Totally Off Topic - Ideal PC/Laptop for Security

Like this forum and the great feedback I've been getting to my other posts.

Off topic but if you were building a perfect usable PC or laptop that is NSA proof, what would you do? By usable, I mean a machine that connects to the internet. Of course, nothing can stop the NSA but still...

They likely already have a number of 0-day protocol, hardware and kernel level software vulnerabilities for the majority of modern OS, so I advice to reconsider the threat model.

This is mostly a choice of responsibility.
You rely either on a commercial platform vendor, or on community and your own knowledge and skills.
The fact you are here indicates you are inclined towards the second option.
So, select a platform that you can study well enough to maintain a decent level of security.
To minimize the overhead, you can use the criteria of interoperability between the home and work tasks.

In my opinion, a good option is to use/join open source hardware and software projects with large enough communities.
The rest is up to you and depends on how much time can you afford to invest in your own education and your system configuration.

@vgaetera, thank you for your answer. I'm reading a lot but it is getting depressing. Everything with any firmware or even a bit of hardware can have a backdoor in it. I still want to build a secure platform from scratch, tho.

I do have another question. Would it be safer to connect to a VPN through a home then ISP or install a VPN app and connect to a public ISP like Starbucks?

Well, that's the way things happen.
Security is never absolute or permanent.
Sometimes all we can do is simply accept reality and move on.

This is a choice of trust.
You entrust your traffic either to the ISP or to the VPN provider.
Depending on where they are registered and the location of the VPN server, they might be regulated by a different set of laws.
Also take into account traffic limit, speed, latency, packet loss, content filtering, network neutrality, IPv4/IPv6 connectivity, etc.
Note that you might need to install the VPN client directly on your phone/laptop/desktop if you do not trust the router and all of its clients explicitly.