We’re very happy to announce that Sonic, a highly-ranked and privacy-respecting ISP, has offered to host a mirror for PureOS. This will alleviate some of the traffic, especially for those in North America, without compromising security. The security of the packages remains guaranteed by our signatures; the mirror simply holds another, identical set of packages, signed with Purism’s key.

The mirror is easy to use. For example, if you’d like to use the mirrors for downloading an image, simply use this URL: https://mirrors.sonic.net/pureos/downloads/. And here’s the link to the most recent GNOME Live build.

If you’d like to use the mirror for your packages, you have two choices:

1. use the command line to edit your /etc/apt/sources.list
2. use Software to add the mirror URL

The first choice is pretty quick and easy. In the terminal, use your favorite text editor to edit this file, /etc/apt/sources.list, and insert the following line:

deb https://mirrors.sonic.net/pureos/repo/pureos/ amber main
deb-src https://mirrors.sonic.net/pureos/repo/pureos/ amber main

Then run and apt-get update, and you should be all set.

If you prefer to use the Software tool, simply open Software. You can find it among the apps, by going to the upper left-hand corner of the desktop and clicking on “Activities”; then “Show Applications”, which is the last icon in the dock usually–a collection of nine squares.

Once you see all your apps you can either search for “Software” or scroll down a bit until you see it. And once the first “Software” is open, go to the menu on the top bar where it says “Software” again. There, the drop-down menu will show you an entry for “Software repositories”–and that is where we’ll make our changes, in order to use the new North American mirror. Appropriately enough, once you’ve clicked on the Software repositories menu entry you’ll see the “Software & Updates” screen. In the “Other Software” tab you can enter the new mirror’s URL by clicking on the “Add” button in the bottom left. Now, enter this entire line:

deb https://mirrors.sonic.net/pureos/repo/pureos/ amber main

You’re almost done. Hit the “Add Source” button and authenticate with your password. Finally, hit “Close” then “Reload” and you should have a snappy, speedy new mirror for your packages.

Packages are updated four times a day on the mirrors and more can be done if necessary, but this will be more than enough for now. Enjoy! And thank you very much to Sonic.

The post Mirrors for Speedier Downloads appeared first on Purism.

Implementation details matter

Sadly, many of these technologies that were meant as good are implemented in a way that bears more harm than advantages. The ME, for example, is fully proprietary and closed. It is even undocumented in most parts, so it can not be publicly reviewed and audited. It is a piece of software, software has bugs and so has the ME implementation; the news are full of it lately.

The same is true for something that many mobile phone users are totally unaware of–the SIM Application Toolkit, also called SIM Toolkit, SAT/USAT or STK.

The SIM Application Toolkit

Its name already points to the origin: the SIM card. It is the tiny chip card you insert into your phone, to get access to the cellular network of an operator. The SIM card used to be a fairly simple device, which you can imagine as the key to unlock the access to the network: i.e., it stores a secret (a cryptographic key) along with an ID (the IMSI) and some details about the issuing operator, etc. This data set grants you access to the operator’s network.

But phones [also called handset, or ‘terminal equipment’ (TE), in mobile terms] have become more and more powerful. And setting up these cards has become more and more complicated; you need an SMS center number, details for the MMS server, mailbox dial-in number… and a lot more. All this needs to be properly set up in the mobile, to make full use of both the mobile and the network. To make this even more complicated, these details (and the way to set them up) are different from operator to operator. The process for this initial setup is (also) called provisioning. It was to make this (and other things) as convenient and least painful as possible for users that SAT was invented.

The name SAT tells us not only that it is SIM-related, but also that it contains the term application: SIM cards can, and today they usually do, indeed contain small applications or applets. They are small computers on their own, they run code, and they can indeed be programmed. Most are based on the JavaCard standard and can be programmed with small Java applets. The SAT defines a standard way to interface the SAT applets with the modem and the phone.

Here comes the tricky part

SAT applets can have access to modem traffic, especially to SMS. They can execute on the SIM card–pretty much without any knowledge from the user. SAT applets can even initiate unsolicited communication (e.g. sending SMS) and can get updated and/or changed by the operator, over the air. All this is part of the 3GPP standards. SAT applets can also interact with the user, if the handset implements the user interface parts of SAT with simple menus, limited icon display and reading input from the ‘dial pad’.

SAT applets are an important part of the provisioning by the operators, when new SIM cards get activated. But their implementation details are not public. Their code is not public, and is thus likely to contain security flaws.

The SIM Jacker and the S@T Browser

One of these flaws has just surfaced: it is called SIM Jacker, and it exploits the S@T Browser component, found in many SIM cards. It allows for exposing critical user data, like the currently connected cell tower ID. The cell tower ID can easily be matched against databases, and is pretty much equal to having a geographical position. An attacker would thus be able to locate a user–accurately enough to determine, for example, if someone is at home or not. And it must be assumed that more information about the user can very well be extracted in a similar way.

This is possible when attackers send a specially crafted SMS to a mobile. It is not visible to the user and will initiate, again without the user knowing, an automated response by the mobile. The mobile then sends it back to the attacker, exposing for example what the user cell tower ID is.

Protecting the Librem 5

Purism is actively working with its modem manufacturers in order to protect Librem 5 users from such exploits. We are also investigating how to have a configuration option: how to opt-in to SAT, if you really need it (e.g. for initial provisioning), and disable it again afterwards–in order to avoid any such forms of exploitation.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post SIM Application Toolkit: Avoid Being Exploited appeared first on Purism.

Purism: A Privacy Based Computer Company

It all started when Todd Weaver, Founder and CEO of Purism, realized Big Tech could not be trusted as moral guardians of his and his children’s data. The current paradigm of corporations data hoarding is, as Todd describes it, built on “a tech-stack of exploitation”–and not by accident, but by design. Companies such as Google and Microsoft–and especially Facebook–intentionally collect, store and share user data to whomever they see fit. In recent events, the California Consumer Privacy Act, which becomes effective on January 1, 2020, will make residents of California able to know what personal data is being collected about them, know whether their personal data is sold or disclosed and to whom, say no to the sale of personal data, access their personal data, request a business delete any personal data information about a consumer collected from that consumer and not be discriminated against for exercising their privacy rights. This sounds good, and it is, but not according to Big Tech. Big Tech such as Facebook hired a firm to run ads that said things like “Your next click could cost you $5! Say no to the California Consumer Privacy Act”. Big Tech does not care about privacy, they care about their bottom line. This is where Purism comes in.

Purism is a privacy focused company. Their devices, the Librem5, Librem13 and Librem15 run PureOS–a GNU/Linux distribution that puts privacy, security and freedom first, by design. It includes popular privacy-respecting software such as PureBrowser. The OS helps you “Surf the web safely without being tracked by advertisers or marketers” and allows you to easily encrypt your entire OS and data with your own encryption keys. This is huge, especially if you understand how much of your “private” data is actually being shared.

I e-mailed the company asking questions about the entrepreneurial aspects of running a computer company, expecting an employee to send over a typical pre-written list of information. To my surprise and excitement, the CEO and Founder Todd Weaver e-mailed me himself, and answered my questions. This was very inspiring.

There are quite a few entrepreneurial aspects of running a computer company. You must manufacture your own computers and design your own software. Because the software in PureOS is free software, there exists a community of paid and volunteer developers who maintain it. This is beneficial in many ways, such as it allows the code to be freely auditable and if there’s a bug it’s usually fixed fairly quickly. There are some challenges that one must overcome as well, such as delays in manufacturing and the management of growth based on cash flow–this is crucial. With dedication and perseverance, these challenges are easily overcome, and one can move onto the designing process.

To design a computer from scratch, you must have a goal in mind. Purism’s goal is to give consumers “a computer that you fully own and control”. This goal then allows them to list all the reasons why current laptops and phones cannot meet such a goal. They then look to solve each reason of incompatibility to produce a new and improved device that allows one to fully own and control their device. To fund such a company, one needs an investment of capital. Founder and CEO Todd Weaver invested his own money into the company initially, then ran crowd-funding to bring the first product to market.

Purism’s goals for the future include continuing to improve and expand their products to offer a convenient alternative that respects people and their digital lives. This is a noble and respectable goal, and I for one would love to use a Librem when I graduate Southern New Hampshire University and work as a software developer.

In conclusion, if one has a worthy goal in mind such as Purism’s privacy-first approach, nothing is impossible–not even running a successful computer company.

Thank you, Evon–we loved it, and are very proud that you chose us. Keep up the good work!

The post A Guest Post by Evon Ho appeared first on Purism.

Q: The shipping announcement says the first batch of the Librem 5 will have a “loose fit”. Does this mean the phones will be low-quality?

A: Every Librem 5 that rolls off the assembly line will be a high-quality smartphone. Every component, tested and lovingly assembled. “Loose fit” in this case leaves us room to have ribbon cables, antenna cables, camera spacer and LED alignment have a looser tolerance than later batches.

Q: The first batch of Librem 5s is listed as having “unfinished switch caps”. What does that mean?

A: That the hardware kill switches will be the bare switch pole, without the ergonomic covers on top that will make them easier and more comfortable to use.

Q: Will all software updates be released for all shipping batches of the Librem 5? If I get batch Birch, will I get the same software updates as later batches?

A: Yes! All batches will receive the same software updates at the same time. That means new (and updated) applications will arrive at the same time, no matter which batch you received.

Q: If I receive the Librem 5 from one of the first batches, will I have a fully functional phone?

A: Yes! Even the very earliest batches will be capable smartphone, including a modern web browser and core cell phone functionality.

Q: How do I know which shipping batch my order will be part of?

A: You will receive an email letting you know which shipment batch you are scheduled to be part of, based on your place in the queue.

Q: Will it be possible to replace the case (or other components) in the Librem 5 I receive with parts from a later batch?

A: Very likely, yes: screw-holes in the PCBA and basic mechanical design are unlikely to change; minor adjustments for ease of assembly or antenna placement are examples of case modifications between batches.

Q: Can the operating system the Librem 5 ships with (the GNU/Linux based PureOS) be replaced with another operating system?

A: Yes! There are community efforts underway to port UBports, Plasma, and PostmarketOS to the Librem 5. We will be publishing a blog post soon with details about the progress of these projects. However, Purism has invested heavily in PureOS for the Librem 5 and will only be able to support PureOS on the Librem 5 directly.

Q: What is PureOS, exactly?

A: PureOS is a GNU/Linux-based operating system, which powers all of the privacy-focused laptops Purism ships. PureOS has been lovingly and painstakingly optimized for the touch screen of the Librem 5. PureOS is also Free Software Foundation endorsed.

Q: I REALLY want one of the Librem 5s from the first batch (Aspen)! Pretty please?

A: Thank you for asking politely! We will be assigning each customer a batch according to when their order was placed. If a customer in an earlier batch chooses to wait for a later batch, we will reassign that slot.

Q: If I order today, what shipping batch will I be in and when will my Librem 5 arrive?

A: Orders placed today will likely fall in Batch Evergreen. Order now to secure your place in line–we are doing everything we can to process orders faster than the queue is filling up, and will continue in that effort.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post Librem 5 Batch FAQ appeared first on Purism.

This past year, since the bill’s passage, Purism has worked tirelessly–and dedicated substantial staff resources–to help make sure the new law is not substantially thrashed by Big Tech’s huge army before the fledgling law can even take effect: an army of highly-paid lobbyists. The stakes for Big Tech are large, but the stakes for consumer privacy, and for Purism’s philosophy of consumer privacy protection and control, are so much bigger.

To try to stem the extraordinary political muscle of Big Tech in Sacramento, Purism has worked in close collaboration with California’s top privacy protection groups including the ACLU, EFF, Consumers Union, Common Sense Kids Action and the Privacy Rights Clearinghouse, and many others to try to stop the onslaught of Big Tech-sponsored bills seeking to vitiate the new law.

Our CEO has testified in legislative hearings against the weakening measures, and has recently co-written a powerful editorial published in the Mercury News, the newspaper in the backyard of Big Tech in Silicon Valley, against these bills. As Purism’s legislative advocate, I have met with key California legislators to try to thwart Big Tech’s predictable onslaught against this new law.

The new law is obviously a long overdue first step

It seeks to give consumers quite a bit more control over the vast data companies collect, store, share and sell about them–all without their knowledge or meaningful consent. Needless to say, the secret collection and sale of these extraordinarily valuable troves of personal data have made Big Tech companies some of the most valuable companies in the world, the most politically powerful–and the greatest threat to our most basic privacy rights.

Among the new law’s key requirements:

• Businesses must provide certain disclosures when selling consumers’ personal information. This includes disclosing the categories of information the business has collected or sold, the categories of sources from which the information is collected, and the specific pieces of information collected about the consumer.
• Additionally, the CCPA allows consumers who are 16 years of age or older to opt out of the sale of their personal information, with younger consumers needing to opt in before a business can sell their information.
• Consumers can also request that certain personal information be deleted.

The new law is also obviously far from perfect, as Purism’s CEO repeatedly testified this year in the Legislature

It does not even require companies to give consumers the fundamental right to first affirmatively agree to opt in–to the selling or sharing of their private information, before it can ever be shared or sold–instead forcing unknowing consumers to try to figure out the labyrinth of (often purposely tedious and confusing) website requirements in order to opt out of the sharing of their most personal data.

Like all laws, it reflects substantial political and policy compromise. It only came about because the California Legislature felt it had no choice back in 2017: to respond to a pending, highly popular statewide ballot initiative which sought to empower consumers, to find out what information businesses were collecting on them, and give them the choice to stop the sale of their personal information. In exchange for the introduction of the new California Consumer Privacy Act, the sponsors of the ballot initiative agreed to withdraw their initiative, and the new CCPA was quickly shepherded through the legislative process and signed into law.

Though Big Tech companies were unable to stop the passage of this law, they were able to secure a major procedural loop-hole to give them future “bites at the apple” this year, before the new consumer protection law actually takes effect next year. They got the Legislature to agree to postpone its legal effect until next January 1st–giving Big Tech the chance to try to undermine the key protections the new law contains.

Some Big Tech CEOs publicly continue to assert they have become true converts to the importance of protecting consumer privacy

Instead, they–and their legions of powerful lobbyists–have, disappointingly, spent this past year in the California Legislature quietly attempting to do all they can to weaken California’s new privacy law before it even goes into effect.

I am therefore very pleased to report that, as the legislative year winds to a close this hot summer in California’s Capitol, Purism’s tenacious efforts, in collaboration with many other committed, non-profit privacy groups like ACLU and EFF–and the commitment to privacy by key legislators in Sacramento–appear to be paying off for California consumers. Although some measures are continuing to move forward that may relax some of the provisions in the CCPA, the many Big Tech-supported bills that have sought to substantially curtail consumer privacy rights have, at least for now, been halted.

Purism and its supporters can therefore be very proud; we are not just “talking the privacy talk” but “walking the privacy walk” when it comes to fighting for consumer privacy rights and consumer empowerment. Though the political battles are clearly never over, the social benefit company’s efforts to better protect our cherished personal privacy, and consumer control over our, and our children’s, privacy will always be worth the substantial effort and cost.

We shall continue this worthy fight.

The post The California Consumer Privacy Act appeared first on Purism.

One of the main themes of the talks was around containerized applications and the security involved. We learned about punching holes through flatpaks, with portals to provide the flatpak with temporary access to a service, and how to better secure multi-process flatpak applications with bubblewrap.

And after busy days of talks, we found the time to relax and casually chat at the picnic hosted at beautiful Platanakia:

There were also a few meals, involving food, drinks and some interesting discussions about possible software ethics rating systems encouraging ethical practices like encryption, discouraging unethical ones like tracking.

Finally, after attending GUADEC talks and BoFs (and the occasional picnic), we went to the beach on Wednesday; we even have a picture, so you can see it really did happen…

The post Purism at GUADEC 2019 appeared first on Purism.

A rolling release receives periodic updates in a “rolling” fashion–they just keep rolling in. This is good, as you get the latest cutting edge changes to applications and system libraries. But unfortunately there is a side effect to rolling releases: they are bad for stability, because the changes they bring are often not yet widely used, or tested, in real world situations. This issue is inherent to any fast moving body of code, and PureOS is no different; we attempt to solve it by putting the user at the center of our design choices. With this in mind, we polled our forum and worked internally to devise a pragmatic solution that follows best practices, while continuing to provide options for users.

Our solution is straightforward; we’re making our PureOS release a stable release, and creating a new rolling release. In addition to this stable release, we’re adding two complementary suites–amber-security and amber-updates–which work together to bring a rock solid release. We will also build and release a rolling release just like the one our users are used to, meant for those who are willing to use, and test, the latest software from upstream. Both releases will receive security updates, of course, but the rolling release will lack real-world testing, by design.

How do I get the new stable release?

You likely already have the new stable release. We’ve tested it for a while, and are now adding it as a normal update to PureOS base files. It should be an uneventful update–but if there are any issues at all, please let us know via bug report in our tracker system. We’ll announce our new rolling release in the near future. We will continue working on it, and during the period where our upstream has moved from stable to a new testing release there will likely be a bit of churn. Waiting for that to settle will likely benefit the quality of the new rolling release.

You can also download the new release. We’ll continue to update our documentation on the new release though very little has fundamentally changed. All our current documentation is routinely updated, and it all pertains to this latest release.

The post PureOS Rolls On as Stable appeared first on Purism.

The Librem 5 phone is built from the ground up to respect the privacy, security, and freedoms of society. It is a revolutionary approach to solving the issues that people face today around data exploitation — putting people in control of their own digital lives.

Due to the high volume, growing demand for the Librem 5, and in the interest of openness and transparency, Purism is publishing its full, detailed, iterative shipping schedule. This expands on the existing commitment to start shipping in Q3 by defining specific batches, their features, and their corresponding ship dates.

Most companies keep their release and product plans secret right up until mass production launch, so they can avoid publicizing any setbacks or delays; but we have decided to bring our community and customers along with us for the Librem 5 journey, and have been transparent about our progress from the beginning. This means you have been able to celebrate along with us as we have reached milestones like shipping our devkit in 2018, the NXP CPU silicon issues we had to overcome, placing our first call in early 2019, sending our first SMS. You have been able to track our software progress directly from our public code repositories and watch live updates to libhandy, Phosh, Chatty, and the rest of our software. And we are compliant with, and submitting for, the “Respects Your Freedom” certification from the Free Software Foundation.

The iteration schedule starts in September, 2019, and the Librem 5 will be shipping in batches with incrementing code names. Each iteration improves upon the prior in a rapid rolling release throughout the entire first version of the phone, including the public plans for the second revision of the phone for context.

Every iteration includes updates to hardware, mechanical design, and software. We will be contacting each customer to confirm their shipping address, which modem and power supply they would like, and to confirm which shipping batch they are currently scheduled to receive — and to give them an opportunity to select a later batch than they are scheduled for, should they prefer to wait for a later iteration. As slots in a particular early batch free up, we will open it up for others in a later batch to join in, according to the date of the order.

If you haven‘t yet placed your order (or want to place an additional order) — the sooner you order, the earlier the shipping batch you will be added into.

Batch Aspen

Hardware: Initial board, all hardware components included.

Mechanical Design: Individually milled case, loose fit, varying alignment, unfinished switch caps (hand crafted).

Software: Initial release of core Apps, manage contacts, basic web browsing, early power management, software updates from the PureOS Store via the terminal.

Certifications: FCC and CE for Radios

Shipping window: September 24th – October 22nd

Batch Birch

Hardware: Next run of board, all hardware included.

Mechanical Design: Aspen + tighter fit, improved alignment.

Software: Aspen + improved setup, improved web browsing, improved power management.

Certifications: FCC and CE for Radios

Shipping window: October 29th – November 26th

Batch Chestnut

Hardware: All hardware included.

Mechanical Design: Birch + capped switches.

Software: Birch + final setup, improved web browsing, improved power management.

Certifications: FCC and CE for Radios

Shipping window: December 3rd – December 31st

Batch Dogwood

Hardware: All hardware included.

Mechanical Design: Chestnut + refinements.

Software: Chestnut + core apps improved, additional applications, refined graphical PureOS Store.

Certifications: FCC and CE for Radios

Shipping window: January 7th – March 31st

Batch Evergreen

Hardware: All hardware included.

Mechanical Design: Molded case.

Software: Long term support release

Certifications: FCC and CE

Shipping window: Q2 2020

Batch Fir

Hardware: 14nm Next Generation CPU

Mechanical Design: Version 2

Software: Long term support release

Certifications: FCC and CE

Shipping window: Q4 2020

Thank you to all the supporters who continue to share the Purism story with the world — this is a long-term movement around creating a digital society that respects people. Purism started in 2014 and has been growing triple digits year-over-year. The Librem 5 project started in 2017 with early bird backers rapidly funding the 60 day campaign that blew past the $2.5m mark. The Librem 5 devkit was released in December 2018. Software inventions and releases have been ongoing for a few years. Now we begin the iterative production releases of the Librem 5 phone, which our entire team is very excited to share.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco, California, and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism +1 415-689-4029 pr@puri.sm

See also the Purism press room for additional tools and announcements

The post Librem 5 Shipping Announcement appeared first on Purism.

The best way to solve this challenge is for us to do the setup for you–and that’s what we are happy to announce today.

While we will still default to our standard coreboot firmware, starting today, if you order a Librem laptop and select the “PureBoot Bundle” option for the firmware, you can choose to have PureBoot installed and configured at the factory. The PureBoot Bundle includes a Librem Key, as well as a “Vault” USB drive that will contain the GPG public key we generated at the factory. You can use the Vault drive later to store backups of GPG keys you generate and store them in a safe place.

With the PureBoot Bundle, you will be able to detect firmware tampering and rootkits out of the box! Just unbox the laptop, plug in the Librem Key and turn it on–if the Librem Key blinks green, your laptop is safe; if it blinks red, it was tampered with in transit. Also, now that our Librem Keys are made in the USA next to our fulfillment center, we have even tighter control over the supply chain for the most critical trusted component in this equation.

If you pick a PureBoot Bundle, we will perform the following additional steps on top of the standard PureOS install process

• Reflash the firmware with PureBoot
• Factory-reset the Librem Key and set default user and admin PINs
• Generate a new, unique GPG key on the Librem Key
• Copy the corresponding GPG public key to a USB flash drive shipped with the laptop
• Sign all of the files in /boot with this GPG key
• Add the GPG public key to the firmware’s GPG keyring and reflash the firmware
• Reset the TPM and set a default admin PIN
• Store the known-good firmware measurements in the TPM
• Share a secret in the TPM and Librem Key to detect later tampering

When you get your PureBoot Bundle, you can immediately test whether the firmware was tampered with during shipment. For an additional charge, you can contact us about our anti-interdiction services which, among other measures, ships the Librem laptop and Librem Key separately.

We believe you should have full control over your keys

Once you have verified the integrity of the firmware, you can set new passwords and secrets on the Librem Key and TPM, generate new GPG keys (or copy over GPG keys you already have), and re-sign all of the files, all with keys under your control, at any time.

We hope that, by setting it up for you at the factory, we can get this next-generation tamper-detection technology into more customers’ hands. Everyone–not just hardcore geeks–deserves the peace of mind of knowing that their systems are safe from tampering; and unlike with other secure boot systems, PureBoot gives you tamper-evident firmware without vendor lock-in–you control all of the keys.

To get the PureBoot Bundle, order a Librem 13 or Librem 15 and on the configuration page in the shop, select “PureBoot Bundle” under the firmware option.

The post Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory appeared first on Purism.

There is a total dossier on everybody, and you are likely a willing, yet oppressed, participant. Willing because of how convenient it is; oppressed, because everything you do is under the complete control of others.

Gang-stalking by corporations must stop. We have seen before what can happen when all the whereabouts of all people are tracked. The German Secret Police (the Stasi) had over 250,000 spies, who served in a four-decade long despotic regime over a population of 17 million, committing crimes against their own people–crimes that were viewed to be as brutal as those perpetrated by their Nazi predecessors–reminds us what oppression is. We have seen what happens when your privacy is invaded, when what you do is tracked. Decades before the Stasi, the Gestapo had 40,000 spies watching over a country of over 80 million, committing the worst atrocities on civilians ever; this is what oppression is.

We have seen what happens when who talks to whom turns into a demagogic tragedy. McCarthyism was coined from recklessly slandering public figures, ruining the lives of hundreds of US citizen with unsubstantiated accusations; this is what repression is.

The amount of data gathered on people from any of the aforementioned organizations is infinitesimally small, when compared to the astronomically large, nearly incomprehensible amount of personal data gathered from your mobile phone in just one day.

Where you go is known with satellite-measured accuracy, within a meter of your position on earth. Polling every millisecond–even when offline, for later synchronizing–your exact location is recorded at every moment of every day, permanently. What floor you’re on, who you are near, how long you’re near them, what speed you’re traveling at, who you’re traveling with, are all elementary level mathematics to establish. Cross-linking a single data point like your longitude and latitude to a second data point like the radio distance to a cellular tower or three, adding in what Wi-Fi you connect to and the strength of connection, makes confirming your location in triplicate extremely easy.

What you do is matched against where you go, how long you are there, and how much you interact with your phone or health monitoring app. Knowing you’re at an event, bar, game, restaurant, hotel or friends house is matched against photos, videos, social media posts, chats, heart rate–or simply how often you look at your phone–and can determine what you’re doing with a remarkable degree of accuracy. Were you bored or engaged? Were you hungry, or did the salad you paid for suffice until the after-dinner pizza you had delivered late-night, after your ride-share (aka taxi+tracking) service dropped you off at 11:04pm?

Who talks with whom is egregiously recorded forever, and in nearly all cases what is said to whom is also flagrantly squirreled away for eternity. You chatting with your mother–yep, spied on. You texting your spouse–spied on. You calling to cancel cable–spied on. Your photo sent to your colleague–spied on. It’s easier to list all the things kept between just you and the intended recipient, because it is absolutely nothing. There is no app that can guarantee it’s just two people involved in a text string; because apps, the underlying operating systems, and the underlying cellular networks, are controlled by the very same groups that surveil all of society.

Your oppression is not entirely your fault; knowledge is purposefully and behaviorally restricted from your purview.

It’s either buried in the hundredth paragraph of a terms-of-service you didn’t read, or shrouded in enough mystery you follow the rest of the anchovies in a collective experiment wondering “if it is this bad, why hasn’t anybody stopped it?”

It takes any one of three things to solve this–as history has shown: governments regulating to benefit civilians; business models changing to respect society; people switching to products and services that are ethical for society. Surveillance companies are working daily to remove the last one from happening; people switching requires a network effect, and they put up anti-competitive barriers for any new competition to have a level playing field. These same companies–all Big Tech companies–are so gargantuan that they don’t have to change their business practices toward helping society; they opt to use marketing slogans to keep their oppressive regimes dominating instead.

This leaves governments to step in and consider regulating the behemoths–never forgetting that lobbying efforts will work hard to adding regulation that keeps the companies gigantic, rather than regulation that benefits civilians, since this type of regulation makes smaller but growing competition need to jump higher and higher to vault over the new regulatory hurdle.

To rid yourself of the unethical dossier collected on you takes having a (convenient) alternative that avoids knowing where people go, what people do, who talks to whom, all it takes is governments to stand up and regulate to benefit its civilians.

And most importantly, it takes you leading by example, using products designed to respect your rights.

The post Why the Total Dossier on Everybody Must Stop appeared first on Purism.

Each application is grouped into one of three categories based on how optimized it is for the mobile screen.

Mobile Optimized – Fine tuned for mobile screen and touch input.

Visual Issues – Some visual elements could use additional fine tuning for mobile screens.

Needs Mobile Optimization – Runs and is functional, but not all visual elements are visible or fit on the screen.

This list was last updated on August 30, 2019 and some items are maintained by the team at Purism.  This is not a complete list of all pieces of software that run on the Librem 5 (either currently or in the future) and additional applications will be added to this chart as they are tested and verified.

The Librem 5 Application Compatibility Chart

Application	Mobile Optimized	Visual Issues	Needs Mobile Optimization
Phone Calls Calls	✓
SMS, Messaging Chatty	✓
Web Browser GNOME Web	✓
Utilities GNOME Contacts	✓
Utilities GNOME Settings	✓
Utilities GNOME Clocks	✓
Games Animatch	✓
Development King's Cross Terminal	✓
Utilities GNOME Help	✓
Music Player Lollypop	✓
Utilities GNOME Archive Manager		✓
Image Viewer Eye of GNOME		✓
Utilities GNOME Disk Utility		✓
Graphic Design Drawing		✓
Torrent Client Fragments		✓
Podcasts GNOME Podcasts		✓
Games OpenTTD		✓
PDF Editor Xournal		✓
Utilities GNOME Calculator		✓
Games Aisleriot		✓
Emulators DOSBox			✓

If you see any incorrect entries or bugs, please file them here

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post The Librem 5 Application Compatibility Chart appeared first on Purism.

Mobile phone market is a small number of big players

As everyone knows, the current smartphone market is a duopoly with the majority of phones running Android, and the rest running iOS. But the chipset market and the bulk of the smartphone supply chain is in the hands of only a few large companies. Two companies only (Mediatek and Qualcomm) account for the bulk of Android phones, which itself accounts for the majority of phones on the market. That’s not just a lot of control in a small number of companies, it also presents its own challenges if you want to create a device that respects freedom in a marketplace where the norm is proprietary software. This means most phones integrate as much as possible into as few chips as possible–and those chips generally require proprietary firmware and drivers to function.

Patents present a unique challenge

One thing many people don’t understand outside of the mobile space is the impact that patents have. Every new generation of phone technology brings with it hundreds, if not thousands, of patents. While patent holders have certain requirements to license these patents to others, they also use their patents to control the market. This is particularly relevant when you consider just how important mobile phones have become in everyone’s lives–having, in many cases, replaced the traditional personal computer as the primary computing device. This control over the market via patents presented us with a lot of challenges, in particular when attempting to source a standalone 4G modem that supported voice.

Unveiling the Librem 5 PCB

We want a smartphone that respects people’s freedom with an open, hackable design and published schematics. In fact, we are seeking “Respects Your Freedom” certification from the FSF, so we went to great effort to source freedom-respecting chips that worked with free software drivers. One big area where we could not work around proprietary blobs was the modem, so between that and our desire to use hardware kill switches–for the WiFi and the cellular baseband–we went with a design that separated out those components into their own chips (in the case of the cellular baseband, a removable M.2 card). We started by releasing a devkit in December 2018, and in this talk Nicole unveils the first public pictures of the actual phone PCB!

Conclusion

Hardware is hard, and making mobile phone hardware that respects your freedom is even harder. Challenges include finding suppliers, language barriers when working with Chinese suppliers (in many cases the only viable avenue for certain mobile phone work, these days), often dealing with long lead times, regulations and certifications. There’s also a general lack in available hackable hardware, which means that there isn’t nearly enough expertise in mobile phone hacking in the community–something we hope to change!

Nicole’s talk was marvelous–both informative and interesting–and you should really watch the video in its full version bellow, because there’s so much more to it than what we just wrote about!

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we–the people–stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post Purism CTO Presents “A Mobile Phone that Respects Your Freedom” at CCCamp appeared first on Purism.

• Delivering value to our customers. We will further the tradition of American companies leading the way in meeting or exceeding customer expectations.
• Investing in our employees. This starts with compensating them fairly and providing important benefits. It also includes supporting them through training and education that help develop new skills for a rapidly changing world. We foster diversity and inclusion, dignity and respect.
• Dealing fairly and ethically with our suppliers. We are dedicated to serving as good partners to the other companies, large and small, that help us meet our missions.
• Supporting the communities in which we work. We respect the people in our communities and protect the environment by embracing sustainable practices across our businesses.
• Generating long-term value for shareholders, who provide the capital that allows companies to invest, grow and innovate. We are committed to transparency and effective engagement with shareholders.

There is a lot of speculation around what has motivated this change, ranging from genuine altruism to a response to politicians who have made corporate greed a talking point in their stump speeches, or even to using it as a hedge to explain future losses driven by a possible recession. This article does not address any of that speculation. Instead, this article will address whether the Business Roundtable’s new mission statement is likely to significantly affect corporate behavior, based on our experience as perhaps the first Social Purpose Corporation in the technology space.

“The Business Roundtable CEOs could just re-incorporate as a Social Purpose Corporation, if their motives aligned with their words.” Todd Weaver, Founder & CEO of Purism stated.

This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation. We chose this form or corporation to ensure that our foundational purpose to advance the freedom, privacy and security of our customers would not be undermined by those who seek to maintain the ability of Big Tech to profit off of customers’ personal information. We also wanted to protect our company’s ability to achieve its purpose as it grew, in particular once it took on outside investment. One big threat we knew we’d face if we went through the traditional C corporation model was that future investors could potentially sue us for pursuing social good above maximizing shareholder value.

According to the Washington State Bar Association, “An SPC’s directors may give weight to one or more of the social purposes, rather than solely considering the best interest of the corporation. RCW 23B.25.050. This allows the founder to elevate a particular social cause rather than maximize profit at the expense of society. It allows a company to be socially responsible without being considered financially irresponsible.”

As laudable as the mission statement by the Business Roundtable is, the fact remains that its members’ corporate structures and broader objectives will continue to be centered around profit maximization. Let’s keep in mind that CEOs of large companies typically have much of their compensation based on the performance of the company’s stock. Will CEOs whose compensation can run into the hundreds of millions of dollars per year put their personal financial interests aside for the greater good? And, more importantly, one must unfortunately admit that often times the very nature of the businesses conducted by the largest companies is, at their core, contrary to the public good.

Consider, for example, the social media companies who know their platforms are being manipulated to fuel division and discord in societies around the world, and yet they fail to stop the abuses. Consider the role of large banks in economic calamities around the globe. Consider the role of pharmaceutical companies in making drugs unaffordable for many people, and in contributing to the opioid crisis. Consider the fossil fuel companies who continue to extract and burn fossil fuels knowing that they are an existential threat. Consider the role of chemical companies in polluting the environment. And consider the fact that our company was born out of the need to protect people from the challenges to their privacy, security and freedom brought on by Big Tech. Sadly, the shift in emphasis by the Building Roundtable does not address the biggest problem with many of the largest corporations, which is that their business objectives are not compatible with general health and welfare. Saying that companies should deal fairly and ethically with their employees and partners even if it affects the bottom line is nice–but beside the point. It would be far more beneficial for these companies to reevaluate their overall effect on society.

We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

The post How To Promote Real Social Good appeared first on Purism.

We are preparing everything for the Librem 5 to be delivered soon, and its software will focus on the most critical applications a phone needs: calls, messages and web browsing. There are supporting projects that will be delivered too, like GNOME Settings, the shell, GNOME Initial Setup, and GNOME Contacts. So without further ado, let’s take a tour through the software we will deliver–as well as some other applications that have seen some major changes.

Applications

Libhandy

We have made some adaptive dialog improvements to HdyHeaderBar’s back button. There is a really nice new pagination widget for the app drawer. A general overhaul of the app drawer is almost finished–thanks so much, Alexander Mikhaylenko, for all of your hard work on this!

Also, be sure to check out the newly packaged demo app.

And Libhandy 0.0.10 has been uploaded to Debian and to PureOS.

Calls

We have worked on a few recent main efforts on Calls: adding a calls history, allowing the Contacts app to dial numbers, and enabling the system to receive calls when the shell is locked.

To lay the foundation for the calls history, the records have to be recorded in an SQLite database. Then, to complete the work, the database was connected to the UI.

In order to allow Contacts–or any other application–to dial calls, a tel url handler was added to Calls.

Calls now starts up in a new daemon mode when GNOME starts, so that incoming calls can always be received.

Messaging

The team fixed several crashes, and the welcome screen was reworked; there is also an ongoing effort to integrate with libfolks, which is used by Contacts.

We continue to improve the SMS plugin, too, and fixed an issue with multipart SMS reception: all SMS fields are initialized as soon as the first part is received (thanks a lot, Aleksander Morgado, for the patch). There is also handling for SMS messages that were received by the modem when Chatty isn’t running, support for delivery reports, and phone number formatting according to E164.

The conversation view was improved by introducing lazy loading for pulling the chat history patch, which gradually loads the chat log into the conversation view as the user scrolls up. Thanks, Leland Carlye, for the awesome patch!

GTK

The team added many mobile tweaks: from file chooser dialogs to about dialogs, message dialogs, adaptive presentation dialogs, dialog maximization, and info bars.

Web Browsing

We have backported many mobile improvements, which we also included on the devkit image. The Epiphany “new tab” page and several other in-viewport pages have been made adaptive, and there is a continued effort to push for Epiphany to adopt HdyPreferencesWindow.

Soon, you will be able to edit CSS from Epiphany’s preferences; and the search engine management dialog has been ported.

In order to address the application manager overflow issue, the about: applications now has improved CSS for responsiveness.

Initial Setup

We have refactored adaptive changes for some long-needed cleanups, which will be submitted upstream eventually.

Contacts

We have some brand new functionalities, such as new buttons, added for making a call and sending sms.

In preparation for Contacts integration with Calls and Chatty, we have been doing some investigation into libfolks, gnome-contacts-search-provider, and evolution-data-server. This led us to a major refactoring of GNOME Contacts, so as to reduce complexity.

We have added some fixes to avoid crashing when taking a webcam picture, using GNOME 3.32 avatar styles for fallback–and the avatar is no longer cut off. A long press for selecting contacts was also implemented.

We are still working on fake persona.

Clocks

We are working hard to redesign GNOME Clocks for mobile/adaptiveness–and to get the Alarm UI to use new list patterns.

Help

We did it–GNOME Help now works on the devkit!

Settings

We are focusing a lot of effort on the WWAN panel, where locked SIM cards are now handled (and there’s a dialog to enter a PIN to unlock the SIM), data can be enabled and APN can be set, and auto-connect for default APN is also enabled so that it is persistent across device restarts. The UX has been improved too, by using HdyColumn to center align the panel and porting to HdyDialog. Finally, the WWAN panel now also detects multiple modems!

But that’s not everything: other areas of GNOME Settings have seen adaptive changes too, such as the background panel, search locations dialog, and notifications dialog, which have been made adaptive; the GNOME Online Accounts has also been made adaptive, by reducing the account widget margins and setting a minimum and natural size–which required the account dialog to be adapted. Plus, we are currently updating the format dialog for the Region panel (in GNOME Online Accounts).

There’s a new design for the WiFi panel being discussed upstream, which will need to be implemented once consensus is reached.

Additional adaptive fixes are still under review upstream, and include fixing HiDPi scaling issue of background images, region panel, and privacy panel dialogs.

System

We have a shiny, new, user-friendly terminal for mobile screens called Kings Cross, which is now default on the Librem 5. Thank you so much, Zander Brown, for all of your hard work on this!

We have also set a default background image. In order to help debugging efforts, debug symbol packages have been added by default. We’re now shipping a patched UPower that detects the devkit’s charger and power supply.

Support for the Librem 5 has been upstreamed in Debian’s flash-kernel.

Keyboard

Our team fixed several keyboard crashes, too: keyboard visibility on DBus is properly toggled now, for example, and a text-input issue preventing the OSK from showing up automatically in the correct windows is fixed. We also made lots of cleanups across the code base (see some cleanups and imservice cleanups for more detail) as well as getting tests added, error-checking made stricter, and many other fixes.

Some scaling improvements were made by calculating the scale factor instead of pre-scaling; honoring the widget scale factor, and setting a constant font size.

Additional rendering upgrades included avoiding infinitely redrawing the keyboard (since this was making the keyboard blurry, as well as eating up battery and CPU cycles), fixing the blurry text and icons and making the widget easier to style. We also added frame rendering, in order to make the keyboard match the design.

To avoid hiding content behind the keyboard, LayerSurface improvements were made–and newer layer shell code from phosh implemented–to hide/show the window, instead of destroying and redrawing it every time. This helped us make squeekboard our default keyboard.

Sound support is being added in the keyboard.

And, thanks to Piotr Tworek, we fixed an out-of-bounds memory-read bug!

XKB keymaps are being generated from XML instead of using premade ones, to allow for more keymap flexibility, so we have also decided to make some keyboard geometry adjustments to make the XML simpler.

The navigation between keyboard views was significantly improved, and landscape orientation was added so the keyboard no longer takes up the full screen, being centered instead. Similarly, the keyboard is now centered horizontally. We have also started working on improving symbol input, and adding support for non-ASCII languages.

The text-input protocol has been updated; it now supports notifying when no OSK is needed.

Compositor + Shell

The compositor has seen many fixes by now–although at first you may hardly notice them. Stack handling works better now, and unmapped surfaces won’t be raised in the stack. In order to mitigate any accidental rendering bugs when, for instance, focus rules cause the function to return early, the view damage in set_focus, to where the drawing list is handled, has been moved. Additional work has been done to move the focus back to first shell surface when unfocusing layer surface. To make recent GTK dialog fixes behave properly, maximize/fullscreen state is now taken into account on view init.

