unsecured system, leaves your data very vulnerable to other actors, where on chromeOS, it's only google.
          There is no perfect option today.

            • [deleted]

            tmobile09

            Librem is not recommendable: It is essentially marketing and its OS is only a classic linux, which is not at all secure.
            Chromebook, despite the privacy issue, is built on a true security model

              • [deleted]

              tmobile09

              I will not recommend librem (phone or pc). It's very expensive for what it is: Marketing. It's sold under an open source package, while the hardware never is.

              It is more relevant to look at the list of QubesOS compatible computers and get one at a decent price.

              https://twitter.com/DanielMicay/status/1176530921446678528?s=20
              https://madaidans-insecurities.github.io/linux-phones.html (about phone but it talks about librem too)

              [deleted]

              Thanks, that’s really helpful. I’m currently using Ubuntu and primarily using the browser (haven’t installed many applications other than brave). Does that feel ‘safe’ enough given I’m not installing other potentially malicious apps, or is the browser itself enough of an attack surface that I should consider moving to chromeOS?

                I am saving for a new laptop, is apple silicon Mac secure? Or better to buy Chromebook 😼 Or what?

                • [deleted]

                • Edited

                Kenny33

                If we talk about linux (without going into details), I think that except on arch or gentoo, where one of the main interest is a strong customization of the system, and thus a reduction of the attack surface, by avoiding useless applications, it is relevant to think about switching to a chromebook.
                But once again, no solution will suit everyone. Before I knew that a pixel tablet was coming out, I was thinking of switching to a chromebook, but it was a default choice.
                You have to weigh the pros and cons. I spent years on linux desktop before coming back to windows, I personally won't go back, I don't consider it a relevant choice, with one or two exceptions.
                I don't know enough about mac to talk about it, it doesn't attract me, but from what I read, if mac is probably more interesting than windows or linux, chromeOS remains more relevant on security.

                5 months later
                20 days later

                tmobile09 A Thinkpad X-series or T-series with Osresearch Heads firmware based on coreboot, running Qubes is probably the most secure you can get a x86 system. Heads checks the integrity of the boot process using signature validation by authenticator app based TOTP or hardware key.
                This combined with Qubes OS and its virtualization based sandboxing of apps is pretty much the best bet from what my research has led me. If you follow best practices with this setup you must have a very skilled adversary upon yourself to not regard the system as secure.
                https://www.youtube.com/watch?v=NqQI3nr1dqk
                https://osresearch.net/
                https://osresearch.net/Heads-threat-model/#threat-model

                bayesian

                It depends what you wanna do with the stationary computer. If you want to keep it secure from outside, then just don't connect it to the internet, neither via cable or wifi.

                You could still go online using a system on a usb stick.

                The thing is, without internet connection the only access to your data would be through physical manipulation.

                With Internet no Operating System can be hundred percent safe. Like the best doorlock can't prevent thieves from going through the windows, through the wall or simply ring your doorbell and knock you out.

                So if you want to keep something confidential, don't ever put it on a machine with internet access or that has the possibility to access the internet.

                I think this will never change.