I know that GrapheneOS is deeply integrated into Pixel devices. Do we have anything with a similar privacy and security in the Desktop/Laptop world? Coreboot? Qubes? TailsOS?
A GrapheneOS PC?
- Edited
No other device meets the criteria to have GrapheneOS support. The closest to that will probably be with the Pixel Tablet, which is a tablet, but I don't see why it couldn't be used as laptop (much like the iPad). So I guess there's your answer.
If you're looking for something "similar" in the sense that it doesn't suck security-wise and has a closer security model than other options, your best options are probably a Chromebook or an iPad.
[deleted]
Maybe in a few years, if fuchsiaOS is released on PC...
No other OS combines the qualities of GrapheneOS: security, privacy, comfort and compatibility. About what is available today, I would say chromeOS.
A Pixel tablet with Graphene OS or a Graphene OS virtual machine would be superlative.
I know it's a complex question but what are your opinions: are M1 Macs or property configured Windows on a secured-core PC inferior to iPad and Chromebooks?
[deleted]
We have zero interest in desktop security as it's broken and a lost cause.
- Edited
junction They're still inferior options, and largely inferior out-of-the-box. In the case of Windows, a hardened WDAC policy would make it way better though, but that's going to require a lot of work and in the end, it might not be as usable as Android/iOS/ChromeOS which have a saner app ecosystem.
game4hr I have much respect for the OpenBSD team and they have fantastic projects. But common *BSD distributions lack way too many exploit mitigations even Linux has. Beyond that, OpenBSD is still a traditional operating system with an overly permissive security model. You might be interested in giving this a read.
What is your thoughts on a chromebook or windows machine with uefi secureboot, compared to say Qubes os machine lenovo or librem 14 with pureboot. For overall security and privacy?
If you know how to use Qubes effectively, I would say its better than windows.
[deleted]
Kenny33
On everything, I don't think so, you can always disable some telemetry.
Personally, I wouldn't necessarily feel comfortable using chromeOS, that's why I'm waiting to see if the pixel tablet will be supported by GrapheneOS.
However, having an unsecured system, leaves your data very vulnerable to other actors, where on chromeOS, it's only google.
There is no perfect option today.
[deleted]
Librem is not recommendable: It is essentially marketing and its OS is only a classic linux, which is not at all secure.
Chromebook, despite the privacy issue, is built on a true security model
[deleted] what do you think of librem hardware with Qubes os. With the pureboot firmware?
[deleted]
I will not recommend librem (phone or pc). It's very expensive for what it is: Marketing. It's sold under an open source package, while the hardware never is.
It is more relevant to look at the list of QubesOS compatible computers and get one at a decent price.
https://twitter.com/DanielMicay/status/1176530921446678528?s=20
https://madaidans-insecurities.github.io/linux-phones.html (about phone but it talks about librem too)
Thanks, that’s really helpful. I’m currently using Ubuntu and primarily using the browser (haven’t installed many applications other than brave). Does that feel ‘safe’ enough given I’m not installing other potentially malicious apps, or is the browser itself enough of an attack surface that I should consider moving to chromeOS?
I am saving for a new laptop, is apple silicon Mac secure? Or better to buy Chromebook 😼 Or what?
[deleted]
- Edited
If we talk about linux (without going into details), I think that except on arch or gentoo, where one of the main interest is a strong customization of the system, and thus a reduction of the attack surface, by avoiding useless applications, it is relevant to think about switching to a chromebook.
But once again, no solution will suit everyone. Before I knew that a pixel tablet was coming out, I was thinking of switching to a chromebook, but it was a default choice.
You have to weigh the pros and cons. I spent years on linux desktop before coming back to windows, I personally won't go back, I don't consider it a relevant choice, with one or two exceptions.
I don't know enough about mac to talk about it, it doesn't attract me, but from what I read, if mac is probably more interesting than windows or linux, chromeOS remains more relevant on security.
iPad all the way?? No?
tmobile09 A Thinkpad X-series or T-series with Osresearch Heads firmware based on coreboot, running Qubes is probably the most secure you can get a x86 system. Heads checks the integrity of the boot process using signature validation by authenticator app based TOTP or hardware key.
This combined with Qubes OS and its virtualization based sandboxing of apps is pretty much the best bet from what my research has led me. If you follow best practices with this setup you must have a very skilled adversary upon yourself to not regard the system as secure.
https://www.youtube.com/watch?v=NqQI3nr1dqk
https://osresearch.net/
https://osresearch.net/Heads-threat-model/#threat-model