Homepage2024-02-12T16:30:24+00:00

We are using statistic tools. We recommend you to use the Tor Browser for a privacy conscious experience.

We are using statistic tools. We recommend you to use the Tor Browser for a privacy conscious experience.

PrivacyBeast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

Insurgo‘s PrivacyBeast X230 is the first QubesOS Level 1 certified laptop coming with QubesOS preinstalled, making you easily re-own the hardware after having verified visually that it has not been tampered with in transit.

Buy Now!

PrivacyBeast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

Insurgo‘s PrivacyBeast X230 is the first QubesOS Level 1 certified laptop coming with QubesOS preinstalled, making you easily re-own the hardware after having verified visually that it has not been tampered with in transit.

Buy Now!

What is it ?

Insurgo‘s PrivacyBeast X230 enforces measured boot, boot integrity and remote attestation, TPM released LUKS Disk Unlock Key at each boot, proving to you, visually, that it was not tampered with, from its very first boot when delivered and then prior to every boot afterward! Its Intel ME has also been deactivated and neutered, preventing this potentially devastating low level backdoor to control your system.

As a result, you finally have a ready to own, user friendly, provable root of trust security.

What is Insurgo?

Insurgo was started by me, Thierry Laurion, former Senior Network Security Analyst/Programmer/Researcher, Psychology bachelor, turned into digital security trainer and radical open source hardware evangelist.

After working 15 years in information security, I have become convinced of the necessity and urgency to bring trustworthy computing to the masses.

Experience gained in the field has convinced me that real trust (trustworthiness) is a process, requiring user control of all components, including low level hardware ones, to obtain proper level of trustiness.

Why can’t I live without it?

Users generally put blind faith into proprietary products believing that they won’t be betrayed by them. This is incompatible with their actual, real, security needs and faced risks in regard of their own threat model.

Insurgo replaces those “beliefs” and “feelings” by user-friendly provable security, empowering users into making informed decisions while they acquire practical preventive digital security hygiene.

When can I expect results?

Mastering Insurgo‘s PrivacyBeast X230 follows the typical Linux learning curve: it might feel a little unfamiliar at first. Yet, you will receive additional privacy, confidentiality, threat prevention and unprecedented trustworthiness in your computing experience, instantaneously.

Knowing that your computer is untampered, through ownership provable security, at every boot, is a game changer.

What is it ?

Insurgo‘s PrivacyBeast X230 enforces measured boot, boot integrity and remote attestation, TPM released LUKS Disk Unlock Key at each boot, proving to you, visually, that it was not tampered with, from its very first boot when delivered and then prior to every boot afterward! Its Intel ME has also been deactivated and neutered, preventing this potentially devastating low level backdoor to control your system.

As a result, you finally have a ready to own, user friendly, provable root of trust security.

What is Insurgo?

Insurgo was started by me, Thierry Laurion, former Senior Network Security Analyst/Programmer/Researcher, Psychology bachelor, turned into digital security trainer and radical open source hardware evangelist.

After working 15 years in information security, I have become convinced of the necessity and urgency to bring trustworthy computing to the masses.

Experience gained in the field has convinced me that real trust (trustworthiness) is a process, requiring user control of all components, including low level hardware ones, to obtain proper level of trustiness.

Why can’t I live without it?

Users generally put blind faith into proprietary products believing that they won’t be betrayed by them. This is incompatible with their actual, real, security needs and faced risks in regard of their own threat model.

Insurgo replaces those “beliefs” and “feelings” by user-friendly provable security, empowering users into making informed decisions while they acquire practical preventive digital security hygiene.

When can I expect results?

Mastering Insurgo‘s PrivacyBeast X230 follows the typical Linux learning curve: it might feel a little unfamiliar at first. Yet, you will receive additional privacy, confidentiality, threat prevention and unprecedented trustworthiness in your computing experience, instantaneously.

Knowing that your computer is untampered, through ownership provable security, at every boot, is a game changer.

PrivacyBeast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

PrivacyBeast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

Trustworthy

QubesOS has certified Insurgo‘s PrivacyBeast X230!

It features a cryptographically sealed, tamper evident solution, making you confident that your laptop has not been tampered with in transit or out of sight. It also comes with high contrast nail polish tamper evident seals on the main hardware screws which pictures are shared along the Qr Code of firmware measurements prior of shipping.

While Insurgo provisions the initial disk encryption key, the TPM and the LibremKey/Nitrokey credentials that attest the integrity of the firmware and boot integrity upon hardware reception, you will be walked through re-owning those components at first boot, including the original disk encryption key, ensuring a complete state of true confidentiality.

