You tell me.
I know that the right software and the right settings are key to electronic privacy on computers. But are there some computers (laptops, especially) that are inherently more private and secure due to their hardware?
I always buys used Lenovo laptops. They (and their predecessors from IBM) are the sturdiest beasties in the computer world. Mine have been knocked off tables by rambunctious dogs (or by me) dozens of times, and while various plastic bits may have cracked or broken off, the workings inside their titanium cases have just gone right on ticking.
Unfortunately the other day my main computer (ThinkPad T400) was sitting on a hassock next to a window when Ava spotted a cat. This time she didn’t knock the computer to the ground. That would have been fine. Nope. She stuck a claw into its screen.
Oh, it’s still working just fine. But when you spend as much time at the computer as I do, a dog-claw-sized hole in the middle of the display will drive you nuts. So I’m thinking about a new (used) laptop. It’s about time for one, anyhow.
But one of the things I like about this one is no built-in camera. It’s got a stupid fingerprint reader, but that’s totally ignorable. It worries me that the newer an electronic device, the more likely it is to arrive with hardware and pre-sets to communicate with Uber-Snoops. Shel reminded me of such unknown hazards when he posted this link in comments.
That’s not for me. But then, neither is the prospect of buying increasingly older laptops just to avoid creepazoids.
So tell me: how far off-base am I in thinking that I should be able to buy a recent, but used, laptop that isn’t designed and pre-set to betray its users to Our Robot Overlords?
And if I’m not off base, what are some good candidate laptops built in the last few years?
1. Lemote yeelong laptop.
2. Macbook pro “mid 2009” model – this did not have an intel chipset.
3. Nothing with intel vPro or AMT unless you want hardware-embeeded features like remote power on, reboot, saving all your encryption keys on a separate chip, having a separate processor on the chipset for remote management etc… see the vpro video on the intel website (google intel vpro)
4. AMD is considered better than intel.
5. No Windows.
Powerbook g4
I don’t have an answer, but another question: 1) If not Intel (which I personally don’t like anyway), how about an AMD processor?
Don’t trust Dell and HP, which have gone over to the other side and aren’t trying to help their customers re: privacy concerns.
Macintosh computers are inherently more secure – they don’t require anti-virus software. They run unix, and have all the good things that linux computers have. I have a Lenovo at work, and several Mac laptops – the Macs are more rugged, especially the latest generation – AND – their screens are better. ‘Course they’re more expensive, but if you take out the hassle and cost of antivirus issues – it’s comparable in $.
Thanks, iwjij and jolly. I hadn’t even thought about Macs, partly just out of habit, partly because of $$$. (I usually pay $200-ish for my computers.) You’ve given me a lot more to consider.
Thanks especially, iwjij, for all those specific points to look for or not look for. Definitely no W*****s!
I work on a laptop all day, everyday, and I desperately needed a new PC back in late ’12, and hubby surprised me with a Macbook Air. After using Windows OS products for 15 years, I’m so happy I returned to Apple products.
I don’t know if it’s more secure from gubbmint, but it’s not prone to viruses (I’m paranoid, so I downloaded a free antivirus program ClamXAV – it doesn’t slow the mac at all.) Mine has a built-in firewall.
I love this MacBook. Everything seems easier and faster. I bought a clear plastic case and a screen protector, I stuck something over the camera and it was ready to go. I plan to keep this thing for a very long time.
There are used ones around. Hubby just bought a used MacBook Air from a friend.
I wouldn’t buy another Windows-based PC unless there is no other option. There is no comparison, imo. And I cannot stand Gates.
Leaked NSA documents show that they have 100% success infecting Apple computers, iPhones, etc. Apple hardware may be good but their software is insanely buggy. My wife owns an iMac, I spend more time cleaning it up than all the other machines in the house combined.
Lenovo makes good machines, it is a solid choice.
There are indications that the spooks have the capability to infect firmware. If this is true then no hardware is safe.
If you looking for reasonable security from the standard threats then most machines will be fine. Just run Linux or a BSD variant and apply the security patches in a timely manner.
Anybody have a Linux distro suggestion?
