this post was submitted on 11 Feb 2024
77 points (85.3% liked)
Privacy
31800 readers
377 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Are you talking about a pre-built PC that has decent repairability? If so you'd really just want to avoid brands that use proprietary or irregular parts. For example Dell Optiplex computers can be bought cheap but they use their own power supply and some have smaller cases that might not fit most graphics gards.
Is there any reason you are posting this to a privacy community? Were you hoping for something that is Libre/Core boot compatible like some ThinkPads are?
I was looking for something that I'm confident doesn't spy at the hardware level.
I used Thinkpads as an example because after the early 2010 ones, they got those weird i7 (I believe) processors and we don't know much of what they do but some speculate they record keystrokes and phone data home.
What PC can you trust has good hardware in privacy? I don't want to buy a PC and run Linux, trying my best, and the thing spies at the hardware level.
They absolutely do not record keystrokes and phone that home. You’re talking about the Intel Management Engine, which is completely useless to almost everyone, but there’s no evidence that it spies on you. There have been security vulnerabilities found in it that could let someone else compromise your system (notably: only if you’ve provisioned Intel Standard Manageability), but there is practically zero chance that Intel is doing that or even selling that sort of capability.
Pretty sure this section of the Libreboot website talks about what you mentioned if OP wants more info
https://libreboot.org/faq.html#intel
https://piped.video/watch?v=HNwWQ9zGT-8&t=0
Well you can find a list of Libreboot compatible hardware here. I feel like your biggest issue, especially if you are relying on a prebuilt Windows PC, is all the bloatware they come with on top of Windows itself.
How confident do you need to be? I don't think I've seen any convincing evidence of any firmware spying in PC components.
Well, except the NSA's Clipper chip, but I don't think that really ever got implemented.
Lenovo uses proprietary, closed source firmware. There's no way to know what it's doing.
Then all you need is to network <insert worst computer EVER> through an OpenWRT router. No matter how bad the ring access is for Intel ME or AMD PSP or whatever else, all of it is stopped on your network router. No amount of spying paranoia or folklore bypasses that.
You can buy any computer in the world with this strategy/method, even something CIA or MI5 themselves manufactured.
If you are not a top secret journalist or activist talking to some high profile entity, or someone running a leaker or drug website on darknet, you are going to be just fine with Linux on a ThinkPad, with (Medium mode) uBO/Firefox, a good systemwide HOSTS ruleset, GUFW turned on and a decent DNS provider.
I should just add that even though I am one of the fiercest critics of USA and its entities, NSA does not get constant access to your keystrokes or other stuff. The amount of data transmission for it would be staggering and noticeable instantly, even if we assumed they hypothetically collected such text data, compressed it as TAR.GZIP and sent it. The main function of Intel ME is for enterprise management and remote control of computers by businesses.
So you just have to buy an openWRT router and it would stop it automatically or is this something you would have to be knowledgeable about how it looks in a system log to block it? Also, do you have to have some sort of custom modem as well or just the router being openwrt is enough?
You might either need to figure out the IP addresses from logs using whois, or there might already be some kind of list, or HOSTS ruleset made by someone to block Intel's connections. But you need no hardware/software other than that.
My point was everyone keeps crying and moaning over Intel ME and AMD PSP minus ring capabilities every other day, and a solution as simple as this exists to defeat 3 letter spooks.