Alon is contemplating replacing his laptop so I figured I would recommend he take a look at Purism, a company offering laptops that are designed for people that care about security and privacy.
Unfortunately, once I started looking a bit more closely at this little rabbit it ran deep down into its little rabbit hole and I discovered that in reality there are currently very very few hardware options for people that want a computer that is not backdoored with a sophisticated rootkit at the hardware level.
I followed the Snowden revelations closely and even read Grenn Greendwald's "No Place to Hide", but still the extent of this was news to me. Apparently after 911 an NSA program called "Sentry Owl" successfully coerced major US PC companies into co-designing hardware level rootkits into their products.
By 2006 the new generation of Intel hardware came with Intel ME ("Management Engine"), the secret computer within your computer pre-installed.
The ME has a full network stack with its own MAC that works even when your computer is turned off and has direct access to RAM and you all hard drives / peripherals. It's a 5MB proprietary encrypted blackbox that was designed to be extensible while being extremely hard to reverse engineer. The ME CPU runs its own custom non-x86 instruction set (ARC), the firmware is compressed with a custom designed compression algorithm, and all code is signed and encrypted. Intel is extremely uncooperative with anyone that wants details on how this thing works, including big customers like Google.
If you wanted to design a universal hardware backdoor that is embedded into all PCs this is how you would do it.
The people who seem to know the most about Intel ME outside of the intelligence community are the free software "nuts" attempting to develop a free (free as in free speech) boot process:
Unfortunately, the latest generation of AMD hardware (post-2013) has its own version of Intel ME called the AMD PSP (Platform Security Processor) which isn't any better:
For people that want a computer that isn't backdoored at the hardware level libreboot recommends not using modern hardware at all. Yikes!
Intel ME and the AMD PSP have the NSA's fingerprints all over it. I would be very very surprised if it turned out NOT to be designed (or at least co-designed) with the concerns of US intelligence capabilities in mind.
Unfortunately, that's a problem even if you trust the NSA not to abuse their powers, because as one 29-year old former NSA contractor armed with a thumbdrive showed - the NSA's security isn't all that great.
Even those who think it's wise to trust the NSA would probably think twice about trusting the legions of private contractors it depends on to run its mass warrantless surveillance programs.
Even worse, according to experts like Bruce Schneier the game of cyber-espionage is all offense, no defense. In other words, foreign intelligence agencies most likely already had all the documents Snowden leaked because they were already in the NSA's systems.
So now you also have to trust not just the NSA, but the Russian FSB, the Chinese Cyberarmy, and potentially anyone working for them in past, present and future.
Now I get why the Chinese are developing their own CPUs, why the Russians and Germans are reverting to typewriters and paper for classified information, and what a top US intelligence officials means when he says:
I know how deep we are in our enemies's networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply
The only saving grace is that given the risk of detection, political fallout and attack devaluation, I reckon advanced attackers regard hardware level backdoors as the tools of last resort and only against high-value targets. For the little guys, they'll prefer plausibly deniable exploits in endpoint software that were either accidentally or maliciously inserted. And yes, part of Sentry Owl and similar programs by other intelligence agencies involves inserting undercover agents into private companies and presumably into open source projects like Debian and Ubuntu as well.
Bottom line: options for a someone who wants a computer and get reasonable assurance that it cannot be remotely controlled at the hardware level when connected to the Internet are virtually non-existent.
You can raise the bar a little bit without sacrificing too much comfort with products like those from Purism:
Features I like:
- No binary blob drivers (which I'm certain are ALL backdoored)
- hardware cut-off switches for RF, wireless and camera
- Qubes OS certified / pre-installation option
Stuff I don't like:
- No free BIOS/firmware yet: https://puri.sm/posts/bios-freedom-status/
- Intel based so is still includes (like ALL post-2006 Intel hardware) on Intel hardware-level backdoor called the "Management Engine".
Possibly the closest thing you can get to a free computer at the hardware and software level is by buying old refurbished hardware directly from the libreboot guys:
Unfortunately, you'll need to pay dearly for freedom. The laptop hardware was cutting edge in 2008. The server/workstation board is better since it took AMD longer to get on the backdoor bandwagon.
Also, given the well established practice of intercepting hardware in-route to install implants, if you don't have the skills to inspect hardware yourself, you can you know supposedly clean hardware hasn't been tampered with en route?
Paranoia, justified or not, is a tough hobby.