You can own a computer, but you have to go back to the days of MS-DOS and floppy disks to really be sure. Once a program is running on MS-DOS, it essentially owns the machine until it makes a DOS or BIOS call. There isn't really enough room in the system to fit any advanced back doors, and you can have your operating system on a hardware write protected disk. You can make backups that you can verify, and write protect those, and keep them offline.

-- The key advantage of an old MS-DOS / floppy based computer is that you can always bring your system back to a known safe state--

Once you adopt any operating system that is always running, the OS has to protect the hardware from everything, if you want to be able to trust it. This rules out Linux, Mac-OS, Windows, etc. I'm hoping that Genode does a good enough job to be able to trust it, but it's a bit beyond my learning curve right now.

If you have a secure OS, which isn't stupid about trust, then you're back in the saddle again, and can build upon this foundation, being careful to never give any executable you run more privilege than it needs to do the job. Linux, Windows, and Mac-OS all have stupid defaults (allow everything the user is permitted)... Genode and systems that implement capabilities don't do that. (No, "access your contacts" on your tablet or phone is not a proper "capability", "you can read this file", and "you can write this folder" are proper capabilities).

-- A secure system lets you assign capabilities using dialog boxes like you're used to using, except they call them a "power box". The OS then enforces your decisions, not the application. No matter how rogue or confused your program gets, it can't access anything outside of the files or folders you've given it access to. 8)

We're a few years out before awareness of the stupid defaults we're all living with take hold, and the inertia of everything then has to be overcome. We'll get there eventually, if we can keep the idea at least an open option before big business closes it down for good.