Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled

CAD $1,500.00

Out of stock

(5 customer reviews)

This QubesOS certified refurbished laptop is the highest-end Lenovo Thinkpad X230 model, with following specifications:

  1. Intel Core i7 3520M 3rd Gen. 2x 2.90GHz-3.60GHz (Turbo) (4MB L2 cache) CPU (fastest CPU available for that model)
  2. 16GB DDR3 memory (maximum capacity for that model)
  3. 256GB Solid State Drive, SSD-III 6GB/s Hard drive (option not customizable)
  4. Trusted Module Platform (TPM) v1.1
  5. Brilliant 12.5″ IPS LED HD 1366×768 Panel
  6. Intel HD 4000 graphic card
  7. Built-in Webcam
  8. 2x Fast USB 3. 0 ports (left side blue ports) + 1x USB 2.0 port (right side yellow port)
  9. HD Mini-DisplayPort TV-Out (Mini-DP port)
  10. Backlit USA keyboard
  11. WiFi controller: Atheros AR5BHB116 a/b/g/n 300Mbps MINI PCI-E
  12. Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection
  13. Original Lenovo USA AC Adapter (Input: 100-240V, 2.5A-0.5A 50/60Hz, Output: 20V, 4.5A, Connector: M11)
  14. Original Lenovo Working Battery (60% capacity, guaranteed for 14 days upon delivery)

It comes with a HOTP enabled USB Security dongle, required for visual firmware integrity attestation. It is also used to attest boot files integrity after each system components upgrade, for which integrity is validated against user’s public key inserted into the ROM.

It also comes with 16Gb sdcard, permitting to put it into Read Only mode through a mechanical switch when to be put in untrusted computers. It comes with the latest installation media and signatures files of QubesOS, while original Lenovo firmware files and provisioned secrets are stored in an encrypted partition for which randomly selected diceware passphrase to unlock it will be communicated to you through secure communication channel.

You pay a fixed fee of 500$CAD (included in price) for the Intel ME neutering, Heads installation, QubesOS preinstallation and tamper evidence seals, while helping me maintain Heads and integrate it to a larger number of models, collaborating on QubesOS to ease user experience and facilitate hardware acquisition from freedom defenders all around the world.

*Note that 25% of the net profits are given to Insurgo’s Initiative OpenCollective fund to continue NlNet PET0 funded Accessible Security related projects.

Out of stock

Category:

Description

Insurgo Technologies Libres / Open Technologies’s PrivacyBeast X230 laptops are highest-end, refurbished A quality Lenovo ThinkPad X230 laptops, in which Intel ME has been Neutered+Deactivated and the proprietary boot firmware and unused space replaced with Heads Open Source firmware to attest it’s integrity at each boot, making it trustworthier.

Insurgo preinstalls latest QubesOS on it, with diceware randomly selected passphrases to encrypt disk content,  seals the boot and firmware integrity with the provided Librem Key/Nitrokey Pro v2 for you to visually validate that nothing has been tampered with during transit. Insurgo also owns the Librem Key/Nitrokey Pro v2/Nitrokey Storage v2 (USB Security dongle) with diceware selected Admin and User PINs, injecting a temporary public GPG key into the firmware. Insurgo seals the integrity of the firmware both through TPMTOTP (using laptop’s Trusted Platform Module aka TPM) which secret is also sealed into USB Security dongle through HOTP, providing the user with two ways of making sure the hardware has not been tampered with since it left his hands: with a QR Code to scan on his smartphone prior to hardware reception and by plugging USB Security dongle at first boot, which should flash green to attest laptop firmware and boot configuration trustability.