Additionally, the PrivacyBeast is the only one enforcing TPM released Disk Unlock Key. This additional LUKS key (slot 1) is randomly generated under Heads, sealed in the TPM NV memory with current measurements, and released when selecting the default boot option from Heads. The Disk Unlock Key is unsealed from the TPM NV space only if TPM measurements and boot integrity is validated when provided with the valid Disk Unlock Key passphrase. Not only this feature is the most interesting from Heads since it validates itself and the OS boot binaries (you cannot boot the default boot option if you went to recovery console and back, nor if additional kernel drivers were loaded that were unmeasured when defining your last boot default, or if boot binaries changed), it also prevents an evil maid to decrypt a cloned copy of your drive on another computer with eavesdropped Disk Unlock Key passphrase: the Disk Unlock Key passphrase releases the decryption key only on that particular machine.

The Disk Recovery Key passphrase (or OS Installation LUKS encryption Key passphrase) should only be typed rarely to setup a new Disk Unlock Key and should not be typed on a daily basis; this secret needs to be protected. A Disk Unlock Key can be changed manually when needed through Heads boot options, or is enforced to be renewed/changed after having installed QubesOS dom0 core components upgrades. Upon reboot, Heads detects /boot changes, requires to user to attest them then guides into setuping a new boot default, which enforces changing/renewing your Disk Unlock Key and associated passphrase.

Trustworthy

QubesOS has certified Insurgo‘s PrivacyBeast X230!

It features a cryptographically sealed, tamper evident solution, making you confident that your laptop has not been tampered with in transit or out of sight. It also comes with high contrast nail polish tamper evident seals on the main hardware screws which pictures are shared along the Qr Code of firmware measurements prior of shipping.

While Insurgo provisions the initial disk encryption key, the TPM and the LibremKey/Nitrokey credentials that attest the integrity of the firmware and boot integrity upon hardware reception, you will be walked through re-owning those components at first boot, including the original disk encryption key, ensuring a complete state of true confidentiality.

Additionally, the PrivacyBeast is the only one enforcing TPM released Disk Unlock Key. This additional LUKS key (slot 1) is randomly generated under Heads, sealed in the TPM NV memory with current measurements, and released when selecting the default boot option from Heads. The Disk Unlock Key is unsealed from the TPM NV space only if TPM measurements and boot integrity is validated when provided with the valid Disk Unlock Key passphrase. Not only this feature is the most interesting from Heads since it validates itself and the OS boot binaries (you cannot boot the default boot option if you went to recovery console and back, nor if additional kernel drivers were loaded that were unmeasured when defining your last boot default, or if boot binaries changed), it also prevents an evil maid to decrypt a cloned copy of your drive on another computer with eavesdropped Disk Unlock Key passphrase: the Disk Unlock Key passphrase releases the decryption key only on that particular machine.

The Disk Recovery Key passphrase (or OS Installation LUKS encryption Key passphrase) should only be typed rarely to setup a new Disk Unlock Key and should not be typed on a daily basis; this secret needs to be protected. A Disk Unlock Key can be changed manually when needed through Heads boot options, or is enforced to be renewed/changed after having installed QubesOS dom0 core components upgrades. Upon reboot, Heads detects /boot changes, requires to user to attest them then guides into setuping a new boot default, which enforces changing/renewing your Disk Unlock Key and associated passphrase.

Value

Insurgo‘s PrivacyBeast X230 is an Eco-friendly, repurposed Lenovo X230 16Gb i7 2.9Ghz with an IPS matte screen, a 250Gb SSD drive, an Atheros AR5BHB116 300Mbps wifi card which can be mechanically turned off, a backlit keyboard and a webcam.

Plus, for the first time ever, QubesOS finally comes pre-installed, thanks to Heads OEM-Reownership wizard that can be launched on initial boot, reencrypting QubesOS installation and re-owning all security components with your own chosen passphrases prior of first QubesOS usage!

While Insurgo provisions the initial disk encryption key, the Trusted Platform Module (TPM) and the LibremKey/Nitrokey credentials that attest the integrity of the firmware and boot integrity upon hardware reception, you will be walked through re-owning those components upon initial boot, including the original disk encryption key, ensuring a complete state of true confidentiality.

Proof

QubesOS has certified Insurgo‘s PrivacyBeast X230!

Insurgo‘s PrivacyBeast X230 is a custom refurbished ThinkPad X230 that not only meets all Qubes Hardware Certification requirements but also exceeds them thanks to its unique configuration. In QubesOS own words, it comes with:

– Coreboot built with the Heads payload, which delivers an Anti Evil Maid (AEM)-like solution built into the firmware
– A re-ownership process that allows it to ship pre-installed with Qubes OS, including with full-disk encryption already in place, but where the final disk encryption key is generated only after the machine is shipped, so that the OEM doesn’t know it
– Heads provisioned pre-delivery to protect against malicious Interdiction

Guarantees

Insurgo‘s refurbished laptop is guaranteed to be as described in the product page and product was tested prior of shipping per re-ownership process. Shipping insurances covers total hardware and labor costs and requires signature on reception of the package.