R.L. Wurdack — For what particular need and what particular skill level? There are so many flavors of Linux! For general, non-techie, user-friendly Linux, I still go with either Mint or Mageia.
Mint is currently the overwhelming, nobody-else-even-close #1 on Distrowatch (http://distrowatch.com/) and Mageia #4.
Thanks, Jorge. I do run Linux (though now that it’s becoming more popular, it seems there’s more malware directed at it than there was a few years back). Keeping up to date on those patches … sigh. That’s another matter.
Damn spooks.
WL — I remember you getting that Mac! Great gift for a writer. I’m with you on W*****s PCs. I usually look for used computers with no O/S. Or I get one with W******s, but partition the system and don’t use the W partition except for the (increasingly rare) things that Linux doesn’t do.
In the last three or four years, that’s meant only one thing: going over the the W side for sites that use Silverlight. And for me, that’s exactly one site that I might want to look at once a year.
Related question:
Evidently all the newest (anything that will run Evil Windows 8, for sure, but before that as well, I am told) processors — Intel and presumably AMD — have HARDWARE and firmware backdoors for NSA et al access.
For that reason alone, with a Unix/Linux variant, I keep older processors on hand.
But I don’t know how far back it goes.
Anyone have any more info on a vintage selection?
iwjij — that Lemote Yeeloong sounds like an interesting development! I’d never heard of it. It’s not for me because it’s so pricey and because it’s a netbook (too small). But fascinating: a computer that’s 100% NOT W******s compatible. Take that, Mr. Gates!
Thanks for the hint, Claire. I had been considering Linux but really didn’t know where to start.
My Mac has a camera; I’ve put tape over it. That hopefully is enough for the video; but it there’s video, there’s audio, which by now likely can be turned on remotely. Several years ago it was revealed that Apple was giving our government data on locations of individual computers. But then again, I think that can be done even with flipper phones as long as the battery is installed. By now, I fear, it may be hopeless to expect to have any security from our government, so choosing a computer may come down to trying to achieve some security from common criminals, ease of use, and price.
Apple has what I think is called vertical integration, meaning from the start to finish of the product it’s all theirs, which makes for compatibility. Macs are generally accepted to be more “intuitive” to use. At the Apple store, they sell a “Missing Manual” series of books that are very good, and if one buys a Mac, for $99 there’s also a year’s worth of “one-to-one” tutoring in the use of it. If there’s any problem with the equipment itself, it can be taken in to the store to the people at their “Genius Bar” (what a name) and they’ll take care of it; there’s no running down to the corner store computer expert.
My thinking is that if you’re not too far in time away from an Apple store, it’s definitely worth taking a look. If you are pretty far away and you’ve been getting along O.K. with what you’ve been using, then the conveniences that Apple provides may not be of much benefit to you.
Thanks, Shel. I’m probably three hours away from the nearest Apple store. I also can’t afford new computers, let alone new Apple-made computers. So not going there. But your info is interesting and bound to be helpful to somebody closer to civilization.
“Genius Bar” — LOL! Yeah, that takes some nerve.
Can’t say much about laptops. Supposedly, the Panasonic Toughbook — I think that’s what it’s called — is very rugged. Were I looking, I’d start with a used Lenovo business-class machine, e.g. the Thinkpad. I’ve heard the quality, especially the consumer-targeted machines, has declined from the IBM days, but there’s no recourse for that. If I couldn’t find what I wanted in a Thinkpad, maybe HP after that.
But the marketing is all towards embedded this and that, so getting away from the camera will be more difficult in the consumer-class machines. Maybe business-class machines are not as much affected?
https://supporters.eff.org/shop/laptop-camera-cover-set
Or, just use a piece of electrical tape.
Claire,
Macbooks are good, I have one from 2009 and it takes a beating and runs very well.
I find MacOS adequately secure and bug(virus) resistant enough.
IF the gov wants in they have the cash and the manpower to crack anything that has
an internet connection. They have made it clear, DasGov is the uberhacker.
That said any older lenovo with Ubuntu(12.04LTS) or Mint distributions of linux are good.
