This is a nice / modern hardware laptop, which you can have confidence supports any recent linux distro well, because all hardware drivers are "upstreamed". Further, there are as few closed-source firmware blobs as possible. Various people care about that for various theoretical reasons, but one good one is that any firmware that could be infected with a virus could also be patched.

It is annoying that the marketing is not clear on this fact. This is a nice, if pricey, laptop which supports any modern linux distro well. And when you buy it, you avoid your purchase supporting Apple or Microsoft. (I've purchased a couple Apple laptops over the years, begrudgingly, just to run linux on them. I'm excited to have an alternative.)

But that doesn't really say much!

How does their hardware tackle privacy issues? What do they do exactly?

They put some power switches on the webcam/microphone and wireless modules. That's about it.

They also disabled signature verification on the chipset firmware, but it's not clear that solves any privacy issues, given that the only extant firmware is the closed-source one from Intel. (If anything, disabling signatures is a net negative for privacy, as the authors of a malicious replacement wouldn't even need access to Intel's signing key to create one.)

Intel Boot Guard is about the BIOS, not the "chipset firmware".

Not much, according to this article, as there are many firmware blobs that are still entirely opaque: http://blogs.coreboot.org/blog/2015/02/23/the-truth-about-pu...