/cyb/ - cyberpunk and cybersecurity

On the cheap side your best bet would be old thinkpads. Specifically ones that support libreboot or coreboot. I would also keep an eye on RISCV for the far future. The Talos systems are expensive but they are fairly amazing. Thinkpad is probably your best bet fam. I am running an x230. Small size, cheap, supports coreboot. Also unsure why but the x230 is fairly popular in the coreboot community because there two coreboot distros that have specific support for it like heads and skulls. Personally I am waiting for a RISCV Raspberry Pi clone.

A Faraday cage

pay attention to intel me and the AMD equivalent.

In the short term I'd advise you consider installing libreboot on a used Lenovo, and longer term look towards something like a RISCV SoC that you can embed in a cheap "DIY" laptop shell like the pi-top or kano laptop kit.

You might also consider the PCs from https://puri.sm/. It all depends on what you really need to do, how much tin foil is in your hat, and how much money you're willing to throw at it.

>>3682
OP here. The major thing I'd like to try and do is use a computer that's capable of securing my information and online activities, keeping big companies from whatching my every movement online. I doubt I'd be able to play all the latest big games coming out (which is fine since I detest AAA gaming), and as long as I can watch my movies and tv shows, and listen and read to my stuff without Google trying to track what I'm reading, then that's fine. I may also try to do pentesting and other bits of coding to see what I can do, but I'd rather start out small with just essential cybersecurity measures so I can not feel paranoid about what I do online.

>>3683
To that end, you'd be good with a bunch of free software - operating systems and software respecting your will are all there. Quite an ordeal, rubbing against the economic underpinnings. Probably a root best taken should that sound like fun to you. Now go and put your energy where your mouth is. AAAs are out the question, true.

Laptops (& future phones) that are focused on privacy:
https://puri.sm/

Qubes OS is what I use, and is also super focused on security & privacy:
https://www.qubes-os.org/
((Qubes OS includes a whonix VM, which I would recommend you use if you want real privacy))

Tails is also great, but a bit extreme:
https://tails.boum.org/

Everything else related to privacy you'd need (email, browser, messaging software, servers & all):
https://www.privacytools.io/

Old AM3 Boards for the Phenom line for desktops if you are cheap. (They support qubes and do not have any management processor/backdoor. No UEFi with network crap either.)
If you are oriented in the middle of price look for Asus KGPE D8/16, it is a server board that supports libreboot and qubes. Also has an optional Management addon (BMC) that runs free software.
If you soykaf money. Raptor Computing rig.

Laptops…
Tradeoff:
Thinkpad x230 (or its T equivalent) and up → IOMMU works therefore qubes is usable but it has ME Processor, it has coreboot support, now even with foss video init, which can be castrated somewhat but not fully disabled.
Thinkpad x200 or its T equivalent:
Libreboot capable but no IOMMU → Not qubes capable.

Distro:
If you want to do multiple areas of operation on one computer build a qubes rig. It even has an integrated tor distro. The possibilities are great.
If no Qubes:
Any distro with a non fucky package policy. Maybe one of the FSF endorsed ones as a stable base with fancier soykaf on top as containers.
Fedora is really nice but needs a lot of trimming privacywise but is technologically nice and stable. But its made by redhat which is a corporate thing that is actually software supplier for TLAs.
Debian is the other great distro where Freedom is default and nonfree stuff by choice. The bigger the distro, the less hassle.
Devuan is debian without systemD.
Look at GNU Guix for source based things or as overlay/packagesource to your main os.
Avoid any Gnome3 desktop spins. Their cultural realm likes to put UIDs into everything and seems to like the cloud.
Gentoo is a nice idea but packaging masochism and understaffed.
Mint is like Ubuntu but shiny, nice desktop-y and fucking insecure garbage by default.
Ubuntu works but seems fishy as they already did privacy invasive soykaf. Also they push proprietary software in their store.
Opensuse seems to have gotten better but I havent used it in a long time because manual configuration and their yast gui management tool always clashed and they had many dependency hell cases.

I am sceptic about privacytools.io
They recommend signal.
They recommend VPN Services that were cought logging. (proxy.sh and nordvpn)
But they recommend ricochet on desktop. Propably the best hardcore anon choice currently.

BUT! I stand corrected. Privacytools.io has pretty sound recommendations otherwise and nowadays.

Stay clear of Signal or too fancily marketed cryptomessengers.

Signal is often touted by techies but is actually corrupt to the core.
Moxie wants to dominate the community.
Own servers are disallowed.
Active legal and posting against 3rd party clients.
Official phone client contains closed google software and depends on google.
Desktop client works only as chrome(/ium) app.
The app is touted to be reproducible but how is pretty embarassing.
It requires that you run a docker container with a premade modified ubuntu image that it spits out the same binary except signature.

>>3686
>Look at GNU Guix for source based things or as overlay/packagesource to your main os.
Compiling from source is default but you can also switch to using a binary repo (they call it "substitutes"). There is also a "challenge" command which will build a package from source and compare it to binaries to check if repos are legit which is pretty cool.
What worries me about Guix is the sheer complexity of it all.

>Gentoo is a nice idea but packaging masochism and understaffed.
The two main advantages of Gentoo is that by compiling everything from source you can
1) avoid bloat by cutting out software features you don't want (e.g. firefox without pulseaudio)
2) add extra security at compile time (e.g. stack cookies)
Compiling everything takes time though and can easily outweigh the advantages for most people.

>>3687
>It requires that you run a docker container with a premade modified ubuntu image that it spits out the same binary except signature.
To be fair that is just the state of software in 2019. Nobody knows how to write and deploy code anymore without depending on 20,000 libraries and dumping their whole dev environment into a container.

>>3669
minifree.org

>>3685
Tails and Qubes are incredibly different items.

Tails is focused on providing anonymity, and mainly provides security through non-persistence. It has interesting features like a visual clocking mode to make it appear like WIndows 8 to stop you from standing out visually to others locally.

Qubues is security focused distribution focused on providing a hardened end-point through virtualization, and isolation of processes. It does have a non-persistance mechanism (Temporary VMs), but doesn't have all of the anonymity features tails has (eg wiping memory on shutdown).

Both are very cool, but very different. If you install tails, you are doing it wrong.

>>3687
run your own VPN in some soykaf VPS host with disposable payment information in a country like Russia or another decent non eyes country

>>3687
is it elitist to assume most people who couldn't set up their own XMPP server or use the one you setup to talk and verify simple OTR fingerprints aren't going to have the associated OPSEC and awareness to even keep device encrypted or secure enough to be private?

signal is centralized, riot/matrix is too technical for normalfags. telegram is untrusted for same reason as signal.

implying you can lead them all around in a insider trade but you cannot make them contribute to ZRTP/SRTP and Jitsi projects that aren't jitisi meet.