I use a 2018 MacBook Pro with little snitch but im starting to consider a Linux laptop as security updates are coming to a near end on my current machine I believe. T2 chips do not play nice with Linux (I've tried) so Linux on my machine is out of the question.

I'm fully aware that a Linux machine will not be a secure environment in comparison to GOS/ Android on a Pixel and/ or a modern M series Mac.

That being said, if I go down the Linux route I'd want something fairly recent (still receiving BIOS updates, decent battery life etc) but not a $1500 new machine

Any recommendations for specs/ models/ specific year of release etc to look out for? 13 or 14" is the size I'd be looking for. Or should I suck it up and buy a second hand Apple M device (shudders 🤣)

    Graphene1 on your macbook pro, Sequoia is the last major upgrade. However you will have additional 2 years of security updates so you are safe until September 2027.

      From looking at the Ghost Bsd hardware compatibility list, it looks like early 2018 Mackbook Pros are supported. Maybe worth taking a look?

      4 days later

      Framework laptop. Or anything based on Coreboot, but the latter may be pricey

      If you are serious enough about security and privacy to use Graphene on your device, and you are willing to use Linux, you should at least look at using Qubes.

      Try Qubes on a 2nd-hand Thinkpad, with Coreboot and ME_cleaner.

      Plenty of discussion on https://forum.qubes-os.org/, including a hardware compatibility list (HCL) and a responsive community.

      Caveats:

      • Flashing the bios isn't always easy. It took me a while, but I got it working and I am not remotely technical. Research it.
      • Buy something with lots of RAM. Its RAM hungry.
      • Its not as easy as standard Linux/Mac/Windows: Qubes is rough around the edges sometimes, a learning curve, sometimes clunky. But still its pretty good since v4.2.
      • Some software just doesn't run on it. Its not just a Linux thing, could be a RAM thing. E.g. some CAD programs. Dual boot (check that it can) or keep a spare 2nd-hand laptop on hand.

      But its all really manageable and you get something that's a lot more safe than a standard computer.

      My threat model is mostly just 'hackers' and corporations, so its probably overkill for me, but I wouldn't do anything important (e.g. banking, shopping) on anything else - that is until I started using GOS as well.

        rocky-planet While I am very serious about my security and privacy, I really don't see a reason to use Qubes or Tor on a daily basis.

        During my (albeit short) stay here at the forums I've seen more people recommending usage of a combination of Tor/Qubes/whonix and VPN on top of it for daily basis because it's the only way you can be secure...

        Meanwhile when you look at what actual security people use (and I don't mean 9-5 crowd) no one in their sane mind would go that route.. obviously if you want to suffer just because you think it's going to prevent the next big hack absolutely go for it. But again, I'd recommend to spend the time and effort on improving your IT hygiene and other parts of the setup. In the end you're not holding missile launch keys. (and those are often held on an old floppy...)

            Graphene1 I'm fully aware that a Linux machine will not be a secure environment in comparison to GOS/ Android on a Pixel and/ or a modern M series Mac.

            Linux is as secure as it gets. What potentially isn't secure, is the USER. Modern security isn't really about protecting you from external threats, its about protecting you from yourself. In my opinion, trying to protect you from yourself is massive overstepping on the part of whoever is trying to impose that on you, to the point where those imposing that pseudo-security on you are actually a massive security threat.

            I wouldn't consider anything apple or google to be "secure", since apple and google can walk all over you and control what you can do with your own device.

                I bought the thinkpad "ThinkPad X13 Gen 4" with as the amd Ryzen™ 7 PRO 7840U 32gb version new for around 850€ this summer from lenovo. That was the best deal i could find back then.

                The flaws of the laptop are:

                • that you fingerprints/ stains like this appear (i think this happens with almost all thinkpads).
                • the fans are definitly noticable under load (i dont think it is annoying tho)
                • the laptop can become VERY hot when you put it under load for some time (like too hot too touch)

                and i sometimes have an issue where i get graphic bugs and have to restart, but i think this is some other problem...

                But overall i am very happy.

                (I didnt buy the laptop with safety as concern in my mind just saying)

                  dhhdjbd Lenovo cheaps out on thermal paste and cooling overall. If it overheats this may produce graphic artefacts as you said, so I'd look into repasting the laptop/looking into improving the cooling capabilities of he machine.

                      0xsigsev I'd recommend to spend the time and effort on improving your IT hygiene and other parts of the setup.

                      Interesting you say that. I think for myself, I don't have the knowledge or the temperament to use strictly disciplined IT hygiene - basically, I know I'd screw up my 'op-sec' (to use that term).

                      I find Qubes' security-by-isolation approach is pretty robust for an error-prone dunce like me. But it does come at a convenience cost.

                      I don't want to hijack the thread.

                          TrustExecutor Briefly - that looks interesting.

                          However, while I like the security aspect of Qubes - a fresh copy of your software every time you start the machine! - I also appreciate the way you can build privacy into it. You leverage the isolation model - every virtual machine can be a different computer, and with a VPN/Tor connection you can strongly isolate different "you"s from each other.

                          That's not always simple. VPN set-up is finicky and Tor is often verrrrrry slow to the point of near-unusability. Also a lot of sites, e.g. science databases, publishers, etc are blocking a Tor connection and increasingly many VPN servers. Frustrating. I sometimes say 'screw it' and use another device like tablet/phone with GOS. User experience might improve with better hardware so that's why I say esp. the OP should get a lot of RAM in whatever machine they choose if they want to try Qubes.

                          I don't see that privacy-by-isolation model in any other setup - certainly not as efficiently as Qubes which is built on VMs - which means you are relying on your practices and hygiene-discipline on the one hand, and on the other, your settings, mods and extensions of your e.g. browser, for anti-tracking and anti-fingerprinting. I think these can be pretty solid, but are irreducibly error-prone. (Technologically, I'm particularly skeptical of anti-fingerprinting. They are devious and clever with that stuff). But nothing is perfect, of course.

                          Enough from me off-topic.

                              rocky-planet Interesting thoughts. Maybe you can get similar functionality by using separate KVM virtual machines on top of a hardened linux distro. Qubes is quite convenient in my opinion. The biggest downside is performance and lacking of GPU acceleration in the VMs and thus have to use software decoding for videos etc, which can be laggy on older systems.

                                0xsigsev thank you, but i dont believe that is the reason for the graphic issues.

                                like i never had these when playing games and i did run a bunch of stress test benchmarks -> 0 artifacts.

                                these issues mostly randomly appeare in visual studio code or while browsing, often when i didnt have restarted for a longer periodm. i kinda believe that it is some kind of software issue. But its no that big of a deal, so i didnt look really into it

                                  12 days later