Upon reception, you will be asked to re-own your new hardware by: re-encrypting your QubesOS installation, selecting a new Recovery Disk Key passphrase to replace OEM’s, factory resetting your USB Security dongle which will generate a new GPG key pair for desired e-mail address, asking you to choose your own Admin and User PINs to use this USB Security dongle also externally, to encrypt/sign files and E-Mails. At the end of this re-ownership process, the firmware will contain your public key injected and measured in it. Your USB Security dongle will be required to sign each QubesOS boot related upgrades, the signature of the files digest (sha256sum of files) being validated against USB Security dongle’s /boot signed version with your public key present in ROM, automatically at each boot. Your new USB Security dongle will need to be plugged in at each boot, visually attesting that the boot firmware (root of trust of the computer) has not been tampered with by a third party, by flashing its LED green if in a known state or red if taken measurements mismatches.

 

 

Additional information

Weight 5.6 lbs
Dimensions 16 × 12 × 3 in

5 reviews for Insurgo PrivacyBeast X230 Laptop – QubesOS Certified & preinstalled

  1. Jan

    I haven’t tried Insurgo’s devices yet, but friends of mine have been using coreboot on this model for years now and are happy. I’ve been using one of these with qubes for several years now and it’s awesome. The i7 config of this laptop with 16GB RAM is great with qubes and can even run a Windows VM at 4~8GB memory allocated. CPU speed is about the same as for much newer (and more expensive) models. Only battery runtime is a bit lacking (2~3h on a 9-cell battery for me) but spare batteries are available easily enough.

  2. Patrick U.

    I’ve been using this laptop for the past couple of months now and have to say I couldn’t be happier. Finally, I have a machine I can trust the software it comes with. Be forewarned it takes sometime to reown out of the box but it’s certainly worth the effort.

  3. Anonymous

    i dont think you will find better service or any one else who will offer you a solid product and actually take the time to talk to you and be there for you through out the process, they actually made time for me and were on stand by for me to talk to during the ownership process, dont expect this to be the kind of thing where you simply order a laptop and turn it on and youre off and running, this is a thorough process with a high standard of security and precautions to ensure you are getting a secure device that has not been tampered with, i just got mine a couple of days ago and so far its better than i expected, i hate to say it but i wasnt amazed at the hardware being used in the product description and i had my doubts with performance but after using it for various things such as programming/compiling code and other daily use i am shocked at how well it preforms and wont disappoint

    i believe this is a very well thought out product that has been carefully crafted with very well educated and experienced people who actually know what theyre doing and i would absolutely buy again if need be

  4. Anon

    I’ve been using this machine for over a month now. I have worked in Linux operating systems for some time now and I have used Qubes (3.x) previously. While any discussion of the OS in this review is likely not unique to the X230 platform or the PrivacyBeast in particular, I’ll attempt to keep in mind some readers may not be familiar with either the Linux environment nor Qubes in particular.

    BLUF- I’m very satisfied with the PrivacyBeast and Insurgo. If you are interested in moving to the Qubes life and don’t want to build it yourself, Insurgo is good to go.

    The Customer Service- Ultimately, unless you are familiar with all the technologies being employed here, the support from the Insurgo team in walking through the process of ordering, setup, and post-sale is critical to peace of mind and comfort making the big jump to a machine like this. I can say they deliver good support. They are great about answering questions and working through issues. They answer concerns and explain. They’ll link you articles discussing the mindset and reasoning of why some things are the way they are. I’ve not gone 24hrs without a response.

    The Computer- The X230 was introduced in 2012. This is not the slick new macbook. That being said, a few notes. The 12.5″ screen form factor is usually as tight as one gets a laptop and still have enough screen space to work and keyboard size that isn’t cramped or missing a bunch of handy buttons. Being an older machine, the resolution is a common standard for the time, 1366×768. The IPS screen is bright (I’ve got to keep it down to the lower 1/5th range indoors) and colors good. IPS screens do ghost with bright objects displayed on screen for some period of time. It fades in ten or so seconds.
    My machine came with an extended 9-cell battery (rather than the usual 6 cell the X230 appears to have come with). I replaced mine with a new 9-cell, as I work in the field a lot but the used one I received had about 60% capacity, as I recall. Thankfully, as the X230 is older but was widely produced, even the OEM 9-cell battery is fairly cheap for the wattage. At indoor screen brightness, the computer delivers ~10 hours of operational life. The estimation from the power manager is, for once, undershooting actual observed. The nine-cell does protrude from the back of the machine.
    The i7 processor and 16GB of RAM are good. AppVMs take a few seconds to spool up and once started, application responsiveness is no different than working on any other laptop. I usually run five servicevms plus three appvms and one disposable. A mix of browsers, email clients, IM, text editors, and some other software. It runs nicely.
    Overall, the refurb work appears good. Keyboard, trackpad, and IBM joystick/trackpoint all work well, with no observable defects.