I still run a R40 that has ubuntu12.04LTS and whole not fast it’s solid and reliable.
One last thing that screen on the T400 can likely be replaced at reasonable cost.
Eck!
I did what Jed suggested as soon as I opened the box, a little square of electrical tape over the camera. I have been using a Lenovo Ideapad for the past three years. Like yours it has fallen from various heights onto hard surfaces and other abuses with just a couple bends and chips. These things are built like tanks.
I still use Linux Mint but need to finish migrating to Arch Linux.
Those of you who are interested in linux & security might want to take a look at the “Tails” project (https://tails.boum.org/).
It installs a version of linux onto a USB thumb drive, that you can then use on just about any modern computer, without having to change anything on that computer’s hard drive (such as its own operating system).
It has maximum privacy/security settings by default — it uses Tor to reroute all of your internet traffic, for instance, and any personal files you store go into an encrypted volume (so if someone steals the drive from you, all they can see is the original Tails installation itself).
If the bad guys show up at the door, all you have to do is yank the thumb drive out and it wipes the computer’s memory clean. It even has a mode in which it masquerades as Windows, so if you use it in a public place you look less out-of-the-ordinary.
It would be great for a bug-out bag. I plan to carry a copy with me whenever I travel south of the border so I don’t have to worry about corrupted operating systems on the machines in hostels and internet cafes.
Thanks, Eck! I should have anticipated somebody would mention replacing the screen. I know it’s possible, but even if I buy the part on eBay, the total repair cost would probably be around $170 – 200 and I’d have to travel to find somebody to do it (or pay shipping both ways to get it to and from a repair place). Given that I buy used laptops for about that same amount of money, a repair doesn’t make sense.
BTW, I also have a ThinkPad R60 and in some ways I prefer it to the T400. Very sturdy. And yes, it runs Mint.
jed — Thanks for the lead on the Panasonic Toughbook. Never heard of that one. Right now I’m looking at ThinkPads and some of the Apple products mentioned, but I’m realizing that whatever else I do, I want something that has no remote turn-on capabilities.
Couple of interesting articles on webcam spying:
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams-can-spy-on-their-users-without-warning/
http://www.zonealarm.com/blog/2013/10/are-you-being-watched-through-your-webcam/
Second one has some useful tips.
I ditto on the used Macs. As Claire probably already know, I’ve been using an older Macbook for (in computer years) a very long time now. I’m about ready to “upgrade” to a newer Mac. When I do I’ll probably experiment putting a Linux Distro on it.
No matter what computer you choose to use, do this to any computer you finally set up with all the programs you want, but before you put any personal files in.
http://lifehacker.com/5928780/how-to-burn-os-x-mountain-lion-to-a-dvd-or-usb-flash-drive
A good idea if the hard drive on the computer crashes. Especially if you need to completely wipe the onboard drive for whatever reasons.
All personal files should be on a separate, hopefully more secure, drive anyway. Think backups. Recommend a high capacity thumb drive which can be more easily hidden. Maybe even a number of them, in case they trash your house looking, they may miss one.
That Tails project sounds interesting. Sounds much like it got the Onion Pi built into the laptop.
http://makezine.com/projects/make-36-boards/how-to-bake-an-onion-pi/
That Zonealarm post made me think of something I saw years ago, when wireless IP video cameras started to come down in price and get popular. Lots of them, people just put up and turn on, without securing them, and of course other people noticed this.
In some cases, these can even be controlled remotely. This isn’t the same thing, exactly, as a built-in cam on your ‘puter. More like these types.
Here’s a mention of searching for unsecured webcams. No NSA deviousness needed.
We talked about these things a while back, I recall.
if there’s video, there’s audio
If you put a plug in the microphone outlet, wouldn’t that cut out the built-in mike?
Over in Puppy Linux land it is considered de rigueur to pull your next computer out of a dumpster. 🙂
I’m running lubuntu (basically a lightweight ubuntu) that I like pretty well. I have my entire hard drive encrypted except the boot partitions (as usual), and those are checked for fiddling every time I boot. I have a tape over the cam. I suppose if I worried about audio I could install a switch in the microphone wire, if there is any kind of reasonable access to that. Nice thing about the ubuntus is that there is an automated update program that runs every so often, checking for updates. Very convenient.