The team has also made a few layer surface changes: a layer shell crash was fixed and unused protocols were removed.The system modal dialogs now match the design much better; the ability to unmaximize auto-maximized layers was removed to avoid a broken state; we fixed the layer shell show/hide, and now have the ability to use enums as types. Some protection was put in place to guard against negative exclusive zone when surfaces set negative margins.

Other noticeable changes are that you can now close an app from the overview, and the keyboard button is hidden when the keyboard is unfolded.

We have also added touch support in X11 backend!

We were worried about a few compositor crashes, which led us to make some input grab fixes for xdg_popups and remove input method’s resource from the list on destroy.

Other changes we made include dropping the pointer emulation on touch and auto-maximizing before mapping the surface, to avoid flicker for example when starting new applications.

Phosh has seen the addition of PhoshToplevelManager and PhoshToplevel classes for managing and representing toplevel surfaces; this switches from a private protocol to wlr-foreign-toplevel-management, which is more complete than our previous private protocol and makes phosh usable with other compositors that implements the new protocol. Reporting the surface’s parent is still pending upstream review.

As you boot your devkit now you’ll notice that you see your list of favorite apps immediately. This is the result of our recent effort to move the favorites to home screen–once again, thanks to Alexander Mikhaylenko, in this case for fixing the sizing of the activities! You’ll also notice our new animated arrows when folding/unfolding the home screen, and fix favorites changing via gsettings.

Kernel

If you haven’t already, take a moment to read our blog post that details the Librem 5 team’s contributions to the 5.2 kernel.

But a few things have happened since: support has been added for our accelerometer and gyroscope, and it’s been submitted upstream. In order to make IIO-sensor-proxy work correctly, we mainlined an accelerometer driver bugfix–meaning we will soon be able to use IIO-sensor-proxy by default and auto-rotate so that we can remove the “Rotation” switch in the top bar.. and rely on the sensors to decide the orientation that should be displayed!

We have been working very hard to improve the graphics stack too. MXSFB support has been added into mesa, and several patches are in review upstream: v1 and v2 of the NWL MIPI DSI driver, v2 of the LCD panel patches to make it work embedded in a panel_bridge(which is used by the NWL driver), v1 of the MXSFB patch to handle NWL timing requirements. Some tests with MXSFB were fixed.

A couple of minor patches were made to fix a typo in i.MX8MQ reset names and IPUV3 kconfig.

Power Management

The team is trying very hard to better manage the power consumption of the phone and reduce the overall temperature: to make sure we don’t lose basic kernel support, we now check for cpuidle sysfs nodes and DRM render node. We are also working on helping NXP to mainline thermal-idle to cool the CPU by idle-injection; to ease kernel updates, we improved kernel tests–and the CPUs now slow down when hot, instead of overheating and shutting down.

Also, thermal management investigations have led us to a focused effort on S3 suspend/resume.

Builds

The mailing list now receives build status mails–if you’re interested, you can sign up for librem5-builds@lists.community.puri.sm and receive them.

And the images will soon include our patched version of gnome-settings-daemon.

Documentation

We have made several updates to the existing documentation: the low-level touchscreen reading hints, GNOME platform section, and application settings have all been updated, for example. We have also made many one-line updates to be able to use recent links, a more recent version of GNOME, etc.

As always, a big “Thanks!” to everyone that has helped review and merge changes into upstream projects; your time and contribution are much appreciated. That’s all for now, folks–stay tuned for more exciting updates to come!

The post Librem 5 August Update appeared first on Purism.

The article begins by pointing out that several companies have tried to release private, secure smartphones–and most have failed. Does that mean privacy and security are impossible to achieve? Well, not really, because:

One company wants to change the privacy-focused technology landscape

And that company is Purism. Not depending on the traditional Silicon Valley Venture Capital marketplace, and being a Social Purpose Company, Purism will never compromise its users security, or their privacy, for profit.

Purism’s crowdfunding campaigns on the Crowd Supply platform consistently achieved more than their funding goal. The latest, concerning the Librem 5 smartphone, raised over $2 million. And what makes the Librem 5 smartphone different from other phones? Several factors, such as the business model, an engaged community, and the fact that privacy and security are starting to be a great concern– and not just for everyday smartphone users, but for the government as well.

While the world continues to “opt-in” and share their every move, thought, comment, viewing whim, personal home climate preference, and family behavioral profile with the 2 or 3 companies running the world, there are people that find this repugnant.

Ultimately, desiring privacy does not mean having to go off the grid: a privacy-enhancing smartphone both empowers and enables its user.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post The Librem 5 Smartphone in Forbes appeared first on Purism.

Online harassment is both a privacy and a security concern. We all know the story of how someone (typically a woman, studies say) states their opinion online and is then harassed to the point of leaving the service (or worse). Using the infamous “with an opinion” hook, we can frame a user story that affects more than 50% of the population:

User story: I am a marginalized person with an opinion. I want to intercept online harassment, so that I can communicate safely with friends and strangers.

The truth is that a motivated mob can target anyone, marginalized or not. We would all benefit from effective anti-harassment tools.

Don’t rely on the operator

Many current and proposed solutions to stop or curb harassment rely on one or more of these methods:

• Human content moderation. Typically volunteer or low-paid, and subject to burnout. A moderation team simply does not scale, and cannot moderate private messages (we define “private” as “end-to-end encrypted”).
• Server-side tracking. Error-prone “algorithms”, with little or no transparency, regularly make mistakes. And once more, they cannot apply to private messages.
• Shoot-first takedown laws that skip the deliberative process and are frequently abused.
• Corporate censorship, or any of the above distorted by bottom line.

It is tempting to rely on a server-side solution, whether that means the machine itself or humans working on your behalf. This can work on tiny scales if you have a trusted friend with both technical and legal know-how, but in all other cases the issues are compounded. To mashup two misunderstood quotes:

You solved a harassment problem by ceding control to the service? Now you have two problems.

Empower the user

We suggest that user empowerment via client-side features is a more robust and safer approach. Potential design patterns include:

1. Client-side heuristics

Server-side solutions necessarily put power in the hands of a developer or sysadmin. By contrast, client-side heuristics put power in the hands of the user, including the power to turn them off. Privacy Badger is a great example of this in practice:

• Fresh installations use rules generated by offline training.
• Additional rules based on behavior-based heuristics.
• Additional customization for experienced users.
• No ads, no calling home, no tracking.
• Turn it off, for example if you are researching trackers.

Moving forward we aim to enhance all Librem One clients with badger-like functionality. We believe that the majority of cases won’t require machine learning, and could be handled with simple heuristics:

2. Safety mode

We can classify online correspondents into three groups:

• Trusted contacts. People we talk to regularly, and trust.
• Strangers. People we don’t know well, or don’t know at all.
• Bad actors. People we don’t want to interact with, possibly based on the advice of a trusted contact.

Typically, we want to communicate with strangers online, so this should be possible by default. But if we are being actively harassed, we can assume that further messages from strangers are unsafe, and switch our account to “safety mode”–rejecting messages, invites and other interactions from strangers. We can rely on our trusted contacts for help and support, including passing on well-wishes from strangers.

At-risk individuals might choose to start their account in safety mode.

Trusted caretakers might maintain lists of bad actors, but trusting a caretaker should require very careful consideration: What is their governance model? What is their appeals process? Do they leak information about list recipients?

3. Crowd-sourced tagging for public content

In the specific case of public posts, we believe that public crowd-sourced tagging (aka, folksonomy) is a sustainable and fair replacement for human moderation, caretaker-lists and takedowns.

This approach takes moderation power out of the hands of a few sysadmins and corporate moderation teams, and grants it to all users equally. Users are free to decide which user-moderator they trust, and filter based on their tags–or skip moderation entirely.

😡: I pity the fool who can't butter their
    #toast! #onlydirectionisup

        😷: #hatespeech
        😒: #butterpolitics

👿: @😡 Shut up! My grandparents fought to
    butter side #down!

        🤩: #thoughtleader
        😒: #butterpolitics

😤: @😡 @👿 Well actually, you're ignoring
    the #margarine argument. You're such
    #lipidariantoastbros

        😒: #butterpolitics

😢: @😤 @😡 @👿 Why can't we all just get along?

        😡: #butterdowner
        👿: #butterupper
        😤: #lipidariantoastbros
        😒: #butterpolitics
        🤩: #thoughtleader

Where to, from here?

These are only a few of the high-level patterns we are considering as enhancements to all Librem One clients. Your Librem One subscription supports our team as we turn these patterns into a reality.

They build on the philosophy we’ve already outlined on our blog, under the “user empowerment” tag.

We look forward to reading more proposals from our friends and colleagues in the free software and anti-harassment communities. We are particularly interested in design patterns that honor our “no tracking” policy, and reliable (peer-reviewed) statistics that help prioritize use-cases. We are already looking at:

• Harassment research by Hollaback!
• The work of the Sassafras Tech Collective, including “Anti-Oppressive Design”
• OcapPub: Towards networks of consent, an upcoming paper by Christopher Lemmer Weber, co-author of the ActivityPub standard
• And “Protecting Children Online: Cyberbullying Policies of Social Media Companies”, by Tijana Milosevic

In the meantime, and whether you are a Librem One user or not, please refer to our stay safe guide. It’s quick and easy to read, just like our policy, and we keep it up-to-date with links to high-quality, world-audience resources.

Thanks for stopping by, stay safe, and stay tuned for more user empowerment news.

The post Curbing Harassment with User Empowerment appeared first on Purism.

Congratulations are in order–we are so proud to say that Nicole Faerber just got nominated to the short-list of such a meaningful award. Nicole’s nomination means a lot to Purism, and we are here today to say just so.

She totally deserves this nomination (and, if we may say so ourselves, she’d also deserve to get the award…) for oh-so-many reasons:

• for her amazingly innovative work on our upcoming Librem 5 smartphone
• for her concerns about privacy and security and avoiding data and user exploitation
• and of course her assertive presence in the free software community, where she contributes to making free software an industry standard… helping the rest of the world take its possibilities seriously.

So thank you, Nicole Faerber for all that you do!

“Women have been an important part in creating the very foundations of modern IT, naming Ada Lovelace as just one example (here and here are some more), and have ever since played an important role in IT and computer science.” – Nicole

Women in technology are clearly not represented enough: they amounted to somewhere between 2% and 5% of all programmers a decade ago, and about 10% now. At Purism, we pride ourselves on being gender diverse, in addition to being racially and geographically diverse. Our full team is comprised of 20+% women (with women accounting for 37+% of our board, and 33+% of Purism executives) and we continue to work to increase that percentage. Diversity is an asset, and creates safe workplace environments. If you want a safe workplace environment that respects diversity, we are hiring.

The post Nicole Faerber nominated for “CTO of the Year” by Women in IT Awards appeared first on Purism.

The term “no-carrier phone” is used for a mobile phone that does not get its phone number from a carrier. This can take a couple of forms: a WiFi connection-only phone, or a Cellular Data connection-only phone.

In other industries, for instance in media distribution, this is called “Over-The-Top” (OTT); the underlying idea is that Internet Service Providers (ISPs) should be, and are just, “dumb pipes”. Why?, because they provide internet data only–and all the services ride over-the-top of the internet connection. Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. This was done against the wishes of many entrenched media groups and ISPs, of course–but the majority of us have now adopted the OTT model: we call them streaming services.

Over-The-Top can (and, in my humble opinion, should) apply to every form of service on the internet.

We do not need to get our primary mobile phone number from a carrier—routing all our voice data, messaging data and internet data. If the carriers were just “dumb pipes”, they would offer us data-only connections, allowing us to get personal services from any competitor offering an internet tool we need or like–including a phone number. Sure, the carriers could bundle their own a la carte offering of services, but as the US Congress established a while ago with the FCC during the phone-number-lock-in wars (from the US Telco providers) people should be able to keep their phone number and just switch providers.

Over-The-Top means you would have a fully-functioning phone–and a phone number–portable to whatever internet connection you desire; be that a cellular carrier, a prepaid SIM card, a coffee-shop WiFi, tethered to a friend’s device, USB hotspot or whatever other fun thing you’d like to try (BlueTooth mesh network, anyone?).

This No-Carrier vision could be realized with the Librem 5 combined with Librem Dial–a future part of Librem One bundle.

Once Librem Dial is released in the future, it would mean you could have a non-carrier-provided phone number which could be used no matter what connection you have over-the-top; that you could make or receive calls to your primary phone number if you are on WiFi and no Cellular connection. You could flip the Cellular Modem Hardware Kill Switch (HKS) on your Librem 5 and still call or text from your primary phone number while at that coffee-shop WiFi.

This would offer you the ability to have a no-carrier phone–in either form–that now you only have when on WiFi–which means no triangulation-location tracking from cellular towers. Or you could have it tethered via WiFi to another device; or a no-carrier phone number whereby you use a prepaid data-only SIM card, or even opt to have a data-only SIM card from a carrier. I would still call this a no-carrier phone, as the phone’s number is not attached to any carrier.

This approach of over-the-top has many added benefits–and only one down-side:

Because cellular carriers offer voice and SMS messaging even when you are outside of cellular data regions, you can still make or receive a call (or send and receive text messaging) with very weak data signals. This is why you can still call and text even if you turn off cellular data on your phone. In a no-carrier model—where the service rides purely over the data connection—your services would only work when there is data connection to your phone, be that WiFi or cellular data. Even with this downside, the benefits are tremendous of course–including having complete privacy control of your device’s location, control over when you’d like to connect and use your cellular data plan, and the ability to switch providers without ever having to reconfigure your accounts or settings.

As you can see, Purism has grandiose plans, and we continue to advance towards them rapidly.

Triple-digit, year-over-year growth offers us a unique opportunity to serve society–as our Social Purpose Corporation status requires–changing society for the better all along the way.

By pre-ordering the Librem 5 phone and signing-up for Librem One services, you will be supporting a platform with the potential to cut the cord from your carrier and move toward the no-carrier phone!

Get Librem One

Pre-Order Librem 5

The post What a No-Carrier Phone Could Look Like appeared first on Purism.

Librem 5

Display : 5.7″ IPS TFT screen @ 720×1440
Processor: i.MX8M (Quad Core) max. 1.5GHz
Memory: 3GB RAM
Storage: 32 GB eMMC internal storage
External Storage: microSD storage expansion
Wireless: 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4
Baseband: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
GPS: Teseo LIV3F GNSS
Smartcard: Reader with 2FF card slot (SIM card size)
Sound: 1 earpiece speaker, 3.5mm headphone jack
Accelerometer: 9-axis IMU (gyro, accel, compass)
Front Camera: 8 MPixel
Back Camera: 13 MPixel w/LED flash
Vibration motor: Included
USB Type C: USB 3.0 data, Charging (Dual-Role Port), Video out
Battery: User replaceable – 3,500 mAh

You can pre-order the Librem 5 for the early bird discounted price of $649 — with the price going up $50 after July 31st.

Here’s a more detailed breakdown of the Librem 5 hardware and specific components included:

CPU i.MX8M @ max. 1.5GHz

• Quad core Cortex A53, 64bit ARM
• GPU: Vivante GC7000Lite (hardware supports OpenGL/ES 3.1, Vulkan, OpenCL 1.2)
• Auxiliary Cortex M4

RAM:

• 3GB RAM

Storage:

• Internal 32GB eMMC
• microSD storage expansion slot (max 2 TB)

Display:

• 5.7″ IPS TFT screen @ 720×1440

3 Hardware Kill Switches:

• WiFi / Bluetooth
• Cellular Baseband
• Cameras & microphone
• All 3 off = additionally disable IMU+compass & GNSS, ambient light and proximity sensors

Other Buttons:

• Power button, Volume ± buttons

Battery:

• 3,500mAh, user replaceable

Wireless:

• 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4

Baseband:

• Option 1: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
• Option 2: Broadmobi BM818 (made in China)
• nanoSIM tray for cellular

GPS:

• Teseo LIV3F GNSS

Cameras:

• Rear camera @ 13 MPixel
• Camera flash LED for rear camera
• Front camera @ 8 MPixel

USB Type-C Port:

• USB3.0 data
• Power Delivery (Dual-Role Port)
• Video out

Audio:

• 1 earpiece speaker + digital microphone
• 3.5mm headphone jack with stereo out and mono microphone input
• Audio DAC: Wolfson Media WM8962
• 1 loudspeaker

Smartcard:

• Reader with 2FF card slot (SIM card size)

Notification Lights:

• RGB LED with PWM control per color

Other Sensors, Components:

• Acceleration, gyro and compass sensor (“9-axis” by ST, LSM9DS1)
• Ambient light and proximity sensor: VCNL4040
• Haptic motor

The post Librem 5 Smartphone – Final Specs Announced appeared first on Purism.

Because behind every network, big or small, system administrators are working hard to make sure that servers are secure, updates are painless and metaphorical fires are quickly put out. They frequently go beyond their job description to provide additional support to individual users on the network.

One big, well-kept secret is that most of the Internet runs on free software. The other big secret is that all of the Internet runs on SysAdmins.

So today we’d like to thank our SysOps team for their tireless work, juggling the demands of company resources, our shop and various websites, as well as our Librem One services. Your laptop, services –and soon your phone–will make their way to you in large part thanks to the infrastructure they maintain.

We’d also like to thank other members of our team who contribute to the DevOps process.

If you’re feeling generous, send a shout-out to the admins of the network you’re using right now (your ISP, school or work LAN, phone operator) and say thanks for their hard work! And on a day when something goes wrong, don’t forget to send a little #hugops their way 🤗

The post Happy SysAdmin Day! appeared first on Purism.

Some examples of this include:

• Apple silently disabling a 3rd-party service on Macs because of a security vulnerability even though a patch was already available
• Apple blocking Facebook and Google from running their internal iOS apps even on their internal company iPhones
• Microsoft (up until this past May) forcing feature updates to Windows 10 (and often breaking consumer desktops)
• Dropbox silently updating their software to install a new file manager
• The classic, irony-filled example of Amazon removing 1984 from Kindle e-book readers

Below you will find the origins of this mentality, the risks and harm that arise from it, and what it says about who really owns a computer.

Enterprise IT and the origins of “remote control”

Anyone who has ever worked for a large company in the computer age has experienced first-hand the authoritarian, controlling, and restrictive policies that IT employs to manage company computers. Starting with centralized systems like Active Directory, IT teams were able to create policies that controlled what sorts of passwords employees could use and whether employees could install applications, access printers, and even, in some cases, insert USB drives.

These centralized tools have evolved over the years: they can now add and remove files, install new software and software updates, remotely control machines over the network in order to view what’s on their screens and access local files. This controls extends into Active Management Technology features embedded into the Intel Management Engine, that lets administrators remotely control computers even if they are turned off. Now that smartphones are critical tools in many organizations, MDM (Mobile Device Management) tools are also often employed at enterprises to bring those devices under a similar level of control–with the added benefit of using GPS to track employee phones even outside the office.

The most common justification for these policies is convenience. If you are an IT department and have thousands of employees–each with at least one computer and one smartphone that you need to support–one of the ways to make sure that the appropriate software is on the systems, and updates get applied, is to push them from a central location. Companies often have custom in-house software their employees rely on to do their jobs, and throughout the life of the company more tools are added to their toolbox. You can’t expect the IT team to go desk-by-desk installing software by hand when you have thousands of employees working at offices all over the world: when an employee’s computer breaks, these same tools make it easy for IT to replace the computer so the employee can get back to work quickly.

The main justification for the strictest–and most controlling–IT policies isn’t convenience, though: it’s security. IT pushes software updates for protection against security bugs. They push anti-virus, anti-malware and remote monitoring tools, to protect both employee and company from dangerous email attachments, from software they might download from their web browser. IT removes local administrative privileges from employees in the name of protecting them from installing malware (and, practically speaking, from installing games and other time-wasting apps). They disable USB storage devices so employees can’t insert disks containing malware or copy off sensitive company documents. Each of these practices have valid reasons behind them for companies facing certain threats.

Are users children?

Information security professionals spend much of their time solving problems in the enterprise IT space; as a result, they often take on some of the same patronizing views of users you find in IT. Many view themselves as parents and users as children, their role being to wrap the hard corners of the digital world in foam so users don’t hurt themselves. This patronizing view leads them to pick security measures that remove control and autonomy from end users, and centralizes that power in the hands of IT or information security. The repeating refrain is “just trust us” and that users must place full trust in the internal security team, or the third party enterprise security vendor, to be safe.

Most users tend to bristle against this kind of security policies–especially as generations are entering the workforce who grew up with computers, and are increasingly savvy and knowledgeable about how to use them. All the same, in the workplace employees have grown accustomed to giving up much of their autonomy, control, and privacy for the sake of the company. Yet you can tell that this approach runs against our nature, because so many companies have had to explain these policies in new hire documents and require that employees agree to, and sign them, when they are hired. These documents inform the employees that the computers they use and the documents they access are company property–and that the company is authorized to monitor and control their property at all times.

Remote control spreads to consumer devices

You could make a convincing argument that, since companies have paid for, and do own, all of the computers they provide to their employees, and pay IT teams to maintain them, it’s their right to set up software to control them remotely. As draconian and privacy-invading as some corporate policies are, you can still argue that employees consented to this level of control when they signed their employee contract. The problem is that this patronizing, authoritarian approach to enterprise IT has now found its way into consumer devices as well, because it’s in a tech company’s interest to have as much power over their customer as possible. Unlike in the enterprise, though, this remote control is on by default and without explicit consent.

More and more tech companies are hiring themselves as their customers’ IT staff, are granting themselves remote control over their customers’ computers, always in the name of convenience and security. The most common form of remote control is that of automatic updates; on the surface, automatic security updates make sense–people can’t be expected to know about all of the security vulnerabilities in all of their software, so it makes sense to make patching easier for them.

The problem is that many companies now set this behavior as the default–without user consent–and don’t limit themselves to security updates: instead, they also push other changes they want, including normal feature updates, adding new advertising to the OS, automatically logging users into their Google accounts, and any other change they want on your computer. These updates often have critical bugs themselves, but since they go along for the ride with security updates, people are left with the false choice between security and stability.

Because these updates happen behind the scenes, without any prompts or notices for the user, users have little to no control over whether, or when, the updates happen. On phones, this control can also extend to whether a user is allowed to install an application, use it after they installed it, or in the famous example of Google and Huawei being caught up in the US/China trade war, a customer losing the ability to update their phone. Most recently, Adobe has told its customers they could be sued if they don’t upgrade–using older versions of the software they bought apparently being against their licensing agreement!

Who owns your computer?

The irony is that, decades ago, when your average person had minimal experience with computers, those inexperienced users had much more control and autonomy over them. Many people grew up with computers and smartphones today, and technology is second-nature to them. Many switch between operating systems, laptops and phone vendors as effortlessly as if they were switching between car brands. Yet, at a time when individuals are much more capable of using computers, and computers are simpler to use than ever before, tech companies have decided people can’t be trusted to manage their own devices, that the vendor should have more control than ever before.

In the case of enterprise IT, it’s clear that the company owns employee computers and exercises their rightful control over their own property. But what does it mean if a tech company exercises the same kind of control over consumer computers or phones? If hardware vendors have the power to change your computer silently, without your consent–including 3rd party applications you installed yourself–is the computer really yours? If phone vendors decide which applications you can install, can remotely disable applications from running and can stop you from getting updates, is the phone really yours? If software vendors can install major feature changes without your permission, force you to update, even sue you if you don’t update to their latest versions–is the software really yours?

The solution is consent

The solution to this problem of remote control is pretty simple: consent. While many people in security circles believe the ends justify the means, there are  many examples where the same action, leading to the same result, takes on a completely different tone– all depending on whether or not the actor got consent.

Some people may be more than happy to make their hardware or software vendor, or the IT department,  in charge of their devices, but the vendor should still get permission first. While many vendors will point to their click-through agreements as proof of consent, customers aren’t expected to read (or understand) these agreements, and so they are no more valid a form of consent than a click-through privacy policy. If you have to accept a license agreement before you can use a computer or software, it’s not really consent–it’s an ultimatum.

Consent doesn’t need to mean users will be at risk from malware or security bugs; it just means they give permission before a company changes files on their computer. Vendors can add a simple prompt that explains what’s about to happen, so the customer can approve it. The customers that don’t care or that fully trust the vendor will still click Accept regardless; customers that do care retain control over their computer and can investigate and approve the change first. The problem with removing everyone’s power because you assume most people are apathetic, is that many people are apathetic precisely because they feel powerless in the face of Big Tech companies.

All of Purism’s products are aimed at removing control from tech vendors (including ourselves) and giving freedom back to users. This is true in the free software we use throughout our hardware, the open standards (again, and free software) we use for our services, in our approach to moderation for Mail, Chat and Social. We ask for your permission before we update software on your computer and explain exactly what’s being updated and why. You shouldn’t have to outsource all of your trust and control to a vendor to be secure. With Purism products, you are in control.

The post Consent Matters: When Tech Takes Remote Control Without Your Permission appeared first on Purism.

If you’ve missed any of the previous videos, check out parts One, Two, and Three to get all caught up — then enjoy the 8 videos below (ranging from a music player to running the Apache Web Server right on the Librem 5).  And you better believe we’ve got more on the way.  A lot more.

If you pre-order the Librem 5 before July 31st, you save $50.

Day 21 – Music Player (also on YouTube)

Day 22 – DOSBox (also on YouTube)

Day 23 – GNOME Disk Utility (also on YouTube)

Day 24 – July Librem 5 Update (also on YouTube)

Day 25 – Image Viewer (also on YouTube)

Day 26 – Apache Web Server (also on YouTube)

Day 27 – GNOME File Open Dialog (also on YouTube)

Day 28 – GNOME Help Viewer (also on YouTube)

The post Runs on the Librem 5 Smartphone – Round 4 appeared first on Purism.

The primary appeal of Librem One is that you get privacy without sacrificing convenience. There is already a wealth of free software available, both applications and services, with numerous security and privacy options. However, learning what they are and keeping up-to-date is generally neither simple nor convenient.

To combat configuration fatigue, we apply the following design principles to Librem One applications:

• Identify simple security features
• Make simple security the default
• Work with upstream
• Make it easy for everyone

Identify simple security features

Flawed patterns are design patterns and workflows that allow the user to expose themselves without realizing it, and those patterns must be eliminated.

Simple security features are those that make no difference to the everyday user experience. They should be enabled by default, and the corresponding widget removed.

Experimental security features are cutting-edge design patterns that are subject to change: they might burden the everyday user experience, which often leads to poor security hygiene. So, they should be disabled by default, but be available for privacy enthusiasts and experienced users.

In general, we seek to transform experimental security features into simple security features.

Make simple security the default

Moving forward, we aim to make simple security the default. Security features are enabled and cannot be disabled; enhancements are applied when you update. Experimental security features are disabled by default, but you can enable them at any time.

Work with upstream

Once our philosophies are aligned, we will simply push these changes upstream. Some applications and services prefer to keep configuration options open, in this case we will still push bug fixes and enhancements.

Healthy, vibrant upstreams ensure that users have the option to mix and match both services and applications. So you can always use the upstream version of an application if you prefer, or any other compatible app.

Make it easy for everyone

Remember our user personas? With these design principles it’s easy for everyone…

Alice likes to keep things simple and get on with her day. When she enables a service or installs an application, no further configuration is required. When her services and apps are updated, any simple security enhancements are applied automatically.

Haruto likes to try out the latest features, even when they aren’t ready for everyday use. When he enables a service or installs an application, he sometimes looks through the settings. Or he reads a blog post about an experimental feature and wants to try it out; if it’s tedious or doesn’t really work, he disables it.

Thandi, on the other hand, is comfortable trying out experimental features in both client and server applications. She also contributes upstream to the design and implementation of new protocols and features, helping shepherd them to everyday use.

And that’s it for today; if you want to know more about Librem One, you can sign up right here!

Find out more about Librem One

The post Librem One Design Principles: Simple, Secure Applications appeared first on Purism.

Our hardware and software puts users back in control of computing–but, you may be wondering, can we do the same with our services? With Librem One, the answer is yes. We have big, no, huge dreams about what we can achieve with your support and the wealth of free software that already exists. But we need to keep our feet firmly on the ground.

In this post we will outline the touchstones we have used to do just that–engineer trustworthy services that everyone can use–with a design process called user-centered software engineering. We hope it will facilitate communication with friends and colleagues as we hack towards a common goal… and also show all non-technical readers that human beings are at the center of our bits and bytes. So, how did we do it?

User stories

In the beginning, we created user stories. A user story is a plain-language description of the goal that you, the person using the services, want to achieve–and represents a high-level system feature.

Primary user story

I am an everyday user without my own infrastructure. I want a single point of trust (account and applications), so that communication from my existing devices is both safe and easy.

This story highlights the essential reason we all use online services: we use our phones and laptops to communicate with others, and we don’t own or control all the machines in between. Typically, we need at least one “go-between” to relay messages.

Sysadmin user story

I am a well-intentioned sysadmin. I want to host a service on a hostile network (the Internet), so that I can help strangers communicate without compromising their digital civil rights.

This story highlights a key difference between Librem One and other online services. Our ultimate goal is that anyone with infrastructure and time should be able to rebrand and replicate our services. Users at either provider should still be able to communicate, just like you can email or phone anyone else, no matter who their email or telephone provider is.

User personas

While user stories are abstract, user personas are character sketches that help designers and developers keep a concrete person in mind, while they talk about kerning and for-loops. (These personas are minimal and not based on ethnological observation, so do take them with a grain of salt.)

Three friends

Alice, Haruto and Thandi are college friends who keep in touch. They’re aware of front-page privacy issues (Snowden, Cambridge Analytica…) and are unhappy knowing that their messages, and those of their friends and family, are mined, monetized and otherwise abused.

Alice

Alice is a doctor who uses phone and email to communicate with colleagues, and short text messages to keep in touch with her family during the day. She has a demanding job and an active social life, so she doesn’t have much time to fiddle with her laptop and phone, or log support issues. She expects software to “just work”. She is our reference for an everyday user.

Why Alice?

Alice illustrates that just because you know where the palatine uvula is, it doesn’t mean you have the time–or the inclination–to learn every technical trick there is just to stay private.

Haruto

Haruto is a grief counselor who uses email for work, and a variety of tools to communicate with clients about personal, sensitive issues. He enjoys trying out new apps and features in his spare time, but would never compromise the trust of his clients. He expects core communication tools to “just work”, but doesn’t mind tweaking or reinstalling experimental tools, posting questions on forums or reporting problems informally. He is our reference for a privacy enthusiast.

Why Haruto?

Haruto illustrates that, no matter how mild our threat model, at some point we all rely on the tools that fascinate us.

Thandi

Thandi is a sysadmin by day, managing sensitive data on a corporate intranet and VPN, and a sysadmin by night, managing infrastructures for local at-risk communities–none of whom she knows in person. She has professional expertise in software development and engineering (including command-line usage and logging reproducible issues in an issue tracker) and security best practices. She is our reference for an experienced user.

Why Thandi?

Thandi illustrates that, as expertise and responsibility grow, time diminishes. And additionally, that your recommendations and contributions impact real people.

But what about…

This post has hopefully outlined the high-level concerns driving our development process. But there are, of course, many other issues to consider: legal, technical, compatibility, accessibility, language, demographics… the list goes on, but the important thing for us is that the human element always remains at the center.

And, in case you liked them, please feel free to re-use our user stories, personas and images (drawn by David Revoy) under our always-on BY-SA license.

The post Librem One Design Principles: Services You Can Trust appeared first on Purism.

There is a saying that goes around modern privacy circles that “Privacy is about Consent.” This means that the one big factor that determines whether your privacy is violated comes down to whether you consented to share the information. For instance, let’s say Alice tells Bob a secret: if Bob then tells the secret to someone else, Bob will be violating Alice’s privacy, unless he had asked Alice for permission first. If you think about it, you can come up with many examples where the same action, leading to the same result, takes on a completely different tone–depending on whether or not the actor got consent.

We have a major privacy problem in society today, largely because tech companies collect customer information and share it with others without getting real consent from their customers. Real consent means customers understand all of the ways their information will be used and shared, all the implications that come from that sharing–now, and in the future. Instead, customers get a lengthy, click-through privacy policy document that no one is really expected to read or understand. Even if someone does read and understand the click-through agreement, it still doesn’t fully explain all of the implications behind sharing your location and contact list with a messaging app or using voice commands on your phone.

Big Tech has been funded, over the past two decades, by exploiting the huge influx of young adults who were connected to the Internet and shared their data without restriction. While it’s a generalization that young adults often make decisions based on short-term needs, without considering the long-term impacts, there’s also some truth behind it–whether we are discussing a tattoo that seemed like a good idea at the time, posting pictures or statements on social media that come back to bite you or giving an app full access to your phone. Individuals didn’t understand the value of this data or the risks in sharing it; but tech companies knew it all along and were more than happy to collect, store, share and profit off of it, and Big Tech is now a multi-billion-dollar industry.

Tech companies (and much of society until a very recent past) have dismissed privacy concerns by concluding that “people don’t care about privacy” when the truth is that most people were simply unaware of the data they were sharing, the implications of sharing that data, and of the potential risks of sharing it. Therefore, any consent they gave wasn’t informed consent–companies weren’t motivated to educate customers on the risks they were taking, because it might mean losing their consent.

The main reason everyone is starting to talk about privacy now is because it takes time for long term effects to be felt. As these adults entered the workforce, their youthful indiscretions began to impact their job prospects. Then, with controversies like the Cambridge Analytica scandal, everyone got a clear-cut example of how the data that ad tech collected could be used against them–to do more than show them ads. Privacy has become the tattoo removal of the information age as everyone is looking for a way to cover up mistakes from the past. Now that “privacy” has become marketing gold, these same companies have rallied around redefining the word to apply it to their products without actually protecting their customers.

Solving the Privacy Problem

The reality is that people do care about privacy, but they don’t feel empowered to do anything about it. Between Big Tech, advertisers and governments all wanting to collect and analyze your data, what are you to do? The solution is simple: consent. Society is educating college students on the importance of affirmative consent in sexual encounters and that the default is a position of no consent. This means that it’s not enough that a person didn’t say ‘no’ (opt-out) to escalating sexual contact; they need to say ‘yes’ (opt-in). Affirmative consent grants each individual power over their own body in a way that opting out doesn’t; if these large tech organizations, who started from a position of no consent, were now required to get explicit and informed consent (opt-in) from customers–before capturing and sharing their data–people using them would finally be in control.

But that is unfortunately not what’s happening. Instead, each time privacy proposals come before the government, these same companies that tout privacy in their marketing campaigns fight to remove any requirement that they need to get your consent before collecting and sharing your data. They realize that most people wouldn’t consent if asked, so they’d prefer you ask them to stop (opt-out) and hope most people won’t bother, or understand. When you later discover how they’ve used and abused your data, they can claim you never opted out. They’d much rather ask for forgiveness than for permission.

This privacy problem is why Purism was founded, is cemented into our corporate charter, defines how we build all of our products; it is why we created Librem One services and why we are asking the California legislature to require tech companies to get consent before using your data. You should be the one in control of your technology and your data, and the key to that control is consent.

The post Consent Matters: When Tech Shares Your Secrets Without Your Permission appeared first on Purism.

When we deliver the Librem 5, its software will focus on the most critical applications a phone needs: calls, messages, and web browsing. Some supporting projects will be delivered too, like GNOME Settings, the shell, and GNOME Initial Setup. So without further ado, let’s take a tour through the software we guarantee we’ll deliver, as well as some other applications that have seen some major changes.

Applications

Libhandy

We have made a few minor fixes to libhandy, like improving the homogeneity of the login screen buttons. And HdyHeaderBar now has a back button instead of its window decorations if it is placed inside a HdyDialog, to further enable adaptive dialogs.

Calls

We made some changes to calls’ UI, to display digits pressed during a phone call and use a libhandy widget to switch between recent calls and the dial pad. Also, messages (error or otherwise) are now displayed for only a short time. An ALSA use case-configuration was added for the devkit’s SGTL5000 sound card, which also keeps PulseAudio from setting the microphone to mute.

Messages

We have also made some minor feature additions to Chatty recently. A --safe-mode option has been added, so that if one of a user’s many accounts is failing, it becomes easier to find which one is at fault. If an account validation fails, there is now an account validation retry; and the about dialog is easier to close. When a new contact is added, the template is cleared of previous info, and the chat history list is now ordered so that the newest chat is at the top of the history. Message list height is now used to improve content placement, and the styling of the message bubbles has also been improved by tweaking the CSS.

We have addressed some severe issues as well: a buddy list-related crash, a history-related crash and a memory leak were fixed. Chatty now waits until the modem is ready, before the SMS account is active–and some remaining purple_log parsing functions were removed so as to fix a crash–thanks to Leland Carlyle for the patch!

SMS

Startup connection, reconnection and plugin state have been improved–and an auto-reconnect was added.

XMPP

Testing and integration of the Lurch plugin is completed, and it is even being built as a package!

GTK

GTK 3 is stable upstream, but we need to make some parts of it adaptive for the phone (e.g. the open file dialog), and so we will ship it with some downstream patches–but we are still interested in upstreaming the changes to GTK 3 (if there is interest), and aim to get them into GTK 4. These downstream changes have been added to our build jobs, so that it is shipped on the devkit image.

Our GTK 3 changes also include a lot of dialog work: the file chooser and about dialogs have been ported to the phone; the message dialog has also been ported to the phone, by making their buttons vertical. Also, transient windows and dialogs with a close-button will now have a back-button instead. Resizable windows (hence, most of them minus message dialogs) will be maximized to fill the screen.

Web Browsing

In general, we made a serious effort to overhaul the preferences windows. The history does not overflow the screen anymore, and all the data management dialogs have been overhauled to work better on the phone and look nicer in general (“history”, “cookies”, “passwords” and “personal data” dialogs). Web is now using a mobile user agent too, and most websites look better on the phone.

The tabs popover has been turned into a tabs page, taking the whole window, and it looks great. Plus, the tabs icon has been replaced by a new icon, showing the number of tabs you have open. Thanks so much to Christopher Davis and Alexander Mikhaylenko for these additions!

We are also building WebKit now, to provide rapid scrolling.

Initial Setup

GNOME initial setup has mostly been ported to the Librem 5!

Contacts

We are working hard to port GNOME Contacts to the Librem 5. One of the issues we tackled was fixing the birthday picker and making it adaptive–and one other awesome change was improving the UX/UI for unlinking contacts.

Clocks

We all know that time is important and cannot be ignored… and that is why GNOME Clocks has been ported to the devkit!

Settings

We are currently working on porting GNOME Settings to the Librem 5, and so far, our effort has been mostly focused on the WWAN/Cellular panel (see the cellular panel design); users can now select Network Operator, either manually or automatic, set the allowed modem mode (like 2G only, 3G only, 3G and 4G, etc), and set/change/disable the PIN for their SIM card. The groundwork has also been laid for configuring the APN settings tied to the SIM card, by using mobile-broadband-provider-info and nm-applet APIs, so users can select a default APN via the dialog–and also save them to NetworkManager connections. Roaming can now be set/unset as well.

System

The latest images are now using a 5.2 kernel, have a new keyboard, lots of UI improvements, and more!

Keyboard

We are so happy to tell you about one of the major changes since the last blog post: we now have a new keyboard, squeekboard!

The keyboard now indicates when you’ve pressed a key–many thanks to Hysterical Raisins for helping us prune this issue!

Compositor + Shell

We have mentioned before that the compositor will be switched from rootston to a new phone compositor using the wlroots library (phoc), and now phoc is the default compositor. Phoc has seen some recent bug fixes, like regarding login integration and hiding the cursor when there is no external mouse connected. Touch events are now not lost when destroying a surface.

The look and feel of the shell is always improving, getting closer to what we are familiar with on smart phones–and there have been lots of changes in the shell! Phosh v0.0.3 has just been released, featuring so many of these cool changes!

We also made sure dialogs are now wrapped to better fit the narrow screen, there have been some spacing improvements, CSS changes to phosh (to bring the shell closer to matching the design), and improvements in the system modal dialogs. Many translations have been added and updated to phosh–thanks to the community for contributing them via zanata–and Libhandy is now built as a subproject of phosh, so thanks, Zander Brown, for the patch!

The lockscreen looks much more modern than it did a few weeks ago; we added the date, and fixed an issue regarding WiFi not showing on the lock screen all the time. To keep the lockscreen arrow animation from eating up too much battery, that arrow animation is stopped after 15 cycles. Also, the battery icon now indicates when the board is receiving power too–take a look at the new start screen below, as it now includes the weekday and date!

We have been making some changes to the overview too, to make sure the user is focused on the main applications. The system prompter LayerSurface has been made to behave more like regular GTK widgets.

