I’ve briefly mentioned hardware requirements when talking about my choices, but they were a very important part of my transition. Sometimes you have to change hardware before changing your software, sometimes you can change it after—but no matter what, you have to keep an eye on what hardware you buy in the future as maintenance is important.
My general rule of thumb is that regardless of how cool the hardware is, if it isn’t a good open-source citizen, or doesn’t have a FOSS utility, I’ll probably give it a pass.
Desktop & Server #
Given the ubiquitous presence of Linux in the server world, device support for x86_64 architectures is very mature. Desktops inherit this wide range of support and you can install Linux on pretty much any configuration,1 but that doesn’t mean that things can’t pop up from time to time, especially with Realtek and Broadcom hardware. It never hurts to check compatibility.
Nvidia GPUs have been a consistent challenge, but recently they have transitioned to open-source drivers. Despite this, AMD still remains the better choice for Linux support.
No matter your choice, it’s best to avoid bleeding-edge hardware for at least 6 months, until it’s drivers are properly integrated into the kernel.
Laptop #
Laptops can be a fairly rough experience; they’re certainly not a form factor on which you can install Linux without any forethought. While on a desktop, if one component isn’t compatible, swapping it out is a simple matter—the overwhelming majority of laptops on the market are not built with modularity in mind.
Linux friendly laptop manufacturers include Framework, System76, Star Labs, TUXEDO, and Purism. More popular manufacturers like Lenovo, Dell, and HP also have Linux support, but this is very model-dependent.
Phone #
Planned obsolescence has made phones a really tough market because there isn’t really any choice that ticks all the boxes for being consumer-friendly. Headphone jacks are dwindling in prevalence, proprietary screws and gluing make repair a headache, MicroSD card slots have been removed, and companies push updates to make older phones slower.
Repairability & Ethics #
If you’re concerned about ethics, right-to-repair, or modularity, there really isn’t a better choice than Fairphone. They’re the most repairable phones on the market—they even have a removable battery—and they have a full impact report that provides a complete breakdown of how their supply chain and products fare according to their Key Performance Indicators (KPIs).
Headphone Jack #
If you’re an audiophile and only care about having a headphone jack, the only flagship that still carries one is the Sony Xperia line.
Security & Privacy #
If your main concern is security and privacy, GrapheneOS is by far the best choice. It is currently only installable on Google Pixels, with plans to support an undisclosed manufacturer in the future. If you’re concerned with maximizing security and privacy, you’ll be locking yourself to the Google Pixel line until that partner is revealed.
Baseband processor #
The baseband processor is a chip on every phone that converts baseband signals from cell towers into digital signals, and vice versa. Without it, you would not have internet connectivity on the go. There are no FOSS baseband processors, although they are isolated on some devices.
Connecting to your carrier’s network inherently depends on you identifying yourself to it and anyone able to obtain administrative access.
— GrapheneOS FAQ
Cellular data transfer on GOS can be disabled with airplane mode, which can be coupled with WiFi to create a WiFi-only device—but at that point, you’re losing all the mobile benefits of a phone. If any connection to the cellular network is sensitive to your threat model, you’re probably better off not using a phone at all.
TVs #
You’d be hard-pressed to find any dumb TVs with 4K resolution these days. There are some offerings for commercial screens that businesses use that don’t have any internet connectivity, but these come with a heavy premium. Sceptre has some consumer offering from time to time, but their availability is really spotty.
Chances are you have some form of a smart TV in your home already. Smart TVs come with some pretty spooky privacy settings, their data collection is part of why they’re so cheap compared to other consumer electronics. The best thing you can do is shut down all WiFi and other connectivity, and use a secondary device for media.
I generally avoid anything proprietary like Fire TV Stick, Apple TV, and Roku. I’ve heard of some people making a privacy friendly configuration of Android TV, but I’ve never tried it myself.
When you look for open-source TV replacements you’ll often hear of stuff like Kodi, but this feels like a decade out of place and focused on features that I have no interest in.
Instead, I’ve opted for just using my Steam Deck as my media station. You can use any other Linux box for this as well, but this was easiest as it supports HDMI CEC out of the box. I install Jellyfin on it to access my media, and VacuumTube for no ads YouTube. If you use streaming services Stremio has them integrated.
Networking #
Modems #
I didn’t mention modems in the networking section as there are no FOSS or open-hardware modems on the market that I am aware of. These can be very particular and general advice is difficult to give as it varies greatly by region, provider, and connection type/speed.
Routers & Access Points #
FreeBSD #
Both pfSense and OPNsense offer first-party hardware—Netgate and Deciso—with guaranteed compatibility. Both inherit the compatibility specifications of FreeBSD.
FreeBSD-based routers most notably struggle with Network Interface Card (NIC) support, especially with Broadcom; Intel NICs have the best support. FreeBSD’s WiFi support is limited, so FreeBSD-based routers are usually deployed as wired devices and paired with a separate wireless access point (WAP) rather than acting as WiFi routers themselves—requiring additional hardware purchases.
OpenWRT #
OpenWRT has a far broader hardware and device support, ranging from WAPs, routers, switches, and to homemade PCs. This makes it a popular candidate for flashing devices you may already have on hand without requiring a new purchase. In addition, it has fairly mature WiFi support, which makes it a great option for both WAPs and routers.
Interdiction #
The word interdiction in our context refers to a computer being intercepted between the time it leaves our fulfillment center and the time you receive and open the box. The goal of the attacker is to implant malicious hardware or software, often to give them a remote backdoor into the system, without the recipient knowing. While this may seem far-fetched, and it’s certainly not something every Purism customer needs to worry about, there is precedent for these concerns for certain high-risk customers. While the most famous example might be the NSA interdiction of network hardware as part of the Snowden revelations, there are similar concerns for other governments as well.
— Purism docs
While typically done by state actors, it is possible for private actors to engage in this as well; however, interdiction typically only remains a consideration for particularly high threat models. Purism and Star Labs are the only hardware vendors I’m aware of that offer anti-interdiction services.
Cars #
Maybe it’s a stretch to call this “hardware”, but it is physical technology in our lives that should be examined from a privacy perspective. In general, cars are a [privacy nightmare](https://www.mozillafoundation.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-includinPrivacy Policyg-ford-volkswagen-and-toyota-flunks-privacy-test/). You may be able to opt out of some data sharing.
You can view how your specific car fares in terms of privacy here.
I generally try to drive as old a car as possible, ideally one without any internet connection. As for new cars, there aren’t any privacy‑friendly options, but it still helps to be aware of the issues.