The intent of the GhostPad is to offer a complete security and privacy hardened computer system that is built from the ground up to be an effective direct action countermeasure for those who want to actively resist the privacy intrusions of the the entire surveillance state hydra, ‘Public sector and ‘Private Sector’. A user friendly computer that the owner maintains exclusive control over every aspect of it’s operation and has complete control over who accesses what data. A GhostPad is your virtual corner of the room where the cameras, microphones, and other data collection devices have no power. After all, power comes from ownership, which is exclusive control. Unlike practically any other available option, when you buy a GhostPad you are truly its owner. While the masses beg and bleat to their political/corporate masters to loosen their chains, GhostPad owners can use their systems as virtual bolt cutters and cut themselves free.
GhostPads are high quality ‘business rugged’ laptops that have had the security compromising system software (BIOS firmware, Intel ME, etc) removed and replaced with more secure, free and open source alternatives. The closed source binary BIOS firmware has been removed from the system board and replaced with free (as in freedom) alternatives as well as the Intel Management Engine also being neutralized. That combination makes them more secure by design and preemptively thwarts any attempts by the surveillance state to gain access. Either by an engineered in and hidden back door or a zero day exploit in the factory supplied firmware or the Intel Management Engine.
Perhaps the most important security/privacy enhancing feature these systems have is the neutralizing of the Intel Management Engine (IME). The IME is a separate computer in a computer that is embedded into all Intel platforms made since 2008. It has its own operating system called MINIX. It operates ‘out of band’ meaning that your primary CPU has no access to monitor what it is doing and it has direct access to all the hardware that your primary CPU does. Making it the ultimate embedded spying device. You can’t audit what it’s doing, it’s always on when the computer is plugged in, or has battery power, it has its own network interface with its own MAC address that can bypass any system firewall configuration, it has it’s own storage you have no access to, it can access your microphone, camera, keyboard (can record keystrokes), and display (can screenshot your ‘encrypted’ communications while you are reading and writing them).
Transitioning your computing activity to privacy hardened platforms is a direct action strategy to resist the attempts at total omnipresence by the surveillance state. To put it simply; these systems are some of the few available that aren’t likely compromised in some way on the firmware level so they are some of the most secure and anonymous available for use cases where that those attributes are the most important. It is also why systems configured this way are considered as ideal to use as a base to install a security/privacy hardened OS (such as Qubes OS) on. In fact the creator of the Qubes OS project outlines systems with these modifications as being the best currently available for running Qubes OS on.
Qubes OS, is described by it’s developers as ‘reasonably secure’ is a free and open source operating system that takes enterprise level data center security technology and leverages it to empower the individual.
From the Qubes web page:
” Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.
This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.
Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid. “