And since wallpapers are important to most of us, there was a focus on the background: we added a PhoshBackgroundManager, and backgrounds have been re-enabled. The background is drawn at full resolution on HiDPI screens, too! Background zoom mode was implemented, background colors are now supported (besides wallpapers), and the background surface has been modified so that it’s not hidden behind a panel in order for a wallpaper to be centered.

A lot of work has gone into the app switcher too, which has been overhauled–thanks to Zander Brown for all of his work on this!

And if all this wasn’t enough, we have fixed a few bugs, such as a pesky pixel offset issue and that annoying flickering on boot that we reduced by changing the lockscreen background to black, since the shell’s background is black too (desktop background is configurable).

Kernel

Since we upstreamed the devkit’s device tree, the natural next step afterwards was to start on the Librem 5’s device tree–and the first cut of the phone device tree is available here. We also submitted the flash-kernel upstream; both cpufreq and cpuidle are working and there is a noticeable temperature (5-10°C) drop; and when it comes to the graphics stack, one more driver for the imx8MQ display-driver has been merged upstream–only two more to go! We also made some devkit LCD panel improvements, and version 12 of the Mixel MIPI DPHY driver has been accepted upstream!

Documentation

The guide on setting up WiFi has been improved by us, and we also provide more guidance on debugging compositor crashes and LCD problems now. Some other updates concern the information about simple I/O devices, some additional warnings about battery usage and screen area constraints. Core contributors are also likely to find the new documentation on our package building infrastructure helpful.

This is it for today–a big “Thanks!” to everyone who has helped review and merge changes into upstream projects: your time and contribution are much appreciated. Stay tuned for more exciting updates to come!

The post Librem 5 July Update appeared first on Purism.

Support for the Librem 5 devkit’s proximity and light sensor

The following series of patches added support to the devkit’s VCNL4040 proximity and light sensor, the VCNL4000 driver:

• dt-bindings: iio: light: add vcnl4040 devicetree bindings
• iio: light: vcnl4000 add support for the VCNL4040 proximity and light sensor
• dt-bindings: iio: light: add vcnl4000 devicetree bindings
• iio: light: vcnl4000 add devicetree hooks
• iio: light: vcnl4000 use word writes instead of byte writes

Support for the imx8MQs thermal management unit

In this case, the driver was already there–but the device tree needed quite a few additions to enable the TMU:

• arm64: dts:i.MX8MQ: enable the multi sensor TMU

Support for the Librem 5 devkit’s LCD panel

This series of patches added a new DRM panel driver to the devkit’s LCD panel:

• drm/panel: Add Rocktech jh057n00900 panel driver
• dt-bindings: Add Rocktech jh057n00900 panel bindings
• dt-bindings: Add vendor prefix for ROCKTECH DISPLAYS LIMITED
• dt-bindings: display/panel: Add missing unit names

DMA related fixes

Here are several SDMA-related fixes, which are important when it comes to sound:

• dmaengine: imx-sdma: Only check ratio on parts that support 1:1
• arm64: dts:i.MX8MQ: Change ahb clock for imx8mq
• arm64: dts:i.MX8MQ: Fix the fsl,imx8mq-sdma compatible string

DSI related fixes

Finally, a clock addition, in preparation for DSI support:

• clk: i.MX8MQ: Add dsi_ipg_div

We have also contributed with two reviews to already published patches.

That’s it for today, many thanks to all the reviewers so far—and do stay tuned, there’s more to come for the 5.3!

The post Purism and the Linux 5.2 Kernel appeared first on Purism.

And we’re not done.  Because, holy smokes, do we have a lot more to show.  And, let’s be honest, these are just plain fun.  Daily videos kick back off tomorrow (July 11th) with video number 21.

You can enjoy Days 15 through 20 below — and Days 1 through 14 in the Week 1 and 2 posts.

If you pre-order the Librem 5 before July 31st, you save $50.

Day 15 – Cryptocurrency Tracker (also on YouTube)

Day 16 – Something a little different… (also on YouTube)

Day 17 – GNOME Contacts (also on YouTube)

Day 18 – Telnet (also on YouTube)

Day 19 – Sudo (also on YouTube)

Day 20 – PureOS Store (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 3 appeared first on Purism.

Security and privacy for everyone

The right to respect and privacy should be unconditional; within the digital world itself, it shouldn’t be necessary to be an expert in computer science to guarantee you can–and know how to–be entitled to those rights. Making secure and respectful devices is essential, but to be fully ethical, those devices also need to be simple to use, so everyone can use them.

Our mission at Purism is to make technologies that respects people, whoever they are and whichever background they come from. That is why we make sure that everything we develop conforms to the Ethical Design manifesto, The manifesto itself is quite simple in what it states: that everyone should have the right to be respected and to have a delightful user experience.

I am not saying that Purism’s technology is perfect in the sense of simplicity of use–nevertheless, we are constantly working towards it, and we will always keep that goal in mind. Purism is a Social Purpose corporation, it is funded by the people, and we give back all our research and development to the people. This way we make sure that the initial ethical goal of Purism is a free seed that will grow no matter what.

Up and running in three minutes

That’s all it takes. The video shows it really only takes three minutes to get you up and running with a brand-new Librem laptop. The Librem  laptops ship with PureOS pre-installed, and its setup is pretty straight forward, as you can see. No install process is necessary, no mandatory constraining policy to agree on, no probable spyware to setup for a more convenient advertising experience…

Your Librem may get to take one or two more minutes to start if the Librem One setup is part of the initial setup process, but everything will remain pretty simple–especially if you already have an account. I will be writing more on that subject soon, so stay tuned.

The post Up and Running With Your Librem in Three Minutes appeared first on Purism.

Below you’ll find the software for Week 2 (days 8 through 14) — from Emacs to Torrents to Games.

Side note: If you pre-order the Librem 5 before July 31st, you save $50.

Day 8 – GNOME Clocks (also on YouTube)

Day 9 – Emacs (also on YouTube)

Day 10 – Password Safe (also on YouTube)

Day 11 – OpenTTD (also on YouTube)

Day 12 – GNOME Podcasts (also on YouTube)

Day 13 – Fragments Torrent Client (also on YouTube)

Day 14 – Drawing (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 2 appeared first on Purism.

So you finally started working on the awesome idea you had for a GNOME app, designed a great interface for it and want to start building it. You open Gitlab in order to create a new repository… and oh no!, it wants a name.

Existential dread sets in. Naming things is hard, and naming user-facing things even more so. App names are read, pronounced, heard of and remembered by lots of people. A name is, along with an icon, the most important identifier for your project. This tutorial will help you find a great name for your app–or, at least, make it a bit easier.

General Guidance

As the GNOME Human Interface Guidelines puts it:

“An application’s name is vital. It is what users will be first exposed to, and will help them decide whether they want to use an application or not. It is a major part of your application’s public face.”

A good name is hard to find, but putting in a bit of effort up-front is worth it, since renaming the app afterwards is much harder (and messier). A good name should consist of one or two simple nouns; be related to the app’s domain (e.g. Celluloid for a video app); be short (less than 15 characters) and easy to pronounce. It should also make it easy to come up with a good icon (e.g., reference an object that could be turned into an icon), and use title case (e.g. Icon Preview instead of iconPreview).

On the other hand, a good name should probably avoid using trademarks or names of other projects (e.g. GNOME MPV); having a “G” prefix (e.g. GParted); being overly complicated, whether a name or an acronym (e.g. GIMP, GNU Image Manipulation Program); relying on puns and inside jokes (e.g. D-Feet), using non-standard punctuation and whitespace (e.g. UberWriter) or made-up words and word combinations (e.g. Inkscape).

The Process

Having been involved in naming a lot of projects, I now have a process which consistently produces pretty good results: I write down all the words related to the app’s domain I can think of; do a thesaurus search of some of those words, find even more related words and, when I have about 15, I pick out the best-sounding ones, and ask myself: Are they too long? Are they easy to pronounce? Could they have negative connotations? I do a quick check to see if the names are already taken and, among those not taken, choose my favorite one.

Naming an app which is part of GNOME is slightly different, because apps have completely generic names describing their function or type content (e.g. Files, Image Viewer, Fonts, Music). Since this is much simpler–and unusual–in this tutorial we’ll focus on independent, third-party app naming only. Let’s start with a real-world example: a few months ago I was involved in renaming an internet radio app called Gradio–a bad name for many of the above-mentioned reasons. We wanted a nicer name for the new, completely rewritten version of the app.

1. Brainstorm

So, Internet radio. What immediately comes to mind? Well, let’s say Radio, Transmission and Stations. But these are pretty generic terms, so let’s branch out a bit. As with most digital technologies, it’s hard to find nice metaphors, but we can use their analog predecessors (i.e. analog radio).

Are there any related physical objects we can use? Maybe Receiver, Headphones and, say, Antenna? Maybe also something related to analog radio technology, such as Transistor or Frequencies? We also considered the names of people who worked on the technology, like Marconi and Hertz.

2. Thesaurus

Now that we have a few words to start with, let’s plug them into a thesaurus (or a similar site, like relatedwords.org) and see if there are any good related words. and see if there are any good related words. This is usually pretty hit or miss, as most related words will neither be relevant to the domain, nor make sense as names. But I always find a few good options that I didn’t think of before.

A few additional words from a thesaurus search were Transmission, Shortwave, Wireless and Decibel. We also had a brainstorming session on Matrix with a group of people from the community, which gave us Longwave, Shortrange, Hzzzzz, Spectrum and Waves.

3. Pick the best ones

We had about 20 words, so we stopped brainstorming and started looking for the ones that would make good names. This is not a scientific process: just take each word and imagine it as the app’s name, paying attention to its length, ease of pronunciation, and whether it sounds nice.

My favorites were Transistor, Hertz, Spectrum and Shortwave. They’re all relatively short, easy to pronounce, and sound good as app names. We now need to know if we can use them.

4. Check if they’re taken

I usually start off by searching directly on Github to see if any other FOSS projects are already using a name. If I don’t find anything there, I search for the name on Duckduckgo, adding “app” or “open source”. You’ll often find something somewhere using the name already; not necessarily a problem, if it’s an app/project/company from a different domain–but it’s better to avoid large projects and companies.

It turned out Transistor is already a radio app for Android. Since our app does something very similar, people might think it is affiliated with that project, which we want to avoid; and Hertz is the name of a car rental service. It’s a big company, so best to stay away from that as well. Spectrum is already the name of a forum software (which looks really cool, by the way). The potential for confusion is low here, but the project is well-established, with 6000+ stars on Github, so also not a great option. Finally, Shortwave is used by a bookmarking app; some search results are related to actual analog radio software, but nothing looks too problematic, and it seems viable.

So, the process is always the same: a quick search to check what’s out there and determine the potential for confusion or trademark problems. Since you’re working on a free software app, you’re probably not going to get into legal trouble, but you may have to change the name later on.

5. Pick a winner

You probably know which name you want by now, so go ahead and make it official. In our case Shortwave won. It is good because it is short, distinct-sounding, related to the domain, a pronounceable English word that is not taken by any major projects or companies.

And if all your favorites are taken, go back and do some more brainstorming: the perfect name for your app is out there, and you will find it!

Bonus

Here are some examples of well-named third party apps in the GNOME ecosystem, and what makes their names great:

Fragments, a torrent app. The name is great because it is unique among torrent app names (which usually reference water, e.g. Deluge), yet clearly connected to its domain, since BitTorrent splits files into lots of tiny parts and sends them in random order.

Peek is a GIF screen-recorder with a very appropriate name: it makes short recordings of small parts of the screen and feels small, quick, and frictionless–all of which the name perfectly encapsulates.

Teleport sends files across the local network. The idea behind it is to make sending the file seem effortless when compared to other methods, such as using web services or USB drives. The Sci-Fi metaphor is perfect for that.

That’s it for now–I hope you enjoyed this tutorial, and if you feel like reading the full version, you can find it here.

The post Librem 5 App Design Tutorial — Part III appeared first on Purism.

What does “Made in USA” mean?

We would never use the words “Made in USA” lightly. We had to meet very strict requirements before being allowed to use that label. It’s well-known that other firms have been fined for mislabeling their Made in China products as Made in USA, for instance because “screwdriver assembly” only (getting electronics made elsewhere and doing final case-assembly in the USA) is not enough to qualify for “Made in USA”. A company can source specific, individual electronics components from around the world (we source chips like the OpenPGP smart card from a European supplier, for example) but must actually make–as in fabricate–the product here, in the US, to be able to label it as “Made in USA.”

Protecting the digital supply chain matters

We are investing in improvements all across our supply chain. We have written about the importance of protecting the digital supply chain before, and are now pleased to announce a major, related improvement: the new, made in USA Librem Keys!

The original Librem Keys were manufactured by Nitrokey as part of our initial partnership. We will be manufacturing the Librem Key v2 in the same US facility where we manufactured our Librem 5 devkits; it will have the same features of the original Librem Key, use the same OpenPGP smart card chips, and the inside will look almost the same–but the outside will have a new, re-branded case saying “Made in USA”.

Tight supply chain control is very important, because this device will hold your most sensitive secrets–your GPG keys, your PureBoot secrets. We oversee the complete production of the Librem Key, so they never leave our sight–from PCBA to finished product–until we send them to you. You can trust not only the keys, but also any laptops configured (at our facility) with PureBoot and protected by those same Librem Keys.

This is only the beginning

Made in USA Librem Keys are only the beginning: we have already tested the capabilities of our US facility by making Librem 5 devkits there, and as we continue to fine-tune our operations with the Librem Key, we are testing how many more of our products we can build there.

Having Made in USA, in-house fabrication ensures freedom, security, and privacy for people and enterprises. This is the second Made in the USA product by Purism, but only the beginning of what we have coming.

If you are interested in Made in USA Librem Keys, you can find more information about them here.

The post Made in USA Librem Key appeared first on Purism.

SAN FRANCISCO, Calif., June 27, 2019 – Purism, the social purpose corporation which designs and produces popular hardware and software that protects users’ digital lives, today announced its Librem Key product will be the first device of its category to be made in the USA.

Librem Key, the first and only OpenPGP smart card closely integrated with the Heads-firmware offering a tamper-evident boot process, launched in September 2018. Initially manufactured in-part by partner Nitrokey, Purism is now manufacturing Librem Keys entirely from Purism’s Carlsbad, California headquarters – the same U.S. facility used to manufacture its Librem 5 smartphone devkits in 2018. Version 2 also stores up to 4096-bit RSA keys and up to 512-bit ECC keys and securely generates keys directly on the device.

Supply chain security is a rising concern due to the lack of control hardware companies have over manufacturing links. Threats include security hacks, malware concerns, cyber-espionage, and even copyright theft. Purism sees protection of its supply chain as an existentially important issue, and has invested in supply chain improvements including the launch of Librem Key V2.

“Having a secure supply chain is critical for hardware that holds your most sensitive secrets,” said Kyle Rankin, Chief Security Officer of Purism. “By making the Librem Key in the USA, we’ve removed even more links in the supply chain and can directly oversee the complete process from Librem Key production to shipping to the customer. Here at Purism we hope to lead by example, lessening uncontrolled links and understanding every step of our supply chain.”

Purism takes the “Made in USA” label seriously, especially as other firms have been fined for mislabeling their products as American made when they were made in China. For example, “screwdriver assembly” – electronics made elsewhere and doing final case assembly in the USA – does not qualify a “Made in USA” stamp of approval. And while a company can source specific individual electronics components like resistors or unpopulated circuit boards from around the world, the company must fabricate the product here in the US to qualify as “Made in USA.”

“Librem Key’s USA fabrication is yet another area where Purism is beating the technology giants by ensuring a secure supply chain for critical hardware, and it has been our goal to do so since we formed in 2014,” said Todd Weaver, founder and CEO of Purism. “As we start to move more and more of our manufacturing to the U.S., it will give us complete control over the production lifecycle, which means that eventually our devices will never leave our purview, from schematics, through PCBA (Printed Circuit Board Assembly), to finished product.”

This move will enable Purism to exponentially increase manufacturing volume to meet growing sales demands.

A Key to the future

Made in USA Librem Keys is the beginning of Purism’s journey to a tighter supply chain. Since the inception of Purism in 2014, the company has been working toward a U.S. supply chain because of the security implications and benefits.

Purism has already tested the capabilities of its U.S. facility by making Librem 5 devkits late last year, and the company continues to fine-tune operations with the Librem Key and setup for more of its products to be built there.

The investment in protecting user privacy and security has paid off. Purism has seen triple-digit sales growth year-over-year since its founding in 2014 and even with a rapidly growing 60+ person team continues to grow funded from profits.

Made in the USA Librem Key will begin shipping on July 4, 2019. Learn more about Librem Key here: https://puri.sm/products/librem-key/

About Purism:

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco, California, and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact:
Marie Williams
Coderella
415-689-4029
pr@puri.sm

The post Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA appeared first on Purism.

Below is the first week worth–Solitaire, web browser, system tools, note taking… just all over the map. Some of these are mobile optimized applications. Others are desktop Linux applications, running unmodified on Librem 5 development kit hardware.

What will the next week hold? Which applications and games will we take a look at over the coming week? Who knows! (Well. I do. But I’m not telling.)

Side note: If you pre-order the Librem 5 before July 31st, you save $50. And fifty bucks is fifty bucks.

Day 1 – Solitaire (also on YouTube)

Day 2 – Gedit and Apt (also on YouTube)

Day 3 – Web Browser (also on YouTube)

Day 4 – GNOME Calculator (also on YouTube)

Day 5 – GNOME Dictionary (also on YouTube)

Day 6 – Evince Document Reader (also on YouTube)

Day 7 – Annotated Note Taking with Xournal (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 1 appeared first on Purism.

In a nutshell, what you can read in The Mercury News is how every Big Tech company seems to care about privacy now—while quietly attempting to dismantle the California Consumer Privacy Act before it even goes into effect. Why? California’s new privacy law requires large companies to respect basic information rights: what is collected, sold, traded or shared.

Sharing intimate information and manipulating users’ choices and actions are serious mistakes.

Our colleagues in Big Tech worry about privacy violations too… and that’s why so many of them don’t allow their own children to use the products and services they sell.

Regulate us. Seriously.

We don’t believe in building things we wouldn’t let our own kids use, and that’s why we want to strengthen California’s consumer privacy law. Our industry knows how to innovate and adapt, we thrive in the startup mindset of tackling new challenges, we know how to conquer what seems impossible. Regulation that helps civilians is critical; regulation that creates a barrier to entry for competition and protects technology giants is not.

We know how to imagine, dream, innovate, and implement.

We want to make sure our customers, their families and our families–everyone’s privacy rights–are protected. It is imperative. Because strong privacy laws are good for everyone.

Read the full article in The Mercury News post–written by our CEO, Todd Weaver, and Brave CEO, Brendan Eich.

The post The New Generation of Tech and Stronger Privacy Laws appeared first on Purism.

Conferences

A couple of blog posts back, we mentioned that our hardware engineer gave a talk at KiCon—and it is available for watching now!

Also, recently Tobias Bernard attended the Libre Graphics Meeting, where he had lots of conversation around the future photo viewing application for the Librem 5 phone.

Applications

Libhandy

Libhandy v0.0.10 was released and has a slew of cool new widgets! In summary, the new widgets are:

• HdyViewSwitcher: a view switcher which can automatically adjust its layout to fit narrow screens
• HdySqueezer: a widget that allows switching where the view switcher is
• HdyHeaderBar: an advanced header bar
• HdyPreferencesWindow: an adaptive preferences window for all applications

A nice aesthetic change is that HdyComboRow handles long labels better now—by ellipsizing them.

Below you can see how HdyViewSwitcher makes the Clocks application adaptive.

Below you can see how the HdyPreferencesWindow is used in GNOME Web to make the preferences window adaptive.

We also improved Libhandy’s test suite.

Calls

Work has continued to extend wys to instantiate PulseAudio’s loopback module—which ties the modem’s and codec’s ALSA devices together when a call is activated, and de-instantiates the module when the call is terminated. Since this causes conflicts with hægtesse, a scheme was devised to keep both hægtesse and wys from running at the same time.

Messaging

A chat history is being implemented via an SQLite database. Thank you, Leland Carlyle, for all of your hard work in this area!

Account verification has been added so that now, when you add a new account, a connection is established to the server and (in case of failure) the user is alerted. Thanks to Benedikt Wildenhain for the patch!

XMPP

We are very committed to providing encrypted messaging when the phone ships, so we have made an extra effort to implement OMEMO encryption, via the Lurch
plugin. Recent changes in this plugin have led us to ongoing integration and testing with Chatty.

There is a padlock symbol in the message bar now, indicating whether the chat is encrypted or not. You can also view your fingerprint—as well as your conversation partner’s fingerprints (see example below). Thanks, Richard Bayerle, for all of your work on the Lurch plugin!

Web Browsing

GNOME Web will benefit from the new widgets released in Libhandy 0.0.10, as mentioned above. Additionally, since recent testing has identified some bugs in GNOME Web, our development team has been looking into some of these issues. The outcome has been the reporting of many of those issues upstream.

Initial Setup

We plan to deliver GNOME Initial Setup in the first shipment of the phone—because it is very important for setting up your environment. Before any major porting effort was possible, though, some design effort was needed—and now porting work is underway!

System

So many exciting things are happening at the system level!

After many revisions, the librem5-devkit device-tree has been accepted upstream. To prepare for this, the same device tree name is used both in the kernel and in the flash-kernel as well.

The devkit image went through lots of changes, too. Wlroots v0.6.0 is now available, and contains many of our necessary changes. To make the overall experience look nicer, the shell now prefers the dark theme, and the keyboard auto-hides when the app drawer is opened. Detecting corrupted downloads of images has been made faster by adding a size verification. Thanks to Hugo Grostabussiat for the patch! The devkit image has support for the camera, too–and below you can see the devkit’s first selfie 🙂

Several areas of the kernel have seen major improvements, and we are now very close to some important milestones. One such area is forward porting patches so that the images built for the devkit can switch from a 4.18 to a 5.2 kernel, and we’re almost there! You can find a recent image build with the 5.2 kernel here.

With the new kernel, you will be able to long press the power button to turn on the devkit, and use suspend/resume. To help better detect SoC revisions, an RFC
patch has been sent to improve this. Working towards improving the power management, we are testing cpufreq and preparing some cpuidle tests.

A lot of effort has been put into debugging the sound on the 5.2 kernel. After many hours of work, we have discovered that ATF was blocking access to the aips regions—and upstream ATF has it fixed now!

On the shell side of things, phosh has been made a polkit agent (so things like GNOME Software can ask for elevated credentials). We made some other improvements, like hiding the OSK when it’s not needed, removing the weekday/date from the lock screen, and making it easier to use Glade with phosh. Since a compositor switch is coming soon, the team applied many improvements to the new compositor, phoc (phone compositor). We will be showcasing this new compositor soon, so stay tuned for that!

Also, and to get us closer to separating the bootloader from the OS, we have been putting a lot of effort into placing u-boot in the MMC area. Flash has been enabled in u-boot, so that the DDR PHY firmware can be written to flash. Thank you so much, Kyle Evans, for the work on mainline u-boot!

The work on the graphics stack continues, too. To work towards mainline GC7000 GPU support, we folded the etnaviv part of libdrm into mesa upstream. Our thanks to Christian Gmeiner and Dylan Baker for the review! To take a look at the graphics on the devkit, check the Quake II demo below.

Documentation

To improve the devkit unboxing experience, lots of how-to guides have been added or updated:

• Building uuu – uuu is the tool used to flash the devkit image
• Flashing eMMC
• Using HDMI
• Making cases
• Testing a factory image
• Updating the software

Some more noteworthy updates have been added to the Status of Subsystems page and the devkit peripheral software interfaces.

A big “Thanks!” to everyone that has helped review, and merge changes, into upstream projects; your time and contribution are much appreciated. And that’s all for now, folks—stay tuned for more exciting updates to come!

The post Librem 5 June Software Update appeared first on Purism.

The View Switcher

GNOME applications typically use a GtkStackSwitcher to switch between their views. This design works fine on a desktop, but not so well on really narrow devices like mobile phones, so Tobias Bernard designed a more modern and adaptive replacement – now available in libhandy as the HdyViewSwitcher:

In many ways, the HdyViewSwitcher functions very similarly to a GtkStackSwitcher: you assign it a GtkStack containing your application’s pages, and it will display a row of side-by-side, homogeneously-sized buttons, each one representing a page. It differs in that it can display both the title and the icon of your pages, and that the layout of the buttons automatically adapts to a narrower version, depending on the available width. We have also added a view switcher bar, designed to be used at the bottom of the window: HdyViewSwitcherBar (and we’d like to thank Zander Brown for the prototypes!).

The Squeezer

To complete the view switcher design, we needed a way to automatically switch between having a view switcher in the header bar, and a view switcher bar at the bottom of the window.

We added HdySqueezer; give it widgets, and it shows the first one that fits in the available space. A common way to use it would be:

<object class="GtkHeaderBar">
  <property name="title">Application</property>
  <child type="title">
    <object class="HdySqueezer">
      <property name="transition-type">crossfade</property>
      <signal name="notify::visible-child" handler="on_child_changed"/>
      <child>
        <object class="HdyViewSwitcher" id="view_switcher">
          <property name="stack">pages</property>
        </object>
      </child>
      <child>
        <object class="GtkLabel" id="title_label">
          <property name="label">Application</property>
          <style>
            <class name="title"/>
          </style>
        </object>
      </child>
    </object>
  </child>
</object>

In the example above, if there is enough space the view switcher will be visible in the header bar; if not, a widget mimicking the window’s title will be displayed. Additionally, you can reveal or conceal a HdyViewSwitcherBar at the bottom of your window, depending on which widget is presented by the squeezer, and show a single view switcher at a time.

Another Header Bar?

To make the view switcher work as intended, we need to make sure it is always strictly centered; we also need to make sure the view switcher fills all the height of the header bar. Both of these are unfortunately not possible with GtkHeaderBar in GTK 3, so I forked it as HdyHeaderBar to, first, make sure it does not force its title widget to be vertically centered, and hence to allow it to fill all the available height; and second, to allow for choosing between strictly or loosely centering its title widget (similarly to GtkHeaderBar).

The Preferences Window

To simplify writing modern, adaptive and featureful applications, I wrote a generic preferences window you can use to implement your application’s preferences window: HdyPreferencesWindow – and organized it this way:

• the window contains pages implemented via HdyPreferencesPage;

• pages have a title, and contain preferences groups implemented via HdyPreferencesGroup;

• groups can have a title, a description, and preferences implemented via rows (HdyPreferencesRow) or any other widget;

• preferences implemented via HdyPreferencesRow have a name, and can be searched via their page title, group title or name;

• HdyActionRow is a derivative of HdyPreferencesRow, so you can use it (and its derivatives) to easily implement your preferences.

The next expected version of libhandy is libhandy 1.0. It will come with quite a few API fixes, which is why a major version number bump is required. libhandy’s API has been stable for many versions now, and we will guarantee that same stability starting from version 1.0.

The post The New libhandy 0.0.10 appeared first on Purism.

I have just had a wonderful conversation with Greg Nibler, from Digital Trends Live, about all kinds of different ways these issues are being tackled. Greg started by asking me to introduce Purism, and why we do what we do.

Well, we started around 2014 as a Social Purpose Company: we advance social good over maximizing profit. We build laptops, a secure token called a Librem Key, and we are also coming out with the Librem 5: a smartphone that doesn’t run on Android nor IOS, but our own operating system PureOS (the same you get on our laptops). These are available today, with the Librem 5 phone (on pre-order now) coming out in Q3 of this year. Our services—chat, email, social media, VPN—are all standardized protocols, decentralized, with no data retention and end-to-end encrypted. We are going to continue to put out more and more hardware, software, and services as we progress.

I’m kind of a hardcore geek, both in the hardware and software side—but I also am a digital rights activist, making Purism my dream come true by combining hardware, software and services together, in one convenient package. What is awesome is that our entire team is excited about the exact same thing: making convenient products that respect people. Hardware is a little bit more security-minded and privacy-focused, it is where the hardcore audience is: it really gets down to a trust and verified model. The same happens with software: it all needs to be released.

It’s just like with organic food – you have to inspect the soil, so regulators can say ‘hey, this is actually organic’. We do that same entire model within the hardware realm: we release everything for verification, and that gives us peace of mind at that low level—all the way up to services.

We also believe services should always be end-to-end encrypted, and they should never track people. We bundle all of our ethical services together into one package, and if we hand you a laptop you don’t have to know that the schematics were released, that the software was all released. What we offer was built by a Social Purpose Company, you can just turn it on and use it.

Greg was curious about the kill-switches we install in our laptops: I told him it’s kind of an old thing, a reboot of the kill-switches on early devices – just like a light switch, it allows you to toggle off the hardware. You can physically sever the circuit of the webcam and microphone, so they don’t have any power to the actual device.

And they are really, really easy to use. We are going to have them on the Librem 5 phone as well, so you can turn the webcam and microphone off, Wi-Fi and Bluetooth, even the cellular connection if you want to. Why don’t Big Tech companies use these any longer? It was easy to do it in software; then it became this trust issue, where you could have your webcam on even though the light didn’t come on… What’s fascinating is we’re actually starting to see Big Tech companies use these, and a few other devices, because of these privacy-invading concerns. Big Tech is going to be pushing this privacy talk as well—even though it’s more a marketing thing than related to any type of credibility.

How do I see these issues evolving? They are clearly going to continue to grow around how much data is being gathered, where things are joining together, and data leakage. Data retention policies are going to start coming out: how long somebody holds the data for, what data is being stored, how all of these little bits of data add up to a giant story about you—and how that story is exploited.

We ended the interview with a clear notion of what Purism is—successfully, ethically—competing against. It was a cool chat, do watch the video and listen to the full version here. And thank you, Greg Nibler and Digital Trends Live!

The post Todd Weaver on Digital Trends Live appeared first on Purism.

At Purism, we aim to promote privacy and freedom through the use of free software (and we see it as ethical software). When we work, and in order to produce our content–such as what you see in this page–we use free software, too. And so, with a small budget and some basic audio and video gear, along with a few Librem laptops (running free software only, of course), we have made this video the ethical way, using ethical tools from beginning to end.

Pre-production

Pre-production took us the longest, and kept us working for quite some time–we ended up taking over a month to prepare everything. Todd, Purism’s founder and CEO, handed me a really funny script that he had written himself; I read it and started organizing the shoot with the help of Jenny Lavery, who did an amazing job of finding the perfect actors, location and props.

After planning every shot I started drawing a storyboard, using GIMP, my Librem 13, and a simple graphics tablet.

Shooting

Once everything was planned for, I packed my suitcase and traveled to Austin, Texas, with Therry Cazorla, a fellow French countryman. Therry is the director of photography with whom I have been working for years.

We were so lucky with the weather; the weather is always a big question mark, and a nightmare in what comes to delaying everything, when shooting outside. I had planned on spending two full days shooting the entire video, but everything went so well–and everybody was so professional–that we ended up managing to shoot it in just one day, which was amazing!

Like I said before, we chose to use free software only. That choice led us to shoot with a camera that is compatible with Magic Lantern, a free software add-on that… well, adds features to the camera we used, and that also allowed us to shoot in RAW format–i.e., straight from the sensor and generating an uncompressed file, resulting in the maximum possible raw image quality.

The RAW format is also very useful for it allowed me to process the look of our initial footage as soon as I finished recording; I used a software called MLV-App to do just that, because it lets me analyze my raw footage and apply a flat look to it. This is a personal preference, it’s what I prefer to do regarding color grading technique and results. Everything flowed so well I managed to put together a first, rough edit, the very day we finished shooting.

Post production

Shooting in the USA was fun, but once we finished I had to travel back to France, to my home studio, where I had all the material I needed to start editing.

Video editing

I used Kdenlive to edit the video; it is a very complete, very professional, free software, non-linear video editor.

I now had the perfect opportunity to test the new Librem 15 with a 4k screen… having this video to finish meant I was simultaneously able to test hardware and software in a real project, and help developers improve product experience. And so I made a first cut of the video, and started to edit the audio.

Audio editing

Audio quality plays a big part in the overall quality of the final, resulting video. I would even go a step further and say the quality of the audio is perhaps more important than that of the image, when making a professional-grade video (but feel free to disagree).

In order to professionally edit the audio, I had to export my timeline from the video editor to a proper audio editor—Ardour, in this case. This import/export feature exists neither in Kdenlive nor in Ardour, but I needed it and had to find a solution—and this is one of the great advantages of using free software: that it is public and belongs to its users, making creating a missing feature (and giving it back to the community) something very doable. And that’s exactly what I did: I created a python script that converts the timeline from my video editor into a timeline for my audio editor. If you want it, you can get it in our Gitlab repository.

This allowed me to perfectly edit my audio, using very professional free software tools; it guaranteed a smooth, even sound, where the cuts between different shots are impossible to hear. Afterwards I added some extra ambient noise to ensure continuity and to give a bit more color–which leads us to the subject of our next chapter.

Color grading

The color of each individual take was then worked in order to guarantee its consistency over the whole video. I later applied a global (meaning, to the whole video sequence) color grading, to give it a consistent style and tone. I like to work over very flat footage that is low in saturation and contrast. I then add some contrast with a bleach bypass effect, and do the final tweaks on the curves and levels filters. The graph monitors in Kdelive let me adjust colors and levels with a high degree of precision—and I can be sure that colors are just right, that my eyes are not tricking me.

Motion design

I added some text effects at the end of the video: mostly, over the Librem One logo.

I made all my text animations in Blender, an amazing 3D free software application with very powerful compositing and animation features.

You might have noticed a subtle light effect in the logo animation (just before the rainbow appears)–it’s actually a handmade, traditional animation made with OpenToonz, a free software app that was also used for some of the biggest productions of the Japanese anime industry.

That’s it, and thank you for your time–it was fun 🙂

The participants:

Andre Martin as The Husband

Will Moleon as The Enlightened One

Karina Dominguez as The Wife

Christine Hoang as The Neighbor

Tom Costello Jr. as The Gardener

Sanjay Rao as The Business Man

Giselle Marie Munoz as The Business Woman

Bryan Lunduke as The Voice-Over

The crew:

Jenny Lavery co-producer, casting director and clapperboard

Camille Westmoland makeup artist

Blake Addyson sound engineer

Thierry Cazorla director of photography

Todd Weaver producer, screenwriter (and co-directed the actors, too)

The post “See Your Junk” – Behind the scenes appeared first on Purism.

Security is a huge industry today, and it continues to grow, with companies releasing new products all the time–products they claim will protect you. Privacy is also hot topic right now, with many companies making sure they include “privacy” in their marketing. There is also an entire industry around products built on free software–even Microsoft recently pivoted over to supporting software freedom in its products.

Even with all these companies focusing on the same topics, Purism stands apart from the crowd. How? In our approach. Most other companies build products that coincidentally put them, the vendor, in control. From the beginning, Purism has designed all its products to empower the user, not the vendor. All of our products show this approach–and this post will highlight some of our user-empowerment design decisions.

Control Your Hardware

It is more and more difficult to find laptops that are easy to upgrade and repair. Some cases even demand for experts with special tools and quite a bit of effort to do something as simple as a RAM upgrade (if it’s not soldered on), to replace a hard drive, or to replace a battery. Some vendors justify this by pointing at design sensibilities, but it coincidentally also means you are more likely to buy the more expensive versions of their laptops even if you don’t need the extra resources. Some vendors go even further to control who can upgrade or repair the hardware, and use DRM and security chips to make it difficult to use third-party hardware.

Our laptops have visible Philips screws on the bottom. You can remove the bottom case yourself, without any special tools and without Purism’s permission, and get access to the RAM, drive bays and the battery–and replace them yourself. We added simple hardware kill switches so you can control the webcam, microphone and WiFi hardware–no need for special software.

Control Your Software

Vendors love using software to lock customers into their ecosystem. Proprietary software and proprietary operating systems have been doing this for decades and in that world if you want new features and in some cases even security updates, you have to pay the vendor for the privilege. If the vendor removes a feature, changes a default, or even completely changes the program, you don’t have much recourse. As long as you use that vendor for everything, things might work OK, but the moment someone else offers a better alternative, you discover just how little power you have to switch.

Purism ships its hardware with free software, starting with coreboot boot firmware all the way to the 100% free software PureOS operating system. By using free software, we put you in full control over all of the software on your system. You have the freedom to change any piece of software you like, you can install any OS you wish–and upgrades are free. By controlling the software, you also control the hardware. If you have to root software, you don’t really own it; with Purism hardware you don’t have to root anything.

Control Your Security

When you ask vendors to build a secure system, they end up designing something that keeps full trust and control in their hands, or else has no security at all. Vendors hold the keys to your security, not only because they don’t trust you to manage it, but also because it conveniently locks you into them. If you ask a vendor to secure the boot process, they design a system where every OS must get their approval (signature) before it can boot. If you ask them to secure your communications, their solution is to replace your current system with proprietary software and protocols they control.

We believe you should hold the keys to your security. We have designed each of our security measures so that you are in control, not us. This is why we chose our PureBoot solution over existing signature-based approaches that might lock you into us. With PureBoot you control all of the keys that protect your boot process and can easily change them at any time. You can boot any OS you wish without having to get Purism’s approval or disable boot security. This is also why our Librem Key uses open hardware, firmware and an industry-standard OpenPGP smart card to store your keys securely without any proprietary software. When we secure communications with Librem Chat and Librem Mail, we do it with end-to-end encryption. You hold all of the keys–so no one else, Purism included, can snoop on your communication.

Control Your Phone

The phone ecosystem takes even more control away from the user. Phones are harder to repair and upgrade than laptop hardware, and some require a hardware signature handshake so the vendor must approve any hardware peripherals (like headphones) you might attach. You can only install software the vendor has approved of ahead of time, and upgrade the OS if the vendor says you are allowed, unless you are willing to disable all security protections in the OS and root your phone.

Apple recently demonstrated the level of control it has over phone software when it removed Facebook’s internal iPhone apps; Google demonstrated the control it holds over its own ecosystem when it revoked Huawei’s access to OS updates as part of a larger trade war. With these controls in place, how much of your phone do you actually own?

The Librem 5 phone has been designed to put you back in control. By running free software, starting at the boot firmware and ending with PureOS, there’s nothing to root–you control the full stack. You also can remove the back and have access to the battery, a removable OpenPGP smart card, a removable cellular modem, and a microSD card so you can expand your storage later on. It also includes three hardware kill switches to give you control over the cameras and microphone, WiFi/Bluetooth and cellular modem–and you can combine all of them to disable the rest of the sensors, in what we are calling “Lockdown Mode” for even more control.

Control Your Services

Internet services are a major area where tech companies take control from their users. Ask any of these companies to create a network service, and they’ll invent one where all traffic coincidentally flows through them only, with proprietary clients, servers and protocols they control. You have multiple messaging apps on your phone not because of technical limitations, but because each of the big tech companies wants to lock you into their own proprietary network, and leverage network effects to keep you there. After locking you in to the platform, these companies then capture as much data as they can about you so they can sell access to it (and to you) to third parties. You end up with no control over your own data–or to how it is being used.

We designed Librem One to put you back in control of both your privacy, and your data. By creating a suite of decentralized and open-protocol services using free software servers and clients, and hosting it all under a central brand with a single username, you get all of the convenience of big tech services, but you actually control your data and the service itself. Since we fund Librem One on a standard subscription model, we don’t collect your data, track you, or show you ads.

Each Librem One service lets you communicate with any of the other networks on the Internet that speak the same open protocols (it’s just like being able to email friends regardless of what email provider they use). You can pick our branded Librem One apps for ease-of-use, or any of the excellent free software projects we based them on. If you don’t need the convenience of Purism managing your services, you can even host your own versions of every service we run—we even plan on sharing how we set each of these services up, just to make it easier for you to host them yourself in the future.

Control Social Media

Social media is another area where tech companies have exercised control–not just over its users, but ultimately over speech on the Internet as a whole. Since they fund social media from ads (therefore, from your data and preferences), social media applications are focused on taking control over what information you see. That is why it is so difficult to get a social media application to sort by date–it’s more important for them to train their relevance algorithms, so they know which promoted posts to put in your feed. Everyone has become so used to giving up control over the rest of their lives, they are now asking those same companies to decide not just what they see in their feeds, but what speech is allowed on the Internet at all.

It turns out that, while Big Tech companies are good at building technology, they are not human rights or censorship policy experts, and putting them in control of speech on the Internet has led to a lot of problems–including the silencing of disaffected groups–while not making anyone happy with their centralized moderation decisions. Centralized moderation also has a heavy human cost: it outsources the ugly task of sifting through the worst that the Internet has to offer to low-wage workers, often resulting in emotional and mental trauma.

