I know that GrapheneOS is deeply integrated into Pixel devices. Do we have anything with a similar privacy and security in the Desktop/Laptop world? Coreboot? Qubes? TailsOS?

    No other device meets the criteria to have GrapheneOS support. The closest to that will probably be with the Pixel Tablet, which is a tablet, but I don't see why it couldn't be used as laptop (much like the iPad). So I guess there's your answer.

    If you're looking for something "similar" in the sense that it doesn't suck security-wise and has a closer security model than other options, your best options are probably a Chromebook or an iPad.

    • [deleted]

    Maybe in a few years, if fuchsiaOS is released on PC...

    No other OS combines the qualities of GrapheneOS: security, privacy, comfort and compatibility. About what is available today, I would say chromeOS.

      A Pixel tablet with Graphene OS or a Graphene OS virtual machine would be superlative.

      I know it's a complex question but what are your opinions: are M1 Macs or property configured Windows on a secured-core PC inferior to iPad and Chromebooks?

        • [deleted]

        We have zero interest in desktop security as it's broken and a lost cause.

        junction They're still inferior options, and largely inferior out-of-the-box. In the case of Windows, a hardened WDAC policy would make it way better though, but that's going to require a lot of work and in the end, it might not be as usable as Android/iOS/ChromeOS which have a saner app ecosystem.

        game4hr I have much respect for the OpenBSD team and they have fantastic projects. But common *BSD distributions lack way too many exploit mitigations even Linux has. Beyond that, OpenBSD is still a traditional operating system with an overly permissive security model. You might be interested in giving this a read.

        What is your thoughts on a chromebook or windows machine with uefi secureboot, compared to say Qubes os machine lenovo or librem 14 with pureboot. For overall security and privacy?

        If you know how to use Qubes effectively, I would say its better than windows.

          [deleted]

          On the chromeOS recommendation, would you not fear google having visibility into everything going on? I’ve never used it, so not sure if there are ways to disable tracking, but would love to learn more.

            • [deleted]

            Kenny33
            On everything, I don't think so, you can always disable some telemetry.
            Personally, I wouldn't necessarily feel comfortable using chromeOS, that's why I'm waiting to see if the pixel tablet will be supported by GrapheneOS.
            However, having an unsecured system, leaves your data very vulnerable to other actors, where on chromeOS, it's only google.
            There is no perfect option today.

              • [deleted]

              tmobile09

              Librem is not recommendable: It is essentially marketing and its OS is only a classic linux, which is not at all secure.
              Chromebook, despite the privacy issue, is built on a true security model

                • [deleted]

                tmobile09

                I will not recommend librem (phone or pc). It's very expensive for what it is: Marketing. It's sold under an open source package, while the hardware never is.

                It is more relevant to look at the list of QubesOS compatible computers and get one at a decent price.

                https://twitter.com/DanielMicay/status/1176530921446678528?s=20
                https://madaidans-insecurities.github.io/linux-phones.html (about phone but it talks about librem too)

                [deleted]

                Thanks, that’s really helpful. I’m currently using Ubuntu and primarily using the browser (haven’t installed many applications other than brave). Does that feel ‘safe’ enough given I’m not installing other potentially malicious apps, or is the browser itself enough of an attack surface that I should consider moving to chromeOS?

                  I am saving for a new laptop, is apple silicon Mac secure? Or better to buy Chromebook 😼 Or what?

                  • [deleted]

                  • Edited

                  Kenny33

                  If we talk about linux (without going into details), I think that except on arch or gentoo, where one of the main interest is a strong customization of the system, and thus a reduction of the attack surface, by avoiding useless applications, it is relevant to think about switching to a chromebook.
                  But once again, no solution will suit everyone. Before I knew that a pixel tablet was coming out, I was thinking of switching to a chromebook, but it was a default choice.
                  You have to weigh the pros and cons. I spent years on linux desktop before coming back to windows, I personally won't go back, I don't consider it a relevant choice, with one or two exceptions.
                  I don't know enough about mac to talk about it, it doesn't attract me, but from what I read, if mac is probably more interesting than windows or linux, chromeOS remains more relevant on security.

                  5 months later
                  20 days later

                  tmobile09 A Thinkpad X-series or T-series with Osresearch Heads firmware based on coreboot, running Qubes is probably the most secure you can get a x86 system. Heads checks the integrity of the boot process using signature validation by authenticator app based TOTP or hardware key.
                  This combined with Qubes OS and its virtualization based sandboxing of apps is pretty much the best bet from what my research has led me. If you follow best practices with this setup you must have a very skilled adversary upon yourself to not regard the system as secure.
                  https://www.youtube.com/watch?v=NqQI3nr1dqk
                  https://osresearch.net/
                  https://osresearch.net/Heads-threat-model/#threat-model