Don’t discount the possibility of repairing the machine yourself. There are an amazing number of youtubes out there showing how to get into various machines. It boils down to the ability to use a small screwdriver. The screen vendors also might have something you can look at.
I have a Compaq 6910p sitting in the closet if you’re interested, that I’ll just give to you. It needs a battery though. I have managed to boot Puppy on it.
As I’ve said before, I’m just not that paranoid about govt. hacking. I figure it is enough to throw a few roadblocks in their way, like encrypted drives and VPN, just for the hell of it. I don’t assume they can’t get in though, but I don’t lose sleep over it either. If I really want to get covert about something I’d probably keep it off a computer entirely, or at least dismantle any network hardware before using a computer.
The problem with something like Tails is that a machine so constrained is not going to have many applications that work on it, other that what comes with it (I think). I’d use it for special purposes but not for general computing work.
If you want to get into really old machines, there is a Puppy variant called “Wary” which is aimed at old hardware. Puppy runs very well with old hardware, particularly if you have maxed out the memory. It boots off flash drives and even off CDs. The latter is not that impressive until you understand that it even manages permanence, because any changes you make get written back to the CD. Unlike almost every other live CD distro, Puppy is still a rocket ship even if it booted off CD, because the entire thing is loaded into memory (assuming the memory is big enough to take Puppy’s 120 MB or so, plus room for application memory).
[If you put a plug in the microphone outlet, wouldn’t that cut out the built-in mike?]
That I doubt. Sound carries through the metal and the plastic and the plug too. You’d have to get into the case and clip out the mic or put a switch in series with it, or something of that nature.
Here’s a Puppy variant that is supposed to run on Pentium III’s:
http://distrowatch.com/?newsid=08357
I have a Tandy 102, running Basic with 32 kB (not M or G) and a 300 baud modem. Pretty sure NSA has never hacked into it!
I taught a tiny-town adult-ed class on Linux and helped several people convert XPs to Linux Mint. That was February. March I taught a do your own website class.
Between them, I goodwilled myself a free XP laptop in good working order and converted it to Mint. I also got hired to convert another XP laptop for someone else.
All of these are going swimmingly. I cannot imagine a better solution either for rejuvinating XP systems or building yourself a good economical confuser.
“Two can keep a secret — if one of them is dead.” Srsly, tape over the camera, clipping mic leads? Here’s a thought: keep your darn laptop closed and cased when not in use. Don’t say nuthin’ you wouldn’t want to answer to in court around anything with a mic in it — like all those telephones, cel and otherwise.
If Honkle Sam wants to listen in on you, he will, period. Now Claire and some of you may have writing projects that you’d not want snooped before publication — but generally, she’s eventually gonna make her work public (and, one hopes, earn some money at it!). So what’s so sekrit?
If you are doing something The State rilly, rilly hates — medical pot in unfree places, handing out jury-rights flyers, whatever — don’t talk about it on the phone, don’t put it on your computer. There’s not enough black tape, obscure operating systems and wire-cutters in the world to make modern gizmos secure; you might as well be making your notes in cleartext pencil on legal pads and filing them (with an index!) on your front porch. Pretending there’s some magic combination of software and hardware that’ll keep fed.gov noseyparkers is just fooling yourself.
I bought a Chromebook the other day. It’s as transparent as glass (heh) to Google and if they can see it, the Feds can, too. I been tryin’ to not foment sedition on it: it’s a toy. All that stuff is toys. Don’t put info about jail-time serious matters on toys!
Some good info in the comments! A couple of suggestions: Assuming you can zero in on the machine specs, try websites for manufacturers refurbished units with the features/hardware you want;Most of my hardware (towers, printers) were purchased from a company that buys used lab equipment and computer equipment as part of lots from various companies that have surplus equipment to sell. That company was in Birmingham, AL, and I’m still running 2 of the computers and 2 of the printers. My laptop was purchased from Compaq/HP (I know … at least one commenter says Ugh) but it was surplus from a company that ordered too many and was surplusing them via HP’s “outlet”. My point is that there may be bargains out there if you can find them.