Some have advocated moving to a decentralized network like Mastodon in response. While the network is decentralized, the way the technology is built still puts control over what you see into the hands of the sysadmin who happens to be moderating your instance. Like in Big Tech companies, sysadmin are not human rights, or censorship, experts; since they are often doing this as a side hobby, their approach to moderation (however sincere their efforts) tends to err on the side of whatever is easiest, which tends to be censoring a post, or blocking a user or a network. This has led to a chilling effect on political speech in certain instances, harming some of the same minority groups the moderation policies aim to protect. If a moderator happens to share your values, you’re in luck; if not, your only recourse is looking for another instance.

At Purism, we have taken a completely different approach, with Librem Social aimed at putting you back into control of your social media. We recognize that we aren’t human rights or censorship policy experts, so we’ve deferred to the real experts in the space to help us define an approach to moderation; one that expands the anti-discrimination clause in our Social Purpose charter:

The Corporation will not discriminate against individuals, groups or fields of endeavor.

The Corporation will allow any person, or any group of persons, in any field of endeavor to use its systems for whatever purpose.

You shouldn’t have to outsource your trust to a vendor to be secure, you shouldn’t have to outsource your control to see only the content you want to see. We have added a policy against harassment and illegal activities so you can stay safe, while modifying the existing Mastodon software Librem Social uses so you only see content you opt into.

This is a (great) start, and immediately solves a lot of problems for Librem Social users–but it still leaves some issues for the rest of the Mastodon instances without our opt-in approach. We have big plans to add features to Mastodon at large, features that give moderation control back to the users, not only of Librem Social, but the entire Mastodon network. You should be in full control of the content you see, never having to rely on a central authority (even one you might trust, like Purism) to curate it for you. Whether you want to filter out adult content or politics, or to opt in to them, we aim to build tools that give you, not us, that power.

User Empowerment

All of Purism’s products are aimed at removing control from tech vendors (including ourselves) and giving freedom back to users. This is true in the free software we use throughout our hardware, the open standards (again, and free software) we use for our services, and in our approach to moderation for Mail, Chat and Social. You shouldn’t have to outsource all of your trust to a vendor to be secure, have privacy, or only see the content you want to see in social media. With Purism products, you are in control.

The post With Purism Products, You Are in Control appeared first on Purism.

We put the Librem 5 dev kit next to an HTC One, both powered completely off, then pushed the power buttons at the same time.

The result… it wasn’t even close.  I almost feel bad for Android.  Almost.

(You can also watch this over on YouTube.)

I mean, sure.  “Boot speed” certainly isn’t the end-all, be-all of performance.  In fact, it may not even be in a “Top 10 Important Performance Metrics.”  But it gives a good indicator of what’s possible with the system — and what to expect.  Add to it, the fact that this was done without any boot speed optimizations at all?  Downright exciting.

The Librem 5 smartphone is schedule to begin shipping in Q3 of 2019.  Stay tuned to this blog — or follow Purism on Librem One or Twitter — for updates and details.

Also worth noting: You can pre-order the Librem 5 now for $649.  That price goes up at the end of July.  So if you want the lower price, now’s the time.

The post Librem 5 vs Android — Which boots faster? appeared first on Purism.

The darker side of “control vs. freedom” or “control + harm” casts a shadow on every facet of technology—and it is a digital civil rights issue, where control over you by corporations is causing you harm, all the time, on all your devices.

The answer is rather simple: Don’t. Control. People.

Don’t track people

It would be simple to create the exact same technology companies that exist today, without the creepy crossing into personal privacy invasion. Social Media can absolutely exist (and even sell ads) without being invasive; search tools can return valid results (and still sell ads) without recording everything on you (forever); ride sharing services can drive you places without tracking your every location when you’re not using them; ordering history from stores certainly does not need all your personal data after you receive what you ordered.

Don’t retain useless data

There is no reason to retain everything a person has ever done digitally. A simple policy of “once data is no longer needed, it is deleted.” fits perfectly here. Does the police need to hold your GPS location, date and time permanently, after scanning your car’s license plate? Does a social media service need to backchannel your purchase receipts to match who you follow and interact with, against credit card receipts, forever? Not really.

Use free software

Use software where it passes the simple freedom test: Can you run that program as you wish? Can you study the source code? Can you share it alike? If you can, you have complete control over the program, and you can avoid harm.

Don’t Control People. If hardware, software, and services would follow this simple rule of not controlling people, the results would become quickly apparent.

Hardware should not have a corporate controlled lock, so people can own devices, not rent them. Software should be under the full control of the person using it, and source code released. Services should be decentralized, so no single entity can control them and their users. Once all three (hardware, software, services) are in the hands of the people, then they will truly be digitally free.

Big Tech strips Freedom and causes Harm

Let’s take a look at some of big-tech’s big issues below:

Apple

Looking at Apple (the censorship and personal control masters), we see they block applications from their platform, censor applications and content to their own liking, disallow them on their platform entirely, invade privacy with excruciating level of detail, are anti-competitive with an unlawful monopoly with its App Store, among many other examples of their control over you. We quickly recognize that people are just renting a device from Apple, that Apple is in complete Orwellian control of it, that all our personal data is also under Apple’s control.

Facebook, Instagram, and Twitter

Welcome to the manipulation and censorship private clubs of social media: these companies control their user-base through haphazard policies to ban posts and manipulate everything you see, trying to influence your opinion. It has been a long upheld legal stance that you may disagree with what a person may legally say, but you must respect their right to say it. The reason? Centuries of jurisprudence showcasing the issues of censorship causing harm. We may want to pay attention to the EFF, FSF, ACLU, California Constitution, and the US Supreme Court, when they all agree that censorship is a terrible idea.

Google

This data hoarder has incomprehensibly large amounts of data on everything you do, from every device every millisecond of every day, and is invading your privacy, controlling your devices, censoring voices, and spying on you. The executives at Google pen opinion pieces on how much they care about privacy while undermining it with lawmakers: their actions are the exact opposite of their words, while they are committing some of the worst digital atrocities of all time.

Uber, Lyft, Spotify, and the rest

These and others all fall into the same Silicon Valley funding process: to write software, services, and applications designed around grabbing as many users and personal data as possible—oftentimes doing an end-run around regulation in the name of innovation (does anybody actually think Uber or Lyft aren’t just non-yellow taxis booked through a mobile app? So why shouldn’t they comply with the same rules and regulations that taxis do? Oh… right, because of ‘innovation‘). All these companies share the same bad habits of writing software that controls the person using it, of exploiting people for profit—be that through tracking your every location detail, your mood, profiling you, leaving you unable to verify the source code and inserting malware into it—continuing abuses of your digital civil rights.

The Solution

Is quite simple: support products and companies that protect your freedoms, put you in complete control, and work to eliminate harm. The interesting side effect is you will also be building a more tolerant, empowering, diverse, and inclusive society.

Get Librem One

Pre-Order Librem 5

The post Control, Freedom and Harm appeared first on Purism.

Librem Social is a social network. Think Twitter… if Twitter respected your privacy and didn’t advertise to you.

Librem Social is part of Librem One, the suite of privacy-protecting, no-tracking apps and services created by our team at Purism. Librem One currently includes Librem Mail, Librem Chat, Librem Tunnel, and Librem Social.

Over 2,000,000+ people. Ready to follow.

Librem Social is part of a network of social network servers already boasting over 2,000,000 users!

Two Million!

Follow friends. Make new ones. Share stories, pictures, and videos with them. Librem One is ready and growing. Fast.

Opt-In, No Ads, No Tracking

One of Librem Social’s most important features is that, unlike all other social hosts, it is entirely opt-in. You only see posts from people you want to follow.

This means you are not force-fed an unrelenting stream of manipulated content specifically targeting you. No way, no how. Not on Librem One. On Librem One you see the posts from the people you want to see posts from – your friends, family, news sites and favorite celebrities. And that’s it. If you want, you can search for posts from across the Fediverse (more on that later).

We also do not advertise to you. Not at all.

Which means we have no reason to track you. Simple, right?

Available Wherever You Are

Librem One is accessible via:

• The official website at https://social.librem.one./
• The official iOS or Android apps.

What Technology Does Librem Social Use?

Librem Social is proudly built on Mastodon, part of what is known as “The Fediverse”, as well as many other Free Software projects that we actively work with and contribute to.

The Fediverse is the decentralized replacement to MySpace, Orkut, Friendster, Google+, Twitter and Facebook (can you spot the trend?). The Fediverse already exists, and it is growing. What makes the Fediverse different to its forebears is that it has no central domain – not even a central service. It’s composed of lots of services, all of them speaking (mostly) the same protocol, known as ActivityPub.

Fediverse developers are currently working on replacements for things we know (shout out to PixelFed!) and other things we can only dream of (shout out to Spritely!). When they do arrive, we can yell out a stretch goal, apply some elbow grease… and once we’re done you can start following them, breaking the cycle of needing a new account to join your friends on whatever’s hot right now.

Public service announcement:

As well as a purely opt-in workflow, we have another very distinguishing feature – that everything on Librem Social is public. Everything. Who you follow, who follows you, your announcements and your replies.

Why? Well, for two major reasons:

Because valuing your privacy doesn’t mean staying indoors with the curtains closed all day. Sometimes you want to go out, socialize, catch up on news – and share your own.

At the same time, you don’t want to blurt out something personal just because there’s a lull in the conversation (it happens). That’s what private chat is for. Librem Social is designed in the context of a service bundle, so you know what tool to use for the right job, with no oopsies – and, more importantly, with none of your personal details on our server.

What if… I don’t like what I see?

We don’t control the content of search results. If you are concerned, please read our quick guide to staying safe online. If you see something illegal, please report it to the relevant authorities, as they are best equipped to handle illegal content. If you are being harassed, or witness online harassment, block and flag the offending user and a moderator will take action. We do not tolerate harassment. This is an area of well-established rights, Librem Social is built on and with the expert policies of ACLU, FSF, and EFF, while avoiding the pitfalls of ham-fisted censorship we all dislike from Big Tech.

We are very pleased to see so many people socializing already. If you want to follow us, or ping us with your thoughts, our Librem Social / Fediverse address is @purism@librem.one – and you are always welcome!

Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Chat is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Introducing Librem Social appeared first on Purism.

Calls

We have been diligently working to finish the phone call audio quality for production. While the USB audio works just fine (with some tweaks), the PCM audio coming out of the dev kit was noisy and distorted, due to the most-significant bit in the PCM stream – from the i.MX8 to the modem – being incorrect.

In the meantime, we have started work on a daemon, Wys, that loads and unloads PulseAudio loopback modules according to the state of ModemManager voice calls; and investigating and testing a different modem, in order to evaluate its potential alongside the Gemalto PLS8 one.

All of this effort brings us closer and closer to having phone calls that work wonderfully.

Messaging

The SMS plugin of Chatty has been reworked to use libmm-glib, simplifying the handling of the ModemManager interface, and making the adding of further SMS functionality less cumbersome.

The new Lurch plugin changes (used for E2EE in XMPP) needed to be tested, since the upstream maintainer has done a lot of recent work on the plugin (specifically for integration with Chatty) – and this support gets us even closer to delivering good E2EE XMPP functionality!

We are happy to say we found, and promptly fixed, a couple of issues related to Chatty: crashes due to multi-instances or when loading the Matrix plugin, and Chatty not recognizing outgoing messages after a restart. It’s all working fine now.

Oh, and the message bubble width was reduced to no more than 70% of the conversation view, and it looks so much better now. Thanks to Leland Carlye for the improvement!

Web Browsing

A new adaptive view switcher widget (HdyViewSwitcher) has been added to libhandy, which is needed by Web’s preferences dialog in order for it to be adaptive and to, well, look nice on the phone; we will use it in other apps such as Software, Clocks, and Photos. It was such a big effort, and it’s so wonderful to see it completed – and a success! To make sure that HdyViewSwitcher looks just perfect, we have added a best fit container (HdySqueezer).

We also want to make the header bars more flexible to matching the display needs of the phone, and we are working on adding a HdyHeaderBar. Doing it led us to discover, and fix, a memory leak in GTK+3 and GTK+4.

See below for a preview of the HdyHeaderBar:

We are almost done adding a HdyPreferencesWindow, so we can make it easy for apps to have a featureful preferences window that is also adaptive.

Below, a preview of the HdyPreferencesWindow:

Email

We have made some excellent improvements on the design of Geary! The outcome can be seen in several mockups that design how the conversation actions, conversations list, composer and selection mode should all look. Some of these mockups may require further changes upstream, but they get us ever closer to having a nicely complete mail client design.

System

The dev kit image is getting closer to using a 5.2 kernel instead of the 4.18 kernel – which means our team has been tireless in their effort of upstreaming the librem5-devkit device tree, flash-kernel changes, and sending various other patches upstream. Be sure to check out a nice post on Purism’s upstream kernel contributions.

We are also continuing to work on a compositor replacement for rootston, and getting closer to be able to switch from rootston to phoc (replacement compositor) independently.

Another awesome change in the image is that the WiFi status is now displayed in the panel and lock screen!

We are trying to separate the bootloader from the OS, and to get us closer to this goal, a uuu script that flashes the full-boot-image has been added to the librem5-devkit-tools package. There is also support for generating an additional boot image alongside the main one, needed to flash U-boot and the M4 firmware into one of the eMMC boot hwparts. Thanks to Hugo Grostabussiat for the contributions!

We are continuing to work on the graphics stack; recently, v11 of the Mixel MIPI DPHY driver was submitted upstream.

Our awesome community has pointed out some issues over time… and we have fixed them: fix screen blank -> unblank cycle, improve GPU performance by using the correct clock parents, and unbreak clock enable/disable in our NWL driver, so we can turn off clocks when blanking the display.

Some other changes to the system include us taking a look at using mainline atf to control power saving and suspend/resume; improving phosh to make the output locking more dynamic, and adjusting the VINDPM of the charge controller.

Documentation

We have added a new guide on working with UI files, and have a cool weather example coming to the documentation soon, to help all the GTK+ app developers out there.

See below for a preview of the weather app:

Some helpful How-To guides on the inertial module and proximity and light sensors were also added.

We have improved the Matrix room mentions for readability, the API documentation with better linking to external APIs and resources. The dev kit setup instructions are being improved as well, to be more of a step-by-step guide, and a page on troubleshooting dev kit power issues is coming soon.

That’s all for now, folks – stay tuned for more exciting updates to come!

A big “Thanks!” to everyone that has helped review and merge changes into upstream projects; you are awesome, and your time and contribution are much appreciated!

The post Librem 5 – End of May Progress appeared first on Purism.

You are also well aware that, for some reason, if non-hitchhikers discover you have your towel with you, they also assume you carry your own toothbrush, soap, space suit, etc; that they will happily lend you anything you need and might – accidentally – have lost. Above all, they will think that anyone who travels along the galaxy and still knows where their towel is, is clearly a nice, careful, reasonable person. And so, you’re very likely carrying a towel with you today.

The team at Purism wishes you a nice #towelday, and a really amazingly together weekend. We know our readers are cool froods who always know where their towels are.

Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Chat is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Happy Towel Day 2019 appeared first on Purism.

Since you’re here, let us tell you about the new Librem Tunnel, the encrypted tunnel based on industry-grade technology.

You probably know by now that the Librem Tunnel is part of Librem One, a suite of privacy-protecting, no-tracking apps and services created by our team at Purism, which also includes Librem Mail, Librem Chat and Librem Social.

Librem Tunnel offers an encrypted, no-logging, virtual private network tunnel, making sure all your network traffic is secure and your privacy fully protected. This means you can safely and conveniently use any public hotspot and not have to worry about how private your connection really is, using standards-based OpenVPN with any compatible client. You are not the product in Librem Tunnel: you will not be tracked, we do not sell your data, and we don’t advertise.

Imagine you’re at a coffee shop, at a work seminar or on campus. Or maybe you work remotely, or you’re traveling, or your kids want to go to the park and the nice little cafe you’re having ice cream at happens to, conveniently, have free WiFi. You know you need to use HTTPS to get the little green lock, but you can’t be expected to review the network security of every WiFi access point you use. Do you really want the cafe owner to know the names of the web sites you visit, what IP addresses you interact with, what protocols you use? Why not use a secure tunnel you can trust?

You may be wondering why we are more trustworthy than an arbitrary access point. Well, we guarantee that we don’t ever monitor or log your connection. We also recommend HTTPS Everywhere to make sure you’re using HTTPS whenever possible. And for even more, extra safety, use Tor Browser.

You’re probably thinking: well, why not just use Tor Browser, without the tunnel? The answer is, because it would only secure your web connection, and your device makes other connections too. Additionally, if you make an unencrypted connection over Tor, you are again relying on an arbitrary endpoint. Trust us instead.

Want to stop your coffee shop recognizing your device every time you come in? We’ll cover that in a separate guide soon.

And here are a couple of bonus tips for PureOS users interested in defense-in-depth at the connection layer:

• You’ll probably be happy to know that HTTPS Everywhere is included by default in PureBrowser.
• Finally, we have instructions for installing Tor Browser, for that extra layer of protection.

These tips are broadly applicable to other systems too, we hope they help. That’s all for now, we’ll be back soon with a short introduction to Librem Social, so stay tuned!

Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Tunnel is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Introducing the Librem Tunnel appeared first on Purism.

The reasons behind the privacy paradox have been highlighted numerous times by our team at Purism: it all boils down to a simple word, convenience. It is convenient to give up your digital rights, it is simple to just click past a privacy wall, and easy to sign up for a service you know exploits you. It is inconvenient to learn about the best practices for privacy protection, from software to browser plugins and applications – let alone to find what service to use that isn’t entirely designed to spy on everything you do.

The solution to the privacy paradox has also been answered many times by our team at Purism. It all boils down to the same simple word, convenience. People want convenient products that respect them by default, that they can trust will not exploit them, that allow them to participate in digital society with peace of mind, knowing they are in complete control.

Creating an ethical, convenient alternative to Big Tech is what everything is about at Purism. As a Social Purpose Corporation, we design security-focused hardware combined with freedom-respecting software, and we have recently launched Librem One — our bundle of privacy-protecting applications, currently available on iOS and Android.

Librem One offers the gateway to the complete control of your digital life; it means you can sign up today and create a single account on Librem Chat, Librem Mail, Librem Social, and Librem Tunnel – that all are backed by proven protocols that do not track you, have no advertising, are decentralized and offer personal freedom with neither centralized control nor censorship. Social and chat are offered for free, while adding encrypted email and VPN are offered under a subscription – and more services are to be added in the future.

Combining Librem One with the other Purism line of products, such as a Librem laptop or Librem 5 phone, means you can relax in the knowing you are in total control of your hardware, software, and all your services. In other words: you can participate in digital society and be quite the trendsetter avoiding Big Tech, rather than sitting around (inside a privacy paradox – a strange place to find yourself in) shoveling your data to tech giants, for their profits only.

Avoid the privacy paradox: sign up for Librem One, and buy Purism products from your friendly Social Purpose Company.

The post Avoiding Big Tech to Protect Your Privacy appeared first on Purism.

Because this is a vulnerability in the Intel CPU hardware itself, like with Spectre and Meltdown, the patch for these vulnerabilities comes in two forms:

• Linux kernel patch for PureOS users
• CPU microcode updates for Librem laptop owners

PureOS Users

PureOS users are advised to update their system packages using their normal software update process, which will pull down the latest 4.19.37-3 kernel package.

Librem Laptop Owners

Purism includes CPU microcode updates as part of our coreboot firmware, so laptops shipping out starting this week will already be patched for these vulnerabilities. For existing laptop users, you will need to update your coreboot firmware to the latest version. Just follow our documentation on using our coreboot update script. Microcode updates have been added to the default coreboot SeaBIOS firmware starting with version 4.9-Purism-1 and in our beta PureBoot firmware starting with version heads-beta-6. In addition to using our update script, you can access the changelog for our pre-built binary firmware images directly at our firmware releases project page.

The post Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability appeared first on Purism.

We’re especially proud of our kernel contributions – where 13 patches have made it into 5.1. Since this is our first installment, it also includes the changes that went into 5.0 and 4.20. Bellow is a list of our most recent contributions.

Let’s start with support for the Librem5 dev kit’s charge controller:

• power: supply: bq25890_charger: Read back the current battery voltage
• power: supply: bq25890_charger: Add the BQ25896 part
• power: supply: bq25890_charger: Remove unused table entries
• power: supply: bq25890_charger: Add debugging output of failed initialization

SDMA fix for i.MX8mq [needed for SAI (audio)]:

• dmaengine: imx-sdma: fix consistent dma test failures
• dmaengine: imx-sdma: add a test for imx8mq multi sdma devices
• dmaengine: imx-sdma: add clock ratio 1:1 check

Support for the Librem5 dev kit’s touch screen:

• Input: goodix: print values in case of inconsistencies
• Input: goodix: refer to touchscreen.txt in device tree bindings
• Input: goodix: support Goodix gt5688

Finally, here are some miscellaneous i.MX8-related fixes and device tree additions:

• dt-bindings: imx8mq: Number clocks consecutively
• arm64: dts: imx8mq: Add pwm device nodes
• pinctrl: imx-scu: Depend on IMX_SCU

We also contributed Tested-by and Reviewed-by to five patches.

There’s more to come for the 5.2 kernel, as there are 14 patches staged in linux-next already, and we have gotten some friendly reviews for other parts. Stay tuned for more details getting us closer to make the Librem5 dev kit bootable with a mainline kernel, and many thanks to all the reviewers!

The post Purism and the Linux Kernel appeared first on Purism.

Let us tell you about the new Librem Chat: the no worries, free end-to-end encrypted chat, VoIP and video-calling service.

Social good, freedom personal privacy and security are things you take seriously (and probably think everyone else should, too). And maybe you already know that the Librem Chat is part of Librem One, a suite of privacy-protecting, no-tracking apps and services which aim to make the world a better place.

Librem Chat is:

Decentralized – join chatrooms at librem.one, matrix.org, or any other Matrix domain
Private – create end-to-end encrypted chatrooms that only participants can see
Text, voice and video – communicate any way you want to
Mix and match – use either the official app or a compatible app; use our app on a compatible service
Convenient – connect from any device with a compatible app
No ads – we don’t sell ad space, we don’t track you
Free – we don’t think there’s much need to explain this one

What else can we say? It is a total, privacy-respecting replacement for all those intrusive chat services. One you can either use to have a friendly, one-on-one conversation with your best friend, or to call large groups of people. It is a real-time communication app, making real-time communication work seamlessly between different service providers. And since Librem Chat is based on the universal Matrix chat protocol, you can be sure you’ll be able to chat with all your relevant people, either inside or outside the librem.one domain, because we do not lock-in to one technology company. Just remember that trust is per device – so only install Librem Chat on devices you own and trust, and be sure to remove any devices that you no longer use.

Talk with friends and family, share photos – anything you’d like. We hope you enjoy, and stay tuned for more news on the Librem One services!

Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Chat is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Introducing The New Librem Chat appeared first on Purism.

SAN FRANCISCO, Calif., May 16, 2019 — Purism, the social purpose corporation which designs and produces popular secure hardware, software, and services, has seen its Librem One suite of privacy protecting apps and services surpass its initial crowdfunding goal of 5,000 backers in just two weeks.

Librem One is growing in popularity as users grow distrustful of how large tech companies are using their personal information.

In the past week, tech giants have been under fire over repeated bad faith efforts to protect users, paying lip service to data privacy while their actions demonstrate otherwise:
• Days after Google‘s CEO wrote an OpEd in the New York Times on the importance of protecting user data, the company announced new data-dependent advertising products.
• Facebook declared that “the future is private“ at its developer conference last week, even while the company is facing billions of dollars in fines for data privacy violations.

The Librem One suite of apps and services are designed to provide users with convenient alternatives to Big Tech products so they can use everyday tools without being tracked or having their data harvested for advertisers.

“Librem One is just what I was looking for: a simple-to-use, all-in-one bundle that gave me everything I needed to finally leave Big Tech. I purchased the family pack and even got my wife and kids to leave Facebook and WhatsApp and make the switch to Librem One. We are all as happy as can be with the experience.” – James Jackson

Librem One includes end-to-end encrypted chat, end-to-end encrypted mail, and end-to-end encrypted VPN, as well as an open public social network. More services, such as end-to-end encrypted cloud storage, payments, and phone service, will be built in the future and added to the bundle. All current and future services in Librem One have no ads, do not track users, do not look at, sell, or share anything people create or send, and are available on popular platforms like Android and iOS.

“Librem One reaching backer goals within such a short period of time underscores the public demand for secure, ethical online services,” said Todd Weaver, founder and CEO of Purism. “No advertisements. No tracking. No selling of user data. This is the way online services should be, and we have baked that into the very core of Librem One.”

Additional Information

Librem One FAQ
Librem One Policies
Librem One Moderation and Code of Conduct

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism +1 415-689-4029 pr@puri.sm See also the Purism press room for additional tools and announcements.

The post Purism’s Librem One Suite of Privacy Protecting, No-track Apps and Services Surges Past Initial Crowdfunding Goal After Two Weeks appeared first on Purism.

The post 5000 Happy Librem One Users! appeared first on Purism.

In my last post we went over the philosophy and process, goals and relevant art of building a read-it-later app; today we’ll be covering the basics of navigation, layout, and adaptive design, for both mobile and desktop.

Sketches and Mockups

Now that we have a pretty clear idea of the structure of our app, we can finally dive into designing the UI. Personally, I like starting off with sketches on paper and only then move to Inkscape for more detailed mockups, but you may use any tool you’re familiar with. There’s no need to be good at drawing, or good at a particular application, for this; you should just find a way to visualize your ideas – any way that works for you is good.

If you are using Inkscape for mockups, you might want to check out the GNOME mockup template for some common layouts and patterns to use in your designs. If you are looking for GNOME-style symbolic icons for your mockups, you can find them here, here, and here.

Navigation

When it comes to the layout of an interface, it’s a good thing to have in mind what navigation structure would make the most sense for the type of content you have. The most common navigation patterns for GNOME apps are the Stack, the View Switcher and the Sidebar List.

The Stack pattern is meant for when the views are completely separate, the UI is not shared and there is a back button that enables you to go back to the overview. This is, for example, how Photos allows you to navigate between a stream of photos and the detailed view of an individual photo. This means there is a bit more friction to switch between views than with other patterns – but it’s also more focused. It’s a great pattern when you don’t have to switch between views a lot.

The View Switcher is better for cases in which a small number of views are either equally important or need to be easily accessible. It’s used in GNOME apps such as Clocks, Music and Software as the primary form of navigation. On the desktop this switcher is always in the header bar, but a new adaptive version of it, which moves to the bottom of the screen for mobile, is being developed. It’s not quite ready yet, but it will soon hit a version of Libhandy near you.

The Sidebar List is used when not only you have a lot of views, but you also often need to switch between them. It’s used in Fractal’s room list for example, because it gives a quick overview of all rooms and allows for quick context switching. On mobile, where there’s obviously not enough space for a content pane and a sidebar, you can use a Libhandy widget called Leaflet which transforms a Sidebar List on desktop into a Stack on mobile.

Sidebar List and Stack navigation

For our own read-it-later app, we will need navigation to switch between the different lists (Unread, Archive, Favorites) and between lists and article views.

The former is a small set of views that we want easily accessible, so a view switcher is a good fit. Since we can’t use the shiny new adaptive view switcher widget yet, we can use a plain old view switcher in the header bar (though we can, and should, design the UI with the beautiful new switcher in mind).

For the latter we could either use a stack or a sidebar list (along with the Leaflet widget so it works on mobile). Since we want this app to allow for a focused reading experience, and switching back and forth quickly between articles is not going to happen very often, a Stack is probably the best solution.

This means our main screens will look something like:

Article List Screens

Now that we have a basic navigation structure, we can design each individual screen in more detail. These three article list screens are basically the same lists, but with different content.

The main purpose of these screens is to provide a nice, legible list of saved articles that entices people to catch up with their reading (list). In order to do this we’re going to go for a comfortable layout – which should include the article’s title, a preview, and some information about each article.

To help users catch up with their saved articles we should also try to make the content as interesting as possible. A plain, reverse-chronological list of saved items can be quite boring, and I’ve noticed I myself often scroll down the list randomly, looking for older articles. A potential way to build this feature into the core experience would be to show the reading list in a randomized order, while also showing the most recently saved articles at the top, as a separate category (see the mockups below).

In terms of actions, we need to expose Search and Selection modes (for operations on multiple elements) as well as the application’s primary menu. The primary menu contains global app-level categories such as Help, Preferences, and About.

In the selection mode we need to have the ability to move articles to Favorites and Archive and delete them from our reading list. Since this is not an essential functionality though, we won’t be doing designs for it yet (but if you want to learn more, have a look at the selection mode page in the GNOME HIG – and the same goes for search, in the relevant HIG page).

Article Screen

An article screen’s job is pretty straightforward: it’s meant to provide a great reading experience for the saved articles. Since many websites kind of suck in this regard, a reader mode (like the ones Epiphany and Firefox have) should be the default view whenever possible. There is however no guarantee that a given article will end up perfectly rendered, and we do need a way to show the website in its native styling, if and whenever necessary.

We also need to move articles into Favorites and Archive, and be able to delete and share them. The most important actions are usually shown directly in the header bar; the remaining ones (or simply the result of not having enough space) will call for a secondary menu.

Desktop

We should by now have a more or less clear idea of what our app looks like on mobile; but what will it look like on desktop? Similar to responsive web design, if we design our app for a mobile environment first, it’s usually pretty easy to make it work well on larger screens as well.

As our app has no sidebars or other complicated layout elements, the main change is that the content column width will have to grow with the window until it reaches a maximum width which is comfortable for reading. This can be implemented by wrapping the content area in a HdyColumn. The view switcher will also move up to the header bar, and there will be a close button on the right side.

We now have the basic structure and most important screens for the application – but that’ far from being everything we need. We need to design login and account settings, empty states, first run experience, errors, search and a number of other things that are beyond the scope of the series… It’s worth noting that mockups tend not to be final, that interfaces almost always change during implementation – as you learn more about use cases, underlying technology and other constraints. Ideally, you’ll also do some informal user-testing with real people, in order to get feedback about what you designed.

If you enjoyed the second part of this tutorial, stay tuned: I’ll be back soon with the third (and final) part. In the meantime, feel free to play with the mockups I made for this tutorial.

The post Librem 5 App Design Tutorial – Part II appeared first on Purism.

Conferences

At JDLL, Adrien gave a talk on “GNOME on phones” and helped out at the GNOME booth, where he answered lots of questions about Purism’s products and animated a first contribution to GNOME workshop along with community member Alexandre Franke.

Design

The current design effort is around the Geary email client, where adaptive designs have begun; some of the symbolic icons in Geary have been improved.

Software Work

Images

There are always improvements and fixes making their way into the image creation; for example, the librem5-base package needed a fix in order to unbreak rendering. To make testing easier, debs built by gitlab-ci are now saved as artifacts. Flashing a devkit is a little easier now that the tool used to flash a new image, uuu, has been updated to make it buildable for PureOS. Also, with a recent change to the scripts used in flashing the devkit, we avoid re-downloading the image if one already exists.

Mesa

Since graphics are quite important for a phone, we continue to invest in the mesa graphics library. A lod level dump issue and a symlink issue were fixed. A second version of the GALLIUM_DDEBUG fix was submitted and merged upstream (thanks to Lucas Stach for the review!).

Compositor + Shell

We continued experimenting with our own forked compositor by implementing wlr-output-manager: however, until it is ready for prime time, there is a parallel effort to keep on improving rootston. The main phosh improvement was that the adwaita-dark theme was applied to the shell by default.

Calls

We all know how important it is for a phone to place phone calls, so there is a continuing effort investigating audio over the modem. There are issues with DMA transfers on the SAI interface; digging into the issues included testing various kernel changes. Stay tuned for more to come on this effort.

Libhandy

We’re getting closer to bumping the API version of LibHandy to 1! Some new widgets are in the works: HdySqueezer is a cool new widget that is needed for HdyViewSwitcher, which is needed by many apps and HdyPreferencesWindow, which in turn is needed by Web and other apps.

Messaging

The SMS plugin is being reworked, and an issue happening when more than one instance of Chatty was opened that has been resolved.

Linux 5.X Kernel

Hooray, the devkit’s LCD panel driver has been accepted upstream; thanks to Thierry Reding for applying these, and thanks to the reviewers Fabio Estevam and Sam Ravnborg, too! We are working on getting the librem5-devkit devicetree upstream. There is also an ongoing investigation into why USB stopped working with the 5.1 kernel, and last but not least, an SDMA fix was accepted upstream.

Hardware Work

We continue to work on the Librem 5 board schematic, and are getting ever closer to getting the hardware into production!

Community Outreach

The troubleshooting guides on the developer documentation have been split out to be a little more readable.

A big “Thanks!” to all the external teams that have helped review and merge changes into upstream projects; your time and contribution are much appreciated.

That’s all for now, folks – stay tuned for more exciting updates to come!

The post May Progress Update – Librem 5 appeared first on Purism.

At Librem One you have One account to rule them all. One account to remember, One account to share with all; and no privacy to surrender.

One of the fundamental design goals for Librem One, outside of privacy, was linking all of our services under a single convenient login. This means that no matter how you want to connect with me, you have everything you need on this personal card:

Whether you want to follow me on Librem Social; email me on Librem Mail; or message me with text, voice or video on Librem Chat, you can do it all using todd@librem.one.

Discovering Others in the Community

Using your email address as the discovery tool across platforms makes it simple and convenient to find and communicate with people. As a remarkable side-benefit, it becomes very simple for people to determine the protocol-specific usernames—be those @todd@librem.one for social, @todd:librem.one for chat, or todd@librem.one for email.

As an example of how this works in practice, let’s say you have joined a room in Librem Chat—a room about a topic that interests you. You meet other interesting people and make some friends; it’s now easy to find and follow them on Librem Social, since the usernames are the same on both platforms.

A single login also makes things easy for Librem 5 users: when you first get your phone, if you have a Librem One account you will be able to enter a single login and have all of these services light up, ready to use.

Hasn’t This Already Been Done?

It has, but for (unfortunately) very different reasons. Many tech giants also offer a unified login that gets you access to a bundle of services—but convenience is only one of the motives, and often the most innocent one. You see, they also find a lot of value in being able to link your accounts across platforms, in order to be able to collect and correlate more data about you—as well as lock you into their complete proprietary product suite.

Our approach is different from your traditional unified login, because by using standards and open protocols—Mastodon, Matrix, Email, OpenVPN—that allow people to communicate outside private clubs (and be free from centralized authoritarian control), we can offer a service that has a built-in and thriving community of millions of people. We can also offer a service that allows people to move freely, to change providers, to have control over their digital lives.

By using free software like Tusky, Mastodon, Matrix, RIOT, K9, Dovecot, PureOS, etc., we participate in a strong ecosystem of millions of developers – who release authored code for others to use, as long as they follow the same licensing of share-alike. By bundling all these standards and protocols into a single account, we are making it safer and more convenient for people than the rights-stripping proprietary services from big tech.

Proprietary Services Make Logins Complicated

Even though big tech firms offer unified login, their commitment to lock-in, proprietary protocols means you instantly sacrifice convenience once you leave their club. Currently, you may be a member of countless private clubs, designed to exploit and control you, and not even know it. If I ask you what are all the ways I can contact you, you will probably answer with a list containing a username on Facetime, Facebook Messenger, Instagram, Skype, Whatsapp, WeChat, LinkedIn, Twitter, Pinterest… and a phone number and email, of course. All of these ways to communicate have their own logins and (mostly proprietary) protocols that don’t work with each other. The last one, the email, stands out as it was created as a standard, to allow interoperability across the world, regardless of what client or service you use; the same design choices of advancing standards made it into Librem One.

So instead of a laundry list of accounts, you can have one single, simple account that offers you all the same convenience of posting, chatting, messaging and sharing. You will be able to do all those things from different applications, but the only account you have to remember is your Librem One account.

Enjoy freedom, sign up now for Librem One!

The post What’s In a (User)Name appeared first on Purism.

So why, and how, can it change your world for the better? How will it help and protect you, and why is it better than the rest?

Well, let’s start from the very beginning (always a good place to start): Librem Mail offers you an end-to-end encrypted email account, making sure that all end-to-end encrypted communication is kept private.

How is it kept private?

By using OpenPGP, the best-in-class cryptography. And just like every other client Purism offers as part of Librem One, Librem Mail uses free software-based clients (such as Librem Mail on Android, based on K-9 Mail), across all platforms. This ensures that rights (and freedom) of people using it are protected when third party verification of privacy and security protections is confirmed.

Will it make communicating with your friends more difficult?

Maybe you’re worried that such a degree of safety will isolate you. But no, it won’t, we’d never do that: like all other services offered in the Librem One bundle, Librem Mail allows you to communicate with anybody, inside or outside the librem.one domain. Each server-side service that Purism provides as part of Librem One encompasses a philosophy of decentralization, so you can communicate to other people on other systems. We do not lock you in to one (our) technology company.

Why is it safer than most email offers?

It’s safer because we don’t keep your data. Email that isn’t encrypted isn’t safe, so we made it temporary. Temporary emails expire after 30 days. If you want to keep a temporary email, just send yourself an encrypted copy. We are aware this is a new approach to email safety, that you may need some time to get used to the idea. So we’ll only start the timer once the campaign ends (temporary emails sent on the day the campaign ends, or before, will be deleted 30 days after the campaign ends).

As the Mail service evolves, we’ll add the following features:

• Discoverable keys: sending email to someone else @librem.one but don’t have their encryption key? The Librem Mail client will pull it in automatically.
  This is called “Blind Trust Before Verification”.
• Encrypt-on-receipt: If you share your public key, we can encrypt your mail on receipt. Or, no more temporary mail.

Both of these convenience options put more trust on the service, so they will be on by default, but you can opt-out. We will elaborate when these features are released.

One other reason Librem Mail is safer it that we use free software, so you can know – and verify – you are not being tracked; and also because we utilize standard protocols and self-hosting options (for your business, your friends, even for yourself). Our services are powered by our own PureOS, Purism’s rights respecting operating system. Librem Mail uses Standard SMTP/IMAP/POP MTA, with OpenPGP, which may sound terribly technical if you are not an advanced user… but don’t worry, you don’t really need a lot experience to use Librem Mail.

Here’s a quick and simple setup on how to configure advanced options (if you are an advanced user, feel free to connect with other applications native to your system).

Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone – including privacy-conscious users, entrepreneurs, business people, developers, writers, digital artists, activists, geeks and defenders of freedom all around the world. We believe people should have secure devices an services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

The post Introducing The New Librem Mail appeared first on Purism.

It’s also a common question from the press to Silicon Valley social giants “what are you going to do about certain content on your private platform?” and those social giants keep incorrectly answering that question with “we will censor things on our closed platform based on an evolving policy.” But this is missing the larger more menacing point.

What most people want is rather simple:

Opt-in

Most people want to opt-in to what they want to follow, be that a news feed, a celebrity, a friend, or family. Most people do not want to be force-fed a constant stream of manipulated content to catch and keep their attention.

No Ads

Most people want an ad-free experience but are willing to accept some contextual advertising or non-creepy advertising from opt-IN data shared. Most people do not want everything they have ever done and said and shared to be secretly recorded permanently in exchange for using a service online.

No Tracking

Most people want to retain their privacy and freedom and most people are concerned about their digital footprint. Most people do not want to be tracked all the time from all devices.

The Pros and Cons of Timelines

Every social network tends to have a timeline. The original idea behind a timeline makes sense–aggregate all of the posts from people in your network and present them in a chronological view. Because so many social networks are funded by ads, however, that quickly changes into posts from your friends as well as overt ads and promoted posts pushed to the top of your feed.

This leads to the next complaint about timelines: hiding chronological order. Ad-driven social networks are in a constant struggle to determine what’s “relevant” to you. They do this not just by collecting raw data about you and your social network, but by tracking you and training their own systems based on how you view posts. This is one reason why social networks try to hide chronological sorting and force you to view posts based on relevance. By tracking which posts you view versus which posts you scroll past, they train their own systems and figure out which ads you’d most like to see.

The ironic result is that your timeline ends up being full of things you don’t want to see, dictated by a central authority instead of you.

Decentralized Timelines

This problem is most prevalent with ad-funded proprietary social networks but it also shows up in decentralized federated social networks like Mastodon. This is a side-effect of what’s otherwise a beneficial feature: local and federated timelines. Local timelines show you a live feed of posts that are happening on the local social network (say social.librem.one) and federated timelines show a feed across Mastodon networks. This can be great because it shows you people on the network you haven’t explicitly followed and posts that your social network haven’t yet promoted so in that steady stream of new posts there’s a chance you might find something you like.

The downside to local and federated timelines is that there are also a bunch of posts you aren’t interested in from people you don’t want to follow. You don’t opt in to that feed so when it gets content that you particularly find offensive, distasteful, or not aligned with your views there’s little recourse unless your opinion of undesirable content happens to match those of the central moderators.