    The NitroKey- This is a security device (among other things) used for attesting to and unlocking the computer. If you are new to these devices, I encourage some reading. They are capable tools and helpful in the fight to preserve your data, accounts, etc. It is unobtrusive. Insurgo team pre-loads the application for managing the device. Do be careful what you do; would be bad to delete the wrong keys.

    The OS- If you are new to Linux, there are some things to learn; fear not! Linux has grown in popularity over the last decade and there has been great effort to make GUI interfaces for those new to the environment. Qubes does a pretty good job of rendering in GUI pretty much everything you’d ordinarily do. Of the three distros pre-installed, Debian and Fedora are two big, well-developed operating systems and Whonix is a very specialized Debian distro.
    The Qubes subreddit is a helpful bunch for the most part and the website documentation is good.
    I would retain any data stored in your qubes on an external drive. Laptops have a penchant for suffering horribly from the vigarities of life and retrieving your data may be impossible. Besides, it is just good sense to make backups of files and store them safely/securely.
    I do encourage you to begin learning the command line interface. It is helpful to know and understand at least the basics. They are a door to new found powers.

    The Setup- If you have read through the process already and feel intimidated, don’t be. The video they link has no sound, so no your computer isn’t broke. The Insurgo team walked me through each step as I setup the machine. Even before hand, when establishing communications, it is not difficult. Take your time and learn. The process is educational and illuminating. Ask questions. Accept that some things will take time to get accustomed to and understand/internalize the mindset.

    Bottom Line- I am very satisfied with the PrivacyBeast. I’ve used plenty of old machines and it never fails to impress me how nicely current release Linux runs on them, compared to Windows or OSX. The PrivacyBeast does what it advertises and well. For a refurb, the machine is fairly clean and looks/acts like a well-cared hand-me-down rather than a rental car after an appearance on Top Gear. Lenovo designed and built a good, durable computer and Insurgo sets up the machine for you, then walks you through the ownership process to make it yours.

    Advice- Be prepared to separate your digital life into compartments. Split the personal life, the business/work life, etc into their own worlds via AppVMs. The installation comes default with personal and work vms, as well as a vault vm (it has no internet connection; good place to store a keepass database). Don’t be afraid to make more AppVMs. The idea is to reduce the effect of a compromise and keep the activities of one part of your life from being avenues to others. The Qubes documentation and blogs talk in detail about this.
    GO AHEAD NOW AND SETUP KEEPASS. It is available for most common operating systems and it has made my digital life much easier to be mobile and avoid common, terrible practices, like sharing passwords between accounts. The file works across all OS versions of the software so you can move the same file around. KEEP IT UP TO DATE. KEEP A BACK UP SOMEWHERE SAFE. It is beyond handy. 2 mins to plug in a jump drive, copy the newly changed database file on to it, distribute to other devices (if necessary), and then stow the jump drive back in a firebox.

  5. Cristian

    I got my PrivacyBeast for some time now and I could not be happier.
    PrivacyBeast by Insurgo is the top tier for security. But more important is the support you get from the guys behind Insurgo.
    I am for sure not the most technical person out there but the guys behind Insurgo showed me patience and led me through the re-ownership process, helping me set up the laptop and enjoying QubesOS.
    Furthermore, after the initial setup, they helped me understand what was I doing and how to fully use the system: you can get this high level of security advice from anywhere else
    I have only words of appreciation for their help

Add a review

Your email address will not be published.

Go to Top