Software and user support is offered through project communities. Insurgo is a proud collaborator of both QubesOS and Heads projects, for which bug management is offered through GitHub ticketing system, while the rest happens through group discussions. You’re now part of the community 🙂

Bonuses

With Insurgo‘s PrivacyBeast X230, you are benefiting from multiple years of successful research and development worth millions of dollars from highly skilled developer from the coreboot, linux kernel, Qubes, Heads and other developer communities.

Insurgo‘s PrivacyBeast X230 is the only Qubes certified partner who deploys an updated and customized OEM disk image, putting great care in the details.
The deployed Qubes OS image comes with some important customization, including multiple wyng-backup restore points for auditability, while permitting you to revert in its shipped state in minutes, directly from Qubes!

By making Insurgo‘s PrivacyBeast X230 your new computer, you are enabling future access to more secure hardware such as the IBM Power9, Lenovo x220 i7 and i5 models, the KGPE-D16 server/workstation and advanced security features research and development in needed firmware and software components which everyone can rely on.

By buying re-purposed hardware, you actively reduce landfill.

Frictions?

Learning Linux & QubesOS is easier than ever! It is supported by a large community and extensive documentation. Their introduction page is the first place to land to get the basics, while the getting started page is probably where you want to go next.

You will be guided through re-ownership difficulties of the system with a step by step process and dedicated tutorial.

To mitigate Identification through buying online and shipping, we do not require the billing and shipping addresses to match. Make sure you provide a valid shipping address with corresponding receiver identity.

All shipments are provided with tracking numbers and require signature.

Scarcity

The Lenovo ThinkPad X230 was chosen for its unique trustworthiness, being the most recent Intel chipset still fully initialized by an open source solution (no FSP). It is also one of the last models permitting the neutering of Intel ME, Intel’s potential backdoor, leaving only BUP and ROMP modules intact. Lenovo X230 also provides all virtualizations and hardware isolations (VT-x, SLAT, VT-d) required by QubesOS 4.x, making it ideal for a reasonably secure computing experience.

The Lenovo X230 i7 was strong in the corporate world as a sturdy performance laptop. Being currently released back on the used market and not manufactured anymore, it will become less and less available. Get Insurgo‘s PrivacyBeast X230 now as it is your today’s best bet for a secure digital life tomorrow, since no platform as secure are being developed.

Value

Insurgo‘s PrivacyBeast X230 is an Eco-friendly, repurposed Lenovo X230 16Gb i7 2.9Ghz with an IPS matte screen, a 250Gb SSD drive, an Atheros AR5BHB116 300Mbps wifi card which can be mechanically turned off, a backlit keyboard and a webcam.

Plus, for the first time ever, QubesOS finally comes pre-installed, thanks to Heads OEM-Reownership wizard that can be launched on initial boot, reencrypting QubesOS installation and re-owning all security components with your own chosen passphrases prior of first QubesOS usage!

While Insurgo provisions the initial disk encryption key, the Trusted Platform Module (TPM) and the LibremKey/Nitrokey credentials that attest the integrity of the firmware and boot integrity upon hardware reception, you will be walked through re-owning those components upon initial boot, including the original disk encryption key, ensuring a complete state of true confidentiality.

Proof

QubesOS has certified Insurgo‘s PrivacyBeast X230!

Insurgo‘s PrivacyBeast X230 is a custom refurbished ThinkPad X230 that not only meets all Qubes Hardware Certification requirements but also exceeds them thanks to its unique configuration. In QubesOS own words, it comes with:

– Coreboot built with the Heads payload, which delivers an Anti Evil Maid (AEM)-like solution built into the firmware
– A re-ownership process that allows it to ship pre-installed with Qubes OS, including with full-disk encryption already in place, but where the final disk encryption key is generated only after the machine is shipped, so that the OEM doesn’t know it
– Heads provisioned pre-delivery to protect against malicious Interdiction

Guarantees

Insurgo‘s refurbished laptop is guaranteed to be as described in the product page and product was tested prior of shipping per re-ownership process. Shipping insurances covers total hardware and labor costs and requires signature on reception of the package.

Software and user support is offered through project communities. Insurgo is a proud collaborator of both QubesOS and Heads projects, for which bug management is offered through GitHub ticketing system, while the rest happens through group discussions. You’re now part of the community 🙂

Bonuses

With Insurgo‘s PrivacyBeast X230, you are benefiting from multiple years of successful research and development worth millions of dollars from highly skilled developer from the coreboot, linux kernel, Qubes, Heads and other developer communities.