How We Handle Timelines

There are plenty of social networks that are trying the traditional opt-out approach. We are trying something completely different at Librem Social: disabling timelines altogether. That way you only see content you have explicitly opted into (posts from people you follow). We are also working on additional features to give you even more control over how you view and filter content in a decentralized way instead of relying on a central authority to dictate what should and shouldn’t show up in your feed. In addition to blocking users, Librem Social will offer flagging of content for DMCA copyright violations, spamming, harassment, and illegal activity.

In our view, the advantage of full opt-in control over your feed outweighs the downside of not being able to discover some content you like (signal) in the public feed amongst all the content you don’t (noise). Popular content can still spread through the network via organic boosts from people you already follow instead of artificial boosts from relevance algorithms or advertisers.

A Different Approach to Social Media

Combining no ads, no tracking, and opt-in is the trifecta of what most people want, because it offers a different approach to how social media functions:

• It offers no timeline or news feed pushing data onto your device and into your brain.
• It offers people to build communities for any legal topic with opt-in for users.
• It means things you want to follow you follow, things you don’t want to follow you don’t.
• It means there is no trending timeline to manipulate.
• It means there is no need for private platform censorship policies.
• It means people are back in control of what they see, share, and block.
• It means digital society can operate the same as it does in the physical world.
• It means if you want to be part of the butter-side-up club you can and won’t see anything from the butter-side-down club, and if you don’t want butter at all there’s a club for that too.

Adding in decentralized (like email) accounts, based on the popular ActivityPub standard, would allow everybody on the Internet to control and follow anybody they’re interested in without a centralized Silicon Valley company controlling the entire user-base.

This Opt-in, No Ads, No Tracking, Decentralized, No Timeline social platform is not a complicated idea, but it seems like it will take a social-purpose-driven corporation that isn’t funded by advertising and data collection to do it.

The post Opt-IN, No Ads, and No Tracking Solve a Lot of Problems in Society appeared first on Purism.

Purism has a long history of giving back and working with upstreams and continues to release everything Purism authors under free software licenses in accordance to Purism’s Social Purpose Corporation Articles of Incorporation.

In light of our Librem One launch, and since we use free software for our clients and services, it shouldn’t be a surprise that we use free software considering our commitment not just to free software but to open standards. There is so much we want to tell you about Librem One over the coming weeks from various design decisions, policies, and upstream software that we couldn’t address all at once on launch day. To start, let’s talk about the free software that we use in Librem One.

Clients

It’s no secret to anyone familiar with free software on mobile that Librem One apps are based off of popular existing free software applications. Most people understand why we opted to use existing, high-quality applications instead of reinventing the wheel by writing them from scratch. What may be less clear, however, is why we opted to release rebranded applications.

Before we talk about why we rebranded, let’s highlight the upstream projects our versions are based on:

• Librem Chat Android: https://github.com/vector-im/riot-android
• Librem Chat iOS: https://github.com/vector-im/riot-ios
• Librem Social Android: https://github.com/tuskyapp/Tusky
• Librem Social iOS: https://github.com/ReticentJohn/Amaroq
• Librem Mail Android: https://github.com/k9mail/k-9
• Librem Tunnel iOS: https://github.com/pia-foss/vpn-ios
• Librem Tunnel Android: https://github.com/schwabe/ics-openvpn

Why Rebranding?

A major goal with Librem One was to provide people with convenient and easy-to-use alternatives to big tech services that respected their privacy. The key to this was the combination of decentralized services with a centralized brand. With decentralized services that used open standards and ran on free software, users aren’t locked in to any one provider and can even host services themselves (more on that in a future blog post).

By putting services under a centralized brand, we make these decentralized services just as convenient to use as the big tech alternatives. That way an end-user doesn’t have to know what Matrix, ActivityPub, or even IMAP are or try to find all of the applications that work with those services on their particular platform. Instead, they just need to know that they want to chat, join social media, or send email.

Discoverability

Many of the changes we made to existing clients and our server configurations were to make it easy to connect with others on Librem One. The goal is for you to be able to say “you can reach me at username@librem.one” and regardless of the service, your friend should be able to find you. In many cases the clients and servers didn’t allow this kind of feature out of the box because the apps are focused on a single service, not a collection under one brand.

Convenience

Beyond all of that, convenience is important. We wanted people to be able to switch from existing big tech services without having to fill out a bunch of forms with server information. Instead we wanted them to just type in their username@librem.one login and their password and have the client already configured and ready to use, just like they are used to with big tech alternatives. This required some customization in the existing apps so that they defaulted to using Librem One services while still allowing a user who wanted to, to dig into the settings and use any other provider if they wanted.

If you are interested in the changes we’ve made, you can check them out at their temporary location here.

Servers

In addition to clients, we are also hosting free software services for Librem One. We will elaborate on our services and our plans to make it easy to host them yourself in a future post but for those that are curious we are using Postfix and Dovecot for Librem Mail, Matrix for Librem Chat, and Mastodon for Librem Social. We are partnering with Private Internet Access for Librem Tunnel.

Our Contributions

An non-exhaustive unordered list to summarize our thanks to all the people we’ve been involved with:

• Purism funded Fractal
• Purism partnered with Matrix
• Purism funded Keysafe from Debian Developer Joey Hess
• Purism partnered with Private Internet Access
• Purism partnered with GNOME Foundation and KDE
• Purism contracts with Eugene Rochko creator of Mastodon
• Purism donated a Librem 13 laptop to David Revoy of Pepper & Carrot
• Purism donates to FSF, SFC, and many others
• Purism sponsors plenty of conferences
• Purism releases all software, middleware, server-side code, and documentation under free software licenses.
• Purism sponsors the FSF endorsed fully-free PureOS
• Purism partnered with GDQuest
• Purism partnered with Nitrokey
• Purism partnered with Werner Koch
• Purism partnered with Monero
• Purism partnered with Nextcloud
• Purism partnered with HEADS developer Trammell Hudson to create PureBoot
• Purism authored and released Chatty for the Librem 5
• Purism authored and released libhandy for GNOME on mobile
• Purism authored and released phosh a GNOME (pho)ne (sh)ell
• Purism forked and contracted with Mastodon developers
• Purism authored and released Librem One middleware, cli, dev tools, ops tools

While this list is not complete, it highlights the core beliefs behind Purism, its team commitment, and its free software roots. At Purism we will continue to work with, advance, partner, fund, push upstream, and most importantly release all our software under free software licenses.

Our commitment to working upstream is no better highlighted than by our Librem One bundle of ethical services that are supported by our partners Matrix, PIA, and Mastodon.

Sign-up Now and support the movement to protect your digital rights online.

The post How Purism Works Upstream and Gives Back appeared first on Purism.

One of our keen community members rae discovered a severe security vulnerability in the Librem Chat service that allowed them to login to our chat server as any user. This is obviously a serious vulnerability and so we immediately shut down that chat server while we investigated.

It turns out the bug was related to a change that was made in the unreleased “master” branch of the matrix-appservice-ldap3 plugin being used by Librem Chat to authenticate users over LDAP. The bug ultimately came down to a mistake in a single line of code in a function related to LDAP searches:

- result = yield self._ldap_simple_bind(
+ result, _ = yield self._ldap_simple_bind(

What a difference an underscore makes. See https://twitter.com/matrixdotorg/status/1123298776725303299 for the security notice from the Matrix team

Impact

First it’s important to discuss what this bug didn’t impact. All other Librem One services including Tunnel, Mail, and Social were not impacted by this bug. It was an authentication bug specifically with the Librem Chat service.

Fortunately this bug occurred early in the service launch before too many customers were using chat. We shut down chat immediately upon confirming the bug and the overall outage lasted about 30 minutes while we investigated and patched. We have also taken the precautionary step of removing all existing access tokens, which required any clients that were logged in to re-authenticate.

We do not have any indication of any malicious exploitation of the bug, and any attempts to access a user’s chat encryption keys would have resulted in a prompt on your own chat client to approve the access from a new device. If you did happen to see that prompt on your account, click the “Ignore” link in the notification and contact us at Purism support. If an attacker did manage to login to your chat account, they would have been able to send chat messages as you and also see your chat account details, including your current client’s IP, if they looked at your account privacy settings.

To check whether someone successfully logged in as you, go to your Librem Chat settings and scroll down to the Devices section. You should only see your Mobile device listed, unless you also logged into Librem Chat via a web client or other client. If you see any other device in that list (in particular a riot.im device) and you did not use that device yourself, then select that device and delete it. If you have any questions about this issue, please contact our support team.

The post Underscoring Our Transparency: First Librem One Bug Report appeared first on Purism.

Hi. We’d like to present Librem One.

Purism isn’t only about designing and producing secure hardware and software, and we have just added a neat bundle of services to our offer:

---

Encrypted chat – simple end-to-end encrypted chat, VoIP, and video calling.

Encrypted mail – easy to use, end-to-end encrypted email.

Encrypted VPN – toggle your connection to a secure VPN tunnel.

Public social – safe and privacy-respecting social media account.

Sign up now and get services that respect you

Our bundled, all-in-one services are ethical, respectful of your digital rights and concerned about your privacy – something we guess has been on your mind lately – or maybe for quite some time now. It’s in everyone’s mind, these days: we love the convenience of digital, internet-based services, but we worry about what we read and watch in the news. We love communicating, but communication between peers and family is meant to be private. It’s meant to be safe, and yet we are being harvested. We put our loved ones at risk by emailing them, by tagging their name. Interacting with the ones you love is not meant to serve other’s interests or to exploit you in any way.

At Purism, we are a Social Purpose Company. We don’t exploit you (and, by our own philosophy and contract, we can’t exploit you). We don’t offer advertising services to third parties. We don’t track users. We don’t look at, sell, or share anything – we offer a simple subscription model.

Librem One is a subscription service, using open standards and free software, and it is available for $7.99/mo, or $71.91/yr for the four services. Librem One does offer a basic tier, with encrypted chat and public social, for a pick-your-price from free to $5.99/mo. Librem One bundles popular, convenient services into a single, easy-to-use account – with more services are to be added over time.

Librem One. Pure, ethical services for people with principles.

Librem One is a growing bundle of ethical services. By creating a network service that advances social good, societal freedom, personal privacy and the best security, Purism is changing the world for the better. If you’d like to know more or support us, we have an ongoing crowdfunding campaign.

The post The New Librem One Services appeared first on Purism.

The video, as you can see, starts with powering on the Librem Laptop with a Librem Key inserted. PureBoot then starts by checking the firmware for tampering and authenticating itself to the Librem Key, which blinks green to indicate the system is safe.

Next we select the Default Boot option, and PureBoot scans the /boot directory for any tampering – and if and when it doesn’t find any, it starts booting the OS as normal.

Once the OS boots, you see a prompt show up on the screen requesting the user’s GPG PIN, which demonstrates PureBoot unlocking disk encryption using the Librem Key instead of a passphrase. We find this approach to be more convenient for the user than typing in a long passphrase; and being a 2-factor authentication, it’s more secure too.
Finally we reboot the machine and simulate tampering, by storing a new shared secret in the TPM chip without the Librem Key inserted. Once we do reboot, PureBoot detects and warns us that the Librem Key isn’t inserted. We could skip this warning and boot anyway, but we insert it and then the Librem Key flashes red to warn us that there was tampering.

More PureBoot Improvements

In addition to the demo, we’ve also made a number of PureBoot improvements since our last blog post:

Dynamic USB disk detection

In the past you had to hard-code a specific disk device, in order for PureBoot to use when booting or using a USB disk – which was clunky, and caused some problems to those trying to set up PureBoot for the first time on a system with only an NVMe drive. Now it dynamically detects any USB disks that are present – and if more than one exists, you get a prompt; otherwise it just automatically uses the one it finds.

Other Improvements

We’ve also added a number of cosmetic improvements to the initial boot screens, including removing or changing certain prompts that were proving confusing to some of our beta testers. We’ve also added an automated “OEM factory reset” option to the GPG menu, that will factory reset a Librem Key and then generate a new random GPG key on the device – and add it to PureBoot firmware in an automated way.

We’ve also updated the official PureBoot documentation at https://docs.puri.sm/PureBoot.html to describe how to use our new coreboot utility to pull down pre-built PureBoot firmware, so you no longer have to compile it yourself.

What’s Next

The introduction of pre-built PureBoot firmware has brought in a new wave of beta testers, which in turn has led to a fresh set of improvements. Each of these changes brings us closer to PureBoot being ready for general availability… we are looking forward to being able to announce PureBoot as a pre-installed, pre-configured option when buying new Librem laptops with a Librem Key very soon, so stay tuned for more Pureboot news!

The post Complete PureBoot Demo and More Progress appeared first on Purism.

This is the first of a series of blog posts which will walk you through some of the most important UI patterns, and guide you step-by-step during the process of going from idea to mock-up. We will be using a read-it-later app as example. To start with, let’s get some context, and take a look at philosophy and process, goals and relevant art.

GNOME Design Philosophy

It’s always good to familiarize yourself with the design philosophy of a platform before starting to actually design in it. The GNOME Human Interface Guidelines explains this philosophy quite well in the “design principles” page, which you may want to read in its entirety; meanwhile, here are some of its most important points:

Simplicity and focus Make sure your goals (for the app) are clear from the outset, and focus on those. It’s better to make a separate application to cover an additional use case than cramming too many things into one app (e.g., video podcasts are different enough from audio podcasts to be better off as an app of their own).
Search and undo If there are large amounts of content in your app, provide full-text search so things are easy to find. People are likely to make mistakes: make data hard to lose, and never use a warning when you mean undo.
Avoiding preferences Adding an extra option may seem like a good, quick fix, but in most cases it is treating the symptoms rather than the cause. Try to figure out what that cause is instead, fix the problem for everyone; I highly recommend this article by Havoc Pennington on the topic.

Design Process

Now that we’re aware of all the right, high-minded ideals, we will consider the design process itself. So, let’s say we want to design a great read-it-later app.
If we follow the GNOME design process, which primarily consists of three steps (plus iterations), we will have to: first, defining goals, and non-goals, for our app; second, collecting relevant art, i.e. examples of similar apps (to borrow ideas from); and finally, making sketches/mockups of detail views and user flow.

Defining Goals

We’re about to design a native client app for read-it-later web services (such as Pocket). Services like these allow us to store articles or other web pages we’re interested in, but don’t have the time to read immediately. Using them means we can catch up on all the stuff we saved later, when we have more time. This means our primary goals are going to be:

• Listing saved articles
• Providing a great, focused experience for reading articles in the app
• Helping to catch up with the reading list
• Storing articles offline so they can be read without a network connection

Along with goals, we will also set some non-goals (i.e. things that are out of the scope of this application):

• Social features
• Content discovery

Relevant Art

Our next step is to find examples of existing apps that do similar things. It’s good to look at how other people have solved the same problems, what they did well (and what could be improved) before jumping right into designing a new app.

Or: let’s check the competition.

Pocket, on Android, has way too many features – and a pretty complicated interface. It has many different categories, social features, a discover section, text-to-speech, and much more; most of these features are rarely used and make the app feel quite cluttered. Pocket is also not very good at helping you get through your list of saved pages; it mostly wants you to discover new things to save (and then not read them).

Clearly there are some lessons to be learned here.

Instapaper is an app we’ve never really used, but judging from the screenshots, Instapaper’s UI feels a lot saner and way more focused than Pocket. The rich article previews in the list view and the typography are also quite nice.

Wallabag is a self-hosted alternative to both Pocket and Instapaper. The corresponding Android client (also called Wallabag) is not very sophisticated UI-wise, but it is quite a good example of a very simple native client.

Structurally, these apps are all quite similar: they feature a main view with a list of articles, plus an article view that displays the articles in a clean, readable format. Depending on what service we are looking at, there are multiple lists for different types of articles – such as Archive, Highlights, Favorites, Notes, etc. To keep things simple, and because we’re targeting Wallabag first and foremost since it’s the only self-hosted service, we’re keeping three categories only: Unread, Archive, and Favorites. This means we need to design four main screens for our application: the three article categories plus a reader view to display the content.

We know our needs, and we may close this part of the design process. You should have, by now, a very clear idea of what you need in order to design an application for the Librem 5, and of the GNOME design philosophy guidelines. Later on, we’ll be guiding you through the rest of the application design process – stay tuned for the second part of this tutorial, to be published soon!

The post Librem 5 App Design Tutorial – Part I appeared first on Purism.

Hi again, everyone! A lot has happened during these last few months of work, so get ready for a thorough Librem 5 hardware update report.

Conferences

Springtime seems to bring both nicer weather and plenty of events, and this year’s was no exception: Guido and Nicole went to Embedded World and met some very interesting people, while Tobias went to a GNOME Design Tooling Hackfest and worked on a number of ways to improve the workflow for those making GNOME app icons – including previewing hicolor and symbolic from a single template, auto-generated nightly icons and a new symbolics library app. Other team members attended LibrePlanet and saw a lot of excitement in the community about the devkit.

Design

In terms of design, the GNOME mockup templates were updated to include mobile screens, and thanks to Alexander Mikhaylenko from the community we now have a more realistic interactive mockup of the gestures for phosh; and GNOME 3.32 was released, containing many interesting things for our Librem 5 phone, such as a new app icon style and some adaptive core apps. There is now an initial adaptive mockup for Nautilus, and a nice tutorial blog post was written to serve as an introduction to designing apps for the Librem 5. See below for a preview of the Librem 5 shell mockups:

Software

Images

We have the new kernel builds integrated with the image-builder scripts, and finished flash-kernel and initrd rollout. The changes have been submitted upstream. Bug fixes included fixing an issue upstream when attempting to grow the root filesystem on first boot, which has been included in Debian buster – and this gives the root file system enough space to install Flatpaks. We also made some minor cleanups around the clocks and audio subsystem.

Mesa

We have had some issues with stability and texture corruption with the GC7000, and there is an ongoing investigation to resolving this. Two upstream bugs were found and fixed: a segfault in GALLIUM_TRACE and a segfault in GALLIUM_DDEBUG.

Gnome-settings-daemon

Thanks to Benjamin Berg and his review on the initial wwan plugin, we are now much closer to having this functionality in GNOME Settings.

Compositor

We also started experimenting with our own forked compositor, after some additional bug fixes – and even added features – and are just waiting for a few more pieces to fall into place before releasing it, so stay tuned! Concerning upstream wlroots bug fixes, we have made some functions static, fixed a build issue, uploaded wlroots v0.4.1 and wlroots v0.5.0-1 to Debian experimental, added support for supplying the preferred mode to the drm backend, and fixed layer shell popups in rootston.

Voice Calls

Concerning voice calls, our focus right now is testing call audio. In aid of this, we have been debugging DMA operations in the kernel, in order to discover why the audio buffer isn’t being filled quickly enough during playback through the SGTL5000 audio codec. The SIM7100 modem and the i.MX8’s SAI interface are also being investigated; while the latter is receiving PCM data, DMA transactions aren’t reading said data.

Libhandy

As far as Libhandy is concerned, a new expander row property was added, and it is useful to reveal external widgets depending on the state of the row. We are now working on adding a new adaptive view switcher, released version 0.0.9 and uploaded it to Debian. The team has also updated the libhandy version being used in GNOME settings, contacts, and web to v0.0.9 (see below for an example of the prototype of HdyPreferences window). Last but not least, the team fixed a regression bug, improved compatibility with glade and cleaned up style handling.

Text Messaging

We worked on enhancing the color scheme: from now on, all messages from unknown contacts will be colored red in the “Chats” list messages (but it can be disabled in the settings). A menu entry for adding unknown users to the contacts list and a “Leave Chat” entry in the main menu were also added. Chat logs are now preserved after chats are left, and chats remain when “Start Chat” (with the same contact) is opened. The “Delete Chat” behavior was improved – it now removes both the chat history and the chat. We have also worked with the design team to update, and improve, the UI – and, in terms of bug fixes, a severe issue that led to a segfault when the member list was updated was fixed, as was an issue that prevented new chats from being shown in the ‘Chats’ list. See bellow for a preview of the Librem 5 Chatty color scheme:

Kernel

Linux 4.18

The userspace firmware load helper has been disabled since it is not needed and can be problematic; a magnetometer was added and the power key was enabled.

Linux 5.X

We submitted the devkit’s LCD panel driver upstream, found and fixed an issue in the device tree where SAI6_RXD0 and SAI6_TXD0 needed to be swapped for the WWAN module, moved the redpine driver to the 5.0 kernel; we also posted a patchset to add initial support of the Mixel DPHY and a patchset to add initial support for the NWL MIPI DSI host controller, as found on the i.MX8MQ SoC. A patch to enable the updated TMU driver was submitted, and a VCNL404 light and proximity sensor driver added, as found on the Librem5 devkit. We have also submitted the librem5-devkit devicetree upstream – and the proposed change to OpenOCD, in order to add a m4 target, was accepted. Our upstream bug fixes included correcting some examples in the dt-bindings docs.

Hardware

When it comes to hardware, the team has continued working on our schematic of the Librem 5, tested an antenna patch with a recent build of U-Boot with the 5.0 kernel and generally continued the hardware devkit testing, especially around power and testing a prepaid SIM card showing a phone call is able to be placed. We also fixed a U-Boot issue that changes the charge controller’s slave address properly be 0x6B, and thanks to Hugo from the community, u-boot has been refactored. The team is now reviewing camera choices.

Our Community

Regarding community outreach, there was a mention of the Librem 5 devkit on the KiCad page; the troubleshooting section related to devkits in the documentation got some additions, and it was reorganized so users can find what they are looking for even quicker. Clayton from the community added the UART pinout table (which is very useful for debugging) to the documentation, and Bhushan Shah updated the tutorial on installing Plasma mobile in the documentation (thank you); an adaptive UI tutorial, a guide to sandboxing permissions, an example regarding network state and a very a nice example on writing an application were also added to the documentation.
A big “Thanks!” to all the external teams that have helped review and merge changes into upstream projects. Your time and contribution are much appreciated.

That’s all for now, folks – stay tuned for more exciting updates to come!

The post April Progress Update – Librem 5 Hardware appeared first on Purism.

Nothing shows the progress we have been making quite as clearly as a demonstration of the Librem 5 status from the devkit itself – so let us take you through a handful of (short) videos showcasing the current possibilities and development of our Librem 5 devkit:

Bootup in under 10 seconds

In this video we get to witness the devkit’s amazingly fast bootup – less than 10 seconds!

Incoming call

Here we are, receiving a voice call on the Librem 5 devkit.

SMS text messaging in chat application

Using the Librem 5 chat application to send and receive sms text messages (and hello world).

Web browsing and video playback

You can now browse the web, choose a video and watch it play.

Librem 5 devkit to devkit calling

And finally, the really awesome one that never fails to amaze: voice calling from devkit to devkit.

That’s it for now, we hope you are as happy about what you’ve just seen as we all are.

You can pre-order your Librem 5 phone now

The post Purism’s Librem 5 Progress in Videos appeared first on Purism.

Once again, we were so busy we barely had the time to leave our booth: people were very interested in the Librem 5 devkit hardware, in the latest version of the Librem laptops and PureOS, on having the same apps for the Librem laptops and the Librem 5 phone… so we got to do the full pitch. On a less technical note, our swag was quite a success. People told us they loved our paper notebook and carpenter pencil, and asked questions about the pencils – which, according to Kyle Rankin, Chief Security Officer of Purism, have a section that is “kind of shaped like our logo”, and being carpenter pencils “are designed so you can sharpen them without having to use a proprietary pencil sharpener.” Visitors (and team) loved them for being beautiful, unusual and useful.

Above all, our audience wanted to see the PureBoot demos (apart from an inspirational young attendee, who asked his grandmother to take him to SCaLE specifically so he could meet Todd Weaver, our founder and CEO) – and each time we thought we could take a break, someone else came up and asked about PureBoot. We had constant demonstrations of PureBoot on a Librem 13v4 and Librem Key, and got lots of excitement from the security community and enterprise customers – national and international.

PureBoot, as introduced earlier, is a combination of hardware – a trusted platform module (TPM) inside a Librem laptop – with a disabled Management Engine. It boots using a coreboot BIOS and a Heads payload, that verifies it hasn’t been tampered with, using a Librem Key. This combination is the strongest security available in computing devices. Unlike other secured boot processes, this combination also allows you to control and sign with your own keys. We were frequently asked to demonstrate PureBoot for enterprise use cases – specifically, what the best-practices would be for an enterprise to secure their fleet of laptops; these same enterprise best-practices may also be applied to an individual, whether a beginner or a security expert.

During the in-person demonstration, Purism team members showcased for the first time the complete PureBoot solution from start to finish (and we are about to get technical):

• A Librem 13v3 /boot partition was frozen in time and signed with a user-generated gpg key, on a Librem Key. The happy path is proven by an inserted Librem Key; the Librem laptop is powered on to show the device matches the previous known-good-state – and the LED blinks green.
• The system is booted and PureBoot unlocks the encrypted disk, using the Librem Key and the user’s PIN. The Librem Key is then removed, and a malicious attack is simulated by modifying the secrets stored in the TPM.
• The Librem Key is inserted, the Librem laptop powered back on, the measurements failed to match – alerting the user that the device was tampered with (since the last known-good-state) by a bright red screen on the Librem laptop, and a constantly blinking red LED on the Librem Key.
• The user of the Librem laptop can now decide how to handle the tampered-with laptop: by flipping the Hardware Kill Switch on the WiFi/BT and deciding to boot; by booting from a known-good USB recovery OS and performing forensics on the system; or by working with Purism to return the system to a known-good factory state.

PureBoot Enterprise Best Practices

The best practices for enterprise using Pureboot were also described to a regular audience at the Purism booth in Pasadena, and here they are, for reference:

• The IT/Security department uses an airgapped Librem Laptop, and they generate GPG keys for all staff and copy the GPG key per staff, onto an individual’s Librem Key;
• They physically label the Librem Key for the staff member, sign the staff member’s Librem laptop with the Librem Key, hand the Librem laptop (and Librem Key) to the staff member, who boots and sets up the Librem laptop like normal; uses the Librem Key for tamper-detection, disk-decryption, mail encryption among other uses, such as anti-interdiction;
• If a Librem Key is lost, a new key can be created from the airgapped backup Librem laptop, and handed to the staff member.
• If a device was tampered with, the IT/Security department can have any number of policies implemented including: Librem laptop drops to offline mode for document recovery; Librem laptop optionally wipes the disks, or Librem laptop flags the user to bring it to IT/Security.

This offers the best in class enterprise control, measuring single-bit detection and tampering on a signed image – while subscribing to the usable computing practice of “boot not brick” of devices in the field.

It was really nice meeting you at SCaLE, and we hope to see you next time.

The post Purism at SCaLE 2019 – Retrospective on Secure PureBoot appeared first on Purism.

• Pre-built binaries of our default coreboot BIOS firmware
• Pre-built binaries of our tamper-evident PureBoot firmware
• Improved script to automate coreboot builds and flashing from pre-built binaries
• PureBoot tamper-evident support for non-TPM Librem 13 version 2 and Librem 15 version 3 systems

Pre-built Binaries

In the past, updating to our latest coreboot BIOS images required you to go through an automated, yet time-consuming process, of downloading and compiling coreboot from scratch. While we know that many people prefer building the firmware from source–after all that’s one of the big advantages to using free software –some would rather have the convenience of pre-built binaries, for the same reason they like pre-built binaries for regular OS packages.

This is a way of getting convenience while also knowing the ROM you are loading has already been tested for your particular laptop version. Just like with our regular coreboot BIOS, trying out our beta PureBoot firmware images–that use Heads instead of SeaBIOS–required users to go through a somewhat complicated process of building from source. While we hope to soon offer PureBoot as a pre-install option when you buy a laptop, in the mean time we will be providing pre-built PureBoot firmware binary images.

Starting today, you can get binary ROM images both for our traditional coreboot and PureBoot in the https://source.puri.sm/coreboot/releases repository. We’ve already disabled and neutralized the Intel Management Engine in these pre-built images as well. As we update and make improvements to coreboot, we will keep these images up-to-date—a great reference point if you want to make sure you are running firmware with the latest updates and security improvements.

Improved Flashing Script

Providing pre-built images is a good start to making our coreboot images easier to install and update, but we do realize most people don’t want to figure out how to use flashrom on the command line, and we are releasing a new and improved flashing script at https://source.puri.sm/coreboot/utility so it’s easier to either pull down the latest pre-built coreboot binary, or build it yourself. If you are using the traditional coreboot BIOS, it will even flash the update for you, whether you want to update the traditional SeaBIOS coreboot image or transition over to PureBoot. Current PureBoot users should flash from within the trusted Heads environment itself: the script detects it and provides users with instructions on which ROM file they should copy to a USB disk and flash.

To use the improved script, copy https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh and run it as root. The README for the script lists what dependencies you need, and the script itself will also detect and alert you if you are missing packages it needs:

mkdir ~/updates
cd ~/updates
wget https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh -O coreboot_util.sh
sudo bash ./coreboot_util.sh

PureBoot Tamper-evident Support for Legacy non-TPM Laptops

We make sure our own security, and our improvements aren’t limited to those who buy our latest hardware. This is why we ported coreboot to the Librem 13 version 1 and continue to provide coreboot updates to it and other early Librem laptops. One of the things I’m most excited to announce is that we have ported PureBoot tamper-evident support into Skylake-based Librem laptops without TPM chips! This means that if you have a Librem 13 version 2 or Librem 15 version 3 without a TPM, you can now use a Librem Key in place of your TPM chip and get similar protection against tampering!

How Does This Work Without A TPM?

When we first announced our partnership with Trammell Hudson to port Heads to our laptops, we also started offering TPM chips, first as an optional upgrade for an extra cost and ultimately installed by default for no extra charge. Until now, the TPM chip was needed to store all of the pre-approved firmware measurements securely, as that was the only method Heads supported; once we announced the addition of the Librem Key to our product line, we realized that there might be a way for the Librem Key to take the place of the TPM for older Librem laptops.

Traditionally, Heads will send measurements of itself to the TPM, and if it matches the pre-approved measurements you originally set up the TPM will unlock a secret that gets converted into a 6-digit HOTP code and sent to the Librem Key, which has its own copy of the secret and generates its own 6-digit HOTP code. If the code it receives over USB matches the code it generates, it flashes a green LED; otherwise it flashes a red LED to alert you of tampering.

When configured for a system without a TPM, and instead of using a random secret that’s unlocked with the correct firmware measurement, our PureBoot Heads ROM uses the firmware measurement itself—converted to a hash—as the secret. When originally setting it up, the Librem Key is to be configured to store a copy of that secret. Upon boot, Heads uses its own local flashrom to pull down a full copy of the running firmware, hashes it, and converts it into a 6-digit HOTP code. Like before, it sends that HOTP code to the Librem Key and the Librem Key compares it with the code it generates. If they match, green LED, if they don’t, red LED.

This method turns the Librem Key into a kind of external TPM—at least in the sense that the device itself is being sent firmware measurements instead of the TPM, in the form of a hash converted into a 6-digit code. The main practical difference you’ll notice is that the no-TPM solution takes an additional number of seconds at boot, before you will get to the first boot prompt—as it takes time to copy down the full firmware image.

What’s Next for Coreboot

We are working on a number of additional improvements to make coreboot, PureBoot and our coreboot update process even better. Among them is a migration to coreboot 4.9, compiling the PureBoot firmware from source and from within our firmware update script; more automation around the initial PureBoot and Librem Key setup process, and maybe—if there’s sufficient interest—backporting PureBoot to Broadwell-based Librem laptops (13 version 1 and 15 version 2).

The post Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops appeared first on Purism.

Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

But it gets better: on the second day we drew audible gasps of astonishment – from people in the audience and staff alike – when we demonstrated a voice call from a phone to the Librem 5 devkit and it rang on cue, alerting of the incoming voice call. To add to the excitement, the Purism staff then powered up a second Librem 5 devkit and opened the chat/sms program and sms (text) – and messaged to and from another staff member over the cellular connection.

The Librem 5 as a product highlights the impressively diverse nature of our team’s expertise at Purism – from schematics through kernel development, through the creation of phosh; from the authorship of libhandy to initial adaptive design of core applications such as Web to PureOS Store and house curated applications, all the way to custom in-house design and the development of Calls, and Chat. A good summary to our presence at LibrePlanet, a few weeks ago, is that it ended up being an impressive demonstration of what people expect to get when the Librem 5 begins shipping in Q3 of 2019. And how amazed they will be at what they get.

The post Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone appeared first on Purism.

We know that many of our customers have high RAM requirements, whether that’s due to using a RAM-hungry OS like Qubes or to just having too many chat tabs open in your browser. The single SO-DIMM RAM slot in the Librem 13 and Librem 15 meant an upper limit of 16GB RAM on our laptops… until now. Due to constant advances in RAM density we have been able to validate 32GB SO-DIMMs in our current product line and starting today will offer 32GB RAM as a premium upgrade to both the Librem 13 and Librem 15. If you’ve been holding off on your Librem laptop order because of RAM, wait no longer!

The post Librem Laptop RAM and Storage Bump, 32GB max RAM appeared first on Purism.

SAN FRANCISCO, Calif., April 4th, 2019 — Purism, the social purpose corporation which designs and produces popular secure hardware, software, and services, is working with Private Internet Access (PIA) as its very first OEM partner to bring an unprecedented combination of tracking-free and encrypted tools and services to the people.

PIA is, and has been since its inception, renowned for its popular VPN service that refuses to log user data. The company is committed to privacy protection and internet freedom and is a longtime sponsor of internet privacy advocates such as EFF and the Software Freedom Conservancy. By combining its signature VPN capabilities with Purism’s leading secure hardware and software products, the two will create a first-of-its-kind bundle for users to set up a privacy protecting and secure environment out of the box. The addition of PIA as a VPN partner strengthens Purism’s growing roster of partners and services that make its Librem line the most comprehensive privacy and security focused offering on the market. Other existing partnerships include Nextcloud for secure document management, Matrix for secure chat, Werner Koch GPG expert, Trammell Hudson who supported Purism’s industry first TPM integration with Heads, and Nitrokey’s development of Purism’s Librem Key for physical encryption.

“PIA is the gold standard of VPNs, and we are thrilled to be working with a company that is so closely aligned with our ethics,” said Todd Weaver, founder and CEO of Purism. “PIA has stood behind their commitment to protect user data, whether it’s taking a political stance to promote broadband privacy with a full page ad in the New York Times or demonstrating in court that they truly do not log their customers’ data. Our partnership with them is a big win for users who don’t want to sacrifice convenience or freedom in the products they use.”

“Purism has been an important player advancing the cause of internet privacy and freedom and are the perfect partner for us to work with on integrating PIA into a broader suite of hardware and software,” said Ted Kim, CEO of Private Internet Access. “Combining our privacy protecting VPN capabilities with Purism’s line of products will provide the ultimate security package to users.”

Purism plans to include PIA-based VPN by default in the Librem 5 phone, as well as within PureOS for its Librem 13 and Librem 15 laptops. Purism will also collaborate with PIA on a future services bundle.

About Purism

Media Contact

The post Purism Becomes PIA’s First OEM Partner appeared first on Purism.

The future of computing and why you should care

(transcript follows)

Let me set the tone by using a quote from a great person of history:

“The ultimate tragedy is not the oppression and cruelty by the bad people, but the silence over that by the good people.” ~ Martin Luther King Jr.

Let me start by stating: I believe we can change the future of computing for the better. However, currently something is wrong with our digital world; something basic, something is rotten at the core. I want to talk to you about what that is, how it came to be, and why we must change it. And I want you to care… because:

“A person who won’t care, has no advantage over one who doesn’t care.” ~ Mark Twain

This talk comes in three parts:

Part 1. History

The history of the mistreatment of our digital rights.

Most Big Tech companies that abuse people are based in the US, therefore I will describe the history from that perspective. Some things you need to understand: Governments write the rules of the game that society plays. There are always rules, and governments influenced by Big Tech are writing those rules. If you are somebody who wants no rules whatsoever, you will quickly realize rules will be written that govern you, without your involvement.

My sage advice to you: Write the rules. Let’s write the rules that we want to see in an ethical society that respects freedoms and liberties.

Nearly everybody knows that exploitative Big Tech abuse our digital rights, because it’s at the core of their business. It’s the root problem. It will not “get better” unless any one of three things happen:

1. Government regulation (that is ethical for society)
2. Business models change (to something ethical for society)
3. People switch (to something ethical for society)

Big Tech—corporations whose business model exploits humanity for profit—they all suffer from a systemic toxin, that discourages personal freedoms and removes any digital rights we as society demand. Big Tech corporations are already starting the marketing to try to differentiate themselves from it. But marketing alone will not remove the poison within their business model.

Minor disclaimer: You may ask “But… You’re a Company?” Actually, we’re a Social Purpose Corporation (SPC). And that is not just a series of buzzwords, it’s a legal framework of a business that carries with it significant importance. it is the reason we can’t ever exploit people for profit, it is the reason we are unlike all Big Tech who were formed to strip your digital rights in the name of maximizing shareholder value.

There was a recent article in Inc. magazine about us:

“Purism is what is called a ‘Social Purpose Corporation,’ which allows a business to prioritize social objectives over fiduciary duties.” ~ Christine Lagorio-Chafkin – Senior writer Inc.

Let me dive deeper into the problem. All corporations, including all Big Tech giants, have a single goal: Maximize Shareholder Value. That’s it. That’s the only goal. But it’s not just a goal. Under eBay v. Newman, a lawsuit setting legal precedent stating:

The law makes it literally malfeasance for a corporation not to do everything it legally can to maximize its profits.

So if given the choice of making $1 by exploiting people online, or opting to treat people ethically, the Corporation must exploit people online for the dollar, or the board of directors and executives could face a lawsuit from any shareholder that claims they did not maximize the value of their shares.

The regulations at the foundation of Big Tech are forcing the exploitation of our digital rights.

Quoting Chancellor William B. Chandler, III who sums up the problem perfectly in his Delaware Court opinion when eBay sued Craigslist for not maximizing its shares:

“Having chosen a for-profit corporate form, the directors are bound by the fiduciary duties to promote the value of the corporation for the benefit of its stockholders.” ~ Chancellor William B. Chandler, III

We have centuries of legal precedent in the physical world, advanced by science and society guiding our moral compass, trespassing laws, freedom of speech, privacy rights, protection against personal harm and abuse. We have nearly no digital rights. Big Tech trespasses on your data, restricts speech, obliterates privacy entirely. Big Tech exploits people, causes harm and inflicts abuse upon our society.

If somebody approached your bedroom window from outside, put a camera up and started recording, you would immediately call the authorities and report the numerous laws broken—a case would be opened, arrests could be made, charges could be pressed, trials could ensue, criminals could go to jail; but in the digital world none of that exists—you are forced to leak far more details than a camera in your bedroom would share, and you are forced to leak that personal data from your phone all the time.

Big Tech exploits you every millisecond of every day.

All future government regulation will be influenced, funded, and lobbied by Big Tech. Could you imagine a future regulation where Big Tech wins to cryptographically sign everything with their keys, under their control on their products? What a nightmare scenario… Could you imagine your mobile phone under the complete control of Apple or Google?

We need to write the rules based on values we want in society.

AI algorithms from Big Tech have one input variable: $Maximize_Shareholder_Value. That translates directly into

1. Gather everything on all of the society
2. Keep people digitally captive
3. Maximize exposure time
4. Polarize opinion to elicit more profit

That is not what AI should be taught. Due to data manipulation, no two people in society are getting the same information; it is impossible to have a sane debate about any polarizing topic because we aren’t starting with a foundation of shared knowledge. What if the input request to AI algorithms was “Build an ethical society that respects freedoms and digital rights”? What would society look like then?

Maximizing shareholder value in a society that has nearly no digital rights, guarantees exploitation of that society. Why did we let this happen? How did we let this happen? I know why. Because… It’s convenient to give up control. It is convenient for you to download a proprietary application that exploits you, agree to the legal binding terms of service you didn’t read, and blissfully believe Big Tech is helping you in the digital world. It’s inconvenient to stand up for your freedom.

It seems we are offered to choose between convenience and control or inconvenience and freedom

I believe we can have both convenience AND freedom. We can actually build technology that benefits society faster when they are based on principles we deem ethical.

Society’s technology genius is not lacking, its moral genius is. Trust in Big Tech is eroding rapidly. No Big Tech company has core values that help our digital rights. The largest challenge we will face is the marketing budgets of Big Tech, when they claim things like:

“We protect your privacy” ~ Big Tech

Actually, You exploit personal private data without a persons knowledge

“We use encryption” ~ Big Tech

Actually, It’s inside proprietary apps that you control

“We are secure” ~ Big Tech

Actually, You hold the master keys controlling society

“You can trust us” ~ Big Tech

Actually, You won’t let anybody verify anything

Part 2: The present

Currently, Big Tech is maximizing shareholder value without values. The products, software, and services offered by Big Tech will continue to mistreat people unless we can establish what digital rights are and change society for the better.