I’ve bought quite a bit of refurbished electronics from this outfit. http://www.newegg.com/
Excellent prices, shipping often free, and great customer service.
[There’s not enough black tape, obscure operating systems and wire-cutters in the world to make modern gizmos secure; you might as well be making your notes in cleartext pencil on legal pads and filing them (with an index!) on your front porch.]
Roberta, while I mostly agree, I think there is still value in putting up roadblocks. If they “rilly, rilly” want to get in, they probably can. But the difference between roadblocks and no roadblocks is that they have to expend more effort. Maybe they have to covertly enter your home and install a key logger. Or they have to use a “Tempest” van with three guys inside it. Or they have to engage the services of a super nerd, rather than just an ordinary bureaucrat. Since (I think) the best technicians tend to avoid government work in favor of private sector work anyway, this does increase their difficulty significantly. They have lots of money and power, but not infinite amounts of it, and there are a lot of us peons out here for them to monitor.
They can even use “rubber hose cryptography” if they want, but there are costs to that too.
I think the true reason for surveillance, since there is just not that much out here that is of interest to them, is to increase our paranoia and to keep us in line through self-enforcement of their dictates. That’s why I don’t think they are that upset about the Snowden relevations. They lie about surveillance, and we know they lie, and they know that we know they lie. But if it keeps us under their thumb through fear, that’s all they really want from it.
So, getting over your fear and paranoia seems to be the remedy…
“Revelations”, I mean. 🙂 I wish these posts could be edited.
I’m very glad this no-so-dumb question was asked; there’s a lot of knowledge in the commentariat. I certainly have learned a lot.
I try to double and triple check my comments for typos and still miss some. I’ve noticed, too, that the “Submit Comment” option is pretty final 🙂
That I doubt. Sound carries through the metal and the plastic and the plug too. You’d have to get into the case and clip out the mic or put a switch in series with it, or something of that nature.
I’m not counting on the plug to block the sound.
If I plug in my earphones it switches off the computer’s speaker. If I plug in my microphone the computer records only what goes through the plug-in mic, not what hits the computer mic. So I’m thinking that putting a plug in the mic port activates an off-switch like the one you’re talking about installing. If there’s no mic on the plug, then it doesn’t mater where the sound goes because there’s nothing picking it up.
Unless the snoopers can override the computer mic off-switch.
“I’m very glad this no-so-dumb question was asked; there’s a lot of knowledge in the commentariat. I certainly have learned a lot.”
Me, too! I was surprised that this turned out to be such a hot discussion. Very informative.
And Paul Bonneau, thank you for the offer of that Compaq! That sounds like a pretty good machine for a seven-year-old design. I’m going to keep poking around a bit more, but I’m interested … and sure can’t beat that price. 🙂 Let me get back to you.
On a tangent here. I splurged on a new laptop in 2008. [$600] I had a SSD [solid state drive] put in it. [over $200 then, cheaper now] I will never have a regular drive again. The performance difference is night and day besides it being totally silent. This months recommendation in budget build’s [Maximum PC Magazine] is the 120GB Kingston SSDNow V300 SV300S37A/120G for $80. Not trying to spend your money Claire but until you have had a SSD vs. the old slow mechanical one’s well it’s night and day. Just a suggestion.
Not 100% sure how valid this is for every pc, but on my thinkpad X300, I checked in BIOS, I had AMT off, and in order for it to be on I had to have the network cable plugged in. So I assume as long as it is off, and no network cable connected then all is well.
I too am a fan of SSD’s, although to be done right it is a good idea to minimize writes (enabling TRIM, etc.). Quieter, cooler which means the laptop fans don’t have to run as much, faster, and best of all your laptop really becomes portable, because you don’t have to worry about head crashes if you bump it.
AS mentioned above,TAILS operating system. Encrypt everything….at least if we ALL do this, even if they CAN decrypt, it will become a herculean task!