Insurgo‘s PrivacyBeast X230 is the only Qubes certified partner who deploys an updated and customized OEM disk image, putting great care in the details.
The deployed Qubes OS image comes with some important customization, including multiple wyng-backup restore points for auditability, while permitting you to revert in its shipped state in minutes, directly from Qubes!

By making Insurgo‘s PrivacyBeast X230 your new computer, you are enabling future access to more secure hardware such as the IBM Power9, Lenovo x220 i7 and i5 models, the KGPE-D16 server/workstation and advanced security features research and development in needed firmware and software components which everyone can rely on.

By buying re-purposed hardware, you actively reduce landfill.

Frictions?

Learning Linux & QubesOS is easier than ever! It is supported by a large community and extensive documentation. Their introduction page is the first place to land to get the basics, while the getting started page is probably where you want to go next.

You will be guided through re-ownership difficulties of the system with a step by step process and dedicated tutorial.

To mitigate Identification through buying online and shipping, we do not require the billing and shipping addresses to match. Make sure you provide a valid shipping address with corresponding receiver identity.

All shipments are provided with tracking numbers and require signature.

Scarcity

The Lenovo ThinkPad X230 was chosen for its unique trustworthiness, being the most recent Intel chipset still fully initialized by an open source solution (no FSP). It is also one of the last models permitting the neutering of Intel ME, Intel’s potential backdoor, leaving only BUP and ROMP modules intact. Lenovo X230 also provides all virtualizations and hardware isolations (VT-x, SLAT, VT-d) required by QubesOS 4.x, making it ideal for a reasonably secure computing experience.

The Lenovo X230 i7 was strong in the corporate world as a sturdy performance laptop. Being currently released back on the used market and not manufactured anymore, it will become less and less available. Get Insurgo‘s PrivacyBeast X230 now as it is your today’s best bet for a secure digital life tomorrow, since no platform as secure are being developed.

PrivacyBeast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

Privacy Beast X230 by INSURGO

Shields you from eavesdropping, anywhere in the world!

Vision

Insurgo means “Rising up” in Latin; to elevate oneself, to stand up. To us, it means to take responsibility, individually and collectively of what tomorrow becomes.

Insurgo thrives to be a reference in promoting and integrating the best existing software and hardware solutions available today, so that they become usable to whom privacy, confidentiality and security matters the most.

Mission

Insurgo‘s mission is to empower YOU, citizen of the world, to regain control of your informational assets through trustworthy technologies.

Insurgo aims to maximize how you manage security autonomously through the provision and integration of disseminated knowledge while participating in an online community of mutual assistance.

Insurgo also offers additional hands-on training and accompaniment to better fit your organization threat model, tailored to your daily needs.Insurgo’s main target audiences includes investigative journalists as well as each of their sources, both requiring strong protection and fail-safe mechanisms in their online collaboration.

Simultaneously, Insurgo aims to equip technical staff of public bodies, parastatals and their employees as well as subcontractors with solutions that are able to protect their own personal and physical integrity. Insurgo’s solution enforces discrete availability and confidentiality of informational assets at rest, while securing them properly in transit.Insurgo doesn’t want to pick and choose who deserves such protection.

Gear up accordingly.

Vision

Insurgo means “Rising up” in Latin; to elevate oneself, to stand up. To us, it means to take responsibility, individually and collectively of what tomorrow becomes.

Insurgo thrives to be a reference in promoting and integrating the best existing software and hardware solutions available today, so that they become usable to whom privacy, confidentiality and security matters the most tomorrow.

Mission

Insurgo‘s mission is to empower YOU, citizen of the world, to regain control of your informational assets through trustworthy technologies.

Insurgo aims to maximize how you manage security autonomously through the provision and integration of disseminated knowledge, while participating in an online community of mutual assistance. Insurgo also offers additional hands-on training and accompaniment to better fit your organization threat model, tailored to your daily needs.

Insurgo‘s main target audiences includes investigative journalists as well as each of their sources, both requiring strong protection and fail-safe mechanisms in their online collaboration.

Simultaneously, Insurgo aims to equip technical staff of public bodies, parastatals and their employees as well as subcontractors with solutions that protect each one’s own personal and physical integrity. Insurgo‘s solution enforces discrete availability and confidentiality of informational assets at rest, while securing them properly in transit.

Insurgo doesn’t want to pick and choose who deserves such protection. Gear Up accordingly.

Do You have questions ?

Contact Insurgo Securely:

Via encrypted email

E-mail
( public key: 1 2 )

How to use GnuPG

IMPORTANT

  • Re-Ownership support is not offered through GPG

Via Matrix

Matrix contact: @insurgo:matrix.org
How to use Element (Old Riot guide)

Element FAQ

Matrix Federated Server Lists:
Join Matrix

Hello Matrix

Tested (No e-mail required at registration, tor friendly):
the-apothecary.club

Blog

Latest updates from the Insurgo team

More articles
Go to Top