Then we advocate, regulate, and build products that adhere to those digital rights.

Mark Twain famously wrote:

“It is curious that physical courage should be so common in the world and moral courage so rare.” ~ Mark Twain

I believe there are five fundamental digital rights:

1. Right to Change Providers

If a person wants to change a service provider, they can easily move to another. (Decentralized Services)

2. Right to Protect Personal Data

A person owns and controls their own master keys to encrypt all data and communication, nobody else. (User-controlled Encryption)

3. Right to Verify

Society has the freedom to inspect the source of all software used, and can run it as they wish, for any purpose. (Software Freedom)

4. Right to be Forgotten

A service provider only stores the minimal personal data necessary to provide the service. Once the data is no longer required, it is deleted. (Minimal Data Retention)

5. Right to Access

A person must not be discriminated against nor forced to agree to any terms and conditions before accessing a service. (Personal Liberty)

If we can do those things, we can change the future of computing for the better.

Part 3: The future

As technology gets closer and closer to our brain, the moral issues of digital rights become clearer and clearer.

It started with computers, where we would leave them and come back to them. Then phones, that we always have on or near us with millisecond leakage of personal data beyond human comprehension. Then wearables, that are tracking very private details. IOT devices are everywhere— I have to stop to remind everybody: “The S in IOT is for Security” ~ Anonymous—and finally, surgically implanted.

A question to consider: What Big Tech Company would you purchase your future brain implant from? This is coming.

However, I believe we can change the future of computing for the better. Let’s stand together and invest, use, and recommend products and services that respect society.

What future will you choose?

The post The Future of Computing and Why You Should Care appeared first on Purism.

Pi Day is celebrated everywhere on March 14th (3/14), since π is the mathematical symbol for the ratio of the circumference of a circle to its diameter – numerically, approximately 3.14159.

But this irrational and transcendental number can go on and on, millions of digits beyond the decimal point, never repeating itself, never forming a pattern.

We know we had you at ‘irrational and transcendental’.

So let’s celebrate. Recite as many of the infinite digits of Pi as you can remember, memorizing is good for the brain anyway. Organize π-reciting contests. Eat pie. Eat pizza, it counts as pie. Eat anything round (and edible, please). Eat cake with friends (it’s also Einstein’s birthday, if you need a reason); eat donuts, eat cookies. Walk around in circles, have circular thoughts, throw pies at your colleagues, appreciate the casual relation between the ratio of the circumference of a circle and the English word for pastries filled with sweet goodness.

Or savory. We don’t want to impose. And have a nice π day.

The post π day appeared first on Purism.

Like with our Librem laptops, our Librem 5 smartphone will also feature kill switches; but unlike the laptops it will have three kill switches, not just two:

1. cameras and microphone
2. WiFi and Bluetooth
3. cellular baseband

Later in this post I’m going to describe an exciting new feature for our Librem 5 phone we are calling “Lockdown Mode” that extends our normal kill switches to provide even more security and privacy; but first I will explain the existing use, and reasons behind, each kill switch – as well as talk about some of the privacy and security risks with other sensors on the phone that have led us to implement Lockdown Mode.

Cameras and Microphone Kill Switch

The cameras and microphone kill switch is arguably even more important on a phone than on a laptop. While the webcam / microphone kill switch on our laptop can help protect you from malware that might snoop on you through the webcam without your knowing, at least it could only snoop on you while you are around your laptop. Most people tend to carry their phones with them everywhere so the privacy risks are much greater if your microphone and cameras are always on.

WiFi and Bluetooth Kill Switch

Like with the camera and microphone, the WiFi and Bluetooth kill switch has even greater significance on a phone than on a laptop. Disabling WiFi and Bluetooth can protect you from external over-the-air attacks if you are in a high-risk area (or a vulnerability comes out for your WiFi or Bluetooth card). Protecting against remote attacks isn’t the only benefit of this kill switch though, disabling WiFi in particular can also protect you from tracking.

Since your phone is in your pocket, your WiFi hardware detects compatible networks nearby as you move around. Even if you don’t associate with the networks around you, the mere fact that your hardware can see them allows the phone (and apps on it) to know you are near those devices. As you move, your distance to those devices changes, which changes the strength of the signal and helps triangulate where you are for any company like Google that has a database of WiFi access points, along with their location. By removing power from your WiFi hardware, you can ensure that any applications that might try to track your location with WiFi are blocked.

Cellular Baseband Kill Switch

The cellular baseband kill switch is unique to the Librem 5 and completely removes power from the cellular modem in the Librem 5. Even if you aren’t concerned by the risks due to the fact that cellular modems run mystery code and have access to all communications that go over them, you still should be aware of, and concerned by, the tracking and privacy concerns. To route calls and data to your phone, your cellular provider needs to triangulate your position with respect to the towers in your area. As a result, as long as your cellular modem is on, your provider knows where you are. Your phone’s OS also uses this tracking data to supplement (or in place of) GPS so apps on your phone can also know where you are.

Putting a kill switch in the Librem 5 meant a design unlike many of the existing phones out there that combine the CPU and cellular modem into a single chip. We intentionally split out the baseband onto a replaceable M.2 card. This not only lets you physically remove the baseband altogether, but lets you power it off with a kill switch. If you want to know for sure that your cellphone isn’t tracking you, you can flip the switch and know for certain that it’s off.

So Many Sensors

One big challenge when protecting your privacy on a phone is that, unlike an average laptop, a phone is full of more sensors and other hardware that could be used for tracking and spying. A lot of security research over the past decade has demonstrated just how much information can be derived by seemingly harmless sensors that are included on a phone.

GNSS

GNSS, which supports GPS, GLONASS, Galileo and Beidou – as well as SBAS augmentation services like WAAS, EGNOS, GAGAN and MSAS – is useful for navigation software, as it provides your accurate coordinates wherever you are on Earth. Despite what some people might think, the GNSS is a passive device. By itself, it can’t transmit your location to anyone, it can only pick up signals from GNSS satellites and use them to calculate your current position. That said, if your GNSS is on, even if your network is disabled, any software on your system with access to the GNSS can log your location, and transmit that log later.

IMU

The IMU chip provides a phone with a compass and accelerometer it can use along with a GNSS to tell what direction you are heading. An accelerometer is also a useful sensor to provide extra phone features such as detecting the orientation of the phone so that it can rotate the screen, provide metadata to the camera, and even detect when you pick it up, put it in your pocket, or flip it over and place it back on the night stand.

There are some privacy and security risks with the accelerometer, however. Security researchers over the years have discovered ways to detect what you are typing on the screen simply by looking at variations in the accelerometer. Also, being able to log the speed and direction of your phone, combined with detecting nearby WiFi access points could (in theory) provide a pretty accurate tracking device even with GNSS disabled.

Ambient Light and Proximity Sensors

The ambient light and proximity sensors on a phone provide a number of useful features we use every day. Among them the light sensor helps the phone adjust the backlight brightness based on the available ambient light, which can help with power savings. The proximity sensor helps detect when you place the phone up to your face, so it can lock the screen and prevent you from accidentally triggering touchscreen button presses with your face. These sensors seem pretty harmless, but security researchers have demonstrated how the light sensor can be used to fingerprint a particular user and even to map out the arrangement and size of their home.

Introducing Lockdown Mode

So we have three kill switches, yet there are so many other sensors that we might want to turn off. It’s true that people could disable hardware within the OS and since PureOS is free software and Purism is an ethical company, you have more reason to trust that disabling the hardware with software actually works. That said, the whole idea of the hardware kill switch is to provide you that additional assurance that a piece of hardware is truly off.

While we could add kill switches for every individual piece of hardware, having three kill switches already pushes the limits with respect to space on the phone, the complexity of the hardware and the overall user experience. So if you set the upper limit on kill switches to three, there are a number of different ways you can address the problem with these extra sensors including:

• Only disable those sensors with software
• Group sensors with one or more existing kill switches
• Lockdown Mode

We have thought through all of these different options, among others, and we decided that it was better to offer the option for extra security to those who really need it. We have selected a solution we are calling Lockdown Mode, that gives people who need this extra level of protection the option to turn all sensors off easily, without imposing extra complexity on an average user.

How Lockdown Mode Works

To trigger Lockdown Mode, just switch all three kill switches off. When in Lockdown Mode, in addition to powering off the cameras, microphone, WiFi, Bluetooth and cellular baseband we also cut power to GNSS, IMU, and ambient light and proximity sensors. Lockdown Mode leaves you with a perfectly usable portable computer, just with all tracking sensors and other hardware disabled. If you switch any of the hardware kill switches back on, the hardware that corresponds to that switch powers on along with GNSS, IMU, and ambient light and proximity sensors.

What About Offline Navigation?

One of the most obvious side effects of Lockdown Mode is the ability to use the GNSS with purely offline maps. Note that you still can do this on the Librem 5 in a few different ways, by flipping any one of the kill switches back on and then disabling the corresponding hardware in software. For instance, if your biggest concern was transmitting your location, you could leave the WiFi / Bluetooth and cellular baseband off, turn on the cameras and microphone and disable those in software instead. Those who need a offline navigation but have such a high level of risk that they can’t accept the risk of disabling the cameras and microphone in software, could physically remove the cellular baseband hardware from the phone and leave that kill switch on.

The Future of Lockdown Mode

There is a lot of potential to extend Lockdown Mode past just disabling hardware into software, and we are exploring some of those options now. For instance, the OS could detect when Lockdown Mode is enabled and automatically lock your screen. Those who are under even greater threats could potentially have Lockdown Mode enable extra defenses inside the OS, disable certain services, or even shut down or wipe the phone (although I’d suggest you set up some kind of PIN prompt for that last one, in case you trigger all the switches by accident). There are a lot of possibilities for this new feature and I’m looking forward to seeing how our customers extend it on their own phones.

The post Lockdown Mode on the Librem 5: Beyond Hardware Kill Switches appeared first on Purism.

Is this year’s UN motto for the International Women’s Day. And we find it quite fitting. It suits our own concerns, our own philosophies.

In Purism, we care about rights. Digital rights concern everybody, touch most people’s lives, and carry a heavy societal weight when it comes to women. In spite of that, the gender gap in Tech is abyssal – and women are almost nowhere to be seen.

So Happy Women’s Day.

To say women are under-represented in the IT sector is an understatement; the situation in Free Software development is not much better, although some steps have been taken to improve the gender gap. There is, for example, the Debian Woman project, with its own mentoring program; or Outreachy, inviting cis and trans women, trans men and genderqueer people to apply – and, if you have a sense of humor, there’s also WoMan.

But we all need more, and we need it sustained and sustainable. Women matter. History repeats itself in forgetting those without a voice – and we all lose, collectively. Women in technology were only somewhere between 2% and 5% of all programmers a decade ago; and are only about 10% now. At Purism, as of this writing, our nine-person independent board comprises 33% women – in addition to being racially and geographically diverse; our full team is over 20% women, and once again racially and geographically diverse. Groups that are little-represented urgently need to be able to create, and give feedback on, what is created by other groups. Women and girls must contribute to making real change in tech as well, help shape how it impacts their lives. And it does impact their lives immensely.

Consider, in no particular order and among many others, the work (and legend) of Hypatia of Alexandria; remember Grace Hopper, who found that bug; Ada Lovelace, who got you your first computer program (and the Analytical Engine); Muriel Cooper and the information architecture that led to digital interfaces; Hedy Lamarr, movie star and wireless encryption specialist; Katherine Johnson, for allowing (manned) space exploration; Carol Shaw and Super Breakout, because playing games matters; think about Margaret Rock and the Enigma Machine, Karen Sandler and the Software Freedom Conservancy.

And our very own Dorota Czaplejewicz, Heather Ellsworth, Nicole Færber, Teresa Hill, Petra Kirchner, Kim Kuan-Louie, yours truly, Andrea Schäfer, Jennifer Stoddart, Helen Vasilevski and Nikki Zinman.

Diversity is an asset, and creates safe workplace environments. If you want a safe workplace environment that respects diversity, we are hiring.

The post Women’s Day 2019 appeared first on Purism.

Thank you Chairwoman Jackson and committee members. I am honored to be here.

My name is Todd Weaver, and I think you’ll find both Gabriel and I are quite unusual witnesses from the tech sector here today. This is because we are here as the CEOs of growing technology companies that protect privacy rather than exploit it. I am calling for much stronger consumer privacy protections here in California and around the world, not weaker ones.

I believe the default approach in California should be the right to opt in, rather than requiring all of us to have to inconveniently opt out, of the exploitation of our most personal data across all software, each service and every site we use. As Mr. Mactaggart, whom I’d like to take a moment to thank for his tireless years of effort on AB 375, appropriately stated, a do-not-track browser extension backed by law is helpful for protection on websites, but misses on the widely popular applications and services; this is one of many reasons we need to protect personal privacy by default.

I also strongly support holding companies, like mine, accountable in court if we violate a person’s privacy rights – rights which are guaranteed in the state’s Constitution, but that I believe our laws do not yet fully respect when it comes to the Internet.

I am here to tell you it’s time for California’s extraordinary tech industry to stop harvesting and “sharing” our most personal private data without our meaningful consent and knowledge. You all have the power to make this happen, and I believe the time is long overdue.

Now you have heard some business and tech communities suggesting California’s new privacy law–if not substantially amended (which of course means weakened) before it is allowed to go into effect–is going to cause extraordinary business hardship and confusion. These are of course the same arguments that were made by many of these same companies regarding Europe’s GDPR – but since the GDPR went into effect, these companies have continued just fine, and in most cases have grown profits. That is real evidence that California’s new privacy law is not going to destroy Internet commerce as we know it.

I am here to tell you that AB 375 (or stronger) protections – just like those in the GDPR – are not going to be hard to implement. The key is whether we, companies, are willing to simply begin to honor our customer’s privacy rights by designing our services to be privacy-protecting by default, rather than privacy-exploiting by default.

Is this possible? Yes. I am here to tell you that my growing company was founded on the simple principle that privacy is a right and needs to be the default in all products and services.

Let me be clear: technology advancements can absolutely be rooted in moral values and still lead innovation. Society’s technology genius is not lacking, its moral genius is. And this is where you come in. Technology innovation that complies with privacy protection is easy. Let me restate: it is easy to operate a successful business, while playing by the rules you set.

I started Purism when I came to realize that my two daughters, like all children, need convenient products and services that protect them, rather than exploit them. As a technologist, I understand painfully well how much the technology sector can exploit my kids with ease. For example, as each of you, critical policy-makers, will come to realize, your smartphones track your exact location and everything done on that device, every millisecond of every day, and record that personal data permanently for retrieval at any point in the future. Not forgetting every search, chat message, photo, video, and every article you read.

Well here’s the bad news: the current unregulated exploitative models in use today ensure everything you do in the digital world leaves exacting, privacy invading, excruciating details about you permanently.

That’s why, in 2014, I started Purism. It is a social purpose company completely founded on privacy-protection principles. Purism is already manufacturing in California, and assembling these laptops right here, including the operating system, applications, and bundled services that will not track you, period. Purism is growing triple-digits year over year; future innovation and job creation around privacy by design is the future that California needs to lead on.

Consumer demand for privacy is real and happening, and needs to be the default.

This year we will be manufacturing a security and privacy-designed phone with bundled services that comply with AB 375, and go even further with opt-in by default for all offered services. Use these phones and your most sensitive details will be under your control and kept completely private. Isn’t that a confidence level we all should have?

This is done by a simple approach: privacy by design. And this is an approach all tech companies can implement if they are truly committed to privacy, beyond just marketing slogans.

As AB 375 seeks to make clear, privacy is a right, and your every location and every communication and every web page and every search stored permanently should not be exploited to use needed services online.

I strongly suggest the time has come for Californians to take back their constitutional right of privacy on the Internet, and urge you to substantially strengthen the privacy protections afforded by AB 375.

For your, and my children’s sake. Thank you.

The post Purism’s CEO Todd Weaver Testifies at State Senate appeared first on Purism.

The two big mobile OS vendors have been dreaming of convergence between laptop OS and mobile OS for a long time; dreaming of being able to make the same application code execute, and operate, both on mobile phones and laptops – adapting the applications to screen size and input devices.

Purism is beating the duopoly to that dream, with PureOS: we are now announcing that Purism’s PureOS is convergent, and has laid the foundation for all future applications to run on both the Librem 5 phone and Librem laptops, from the same PureOS release.

Purism has one convergent operating system, PureOS. Google has two separate ones, ChromeOS and Android; Apple has two separate ones too, macOS and iOS.

What Is Convergence?

If you’ve ever had an app on your phone that you wanted on your laptop, you’ve wanted convergence. Convergence is a term used to describe the similar functioning of an app across different platforms. Many companies are eager to have their software be convergent, because it brings a consistent look and feel, as well as the exact same functionality for apps that run on your phone and your computer.

Convergence can be really handy, since it allows you to use the apps you’re already familiar with, as well as the data that you’ve already synced. Convergence also brings plenty of of benefits to developers, such as writing your app once, testing it once and running it everywhere.

Since this is the ideal dream, why don’t we have convergence already? Why can’t a person run the exact same app on a phone and laptop today? It turns out that this is really hard to do unless you have complete control of software source code and access to hardware itself. Even then, there is a catch; you need to compile software for both the phone’s CPU and the laptop CPU which are usually different architectures. This is a complex process that often reveals assumptions made in software development but it shows that to build a truly convergent device you need to design for convergence from the beginning.

Reaching convergence is one more checked item on the list that Purism’s founder envisioned when he created the company, specifically to:

“…manufacture a mobile phone from the schematics on up that would run that same ethical operating system.”

How We Got There

The right path to get us here was starting with the “universal operating system” as the foundation of PureOS, Purism’s operating system. Running on so many different CPU architectures is a huge benefit, because very often laptops need a power-hungry and fast CPU, while a phone needs a power-aware, battery-saving CPU. These CPUs are, consequently, designed differently for their different uses, and you often have to “port” or cross-compile software for it to work well on both CPUs. By basing PureOS on a solid, foundational operating system – one that has been solving this performance and run-everywhere problem for years – means there is a large set of packaged software that “just works” on many different types of CPUs.

Purism’s PureOS showcasing adaptive convergent design in a Web Browser — notice as the window subtly resizes the buttons in the application’s header shift to the footer, for a mobile friendly interface.

 

The above example is already built into the master branch of GNOME Web as a class-based modification to the existing code, allowing it to easily adjust and adapt to the screen size and inputs of both mobile and desktop.

Adaptive Design

Multiple architectures are not enough to reach convergence however – as most people know by now, there are many important parts in getting true convergence. A good example of the problem in website design space: if you’ve ever gone to a website on your phone that had tiny text which scrolled off your phone screen, you know that a regular web page, designed for a desktop computer, isn’t always suitable for your smaller screen phone.

Web designers now have toolboxes to design web pages, which they adjust for mobile or desktop in order to get easier readability and use. A similar, but far more complex practice, is required for software apps and defined by Purism as “adaptive design”. Purism is hard at work on creating adaptive GNOME apps – and the community is joining this effort as well – apps that look great, and work great, both on a phone and on a laptop. Combining the work of the free software ecosystem with Purism’s contributions means we can target convergence for all our Librem hardware line: both the 13″ and 15″ laptops and the 5″ phone. This means we can get the most out of the ecosystem for the community: convergent apps will be easier to maintain, and therefore easier to secure. They will also be easier to build, enabling a vibrant community to build cool stuff that is free software and protects your privacy.

Purism’s PureOS showcasing adaptive convergent development in Discussions (Fractal) – a matrix chat program. As the window resizes, the column width dynamically changes to preserve a legible line width, until the sidebar and message view don’t fit at the same time. At this point the leaflet folds, only the message view is visible, and a back button is added to the header-bar, to allow navigation to the room list.

Building Convergence Features into Existing Apps

Developers can tap into convergence through the tools we actively use, contribute to, and develop directly in the ecosystem. We’ve created libhandy, a mobile and adaptive presentation library for GTK+ and GNOME, which is under active development. Packaged in PureOS and Debian already, you can also use it in flatpaks, simply by including it in your flatpak maniphest in Builder.

Purism’s PureOS showcasing adaptive convergent development in Password Safe, an encrypted password storing application.

We are excited to provide convergence well before any of the other mobile OS vendors. Let’s see how long it takes for them to catch-up. Thank you for your continued support!

The post Converging on Convergence <br> PureOS is Convergent, Welcome to the Future appeared first on Purism.

Got an app you’re interested in porting? Find out more at our developer page. Hang out at our Librem 5 community channel and tell us what you’re working on.

The post Fragments App for the Librem 5 appeared first on Purism.

The boot process, in computer hardware, forms the foundation for the security of the rest of the system. Security, in this context, means a “defense in depth” approach, where each layer not only provides an additional barrier to attack, but also builds on the strength of the previous one. Attackers do know that if they can compromise the boot process, they can hide malicious software that will not be detected by the rest of the system. Unfortunately, most of the existing approaches to protect the boot process also conveniently (conveniently for the vendor, of course) remove your control over your own system. How? By using software signing keys that only let you run the boot software that the vendor approves on your hardware. Your only practical choices, under these systems, are either to run OSes that get approval from the vendor, or to disable boot security altogether. In Purism, we believe that you deserve security without sacrificing control or convenience: today we are happy to announce PureBoot, our collection of software and security measures designed for you to protect the boot process, while still holding all the keys.

Why “PureBoot”?

PureBoot comprises a number of different technologies, and together they secure the boot process in a convenient way. Why are we combining all of these different technologies under a single name? Because they all work together to secure the boot process, because it’s easier to talk about our boot security overall calling it by a single name, instead of by the names of its (currently) six individual components:

1. Neutralized and Disabled Intel Management Engine
2. The coreboot free software BIOS replacement
3. A Trusted Platform Module (TPM) chip
4. Heads, our tamper-evident boot software that loads from within coreboot
5. Librem Key, our USB security token
6. Multi-factor authentication that unlocks disk encryption using the Librem Key

How PureBoot Protects You

There are lots of different threats and attacks that focus on the boot process. It’s easier to understand how PureBoot protects you if you understand what some of the threats are, so this section will describe how some very specific attacks work, and how PureBoot stops them.

Theft

One of the most common security threats you face is exposing sensitive data, if and when your laptop is lost or stolen. Disk encryption is a simple, highly efficient way of protecting your data from loss or theft, for it requires a passphrase, without which no one can read the data on your disk. With PureBoot, we ensure that all systems we ship are encrypted by default, with keys you set up on first boot. Many vendors use disk encryption with a passphrase; but we’ve decided to go a step further, and unlock the disk with multi-factor authentication.

Today we’re happy to announce something we’ve only hinted at before: the integration of our Librem Key with LUKS disk encryption. Once set up, you just need to boot with your Librem Key inserted, and when prompted enter the same Librem Key PIN you use for GPG encryption or signing. This means that, in order to unlock your disk, attackers need “something you have” (the Librem Key) and “something you know” (your Librem Key PIN). If you lose your Librem Key you can always fall back to a recovery mode that prompts you for your old passphrase; you can set a strong fallback passphrase and store it somewhere safe, but use the Librem Key for convenience. For even more security, you can delete the recovery passphrase and only use the multi-factor authentication to unlock your disk.

We are working on adding this solution into upstream projects, so it will be available and pre-installed by default. If you want to try it out today, just follow the steps in our documentation, and download a script that automates the process of setting up LUKS to use your Librem Key.

BIOS Malware and Kernel Rootkits

Once attackers do have access to your system, they will want to keep that access and hide themselves from you. One of the best ways for them to hide – and make sure they still have access between reboots — is compromising your OS’s kernel software, so that it filters out any requests to the system that might reveal the attacker’s software. Of course, you could still thwart an attacker by reinstalling or upgrading your operating system, even if you can’t see any evidence of an attack… but the attacker may also have compromised your BIOS (the first code the system runs) so that it re-infects your system after every reinstall, successfully hiding themselves even from a live OS — booted from USB. BIOS malware allows attackers to intercept, and capture, your disk encryption password as you type it in.

With PureBoot you only need to insert your Librem Key and turn the computer on to know: if your BIOS has been tampered with, the Librem Key will flash red to warn you. If your computer is safe, the Librem Key flashes green. When you boot into your OS, it will use your own private keys to test whether any boot files (including your kernel, initrd, and other config files) have changed. You can use your Librem Key to re-sign these files at any time, using keys completely under your control.

PureBoot starts by loading a free software BIOS, coreboot, so that you can audit your BIOS for security bugs or backdoors. Since attackers generally focus on more mainstream proprietary BIOSes for their malware, this alone will protect you from a number of common attacks.

Of course, coreboot is only the beginning.

The next step happens as coreboot loads the Heads tamper-evident boot loader, and uses the TPM chip. TPM chips have traditionally been used to restrict what code you can run at boot, and/or for Digital Rights Management (DRM); but we put the TPM in your control. When Heads is set up for the first time, it stores known-good measurements of all executed boot code into the TPM chip on the system — along with a special secret. You can reset the TPM, set a new TPM passphrase and store new measurements at any time; it doesn’t require Purism’s approval.

Heads authenticates itself to you, not the other way around, by turning that shared secret in the TPM into a 6-digit code it then sends to your Librem Key. If the BIOS changes, or if an attacker resets the TPM, the TPM won’t release the shared secret to Heads, Heads won’t be able to generate the code that matches what the Librem Key generates, and the Librem Key will flash red to warn you.

PureBoot protects against kernel rootkits using your own GPG keys, the ones stored on your Librem Key. When you first set up Heads, it signs all of the files in your /boot directory with your own GPG keys; whenever you boot your OS, it scans all the files in your /boot directory and warns you if anything has changed. It does all this without locking you out of your system or removing control: even in the event of modified files, you always have the possibility of booting into a failsafe mode and get back into your system.

Up to this point, Heads had only been available to a small group of people, in a private Beta program. This program was a success and led to a number of UI and documentation improvements; we are so pleased to announce that, starting today, Heads is an open Beta for anyone who wants to try it out. If you would like to test Heads on your Librem laptop, just visit our official documentation page for details on how to build, install and set it up.

Intel Management Engine Risks

The Intel Management Engine (ME) is a special piece of software from Intel that runs on all modern Intel computers, and is required to initialize the hardware. In some computers, the ME includes Advanced Management Technology (AMT) software, allowing IT to remotely access a computer over the network, see what’s on the screen and control the hardware. Many security experts are very worried about the ME’s complete and fundamental access to your computer’s hardware, because its source code is proprietary and therefore it can’t be audited for security bugs, or for backdoors that might be planted by the vendor or by a sophisticated adversary. These worries aren’t completely unfounded: Positive Technologies has found a number of concerning security vulnerabilities in the ME over the years.

We now know PureBoot protects against ME vulnerabilities in a number of ways, we start by choosing an ME chip that does not contain AMT features to begin with, and then we disable the ME by setting the “disable” bit within the ME. Since we don’t really want to rely on trusting the ME to disable itself, we also neutralize the ME by erasing most of the code within it, leaving only a minimal set of modules, essentially for initializing the hardware. Additionally, we also protect the system – from attacks that might modify the ME code itself — with our TPM chip, and with Heads tamper-evident boot software. You can read more specifics about our process here and here.

Interdiction

Ever since the Snowden revelations about how NSA programs to interdict computer hardware during shipment and modify it with backdoors, the security community has been much more focused on attacks along the supply chain. We have already written about our own approaches to protect the digital supply chain, and have also offered anti-interdiction services to customers who wanted additional assurances that their laptop hasn’t been tampered with in transit.

In the past, most of our anti-interdiction protection was focused on hardware solutions; but with PureBoot we can add even more sophisticated measures, measures that integrate hardware with software. By using PureBoot’s protections against BIOS malware and rootkit tampering combined with a Librem Key, we can ship the laptop and Librem Key separately (and, potentially, to separate locations) to frustrate interdiction attacks. Once you receive both your Librem Key and your laptop, you will have at your disposal an extra tool: one that detects any tampering during shipping.

Convenient Boot Security Under Your Control

Having a secure boot process, you have a stable foundation you can base the rest of your system security on. Having that process under your control, you have the assurance that you truly own your system, that you won’t be locked out of it, or prevented from running any OS you want. We are making this whole process simple and convenient so that you can get stronger security features — without being tempted to disable security that is getting in your way. PureBoot accomplishes all of these goals using free software, that you can audit and change.

We’ll soon include it in every laptop we ship. We also have something in the works for existing users of Librem laptops and Librem keys to upgrade to PureBoot — and expect to have general availability in the second quarter of 2019.

That’s all from us, for now. For more information about PureBoot, check out our official PureBoot documentation page.

The post PureBoot, the High Security Boot Process appeared first on Purism.

And that’s our report! Questions? Come by our matrix channels, we’ll be happy to see you.

The post Librem 5 Hardware Update appeared first on Purism.

The post Massive Progress, Exact CPU Selected & Minor Shipping Adjustment appeared first on Purism.

Thank you Chairman Chau and committee members.

My name is Todd Weaver, and I think you’ll find I’m an unusual witness here today, while I may be sitting side-by-side with impressive privacy protection groups, I am here as the CEO of a rapidly growing technology company based in California.

I am here calling for much stronger consumer privacy protections – starting with giving consumers the power to opt IN rather than opt OUT of sharing their personal data.

I am here to tell you it’s time for California’s extraordinary tech industry to stop harvesting and “sharing” our most personal private data without our meaningful consent and knowledge.

I am not here to tell you AB 375 (or stronger) protections are tough to implement, history is filled with wrongdoers complaining that doing right will put them out of business only to comply and thrive later. Incidentally, this same tech industry complained about Europe’s GDPR that certainly did not put them out of business.

I am here to tell you the new law (or stronger) is easy to technically comply with – if we companies simply begin to honor our customer’s privacy rights and design our services to be privacy-protecting rather than privacy-exploiting.

I started Purism, when I came to realize that my two young daughters, like all children, need convenient products and services that protect them, rather than exploit them.

As a technologist, I understand painfully well how much the technology sector can exploit my kids with ease.

That’s why I started this social purpose company founded on privacy-protection principles. Purism is already manufacturing in California and assembling these laptops shown right here, including the operating system, applications, and bundled services.

We will also this year be manufacturing a privacy-designed phone with bundled services that comply with AB 375 and go even further with opt-in by default for all offered services.

We have been growing by triple digits annually, reflecting the huge built up consumer demand from parents and professionals and enterprises just like you who simply want to keep their and their children’s lives private and secure.

This is done by a simple approach: privacy by design.

As AB 375 seeks to make clear, privacy is a right, and your every location and every communication and every webpage and every search stored permanently should not be exploited to use needed services online.

I strongly suggest the time has come for Californians to take back their constitutional right of privacy on the Internet, and urge you to substantially strengthen the privacy protections afforded by AB 375.

For your and my childrens’ sake, Thank you.

The post Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission appeared first on Purism.

Hardware Kill Switches.

What this means is that there’s a physical switch that severs the circuit to your webcam and microphone.

Because you cannot really trust software you cannot verify. And since Apple™’s FaceTime™ is not Free Software – with its source code released so that anyone can verify their security claims, like the one we use at Purism – how can you trust what cannot be verified?

At Purism, both our Librem laptops, and the upcoming Librem 5 phone include this rather simple switch, that makes it remarkably easy to guarantee that the camera and microphone have no electrical circuit enabled.

See? Powerful simple privacy protection built into all Purism products by default.

The post How Purism avoids the FaceTime™ remote camera viewing appeared first on Purism.

You’re starting to question the moral values of Big Tech. You and your friends probably have a growing feeling of creepiness about the tech giants who have — like a poorly-acted villain — told you one thing, and given you another.

Society – all of us – was told by these rising tech giants that “Everybody’s doing it, it’s easy: just do it,” and even though the masses – again, all of us – were skeptical, also generally thought, “Okay, I may be the product… but I am in control.” Until, of course, you weren’t in control.

Big Tech have two business models: one is to exploit your private life for profit, the other to lock you into their products and services. Some even have both. Consequently, nearly everyone wants to leave Facebook – it’s just that nobody wants to leave it for Facebook 2.0. And that highlights the larger, deeper, and more menacing issue in digital society: that your digital civil rights are under constant, relentless attacks from Big-Tech.

Why is that?

That’s because Big Tech have a legally bound requirement to exploit you to maximize profit. They have been structured specifically to lock people up, to make it impossible to leave. Society’s technology genius is not lacking, its moral genius is.

Big Tech is rotten to the core, they’re maximizing shareholder value without values. And that has to change.

Is it changing?

Counter to every attempt by Big Tech, you still do retain the control to switch away from platforms under their control. Leaving the harmful tech companies is a process of recognizing what is abusive in your relationship with them – and theirs with you; switching to something that aligns with your core values will bring you joy. If everyone used, bought, and shared ethical products, we would all be living in digital utopia.

Avoiding Big Tech that harms you is much easier when you know what you actually want.

What do you want?

Like most people, you probably want convenient products that allow you to participate in digital society, products where you are also respected and protected by default. And you probably recognize that the current tech giants will not — and cannot — provide that.

I created Purism to solve this giant problem. We are solving it. And with your support, we will advance the digital civil rights movement. One that changes technology for the better.

What model can compete against Big Tech?

The steps it takes are pretty clear: and even though they are difficult, Purism is farther along than you may currently think. We have the momentum to realize our dreams, here is our model:

Step #1 is simple: avoid Big Tech in products and services.

Step #2 is to manufacture hardware without purposeful backdoors that exploit users, and therefore society.

Step #3 is to release all software source code under Free Software licenses, designed to protect and respect society

Step #4: Focus all development on values that better society, ensuring individual digital civil rights are fully respected.

And finally step #5, to release services that do not exploit, do not lock-in, and do not control people.

Doesn’t that sound like a really good business model in, and for, technology?
“Maximize Society’s Values.” — Todd Weaver, Purism SPC
sounds an awful lot better than the current Big Tech model,
“Harm People for Profit.” — Big-Tech.

This rotten core of locking people into products and booking them into an exploitative platform needs to become a thing of past regret.

Social purpose companies mean advancing social good first, returning the power to the people.

Decentralized protocols mean decentralized power, returning control to the people.

Free Software means freedoms that benefit society, returning control to the people.

Secure hardware means private data is kept private, returning control to the people.

And all this means any future product or service that you use or join must be from an organization that does social good, uses decentralized protocols, that advances freedom in software and security in hardware. Can you imagine how awesome society will be if technology does all that?

It’s within your power to help society – by avoiding Big Tech, by using products and services that respect your digital civil rights.

Thank you.

Learn more about Purism products that do all this.

The post How to Avoid the Frightful 5 Big Tech Corporations appeared first on Purism.

Libre/indie game designers might like to know that Nathan Lovato – game design expert, founder and game design instructor at GDquest – will be making a series of tutorials, explaining how to make adaptive games with high-quality libre game engine Godot; tutorials showing how games can both be created and released on the Librem 5 smartphone, and later submitted to the PureOS store.

The first of the three video tutorials will focus on how to create a mobile game for GNU/Linux. It will also help conceive and design a 2D mobile game, and tackle design issues that are unique to mobile games – such as having a small screen, dealing with touch controls and any performance and usability issues. By loading Flossy Gnu in Godot, the tutorial demonstrates how these performance and usability issues are to be addressed. Specific tips for GNU/Linux in general, and for the Librem 5 in particular, are of course also to be noted and discussed.

The second tutorial will deal with sideloading your newly created game onto your Librem 5, starting by demonstrating how to build “Flossy Gnu” on your Librem laptop – or on any other GNU/Linux laptops; how to copy and install it onto your Librem 5 smartphone, play it – and hopefully have plenty of fun with it. It’ll also suggest how to install a new build when you update your game.

The third and last (but not least) video tutorial will be all about publishing to the PureOS store. It’ll demonstrate how to publish source code and assets for a reproducible build, and how to submit the game for inclusion in the PureOS store after that.

GDQuest is producing more tutorial videos as part of their ongoing crowdfunding campaign. There are only a few days left to back the project. Join us in supporting them!

Get in touch with Nathan Lovato at GitHub, at GDquest, or at his pro SNS account

Image credit: MooGNU Copyright 2012 /g/ CC-BY-3.0

The post Purism announces a partnership with GDquest to develop adaptive game tutorials appeared first on Purism.

When my first daughter was born, in 2007, her birth had a profound impact on me. Like many parents, I was instantly catapulted into a stance of protection over my child, and felt the weight of responsibility for this little person’s life.

My second child was born 20 months later in 2009, only multiplying the impact my decisions would make on our family.

There are so many issues one must consider as a parent. Parenthood is possibly the single most philosophical decision-making journey a person can undergo, so it should come as no surprise that as new parents, my wife and I were researching decisions from diapers to food, housing, clothing, school districts and… technology.

And as I’ve come to find, that last topic has become the most critical one over the last decade. Like a lot of parents, I set off to research what technology choices could be made for my children as they would grow to adulthood.

But unlike a lot of parents, I am an expert on software, hardware, and what goes on behind the curtain to bring these products to market. And I know it’s not pretty.

As my children were growing, I could see that within a few years they and their friends would be wanting a mobile phone; they would want to use Internet services to chat, record personal videos and share experiences with friends. Like most parents, I had questions and concerns about the current state of big-tech products and services, about their exploitative business practices.

But, unlike most parents, I knew at that time there was no way to change these companies, no way they would come to embody important moral values like respecting me, my kids, and their friends.

I then thought, so what tech future would I like to see instead? What would that future look like for me, my family, for my kids’ friends? What would that look like for all of society? For example, what would be needed for owning a mobile phone that fully respected our rights to privacy and freedom?

Hmm…

So deeper and deeper I went, to dissect and answer that question to the fullest possible extent. Let’s take a simple request that combines a lot of issues into one: “I’d like that, when I am chatting with my child, there’s actually only the two of us in the conversation.”

This should be so simple – but it is nowhere near the case. At each layer of the existing mobile phones, that conversation is shared with a growing list of participants who have unfettered access to my, and my child’s, digital life.

The application author [Facebook (and its subsidiaries, Whatsapp, Instagram), Snapchat, et al.], even with unverified encryption in a proprietary app, controls that data. The operating system vendor (Apple or Google) controls that data. The network provider (Sprint, AT&T, Verizon, et al.) controls that data. And, of course, governments also have influence over any of those organizations. And so this is one ugly tech stack of privacy invasion, a gordian knot to unravel simply in order to have a private conversation with my child.

I could certainly elaborate, providing example after example of simple requests that are impossible to accomplish with today’s mobile phones, but will summarize it in the following list: GPS location data permanently stored and shared, all photos, videos, and message history also stored and shared, browsing searches tracked indefinitely, every interaction with every person ever, never deleted – just to name a few of a mile-long list of issues.

These tech-stacks of exploitation were not really built by accident. They are wired into the business models of every tech company in the space; not a single one advances moral values over their shareholder value. And so I knew there was no way to get to have individual freedom and control from the current phone hardware or from its OS vendor (Apple or Google). I unfortunately knew there was no way to respect the digital civil rights of society by playing the silicon valley exploitation game.

That to solve all these problems with technology, I would have to start from scratch.

I also knew that starting with a mobile phone (without immense silicon valley investment) would be very difficult, so I had to come up with a plan. I needed to start from the ground-up. I needed to create an ethical computer manufacturing company first, and then expand.

So I set off and wrote a business plan:

• Start by manufacturing laptops.
• Have laptop sales fund growth.
• Prove to the world we can deliver on our promise.
• Grow the digital civil rights movement by making a convenient laptop that respected people and didn’t exploit them.
• Author and bundle those laptops with an Operating System and applications that protected people by default.
• Getting that OS verified and endorsed proving our claim.
• Rinse and repeat to iterate hardware versions.
• Launch a pre-order crowdfunding campaign to manufacture a mobile phone from the schematics on up that would run that same ethical operating system.
• Make sure it has an app store of curated rights respecting apps.
• Follow that with a subscription of ethical services, so everybody can join in the fun.
• Make protecting oneself more convenient than being exploited by big-tech.
• Expand.

That all was the original plan for Purism in 2014. Let’s measure the progress: Laptops, check. OS, check. Endorsements, check. Iterate, check. Phone campaign, check. App store, check… And starting in 2019 – the year of ethical services bundle (coming soon) and of the delivery of the Librem 5 phone.

2019, the year my children will own a mobile phone that protects them.

2019, the year I will have accomplished a major goal I set out to, nearly 5 years ago.

2019, the year we spread technological social good from tens-of-thousands to magnitudes more.

The post Purism Origin Story appeared first on Purism.

We are keeping track of issues by tagging them with the devkit tag in GitLab – a summary of which can be found at this overview.

The release of the dev kit has increased the (already profound) interest in the Librem 5 phone, giving rise to many new questions in the forums – many of which have been answered elsewhere. If you have a question about the dev kit or the phone, the FAQ is always a good place to start looking for answers; the recently-added What are the phone specs? should hopefully clear up the current state of specs and understand what we are going to ship later in the year.

Cortex_M4:

• Fix makefile and ldscript

chatty:

• flatpak: Use ‘disabled’ instead of ‘false’

developer.puri.sm:

• Update FAQ to reflect current devkit and phone status
• Tidy up the table within Sphinx and RTD theme limitations
• Add details about power LED status for devkit
• Add another Python dependency for the flashing script
• Use a local copy of the license button
• Fix typo, tidy up language
• Link back to the docs repository, hard-coding the URL in the theme
• Add dependencies for flashing script
• Add section on headphone connection events
• Refactor application development information
• Add a note about the boot mode
• Simplify instructions for image downloading
• Fix typo in Librem5 devkit troubleshooting documentation.
• Resolve “Patch submission should use “default branch” instead of “master””
• Add build dependency information for uuu

haegtesse:

• README.md: Update instructions on running to not refer to -p

image-builder:

• build-image: Use non-latest kernel when it already exists
• build-image: Create meta.yml early

libhandy:

• Release libhandy 0.0.7
• combo-row: Rework selected-index property setting and notification
• dialog: Close when pressing the back button
• examples: Make the Dialog section look nicer
• rows: Drop pointers to internals on destruction
• meson: Allow to build as a static library
• Adaptive dialog
• combo-row: Add the selected-index property
• action-row: Chain up the parent dispose method
• action-row: Add the activatable-widget property
• HdyComboRow: hdycomborowgetmodel: Add missing scope annotation
• HdyDialer: Don’t use class method slot for ‘delete’
• Use apt-get build-dep . to install dependencies
• tests: Init libhandy
• example: Make the row with no action non-activatable
• action-row: Add the Since annotation to properties
• action-row: Handle show_all()
• HdyComboRow: Don’t use g_autoptr for GEnumClass

librem5-devkit-tools:

https://gitlab.freedesktop.org/mobile-broadband/ModemManager/merge_requests/62
• Readme: Fix file name for uuu flash script.

linux-emcraft:

• librem5-evk: Use a percent scaled brightness
• Panel cleanups
• ext2: Enable posix ACLs

phosh:

• session: Remove incorrect error parameter in DBus call
• rootston.ini: Scale rootston on DSI-1 output
• Fix URLs and copyright holder
• gitignore tag files

uboot-imx:

• • Use partition with bootable flag as mmcpart
  • imx8m_som.h : make the kernel verbose rather than quiet

ModemManager:

• • base-call: Fix in-call URC regex to match handler logic
  • base-call: Increase incoming call timeout to ten seconds

The post Librem 5 Hardware Update appeared first on Purism.

Last week, you might have noticed we announced the creation of an application ecosystem – a rich, secure and free ecosystem of desktop and mobile apps for our Librem products. More details will be revealed as soon as we come to some key decisions regarding how it should be built; but for now, everything will revolve around Flatpak, which we believe is the best technology for what we want to achieve today. We are eager to partner with the Flatpak community, and hope to rapidly build an app store centered around our core values – Free Software and Reproducible Builds.

This post is the first in a series which will announce applications that have either been ported to the Librem 5 at various stages or will work on the Librem 5. It’s also meant to inspire you to write applications for Librem devices on PureOS Store – and help us build great store apps for everyone to use.

And then there’s Lollypop – with the Lollypop music player, you can listen to music on your Librem 5 phone, on Librem laptops, or in any device running PureOS. You can enjoy your music, read the lyrics, trigger the party mode; connect to Last.fm, Libre.fm or ListenBrainz. You will, of course, find it in Purism’s PureOS Store – coming soon.

Help us build a great store app that everyone can use – develop an app for Librem devices on PureOS Store. Find out more at our developer page.

The post Music Player Lollypop added to PureOS Store for Librem 5 Phone and Laptops appeared first on Purism.

We envision PureOS Store as the primary community interface for app developers to contribute to the wider ecosystem, without having to understand the underlying technology like packaging or the mechanism of pushing apps upstream. We want to incentivize developers to create software that meets community values with the ultimate goal of incorporation into PureOS itself.

Apps in the PureOS Store will be evaluated on an ascending scale, with maturity ranging from development and beta levels to a fully-endorsed and default app in PureOS. Correlating “badges” will be utilized to quickly and clearly display the status of a given app, while also reflecting on the software’s freedom, privacy, security, and ethical design.

This will not only facilitate trust in the ecosystem, but will empower users to make informed choices about apps before installing them.

In this way, anyone using Librem hardware or PureOS can understand that the software they rely upon is developed, packaged, and distributed in a socially-conscious manner. The values of PureOS Store reflect the values at Purism and, in fact, those we all would like to see in society.

In addition, we believe PureOS Store can facilitate the distribution of software across Librem devices that run PureOS, from laptops to mobile. We hope to develop real convergence — apps that “just work” regardless of which device they’re running on. Distributions like Debian that run on multiple silicon architectures have always held the promise of convergence, but most efforts at achieving this goal have fallen short. Purism is in the unique position of producing a Free and Open-Source Software (FOSS) laptop and smartphone, enabling an entire ecosystem based upon PureOS and our social values.

Stay tuned for more announcements as we get closer to launch.

The post Purism announces PureOS Store appeared first on Purism.

We live in a dangerous world where privacy and security are more important than ever. In order for software to be trusted, the source code must be available to verify — a simple trust and verify model. Purism is proud to release all of our source code under Free Software licenses that not only empower users but are vital to protect their privacy and security. We favor licenses with strong copyleft like the GNU General Public License version 3, and will release software under the GPLv3 or an FSF-approved license we inherit. Our code can be studied, verified, and shared, whether you use our Librem line of products or not.

Software Freedom Conservancy is a vital and important part of the Free Software ecosystem that we at Purism and billions of people worldwide rely upon. Without organizations that protect and enforce the terms expressed in software licenses, our digital rights are at risk. Conservancy continues to play a central role in legal battles to safeguard these freedoms.

License enforcement is only part of the story, and Conservancy assists its member projects by handling all matters other than software development and documentation, so the developers can focus on what they do best: improving the software for the public good. Many of these member projects play a critical role in the advancement of privacy and security, such as the Reproducible Builds project and coreboot, one of the standout security features of Purism’s Librem laptops and upcoming smartphone.

Purism is delighted to contribute $1,000 USD to support Software Freedom Conservancy. Their funding drive ends today and we urge everyone who utilizes Free Software as part of their daily workflow or toolchain to donate to Conservancy and help them reach their fundraising goals.

Donate Today!

The post Purism Supports Software Freedom Conservancy appeared first on Purism.

7th Gen Intel Core CPU

More speed is always good. The base frequency will increase 200Mhz, jumping to 2.7 GHz and with Intel’s Turbo boost, this new CPU max speed will increase from 3.1 GHz to 3.5 GHz. Even with the speed increases, the Thermal Design Power (TDP) will still remain at 15 Watts allowing us to run cool and keep battery life optimal. All of this while still working with coreboot, the fast and secure open source BIOS.

HD Graphics 620 GPU

The new 7th Gen Intel Core Processor brings with it upgraded integrated graphics, the Intel HD Graphics 620. This has the same core clock speed as the previous 520, but with 8 more texture mapping units giving the 620 a faster texture fill rate. Shader performance is generally more relevant here and with 192 Shader processing units compared to the previous 24, the HD Graphics 620 will deliver a smoother and more efficient experience with up to 4K video playback.

4K video playback, 4K Display

The Librem 15 screen upgrades from HD to Ultra HD, with a 4K display! With the 15.6 inch screen now supporting a higher resolution (3840 x 2160), there will be more pixels per inch (PPI). More pixels per inch translate to a sharper display. Better for both work and play.

New Hardware, Same Price

These hardware updates, including the 4k display on the Librem 15 all come without increasing the base price. The Librem 13 still starts at $1399 and the Librem 15 at $1599. Don’t forget that we also offer interest-free financing so you can split that cost over six or twelve monthly payments.

The post Librem laptops now at Version 4 appeared first on Purism.

Our dev kit’s design is released under the terms of the GNU GPLv3+, its hardware Git repository can be found here: https://source.puri.sm/Librem5/dvk-mx8m-bsb

KiCad as The Obvious EDA of Choice

Before the development of the dev kit began, it was not completely clear which path we would take to produce the design, specifically, which Electronic Design Automation (EDA) tool would be used. Initially, the idea was to modify FEDEVEL’s i.MX 6QP OpenRex board, which would have satisfied the dev kit’s basic requirements, but we quickly met two major issues: it used the archaic i.MX 6QP, and even worse was that it was designed in the proprietary EDA suite Altium. Luckily, I had prior experience designing electronics using the EDA tool KiCad, so Purism had the opportunity to create a dev kit design which used 100% Free Software. KiCad was also an obvious choice not only due to its freedom respecting license (GNU GPLv3+), but also because it is a very capable electronics design suite that even outperforms several pricey proprietary tools out there.

Selecting Components Which Met The Requirements

The first step when designing our dev kit involved searching for components which met the requirements that we defined in our campaign. In addition to meeting the specs outlined in the campaign, while searching for components, we decided to add quite a few extra bells and whistles; including:

• a charge controller (BQ25896)
• 18650 battery holder for an optional li-ion battery
• USB-C
• mini-HDMI
• SD card controller & micro-SD slot (since the i.MX 8M only has two uSDHC controllers)
• ethernet/RJ45
• audio codec
• earpiece speaker
• microphone
• CTIA/AHJ 4-pole 3.5mm headphone jack (with selection between on-board and external mic)
• GPG smart card reader & slot
• haptic/vibration motor
• user/software-controllable LED
• volume & power buttons
• hardware kill switches & boot-mode switch
• 16Mb SPI NOR flash
• a real-time clock (RTC)

We also added the to-be-expected through-holes for a UART debug header which is unpopulated by default (serial over USB works on the default image shipped with your dev kit). Hint: If you are not comfortable with a soldering iron then you may be able to use a press-fit header on these through-holes, search for the part-number Autosplice 23-1063. We included an SMD 2×5 JTAG footprint on the board and verified its functionality during our prototype phase; if this is something you’re interested in playing around with then have a look for the part-number GRPB052VWQS-RC.

For the WWAN/baseband modem and the Wi-Fi + BT we knew we needed to go with some sort of modules, surface-mount or otherwise. Early on, Nicole had the brilliant idea of using mPCIe and M.2 modules so as to make the dev kits modular and future-proof. We eventually nailed it down to the mPCIe SIMCom SIM7100A/E baseband modem module and the M.2 RedPine RS9116 Wi-Fi+BT module.

Beginning the Schematic Drawing

Initially, when the research phase was effectively over and we had to begin bringing our ideas into life, the i.MX 8M Quad had just recently become available on the market. In order to get a head-start in the development, add some extra modularity and future-proofness, we decided to go with a System-On-Module (SOM), which includes the SoC, SDRAM, eMMC, and PMIC. However, even in the early stages of our development when we began drawing the schematics, there were SOMs we were interested in that still didn’t get to their first production run. At around mid-April we established a natural relationship with EmCraft who were just getting into their first big SOM production run and were close to releasing its Hardware Architecture spec sheet. We determined that EmCraft’s SOM and their general resources were exactly what we needed. Once the specific SOM we were going to use was nailed down we were able to really begin cranking through the design.

The process of defining the specific components to be used on the dev kits was done concurrently with drawing the schematics. The entirety of our design was done using Git as our revision control system.

After the schematic drawing was completed, we then exported our netlist file, getting us that much closer to the physical implementation of the dev kit.

HP_DET Simulation

In addition to using KiCad for the design of the dev kit, we also used a free software tool called Qucs-S and the free software SPICE-compatible simulation kernel called Xyce to simulate our headphone detect circuit, which included a zener diode used to protect the respective GPIO from too high or too low of input voltage from the audio codec’s HP DAC output. The combination of Qucs-S and Xyce allowed us to use the MMSZ4688T1G diode’s SPICE model in a circuit that best represented the physical conditions of nothing being inserted into the 3.5mm jack but the HP DAC output being active.

This simulation, as well as the simple DC case where the 3.5mm jack’s internal switch is open and only the 1MΩ pull-up to 3V3_P, the optional internal pull-up, and the zerner are present allowed us to prove that this protection method would work.

Creating Footprints

Around mid-June, when the Bill-Of-Materials (BOM) was complete and we began placing orders for the components, we were generating footprints for everything (chips, connectors, modules, etc). The process of creating these footprints involved going through each IC’s recommended land pattern as defined in their datasheet and quadruple checking to make sure everything was correct.

Using KiCad’s amazing 3D viewer, we were able to give nearly every component a 3D model so as to help establish a tangible visualizer for the progress being made.

Beginning Floorplanning, Routing, and Updating KiCad

Early on, a rough floorplan was made to help us establish how much board area was needed (90x180mm) and where the various larger components would go (connectors, receptacles, card slots, mPCIe & M.2 sockets, modules, etc). After really getting into the layout, some things continued to move around but were quickly pinned down on their specific locations.

In late-June we began routing, starting with the USB-C receptacle (commit a1bfc689). This marked the beginning of our layout process.

The routing process involved a delicate balance between working as quickly as possible while making sure everything done properly without error, including carefully routing controlled-impedance tracks and sensitive analog lines.

Initially we were unsure how many layers were needed and whether we needed components on both sides of the board. We knew that EmCraft’s i.MX 8M baseboard used 8-layers and had components on both sides, but we were pretty confident that we could at least cut down on the number of layers. We quickly realized that since we were going to have some components on the “back” of our board (display side), including the display connectors, proximity/ambient light sensor, user LED, speaker, and microphone, there would certainly be components on both sides of the board. Having components on both sides made the layout process somewhat easier since this freed up some space for where we could place the SPI NOR flash, smart card reader, RTC, 2.8V LDO, various ICs, passives, and other components. As for the number of layers, we decided to cut it down to 6-layers and would only add 2 additional layers if we were to hit a gridlock and not be able to route some nets; luckily this never happened and we were able to stick with just 6.

We opted to use a common stack-up which provides the best balance between ease of routing and reduces unintentional radiated emissions. The dielectric substrate that was used was NAN YA’s NP-180TL copper clad laminate, which has a relative permittivity of ~4.11 at our average operating frequency of ~1.7GHz. Our RF feedline calculations for the board’s microstrip and coplanar waveguide (CPW) feedlines using this stackup can be found in the Git repo.

Before we began implementing the dev kit in KiCad we were not too sure if we wanted to use the nightly builds or stick with the somewhat older 4.0.7 stable release. Even though the nightly builds had several desirable features, we decided to go with the stable release so as to not have to frequently update KiCad and risk being on different versions. After getting a small dent into our layout, KiCad 5.0.0 was released! On July 16th we managed to update our dev kit project to KiCad 5.0.0 (specifically commits 4f70b865 and a4e3de8a) without much hiccup. Luckily, this update coincided with our switch from most passive components being 0603 to being 0402, since KiCad’s new passive footprints are a bit different than the old default ones, the pads having rounded corners which is more effective for lead-free solder.

After the updating the project to 5.0.0 we were able to focus heavily on getting through the layout and were able to get the unrouted net count down to 0 within a month (August 14th, specifically commit 9b4dd2e0).

When all nets were routed and the Design Rules Check (DRC) was passing, we were able to go back and tidy everything up for the next week or so.

Our most useful resources when laying out the board were the ICs’ layout reference found in either their datasheet or their evaluation board and Toradex’s Layout Design Guide which can be found here: https://docs.toradex.com/102492-layout-design-guide.pdf

Exporting Manufacturing Files and Sending Them Off For Fabrication

After the layout was considered complete, we had to export all of the necessary manufacturing files used to fabricate and assemble the boards. Exporting the Gerber files was straightforward since KiCad makes this step quite easy. However, our assembly house requested that we also provide a fabrication and assembly drawing which took more involvement to produce.

We mostly used gEDA’s Gerbv to preview our design’s exported Gerber files. A neat web tool that uses Gerbv and ImageMagick as its renderer is Gerblook, here’s a static link to our dev kits in Gerblook: http://gerblook.org/pcb/rTgd4Aqusxr7XQLSdKa9V3

In order to generate a proper assembly drawing, we made use of KiCad’s F.Fab/B.Fab layers to show the locations, outlines, polarity, and reference designators of all components on the board. By using each of the footprints’ F/B.Fab layers we were able to generate the final drawing by printing F.Fab and B.Fab onto separate PDFs and combining them afterwards.

The fabrication drawing was even more involved. To produce this, we needed to export the fabrication notes found on the Cmts.User layer along with the board’s outline as one DXF file and then export all of the drill marks as another DXF file. After these two files are generated, they are then combined and adjusted inside a footprint drawing. Then, once we have this special “footprint” that combines the two DXF files, we hide just about everything in the layout and import this special “fab” footprint (without saving this temporary layout). At this point, everything we need is found on the Dwgs.User layer; so we are able to print this along with the frame reference onto a final fabrication drawing PDF.

Each of these files and documents are used along with the IPC-D-356 netlist (which allows the fabrication house to do a flying probe test on the boards to make sure there are no short/open circuits), a component placement list CSV file (for the assembly house to know where and what orientation all components are placed), and finally a manually-edited GenCAD file (which is used by the assembly house to program their solder paste machines for our board).

Testing Prototypes

After all of the final manufacturing files were delivered to the fabrication and assembly firms, we answered any questions they may have had during the process, and tweaked anything that may need to be adjusted based on their feedback. At around late August, the files were sent off and we were anxiously waiting for our design to hit the fabrication floor in Shenzhen. Unfortunately, as outlined in an earlier blog post, several unforeseen circumstances such as severe weather and most of China observing Golden Week, we saw significant delays in the production of our prototypes. Due to these delays we decided to switch to a domestic factory for the fabrication of our prototypes, which managed to get the boards to us two weeks faster than the ones being made overseas.

After the small batch of prototypes were assembled they were quickly shipped to team members for debugging and software development. Luckily, due to constant review of the design from several parties as well as persistent scrutinization, there were very few errors found in the prototype’s hardware design (three relatively minor layout/netlist adjustments and one mechanical fix). For the following two months the prototypes were used to help bring the software to a more polished state.

Final Production and Shipping

At around early-to-mid November, after making the minor adjustments needed to the hardware design, and once we were at a comfortable state where nearly every hardware subsystem was validated, we went through the process of re-exporting and delivering the manufacturing files to our hand-picked fabrication and assembly house for the final build. At this point, a few of us at Purism used December 10th-22nd as a dedicated time to help with the assembly, testing, packing, and shipping of the final units which went out to backers (many of which were delivered before Christmas!).

Figure 16: Fully assembled dev kit compared to the 3D view (display side)

Figure 17: Fully assembled dev kit compared to the 3D view (SOM side)

The entire process was quite an intense time crunch but it was well worth it, especially after we see what the community is able to produce with our efforts. Some have even already begun designing 3D printed cases for the dev kit. We look forward to seeing what cool software and uses you come up with for these awesome boards! Feel free to share all of the cool stuff you develop for the dev kit by emailing us at feedback@puri.sm, if it’s super awesome we may just have to share it on a future blog post.

Now our efforts are focused getting the Librem 5 phone out the door. So until next time, stay inventive!

The post How We Designed the Librem 5 Dev Kit with 100% Free Software appeared first on Purism.

Hello everyone! We have accomplished so much in the last 3 months and need to share, so prepare yourself for a dense update on the Librem 5 phone, PureOS, and software applications.

As you know, we have a number of important components in the Librem 5 that we will try outline.

Calls

Let’s start off with the Calls application.  The calls application is what allows us to place phone calls and what makes the phone a
phone.  In these past few months, we’ve been making this application work wonderfully.  Below is a demo of the calls application receiving a phone call.  So the basic support for the calls application is complete and we’re working making a great design.  We’ve successfully implemented important basic features like ring tones.

If you’re interested in following the work, we’ve included the merge
requests for calls below and important issues that were created:

Merge Requests

https://source.puri.sm/Librem5/calls/merge_requests/5 – flatpak: enable access to dconf config
https://source.puri.sm/Librem5/calls/merge_requests/20 – new-call: set input hints and purpose of SearchEntry
https://source.puri.sm/Librem5/calls/merge_requests/25 – mm-provider: clarify warning a bit
https://source.puri.sm/Librem5/calls/merge_requests/23 – history-box: add empty view
https://source.puri.sm/Librem5/calls/merge_requests/19 – add i18n support
https://source.puri.sm/Librem5/calls/merge_requests/4 – add test for origin and calls
https://source.puri.sm/Librem5/calls/merge_requests/21 – add calls-application class
https://source.puri.sm/Librem5/calls/merge_requests/18 – add a call window and header bars
https://source.puri.sm/Librem5/calls/merge_requests/26 – display dialer on startup
https://source.puri.sm/Librem5/calls/merge_requests/28 – post ui change cleanups
https://source.puri.sm/Librem5/calls/merge_requests/18 – add call window and header bars
https://source.puri.sm/Librem5/calls/merge_requests/27 – flatpak support
https://source.puri.sm/Librem5/calls/merge_requests/29 – fixed memory leak
https://source.puri.sm/Librem5/calls/merge_requests/32 – pay attention to the addition and removal of a modem
https://source.puri.sm/Librem5/calls/merge_requests/33 – flatpak: Don’t build the libhandy Glade catalog
https://source.puri.sm/Librem5/calls/merge_requests/34 – cleaned up ringtone ringer
https://source.puri.sm/Librem5/calls/merge_requests/35 – providers in calls are now plugins
https://source.puri.sm/Librem5/calls/merge_requests/36 – updated calls icons
https://source.puri.sm/Librem5/calls/merge_requests/37 – flatpak building
https://source.puri.sm/Librem5/calls/merge_requests/38 – changes to support impending call history changes

Issue Requests

https://source.puri.sm/Librem5/calls/issues/18 – memory leak in find_call_holder
https://source.puri.sm/Librem5/calls/issues/19 – memory leak in set_focus
https://source.puri.sm/Librem5/calls/issues/20 – memory leak in calls_call_window_add_call
https://source.puri.sm/Librem5/calls/issues/36 – transferred TODO list to gitlab issues
https://source.puri.sm/Librem5/calls/issues/7#note_11069 – investigation into evolution data server/sqlite
https://source.puri.sm/Librem5/calls/issues/22 – DTMF fails with error Rejected send message

Hægtesse

Hægtesse is a daemon to transfer audio data between a modem and PulseAudio.  It currently only supports the SIMCom SIM7100 modem but may be useful for other modems.  The purpose of Hægtesse is to monitor the modem and when a call is initial to configure PulseAudio automatically for a phone call.  This is a necessary component for phone calls.

Issues

https://source.puri.sm/Librem5/haegtesse/issues/1 – fills log when /dev/tty4 is not present

Merge Requests

https://source.puri.sm/Librem5/haegtesse/merge_requests/3 – Hægtesse listen to udev for the appearance of the audio TTY
https://source.puri.sm/Librem5/haegtesse/merge_requests/4 – Add full GPLv3 text
https://source.puri.sm/Librem5/haegtesse/merge_requests/5 – Build with gitlab-ci
https://source.puri.sm/Librem5/haegtesse/merge_requests/7 – fix build on PureOS

Libhandy

Libhandy is a library that extends GTK+ to be used on mobile profiles.  With libhandy, you can port any GTK3 or higher app that you have into a mobile profile.  If you have an application written in GTK3, reach out and we’d be happy to help you port it to libhandy.  To find out more about libhandy go here:
https://source.puri.sm/Librem5/libhandy/wikis/home for our roadmap.

Here is an example of GNOME Web (epiphany) ported libhandy

Documentation and example code.

Libhandy has had made significant advancements these months with several releases made.

Libhandy is currently being used to port many core GNOME apps to the librem5

Merge requests:

https://source.puri.sm/Librem5/libhandy/merge_requests/137 – HdyDialer: Apply ‘keypad’ style class
https://source.puri.sm/Librem5/libhandy/merge_requests/145 – Don’t invoke signal handlers on finalized HeaderGroups
https://source.puri.sm/Librem5/libhandy/merge_requests/147 – add i18n support
https://source.puri.sm/Librem5/libhandy/merge_requests/146 – doc fix
https://source.puri.sm/Librem5/libhandy/merge_requests/145 – HdyHeaderGroup signal disconnections
https://source.puri.sm/Librem5/libhandy/merge_requests/146 – few documentation fixes
https://source.puri.sm/Librem5/libhandy/merge_requests/147 – enabling l10n
https://source.puri.sm/Librem5/libhandy/merge_requests/148 – g_auto* documentation
https://source.puri.sm/Librem5/libhandy/merge_requests/150 – drop Jenkinsfile
https://source.puri.sm/Librem5/libhandy/merge_requests/151 – Syntax highlight HACKING
https://source.puri.sm/Librem5/libhandy/merge_requests/152 – Init public GObject types in hdy_init()
https://source.puri.sm/Librem5/libhandy/merge_requests/153 – fixes to MacOS Build
https://source.puri.sm/Librem5/libhandy/merge_requests/154 – Add measure() methods
https://source.puri.sm/Librem5/libhandy/merge_requests/155 – drop direct access to event fields
https://source.puri.sm/Librem5/libhandy/merge_requests/156 – renaming margins for GTK4 support
https://source.puri.sm/Librem5/libhandy/merge_requests/157 – make HdyDialer a descendant of GtkBin
https://source.puri.sm/Librem5/libhandy/merge_requests/159 – fix a mention of a HdyLeaflet in the docs
https://source.puri.sm/Librem5/libhandy/merge_requests/162 – unstability acknowledgement documentation improvements
https://source.puri.sm/Librem5/libhandy/merge_requests/165 – normalize and document private header guards
https://source.puri.sm/Librem5/libhandy/merge_requests/166 – adding hdysearchbar
https://source.puri.sm/Librem5/libhandy/merge_requests/167 – remove useless libhandy options from example flatpak
https://source.puri.sm/Librem5/libhandy/merge_requests/168 – document more coding style
https://source.puri.sm/Librem5/libhandy/merge_requests/169 – reproducible build of libhandy
https://source.puri.sm/Librem5/libhandy/merge_requests/172 – hdy_init() docs improvements
https://source.puri.sm/Librem5/libhandy/merge_requests/173 – add transfer none to hdy_init()
https://source.puri.sm/Librem5/libhandy/merge_requests/174 –  fix HdyHeaderGroup references
https://source.puri.sm/Librem5/libhandy/merge_requests/175 – example: put the content in a scrolled window
https://source.puri.sm/Librem5/libhandy/merge_requests/176 – add many row widgets
https://source.puri.sm/Librem5/libhandy/merge_requests/177 – leaflet: clear the children list on disposal
https://source.puri.sm/Librem5/libhandy/merge_requests/178 – build: set the shared object install directory
https://source.puri.sm/Librem5/libhandy/merge_requests/179 – update meson.build for MinGW compatibility
https://source.puri.sm/Librem5/libhandy/merge_requests/180 – build: dont’ use -fstack-protector-strong on mingw64
https://source.puri.sm/Librem5/libhandy/merge_requests/181 – update docs skeleton

Issues:
https://source.puri.sm/Librem5/libhandy/issues/57 – HdyTitleBar broken with .devel window in org.gnome.Sdk//master
https://source.puri.sm/Librem5/libhandy/issues/52 – issues compiling on OSX

Librem5-devkit-tools

Librem5 devkit tools are the set of tools to enable the devkit that was recently shipped out to crowdfunding supporters.

– https://source.puri.sm/Librem5/librem5-devkit-tools

Virtboard

Virtboard is our virtual keyboard used on the Librem 5.  Work has been on-going in enabling the virtual keyboard mostly focusing on making this input working under wayland.  The UX experience is still on-going.  Feedback is of course encouraged.

Merge requests
– https://source.puri.sm/Librem5/virtboard/merge_requests/20 Unbreak virtboard crashing when using GCCs stack protector
– https://source.puri.sm/Librem5/virtboard/merge_requests/21 Update input-method protocol
– https://source.puri.sm/Librem5/virtboard/merge_requests/22 make virtboard fully hidden
– https://source.puri.sm/Librem5/virtboard/merge_requests/23 virtboard translations
– https://source.puri.sm/Librem5/virtboard/merge_requests/24 convert to glib mainloop
– https://source.puri.sm/Librem5/virtboard/merge_requests/25 added multiple layouts

Chatty

Chatty is our combination SMS and encrypted communication app.  Chatty currently works with SMS and with the help of libpurple we can also have E2E encrypted communication as promised before.

We currently can successfully send SMS between phones.  Below is a demo of the chatty doing some emoticons.  You might recall last post we showed chatty doing real SMS.  The UX experience is still on-going and continues to evolve.  Follow along in this issue –

https://source.puri.sm/Librem5/chatty/issues/52 for how the UX is coming along.

Merge requests

– https://source.puri.sm/Librem5/chatty/merge_requests/1 Add some basic gitlab-ci
– https://source.puri.sm/Librem5/chatty/merge_requests/2 fixing the Flatpak manifest
– https://source.puri.sm/Librem5/chatty/merge_requests/3 porting the window to Glade
– https://source.puri.sm/Librem5/chatty/merge_requests/4 Remove arm special casing
– https://source.puri.sm/Librem5/chatty/merge_requests/5 don’t access inexistent header bar
– https://source.puri.sm/Librem5/chatty/merge_requests/6 Use glib’s logging
– https://source.puri.sm/Librem5/chatty/merge_requests/7 Don’t ignore compiler warnings
– https://source.puri.sm/Librem5/chatty/merge_requests/9 Fix build with a default set of warnings enabled
– https://source.puri.sm/Librem5/chatty/merge_requests/10 Enable and fix more compile warnings
– https://source.puri.sm/Librem5/chatty/merge_requests/13 Fix crash during message parsing
– https://source.puri.sm/Librem5/chatty/merge_requests/14 Make text in chat bubble copyable
– https://source.puri.sm/Librem5/chatty/merge_requests/15 Fix new messages not being displayed
– https://source.puri.sm/Librem5/chatty/merge_requests/16 Prepare chatty for translations
– https://source.puri.sm/Librem5/chatty/merge_requests/17 Fix time format display
– https://source.puri.sm/Librem5/purple-mm-sms/merge_requests/1 Add Debian packaging
– https://source.puri.sm/Librem5/chatty/merge_requests/21 – add Debian packaging
– https://source.puri.sm/Librem5/chatty/merge_requests/29 – don’t use network when verifying appdata files
– https://source.puri.sm/Librem5/purism-chatty/issues/5 Suggested closing the old project
– https://source.puri.sm/Librem5/chatty/issues/52 – improve chatty UI

Design

Most of our design is being done in GNOME upstream except of course for the UX experience in the Librem 5 specific component.  Purism believes deeply in working in the upstream and we work closely with GNOME’s designers.  Below are a number of design mockups that were conceived for various GNOME apps to work with libhandy.

– https://gitlab.gnome.org/Teams/Design/app-mockups/blob/master/todo/todo.png Adaptive Mockups for GNOME TODO
– https://gitlab.gnome.org/Teams/Design/app-mockups/blob/master/notes/notes.png – Adaptive Mockups for GNOME Notes
– https://gitlab.gnome.org/Teams/Design/os-mockups/blob/master/view-switcher/adaptive-view-switcher-modes.png – proposal for adaptive view switching modes (commited to implement by Adrien)
– https://gitlab.gnome.org/GNOME/Initiatives/issues/2 – new app icons for GNOME

In addition, a lot of work has gone in to designing parts of GNOME like the control center to work in a mobile context.

WLroots

WLroot is the Wayland implementation for the Librem5 and which phosh our UX shell runs on.  Mostly working on getting libinput working.  We did some investigations on using rust bindings, but turned out that it was more work with very little advantage.

Merge requests:
– https://packages.debian.org/source/experimental/wlroots – update debian packaging
– https://source.puri.sm/Librem5/wlroots/merge_requests/35 – input-method and text-input support to the Librem5
– https://source.puri.sm/Librem5/wlroots/merge_requests/40 – wlroots update

Issues:

– https://source.puri.sm/Librem5/wlroots/issues/6 – rootston freezes on ssh log out
– https://source.puri.sm/Librem5/wlroots/issues/18 – rootston often freezes

Phosh

Phosh is the actual visual look and feel of the Librem 5.  The most significant work here is being able to detect idle and dim the screen automatically when not on battery power.  Some work on the lock shield was also done and various UX fixes and features.
For more information see the merge requests before.

Merge requests

– https://source.puri.sm/Librem5/phosh/merge_requests/143 Update translations from zanata
– https://source.puri.sm/Librem5/phosh/merge_requests/153 – Drop hard coded weston-terminal from favorites
– https://source.puri.sm/Librem5/phosh/merge_requests/154 – Add a poweroff button to the settings menu
– https://source.puri.sm/Librem5/phosh/merge_requests/158 – use actual values for transform instead of looking at rotation property
– https://source.puri.sm/Librem5/phosh/merge_requests/159 – make sure setting buttons stay circular

Issues

– https://source.puri.sm/Librem5/phosh/issues/52  – look into full screen blank support on lock

Upstream Work

Purism knows it stands on the shoulders of giants.  We would not be be successful without our upstream partners.  We make sure that our technical debt is as small as possible, preferring to work in upstream as much as a matter of course.  Below is a list of the work we have done in the various upstreams that we depend on.  This is not an exhaustive list of projects since we do other upstream work for our laptops as well.

We are very proud of our upstream work and being part of these upstream projects.

– https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910640 – Debian’s libgtk-4-dev Needs to depend on libvulkan-dev
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/200 – Kept pushing making the WiFi panel adaptive
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/243 – Moving the app menu
– https://gitlab.gnome.org/GNOME/gnome-contacts/merge_requests/41 – contact deselection on creation fix
– https://gitlab.gnome.org/GNOME/gnome-contacts/merge_requests/42 – using HdyHeaderGroup
– https://gitlab.gnome.org/GNOME/gnome-contacts/merge_requests/43 – using HdyTitleBar
– https://gitlab.gnome.org/GNOME/gtk/issues/1399 – Suggested to not show dashed border in keyboard-navigable selected elements when no keyboard is available
– https://gitlab.gnome.org/GNOME/Initiatives/wikis/GNOME-apps-mobile – Helped Javier set up the initiative
– https://github.com/swaywm/wlroots/pull/1316 – don’t let the wlr_output handle the fullscreen view in case

– https://github.com/swaywm/wlroots/pull/1203 – Support input method and text input
– https://gitlab.gnome.org/GNOME/gtk/merge_requests/384  – reviewed fix for text input protocol
– https://github.com/haecker-felix/Fragments/pull/41 – fixed a text flickering
– https://gitlab.gnome.org/GNOME/gitg/merge_requests/21 – GtkActionBar for the commit tool bar
– https://gitlab.gnome.org/GNOME/gitg/merge_requests/22 – fixing the diff options sliding direction
– https://gitlab.gnome.org/GNOME/glade/issues/339 – Suggested to not destroy existing property bindings
– https://gitlab.gnome.org/GNOME/glade/issues/340 – Suggested to support property bindings
– https://github.com/swaywm/wlroots/pull/1316 – Fix bug with full screen views and overlays (otherwise it will cause trouble with full screen video/pdf vs the lock screen
– https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911146 – xwayland spurious crashes
– https://github.com/swaywm/wlr-protocols/pull/27 – securing wayland protocols
– https://gitlab.gnome.org/Community/Purism/gnome-software/tree/wip/aplazas/narrow – start of adaptive
– https://gitlab.freedesktop.org/mobile-broadband/ModemManager/issues/92 – supplementary call operations
– https://gitlab.gnome.org/GNOME/gtk/issues/1447 – tried to solve input method complications in gnome-shell
– https://gitlab.gnome.org/Community/Purism/gnome-clocks/tree/librem5 – librem 5 clock application
– https://bytesgnomeschozo.blogspot.com/2018/11/gnome-at-capitole-du-libre-2018.html – blog post on Capitole du libre conference
– https://gitlab.gnome.org/GNOME/gtk/merge_requests/425 – transient window notification fix to 3.24
– https://gitlab.gnome.org/World/lollypop/merge_requests/1319 – flatpak build fix for lollypop
– https://gitlab.gnome.org/GNOME/epiphany/merge_requests/56 – make title bar more adaptive
– https://gitlab.gnome.org/GNOME/epiphany/merge_requests/59 – make search bar adaptive
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/312 – 4 adaptive panels for GNOME settings
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/313 – make shell more adaptive
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/200 – Wifi panel adaptive
– https://gitlab.gnome.org/GNOME/gnome-characters/issues/46 – icon mismatch
– https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/317 – implement new network connection editor design
– https://gitlab.freedesktop.org/mobile-broadband/ModemManager/merge_requests/59 – policy: call method name should be SendDtmf rather than SendTone
– https://gitlab.gnome.org/GNOME/libgnome-volume-control/merge_requests/3 – make debug less verbose
– https://source.puri.sm/Librem5/wlroots/merge_requests/40 – WIP: Update 0.2
– https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/43 – rework wwan plugin after upstream feedback

Documentation

This effort can never survive without documentation.  In that regard, welcome David Boddie to the Librem 5 team working on documentation for the Librem 5.  The whole team, while focusing on their development, are equally aware of the role of documentation and have worked diligently in making sure that people create applications for the Librem 5.  With two members working exclusively on documentation and developer experience, we hope to make writing applications for the Librem 5 as easy as it can be.  Feedback in improving our documentation would be most welcome!

A lot of focus was made on creating documentation on how to create Librem 5 applications with sample code.

Issues

– https://source.puri.sm/Librem5/developer.puri.sm/issues/28 – Upate GNOME Builder section

Merge requests

– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/55 – GTK+ limit the documentation to libhandy 0.0.3
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/60 – update qemu
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/61 – update email lists to be lists.community.puri.sm
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/63 – add stack picture and more intro
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/68 – GTK+: add links to the GTK+ and libhandy docs
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/71 – GTK+: Note to adjust label’s xalign when ellipsized
– https://source.puri.sm/david.boddie/python-gobject-gtk3-examples – collection of simple PyGObject examples
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/84 – document phosh’s supported DBus APIs
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/85 – document some trivial phosh apis
– https://source.puri.sm/Librem5/developer.puri.sm/merge_requests/82 – added small descriptions of KDE-related technologies

Phone hardware/Dev Kit

The recent shipping of the Librem 5 dev kit represents countless hours of work with an aggressive schedule.  Nicole, Eric, and Petra, along with dedicated operations staff, worked continuously for a week to package all the dev kits to be shipped out to our dev kit backers.

When it comes to software and hardware freedom, we not only do the talk, we do the walk.  Everything in the dev kit, is licensed under the GNU GPL v3+.  We have released the schematics for the dev kit and all source files.  We encourage you to participate and bring your talents and join us!

By now everyone who ordered a dev kit would have received it and are working on the hardware to get it fully enabled from the LCD panel to user-controlled LEDs.  We will be sharing more photos and videos of the dev kits in action as more and more community members advance the software around them.

In the meanwhile, our matrix channel has become a hot bed of activity as people prod and poke their dev kits, asking questions and following along with the devleopment of the phone.

As for the phone, we have confirmed the BOM (Bill of Materials) and the sourcing of parts, we are only finalizing the I.MX 8M or 8M Mini by benchmark testing. Once we have approved the design (also planned in January) we can create the necessary molds and stamps.

January is going to be really busy for Purism as we split time between the dev kit advancements and then pivoting to the Librem 5 phone hardware, but we welcome the excitement around what we’re doing.  We will have a retrospective post on the dev kit tomorow (2019-01-09), so stay tuned for that!

Short Summary of the work:
– Moved to Kernel 4.18.11
– Reworked device tree for dev kit
– add texture support on GC7000   https://source.puri.sm/guido.gunther/mesa/tree/gc7000-bo-relocs,   https://source.puri.sm/guido.gunther/mesa/tree/gc7000-bo-relocs
– PureOS now building on our build server using Laniakea build system
– a mechanical issue was discovered with the M.2 module not sitting flush against the board so a taller M.2 connector was used on the final dev kit design
– RedPine fixing the W_DISABLE# issue, they will use a bodge wire for our 340 dev kit units so that the HKS works as anticipated
– Fixed various issues in the nwl-dsl (mipi) driver
– picture of working HDMI – https://talk.puri.sm/_matrix/media/v1/download/talk.puri.sm/SSvCOnFIIdtgeXqmrMrjZkje
– Fixup several bugs in the imx8ms mipi dsi layer
https://source.puri.sm/Librem5/linux-emcraft/commit/2a10a1eaee8860f0f79b513497039ca21a5ded76
https://source.puri.sm/Librem5/linux-emcraft/commit/34bfd44c92bd32b4cd8c88a7943ced00c699a398
https://source.puri.sm/Librem5/linux-emcraft/commit/937cb53b89c26ba3011ea05f6ae14b1134036a6c

– Initial (WIP) LCD panel driver
https://source.puri.sm/guido.gunther/linux-imx8/commit/919a834a865824eeeeb9b98bc4932ae46a614fba
+ Look at haptic sensor. Driven by the kernel’s joystick force feedback
interface (and therefore exposed to userspace as an input
device). We’ll need write a tiny driver for that.

Purism in the Public

Purism employees are not hermits and you can find them at various conferences.  Here are some of the things our employees have done.

– Dorota: Gave a talk based on Rust+Wayland research, dutifully credited Purism (video incoming… at some point): http://rust.cologne/2018/10/10/at-cisco.html

– Adrien and Francois were at Capitole du Libre, running the GNOME booth there.

FOSDEM – A number of us will be at FOSDEM doing talks and hanging out.  More information on what our plans are for FOSDEM in another post.

Closing

That’s all for now!  Stay tuned on these pages for new applications, the retrospective on the dev kit, and other features!  Things are rolling fast!  Thank you to our fans for making 2018 a wonderful year and looking forward to 2019!  It’s going to be awesome!  Thank you for a great year!

The post End of Year Librem 5 Update appeared first on Purism.

The choices below are listed in no particular order and, wherever possible, we link to author websites and privacy-respecting sources.

Reading about surveillance capitalism may not warm your heart, but it could put a fire in your belly and encourage you to #DemandFreedom in 2019.

The End of Trust – McSweeney’s Issue 54 (Nov. 2018)

Compiled by the team at the Electronic Frontier Foundation (EFF) for McSweeney’s, this collection features writing by luminaries like Cory Doctorow, Gabriella Coleman, Edward Snowden, Bruce Schneier, and many more. Among the gems within is a conversation between artist Trevor Paglen and journalist Julia Angwin, with Paglen having this to say about the intersection of freedom and privacy:

“I think I had the sense of growing up within structures that didn’t work for me and feeling like there was a deep injustice around that. Feeling like the world was set up to move you down certain paths and to enforce certain behaviors and norms [didn’t] work for me, and realizing that the value of this word formerly known as privacy, otherwise known as liberty, plays not only at the scale of the individual, but also as a kind of public resource that allows for the possibility of, on one hand, experimentation, but then, on the other hand, things like civil liberties and self-representation.”

Click Here to Kill Everybody: Security and Survival in a Hyper-connected World – Bruce Schneier, W. W. Norton & Company (Sep. 2018)

Schneier’s latest book is a sobering account of the pitfalls of modern technology. It covers a lot of ground, such as the huge gap between security and implementation in Internet-of-Things devices. The author has a gift for raising questions that cause the reader to rethink the underlying technology behind seemingly-simple tech, like network-connected baby monitors:

“They’re surveillance devices by design, and can pick up a lot more than a baby’s cries. Of course, I had a lot of security questions. How is the audio and video transmission secured? What’s the encryption algorithm? How are encryption keys generated, and who has copies of them? If data is stored on the cloud, how long is it stored and how is it secured? How does the smartphone app, if the monitor uses one, authenticate to the cloud server?”

American Spies: Modern Surveillance, Why You Should Care, and What to Do About It – Jennifer Stisa Granick, Cambridge University Press (Jan. 2017)

Granick gives the reader a real sense of just how big, and just how pervasive, U.S. intelligence programs really are. The author doesn’t stop with government programs, however, and calls out Big Tech for its major role in population surveillance:

“Spying is thriving not only because of technology, but also because of modern business models. Much of the modern privacy problem is the result of people giving up their data – knowingly or otherwise – to obtain cool new products and services.”

Nothing to Hide: The False Tradeoff between Privacy and Security – Daniel J. Solove, Yale University Press (Jan. 2013)

This is a now-classic rumination on the deeply important role of privacy in autonomy and freedom. It quickly demolishes the “nothing to hide argument”, a constant refrain in today’s privacy debates, and continues to shed light on social and legal dimensions of surveillance. Here, Solove highlights contradictory perceptions of audio and video snooping:

“The electronic-surveillance statutes strongly protect against the government’s eavesdropping on your conversations but don’t protect against the government’s watching you. This distinction doesn’t make a lot of sense. Video surveillance involves similar threats to privacy as audio surveillance. As one court noted: ‘Television surveillance is identical in its indiscriminate character to wiretapping and bugging. It is even more invasive of privacy… but it is not more indiscriminate: the microphone is as ‘dumb’ as the television camera; both devices pick up anything within their electronic reach, however irrelevant to the investigation.'”

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance – Julia Angwin, Times Books (Feb. 2014)

Angwin is no stranger to the many facets of surveillance capitalism, and this book is just as prescient now as it was five years ago. In that time, the author’s concerns have been validated, with the pace of Big Tech’s blunders only escalating. Angwin keeps the human element in constant view, giving vital context to headlines about privacy and data catastrophes:

“Skeptics say: ‘What’s wrong with all of our data being collected by unseen watchers? Who is being harmed?’ Admittedly, it can be difficult to demonstrate personal harm from a data breach. If Sharon or Bilal is denied a job or insurance, they may never know which piece of data caused the denial. People placed on the no-fly list are never informed about the data that contributed to the decision. But, on a larger scale, the answer is simple: troves of personal data can and will be abused.”

Free Software, Free Society, 3rd Edition – Richard M. Stallman, Free Software Foundation (Oct. 2015)

Stallman’s status as an icon in the Free/Libre world is often the focus of press. Bootstrapping GNU and the Free Software movement was no small feat, but there is too little focus on Stallman’s writing. The author’s philosophy is grounded in practical concerns and explained with a clear and mindful tone that few writers possess. This most recent edition of Stallman’s collected essays describes just how important liberty is in the contemporary digital context:

“If ‘cloud computing’ has a meaning, it is not a way of doing computing, but rather a way of thinking about computing: a devil-may-care approach which says, ‘Don’t ask questions. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it. Trust companies without hesitation.’ In other words, ‘Be a sucker.’”

Defending Politically Vulnerable Organizations Online – Sean Brooks, Center for Long-Term Cybersecurity (July 2018)

In this report from the Center for Long-Term Cybersecurity (CLTC), Brooks provides a broad overview of the cybersecurity landscape. This is a great introduction for industry professionals and consumers alike, though it focuses on civil organizations that are often targeted for political reasons. The report’s citations are a valuable resource in their own right, providing context as well as technological solutions. The author is quick to point out lackluster investment in cybersecurity in both the public and private spheres, describing the vicious cycle this creates:

“The broad asymmetry between attackers and defenders online is unsurprising; politically vulnerable organizations lack resources and are therefore particularly under-protected. This problem is not unique to politically vulnerable organizations. Many public and private organizations have underinvested in cybersecurity and have become soft targets for criminals and other bad actors. Online attackers have continued to develop their offensive capabilities, exacerbating the mismatch.”

Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou, Penguin Random House (May 2018)

This story of the rise and fall of biotech startup Theranos is a page-turner, described here with all the detail of investigative journalism. Carreyrou’s most interesting passages are those where the author describes the culture of Silicon Valley, where fraudulent CEO Elizabeth Holmes was desperately trying to fill the mold of her Big Tech heroes:

“For a young entrepreneur building a business in the heart of Silicon Valley, it was hard to escape the shadow of Steve Jobs. By 2007, Apple’s founder had cemented his legend in the technology world and in American society at large… to anyone who spent time with Elizabeth, it was clear that she worshipped Jobs and Apple.”

The Doomsday Machine: Confessions of a Nuclear War Planner – Daniel Ellsberg, Bloomsbury USA (Dec. 2017)

Decades after the legendary whistleblower disclosed the Pentagon Papers to the American public, Ellsberg’s warnings will still ring alarm bells and shock the reader. Through first-hand accounts, the author chronicles the nuclear program of the 1960’s and the dangers of the present day, describing the contrasting roles of secrecy and transparency, as well as their relationship to trust:

“Like discussion of covert operations and assassination plots, nuclear war plans and threats are taboo for public discussion by the small minority of officials and consultants who know anything about them. In addition to their own sense of identity as trustworthy keepers of these most-sensitive secrets, there is a strong careerist aspect to their silence.”

The Participatory Condition in the Digital Age – Electronic Mediations Book 51 (Nov. 2016)

This collection of articles spans the gamut from street protests to online “hacktivism” to Free and Open-Source collaboration. The editors expertly summarize the transdisciplinary tone of the volume in an introductions that’s worth contemplating in its own right. Among other issues, Gabriella Coleman describes Kate Crawford’s work on the power and scale of spying:

“Ubiquitous surveillance facilitated by [information and communications technology or ICTs] – what Crawford designates as ‘algorithmic listening’ – and the gathering of personal data currently operated by web-based corporations (commercial surveillance) and governments (the NSA program, for example) are not simply matters of privacy but also of scale and lack of accountability.”

Privacy and Big Data: The Players, Regulators, and Stakeholders – Terence Craig & Mary Ludloff, O’Reilly Media (Sep. 2011)

Published at a time when “Big Data” was more of a buzzword than a factor of everyday life, this book is a quick and easy introduction to the perils of the data economy. The lessons would seem dated if they weren’t still applicable, and there’s perhaps nothing more prescient than the fact that data can not only be sold by Big Tech to business partners, it can be given away:

“While the IP stakeholders have been busy redefining “privacy” for their own ends, Google, Yahoo, Facebook, and others have been equally busy making billions of dollars collecting your data and using it for targeted advertising. Of course, any company or organization that collects data can offer it for sale or free.”

Habeas Data: Privacy vs. the Rise of Surveillance Tech – Cyrus Farivar, Melville House (May 2018)

Farivar exposes the role of common, household tech in the global surveillance apparatus, diving into the court cases and legal precedent that shapes the scope and limits of privacy and security. Above all, the author steeps his analysis in history, with quotes from legal heavyweights like Louis Brandeis, here discussing wiretaps in a famous dissenting opinion:

“‘The progress of science in furnishing the Government with means of espionage is not likely to stop with wiretapping,’ Brandeis wrote. ‘Ways may someday be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurences of the home.'”

The post Privacy & Security Reading List appeared first on Purism.

We aim from this point forward to have a community assisted development environment. There is still a lot of work required to make the dev kit truly functional for Librem 5 development, so we need your assistance. The frenetic pace of development continues and it’s astonishing how much we’ve accomplished in the two months since we’ve put the hardware together. But the path is still long and arduous.

Our backers who are receiving the dev kits will also have access to a Matrix channel for dev kit owners. This channel will be staffed by our engineering team who will be on hand to answer questions, work with the community on merge requests, and be available for those who are using the dev kits. But by no means is this an exclusive channel and all of you are welcome to join in as well! Please join our forum that was set up for questions and answers on the dev kit.

With about four months to go until we ship the phones, we are going to need the community to help in the final sprint to the finish line. So we look forward to your help with testing, feature requests, and of course code!

2019 is going to be an amazing year with the introduction of the first privacy and security focused mobile phone and we can’t wait to get it in your hands.

As always, we are incredibly grateful for all of the support you’ve shown us and we’re working hard to do right by your belief in us. We hope to see some of you in our Matrix channels going forward. Till then onward and upward!

Update: here’s a link to our bug tracker with the main issues we’re trying to resolve with the devkit right now” at the end of the blog post

P.s.: You will note that there is a promotion this holiday season. For those of you who are in the market for a phone and a laptop, check out our “Have A Secure Life” Laptop and Phone bundle read further about having a secure life.

Furthermore, the phone’s early-bird preorder pricing at $599 will end soon; after January 7th the preorder price will rise to $699 to cover our expenses for the phone. The money coming from this will be used to fund further engineering of the phone and to help people from the community to work on upstream projects.

The post Librem 5 dev kits are shipping! appeared first on Purism.

All this pressure to conform and bring spy hubs into homes is a strange phenomenon: it’s occurring while the U.S. has near-monthly Congressional hearings on Big Tech’s blunders and at a time when consumer desire for privacy is at an all-time high.

At Purism, we believe that privacy is more than a choice—it’s a requirement. We make beautiful, functional, smart computer hardware that puts you in control with the safety, security, and verification that there is no built-in tracking or surveillance. We protect the supply chain from boot to browser, giving you the tools you need to safeguard your digital life.

From now until January 6th, we’re introducing “It’s a Secure Life” bundles. Enjoy 15% to 18% off on bundles containing the Librem 5 smartphone (preorder), the Librem 15 laptop, and the Librem Key. To benefit from this, simply add the two or three qualifying items (a Librem 15, a Librem Key, and, optionally, a Librem 5) to your cart and you will see a coupon automatically applied for you. There are many combinations possible, so this promotion’s rebates can be summarized roughly as follows:

• Save from $350 to $467 on the full bundle comprised of the Librem 15, Librem 5 and Librem Key
• Save from $250 to $358 on the Librem 15 + Librem Key only bundle

The amount of base price savings depend on your keyboard configurations and the choice of a TPM model or not. In particular, there are still a few non-TPM UK models or German TPM models that are on clearance, where additional price savings will compound with the rebates mentioned above.

Don’t buy dodgy tablets and smartphones, gag gifts, or toy robots that record the conversations of children. You and your loved ones can start off 2019 with a secure digital life instead, pioneering the path to privacy with Purism.

The post “It’s a Secure Life” holiday bundles appeared first on Purism.

If anything has changed since Facebook’s Cambridge Analytica scandal, it’s that more and more people are jumping ship from the Frightful Five: Google, Amazon, Facebook, Apple, and Microsoft. At Purism, we offer an alternative to the polluted software ecosystems of these tech giants.

Our code is Free and Open-Source Software (FOSS), the industry standard in security because it can be verified by experts and amateurs alike. The software on our Librem laptops and our upcoming phone stands on a strong, foundational chain of trust that is matched by hardware features such as kill switches. These switches give people the added assurance that their devices won’t record or “phone home” to advertisers, spies, and cyber criminals. Turn off WiFi, microphone, and webcam on the Librem 5 and they’re off, no question about it.

Purism’s combination of trustworthy hardware and software is a win for privacy advocates, enterprise, and the so-called average user. We believe that everyone deserves privacy and that security, freedom, and autonomy are closely linked. To build a libre and privacy-respecting world, however, we need to fathom the scope of the problem and meet it head-on.

The Times exposé follows the movements of Lisa Magrin, a school teacher. On Ms. Magrin’s trips to school, location markers were recorded “more than 800 times” often in her classroom. But it doesn’t stop there: “An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds… While Ms. Magrin’s identity was not disclosed in [phone] records, The Times was able to easily connect her to [a spot on the map].”

Think that’s invasive? Apps continued to track Ms. Magrin while she traveled to a Weight Watchers meeting, to a dermatologist, hiking with her dog, and to her ex-boyfriend’s home. Many people know that tracking is ubiquitous, but facing the stark results is a harrowing experience.

Privacy researchers have known the pitfalls of ever-listening sensors for a long time, so I wish I could say this is news to me. My research at Yale Privacy Lab has explored smartphone spying in detail, and I’ve personally dug into the privacy pitfalls of everything from Google’s bogus location settings to snooping billboards. This time last year, Yale Privacy Lab collaborated with the researchers at Exodus Privacy and utilized the excellent Exodus scanner to reveal just how polluted the mobile app ecosystem really is.

What do I mean when I say “polluted”?  Apps that are submitted to either Google Play or the iOS App Store contain hidden trackers in the form of Software Development Kits (SDKs). These are clandestine snippets of code that ask for invasive permissions such as camera, network, and microphone control. Such tracker SDKs may collect and transmit location, personal information, and behavioral analytics.  In some cases, these hidden snippets of code react to ultrasonic tones that are silent to humans, allowing retailers and marketers to track the proximity of users as they walk around malls and retail outlets. These hidden “anti-features” have been a standard part of both Google and Apple’s app store model, communicating with spying Internet-of-Things devices such as iBeacons.

I work at Purism because I know we can solve this problem. Big changes are on the horizon in society at large, and people are fed up with surveillance capitalism. Purism offers replacements for the privacy prisons of the Frightful Five. You don’t have to become a luddite to enjoy them, either — our products are as beautiful as they are secure.

Take a stand, #DemandFreedom, and join the world that we’re making.

The post Break Free from Privacy Prison with Purism appeared first on Purism.

The “proof of the pudding is in the eating”, and Purism devices are much more than a treat. For decades, the IT security industry has understood that software must be verified to be trusted, and that such trust can only be provided by Free and Open-Source Software (FOSS). Way back in 1999, security expert Bruce Schneier made the observation: “In the cryptography world, we consider [FOSS] necessary for good security; we have for decades… For us, [FOSS] isn’t just a business model; it’s smart engineering practice.”

At Purism, our laptops and upcoming Librem 5 smartphone have this “smart engineering practice” baked-in — the operating system is 100% FOSS and we’ve replaced the sketchy proprietary BIOS with coreboot. PureOS meets the high standards of the Free Software Foundation’s endorsement, giving you the assurance that it contains no secret, unverifiable, proprietary code.

Cybersecurity firms have witnessed big changes in the digital landscape and a series of high-profile data breaches like the one last week at Amazon. However, the basic security principles have stayed the same.

When there are questions about spying microchips at Apple and Amazon, for example, security analysts look at the supply chain as the suspect. At Purism, we protect the digital supply chain. Our pioneering development of the Librem 5 smartphone requires us to validate each component, taking an active role in the design and testing of the device from the silicon and schematics on up.

If you take cybersecurity seriously, you need to steer clear from the ever-creepier Amazon gadgets and get Purism in your life. Beyond trust and assurance, you get the simple features you need to make security easy. The Librem line of laptops features hardware kill switches for webcam, microphone, bluetooth, and WiFi, and the Librem 5 smartphone will have them too. Our Librem Key is a one-of-a-kind USB security token, and doesn’t just offer multi-factor authentication, it tells you if your device has been tampered with via a green or red LED.

Show your friends, your family, your co-workers, or your clients that you care about cybersecurity. Purism devices mean business, and we don’t mess around when it comes to privacy, trust, and assurance.

The post Make Today Cybersecurity Monday with Deep Discounts at Purism appeared first on Purism.

Most people find our offering to be of great value and are willing to vote with their wallets without hesitation, but there are also those who, while they are supportive of our goals and hold our products in high respect, simply cannot financially (or emotionally!) afford to shell out the money “all at once” to make a purchase. Some people have tighter cash flows and need to manage their budgets over the long term, and that’s quite understandable.

So today, I’m happy to announce that we have made a leap forward in catering to those who need more flexibility, by using SplitIt to offer split payments as an option. We are hoping to also add other financing partners in the future if we see interest from our customers, so let us know if this is a positive change for you or the people you know.

What this system allows you to do is to get one of our products and pay it over time, interest-free (to the extent that you honor your credit card payments, otherwise your credit card company will charge interest to you, of course). We are not the ones handling the split payment, SplitIt and your bank or credit card company do.

So, as an example, if you buy a Librem 13 “base configuration” at the regular price of $1399 (remember, today is Black Friday and we have a sale going on, so it’s actually less than that), instead of paying the entire amount in a single transaction you can choose to pay the same amount divided by twelve months, that is 12 payments of roughly 117$ on your credit card. Of course, financial responsibility still applies and you need to make sure you can afford the monthly payments for the duration of your chosen term (6 or 12 months, depending on what you choose).

We hope many will find this new feature useful! Of course, if you choose to make use of this payment strategy, please make sure to read the “Customer’s Terms and Conditions” section of SplitIt’s Terms & Conditions page.

— Jeff, on behalf of the marketing and finance departments

The post Initial Split payments financing options now available appeared first on Purism.

2018 has been a rough year for digital privacy, but this is the home stretch. Many shoppers will be looking for retail therapy this holiday season, scanning retail shelves and storefronts across the Web. When the shopping’s over, and the presents are opened, what will you have given your friends and loved ones? Will you have saddled them with spying “smart home” appliances, mobile app trackers, and eavesdropping speakers?

Tech doesn’t have to give people the agita of home surveillance—give the gift of privacy this holiday season. All Purism laptops will be on sale from Black Friday through Cyber Monday. And you can even pay with monthly installments now!

Why support Purism? To start, it’s a Social Purpose Corporation dedicated to privacy, security, and freedom. Your digital rights come before the interests of investors, and we have a strong commitment to technology that doesn’t spy on you, track you, or expose you to malware and viruses. When you buy Purism devices, you get:

• hardware features built for your privacy such as physical kill switches for the webcam, microphone, bluetooth, and WiFi;
• the benefit of secure and verifiable software, from the moment you boot your device to the time you spend in your Web browser;
• an economic vote signalling demand for security, privacy and freedom, supporting our R&D efforts. Indeed, you are not just buying hardware: the margins we make on hardware sales are what pays our team of 30+ people to do software, firmware and hardware enablement work around coreboot, PureOS, the Librem 5 phone platform, and services and support.

Our Librem line of laptops ship with PureOS, an operating system that meets the high standards of the Free Software Foundation’s endorsement, and coreboot as a replacement for proprietary BIOSes. The Librem 5 smartphone will ship with it too, raising the bar for private and secure mobile devices worldwide and challenging Apple and Google to meet that standard.

When Apple CEO Tim Cook was deriding Facebook for it’s dismal privacy record, he said Apple was “not going to traffic in your personal life” and that privacy is a “human right” and a “civil liberty”. At Purism we agree with this sentiment, but we also ask Apple to take a long look in the mirror. Macbooks contain a “security” microchip that contains secret, unverifiable, proprietary code. The T2 chip not only means the “Hey Siri” voice assistant is always listening, it can also brick your Mac if you don’t follow Apple’s repair rules.

iPhones, it turns out, are just as bad as Google’s Android when it comes to tracking you. In one experiment, an iPhone was found to be making contact hundreds of times with Apple’s servers and third-parties, while the user was sleeping and the phone was “inactive”. Worse, Apple invented the iBeacon standard that is now used worldwide to track the movements and proximity of users to each other, to smart digital signs, and to products in malls and grocery stores. Though Apple has been able to dodge privacy criticisms with hand-waving and clever marketing, Tim Cook was on the defensive this week when asked about the company’s relationship with Google.

In 2018, the world has had to face the reality that surveillance tech tries to track and monetize our every move. Make room for Purism on your shopping list and you make a change for 2019, distancing yourself from the data merchants watching everyone, even in their sleep.

The post Give the Gift of Privacy with Purism’s Black Friday Deals appeared first on Purism.

The food supply chain is important. Food is sealed not just so that it will keep longer, but also so that you can trust that no one has tampered with it between the time it left the supplier to the time it goes in your grocery bag. Some food goes even further and provides a tamper-evident seal that makes it obvious if someone else opened it before you. Again, the concern isn’t just about food freshness, or even someone stealing food from a package, it’s about the supplier protecting you from a malicious person who might go as far as poisoning the food.

The supply chain ultimately comes down to trust and your ability to audit that trust. You trust the grocery and the supplier to protect the food you buy, but you still check the expiry date and whether it’s been opened before you buy it. The grocery then trusts and audits their suppliers and so on down the line until you get to a farm that produces the raw materials that go into your food. Of course it doesn’t stop there. In the case of organic farming, the farmer is also audited for the processes they use to fertilize and remove pests in their crops, and in the case of livestock this even extends to the supply chain behind the food the livestock eats.

You deserve to know where things have been whether it’s the food that sustains your physical life or the devices and software that protect your digital life. Tainted food can make you sick or even kill you, and tainted devices can steal your data and take over your device to infect others. In this post I’ll describe some of the steps that Purism takes to protect the digital supply chain in our own products.

The Firmware Supply Chain

A lot has been written recently about threats to the hardware supply chain in light of Bloomberg’s allegations about hardware implants that intercepted the BMC remote management features in certain SuperMicro server hardware. While all of the vendors have denied these allegations (and Bloomberg stands by its story), everyone acknowledges that whether this particular incident happened, this kind of implant is certainly possible.

A crucial point that many are missing, and one that leads me personally to doubt the Bloomberg story, is that while a hardware implant is possible, it’s unnecessary–the BMC firmware and IPMI protocol have a long history of vulnerabilities and it would be a lot easier (and stealthier) for an attacker either to take advantage of existing vulnerabilities or flash a malicious firmware, than risk a hardware implant. An attacker who is sophisticated enough to deploy a hardware implant is sophisticated enough to pick a safer approach.

Why is attacking the firmware safer than implanting hardware? First, firmware hacking is easier. Firmware used to be something that was flashed onto hardware once and could never be overwritten. In those days it might have been just as easy to add a malicious chip onto the motherboard. Now most firmware is loaded onto chips that can be written and overwritten multiple times to allow updates in the field, so anyone along the hardware supply chain could overwrite trusted firmware with their own.

Second, firmware attacks are harder to detect. Hardware attacks risk detection all along the supply chain whenever someone physically inspects the hardware. Motherboards have published diagrams you can compare hardware against, and if a chip is on the board that isn’t in a diagram, that raises alarms. Since so much firmware is closed, it’s more difficult to detect if someone added malicious code and it’s certainly something you can’t detect by visual inspection.

Finally, firmware attacks offer deniability. It’s hard for someone to explain away a malicious chip that’s added onto hardware unannounced. If firmware vulnerabilities are detected, they can almost always be explained away as a security bug or a developer mistake.

How Purism Protects the Firmware Supply Chain

Purism has a number of strategies it uses to protect the firmware supply chain. The first strategy is to limit the overall threat by reducing the amount of proprietary firmware on our hardware as much as possible. We select the hardware components in our laptops such as the graphics chip and WiFi card so that we can run them with free software drivers that anyone can audit. Like a dairy that only packages milk from antibiotic-free cows, we can avoid a lot of other audit worries by starting with a clean source.

The next area we focus on is the Intel Management Engine (ME). Like all modern Intel-based hardware, our laptops include the Intel Management Engine, but we intentionally exclude Intel’s Active Management Technology (AMT) to avoid the risk posed by that proprietary out-of-band management software. We then neutralize and disable the ME so that only a small percentage of the firmware remains on the chip, further reducing the avenues for attack. Whether a dairy gets antibiotic-free milk or not, it still pasteurizes it to kill any unseen microbes in the raw milk.

The other important piece of firmware on a laptop is the BIOS. Since it runs before the operating system, it’s a tempting piece of code to attack because such a compromise can easily hide from the OS in a regular system and survive reboots. We protect the BIOS firmware from supply chain attacks both upstream and downstream from us and next I will describe our approaches.

The motherboards’ BIOS chip arrives to us with a proprietary BIOS from the supplier. To protect against any upstream attempts to replace that default BIOS with something malicious we overwrite it with our own coreboot BIOS. This further reduces the amount of proprietary firmware in the BIOS since with coreboot the bulk of the BIOS is free software. Even though the Intel Firmware Support Package (FSP) proprietary blob still remains we still greatly reduce the risk (and aim to liberate or replace the FSP as well). It’s like repackaging food in BPA-free plastic when you aren’t sure about the make-up of the original packaging.

That leaves how we protect you from attacks on the BIOS that might occur either during shipping or after you have the computer in your possession. For this we are working to offer the combination of the Heads tamper-evident BIOS that sits on top of coreboot and our Librem Key USB security token and we are starting a private beta program right now to get feedback before a wider release. With Heads combined with the Librem Key, we can configure a shared secret between the computer and the Librem Key at the factory and ship the devices separately. If someone tampers with your computer during shipping or at any point after you receive it, you will then be able to detect it with an easy “green is good, red is bad” blinking light on the Librem Key. Think of it like a pop-up tamper-evident seal on a jar of food.

The Software Supply Chain

While the hardware and firmware supply chain attacks get a lot of focus due to their exciting “spy versus spy” nature, software supply chain attacks are a much greater and more present threat today. While many of the hardware and firmware attacks still exist in the realm of the hypothetical, software attacks are much more real. Vendors have been caught installing spyware on their laptops, in some cases multiple times, to collect data to sell to advertisers or to pop up ads of their own. When you can’t audit the code, even a computer direct from the factory might be suspect.

With proprietary operating systems, there’s the risk that comes from not being able to audit the programs you run. A malicious developer or a developer hired by a state actor could add backdoors into the code with no easy way to detect it. This isn’t just a hypothetical risk as the NSA is suspected in a back door found in Juniper’s ScreenOS.

If you decide that you can trust your OS vendor you might be comfortable relying on the fact that OS vendors sign their software updates these days so the OS can be sure that the software came directly from the vendor and wasn’t tampered with while it was being downloaded. Yet applications on proprietary operating systems come from multiple sources, not just the OS vendor, and in many cases software you download and install from a website has no way to verify that it hasn’t been tampered with along the way.

Even if you only use software signed by a vendor you still aren’t safe from supply chain attacks. Since you don’t have access to the source code, there’s no way to prove that the signed software that you download from a vendor matches the source code that created it. When developers update software, their code generally goes to a build system that converts it into a binary and performs tests on it before it packages it, signs it, and makes it available to the public. An attacker with access to the build system could implant a back door at some point in the build process after source code has been checked in. With this kind of attack, the malicious code might go unnoticed for quite some time since it isn’t present in the source code itself yet the resulting software would still get signed with the vendor’s signature.

How Purism Protects the Software Supply Chain

Purism has a great advantage over proprietary software vendors when it comes to protecting the software supply chain because we can offer a 100% free software operating system, PureOS, on our laptops. By only installing free software on our laptops, all of the source code in the operating system can be audited by anyone for backdoors or other malicious code. For processed food to be labeled as organic, it must be made only from organic sources, and having our operating system certified as 100% free software means you can trust the software supply chain all the way to the source. Beyond that, all of the software within PureOS is signed and those signatures are verified every time you install new software or update existing software.

Unlike proprietary software, we can also address the risk from an attacker who can inject malicious code somewhere in the build process before it’s signed. With Reproducible Builds you can download the source code used to build your software, build it yourself, and compare your output with the output you get from a vendor. If the output matches, you can be assured that no malicious code was injected somewhere in the software supply chain and it 100% matches the public code that can be audited for back doors. Think of it like the combination of a food safety inspector and an independent lab that verifies the nutrition claims on a box of cereal all rolled into one. We are working to ensure all of the software within PureOS can be reproducibly built and to provide you tools to audit our work. Stay tuned for more details on that.

Conclusion

The supply chain comes down to trust and your ability to audit that trust. Unfortunately all too often a company’s economic incentives run counter to your trust. This is why Purism is registered as a Social Purpose Corporation (SPC) so we can put our ethics and principles above economic incentives. We also continue to improve our own ability to audit the supply chain and isolate (and ultimately eliminate) any proprietary code that remains. Beyond that we are also working to provide you the tools to audit the supply chain (and audit us) yourself, because while we feel you should trust us, your security shouldn’t have to depend on that trust alone.

The post Protecting the Digital Supply Chain appeared first on Purism.

The story of fabricating the entire devkit hardware from the ground-up included crossing paths with a couple of storms:

• Hurricane Florence caused some shipping delays for component parts, and one of our packages also got lost in Memphis—maybe it enjoyed the music and drinks a bit too much? We don’t know because we never heard back from it again. So we had to procure additional parts.
• The typhoon in south east China caused a week of factory shutdowns, which included our PCB design prototypes!
• Almost right after that was a Chinese holiday, the Golden Week, which is in practice a two week holiday. Luckily we could expedite the PCBs at a fab in Los Angeles and courier ship to us!

All in all, we had a setback of about three weeks before we were able to make the first prototypes of the boards.

So once the PCBs finally arrived, on the same day we set up all the machines and worked until 5 a.m. to make the first 10 “golden sample” prototypes of the development base boards:

If you compare the produced boards with the 3D renders from KiCad (yes, the design of the base board is done in KiCad, and we will be releasing it under a free license once we are finished), you can see the beautiful similarity of the actual outcome. Here we have from left to right: the back side 3D render, the freshly made real board’s back side; the 3D rendered front and real board’s front:

Since then, our team has been furiously and restlessly working on “bringing up” the board, i.e. getting software up and running at least “as far as to be able to test all the peripherals” so that we can verify the base board design before we order the final 300+ boards for series production.

Since we base all our work on current mainline Linux kernel 4.18+, this work also involves quite a lot of forward porting of drivers, bug fixing and walking uncharted territory since the i.MX 8M is still very new. So far we have been able to verify the following (which also gives you an impression of the complexity of this task):

Validated Hardware Subsystems

• Charge Controller
• USB-C
• Serial Downloader (loading u-boot via USB)
• eMMC boot (boot mode switch in the “up” position)
• SoM (pinout mostly validated, SoC, eMMC, and PMIC working)
• UART Debug
• Powering from 18650 battery
• Charge controller’s thermistor
• 10/100 Ethernet
• Audio Codec
• Mini-HDMI
• WWAN module, SIM card & antenna
• WWAN hardware kill switch
• GNSS (UART interface & antenna)
• USB Hub & SD controller
• RedPine WiFi/BT M.2 module on SDIO
• RTC
• Haptic motor
• push buttons (power button, reset button, volume up, & volume down)
• User LED
• Power indicator LEDs
• headphones detect (HP_DET)
• Display’s LED backlight
• SPI NOR Flash
• Earpiece speaker
• External microphone
• Headphone speakers
• Smart card reader & smart card slot

Partially Validated Hardware Subsystems

• IMU (accelerometer, gyro & magnetometer)
• Proximity / ambient light sensor
• WLAN/BT antennae
• On-board microphone
• Headset microphone
• hardware kill switches for WiFi / BT and microphone

Subsystems Left To Validate

• MIPI DSI LCD panel
• Touch controller
• Safely charging an 18650 battery
• USB-C role switching
• Microphone select IC
• Bluetooth (UART4)
• Camera (MIPI CSI)
• WWAN I2S interface
• JTAG
• Bluetooth I2S interface

The MIPI DSI display interface is of course extremely important, and we can not order the final batch of PCBs before we know that the display (and touch controller) work perfectly. By doing the verification we also indeed discovered some problems, minor things that did not behave as expected and which we are now able to fix. Some other issues are simply mechanical issues that are hard to evaluate just from all the datasheets. And then other things happen, like parts not conforming to standards (like the M.2 WiFi/BT card, of which we got samples just a few days after doing the prototype order). For example, the M.2 card has some pretty thick components on the bottom layer and thus can not lay flush on the PCB (which had been an assumption we had when we designed the board), so we need to change the connector for the final boards.

This is how the fully equipped current devkit prototypes look like, WiFi/BT card is read in the lower right corner of the back side:

We are getting there!

All parts for the final production of the dev kits are procured and still waiting in the magazines on the machines to be placed on the final boards. The kernel team is making amazing progress on mainline Linux 4.18+, we are in intense communication with other Linux i.MX 8M mainlining partners. The kernel, the GPU drivers and MESA will see quite some i.MX 8M patches from us—and yes, upstream first was and is our motto, everything we do is and will be pushed upstream!

After all this, I am reluctant to give a new timeline for shipping the dev kits… What we know is that our new PCB fabrication here in the USA will be 11 business days. We will make over 300 of these boards, which are pretty complex—we have over 160 different parts and more than 500 components in total per board. This takes some time, even with the amazing SMT machines placing tiny parts (such as 0201 SMD types). I wouldn’t be able to place these by hand!

From testing the prototypes, it will probably take another week (probably two) until we can give the green light for PCB fabrication to begin, then about two weeks for them to be fabricated, and another week for production, assembly, testing and shipping. As you can see, with all that, we will likely roll into December. With that said however, we are doing our very best to ship out all boards in the early part of December, so that all backers should get their new toys well before the end of the year (given the shipping carriers don’t cause delays).

Thank you for all the active community development and tremendous support! See our video below on how these boards are being put together. Oh and by the way, we have a little survey for you, check out our enterprise page if you’d like to help!

The post Librem 5 Development Kits: we are getting there! appeared first on Purism.

First, on Monday, October 22nd, Purism’s CEO Todd Weaver spoke at All Things Open on “The Future of Computing and Why You Should Care” where he highlighted how the drive for greater profits in big tech companies has led to a present where people’s rights are ignored while their data is captured and exploited. In this talk Todd introduced the idea of five fundamental digital rights critical to protect the future of computing:

1. Right to Change Providers: If a person wants to change a service provider, they can easily move to another (Decentralized Services).
2. Right to Protect Personal Data: A person owns and controls their own master keys to encrypt all data and communication, nobody else (User-controlled Encryption).
3. Right to Verify: Society has the freedom to inspect the source of all software used, and can run it as they wish, for any purpose (Software Freedom).
4. Right to be Forgotten: A service provider only stores the minimal personal data necessary to provide the service. Once the data is no longer required, it is deleted (Minimal Data Retention).
5. Right to Access: A person must not be discriminated against nor forced to agree to any terms and conditions before accessing a service (Personal Liberty).

Then on Wednesday, October 24th, Apple’s CEO Tim Cook spoke at the International Conference of Data Protection and Privacy Commissioners and spoke out in favor of GDPR legislation and privacy as a human right and against what he termed the “data industrial complex.” In the talk he laid out four principles of his own:

1. Companies should challenge themselves to de-identify customer data or not collect that data in the first place.
2. Users should always know what data is being collected from them and what it’s being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham.
3. Companies should recognize that data belongs to users and we should make it easy for people to get a copy of their personal data, as well as correct and delete it.
4. Everyone has a right to the security of their data. Security is at the heart of all data privacy and privacy rights.

Apple is Right about Privacy

First, we’d like to applaud Apple for joining Purism and other companies in speaking out in favor of user privacy and against the unethical data collection practices that fund so many tech companies. Having a high-profile company speak about privacy as a human right helps bring further awareness of these issues and puts even more pressure on big tech companies to change their practices. As more people become aware these issues, they hopefully will feel empowered to make decisions about what companies they want to support and what technology they want to use based on who best respects their rights.

The advent of the Internet as a universal medium for sharing information combined with an always-on and connected computer everyone carries with them and the prevalence of voice-operated computers in every home means that the steady stream of data every individual sends to big tech companies is enormous and hard to wrap your head around. It’s even harder for the average person to figure out just how that data is being used and abused. Yet when you look at the revenues for these big tech companies you can see one thing–this data is valuable. The data is so valuable in fact, there’s no real incentive for these companies to change their practices on their own.

If you look at the four principles Tim Cook laid out, the first three largely can be summarized by Todd’s “Right to be Forgotten” digital right. Indeed, the way that the tech industry operates today means that people are not in control of their own data. Big tech companies capture as much data as they can and are continually coming up with new ways to capture more in the name of providing you more targeted advertising.

Apple is Wrong about Freedom

It’s in Tim Cook’s fourth principle where on the surface it seems Purism and Apple seem eye to eye (and on the surface we do) but when you dig into the principle our paths starts to diverge. Compare these two statements:

• Purism: Right to Protect Personal Data: A person owns and controls their own master keys to encrypt all data and communication, nobody else (User-controlled Encryption).
• Apple: Everyone has a right to the security of their data. Security is at the heart of all data privacy and privacy rights.

We agree with Apple that security is at the heart of all data privacy and privacy rights. Where we disagree is in who holds the keys. Your data isn’t truly private or secure, if someone else holds the keys. It’s true that Apple goes to great lengths to lock down their devices from attackers, but like with Google and other proprietary vendors, those locks also lock you out. These devices tightly restrict what applications can run on them in the name of security, but that restriction conveniently also means that everyone has to get the vendor’s permission to install their software.

More importantly, these locks mean that you don’t have freedom or control. In fact, some device vendors are paid to install applications by default that you aren’t allowed to remove. You only have to look at the underground market of sketchy software that promises to “root” your phone to see the lengths that people have to go to so they can try to wrench control of their hardware back from vendors.

This isn’t just a hypothetical argument about freedom. Apple’s decision to hold all the keys to their hardware has real world impacts on freedom and human rights. Alex Stamos (Stanford professor, previously Chief Security Officer at Facebook) gives a great example of the real world impacts these locks can have:

I agree with almost everything Tim Cook said in his privacy speech today, which is why it is so sad to see the media credulously covering his statements without the context of Apple’s actions in China. The missing context? Apple uses hardware-rooted DRM to deny Chinese users the ability to install the VPN and E2E messaging apps that would allow them to avoid pervasive censorship and surveillance. Apple moved iCloud data into a PRC-controlled joint venture with unclear impacts.

Real Privacy Depends on Freedom

We agree that privacy is a human right, but you shouldn’t have to exchange your freedom for your privacy. We believe that freedom is essential to security and privacy and any solution that aims to secure your privacy must also protect your freedom. This means avoiding software solutions that restrict what you can do with your own devices and building security solutions that ensure that you hold the keys. Removing the freedom to control your own hardware and software, even if it’s in the name of security, (but more likely for vendor lock-in) is not enough to protect your rights.

The post Apple is right about privacy, but wrong about freedom appeared first on Purism.

Conferences

In person collaboration has taken place in a few different ways. There was a hackfest in Germany where many of the Librem 5 team members got together to hack, work, and bond. The Libre Application Summit was also attended and a talk given on the Librem 5. It was also great that one of our developers was able to attend XDC and have some fruitful discussions with the wlroots and Pengutronix folks.

Design

The software design continues to improve so that the developers have a look to strive for. Here are some of the latest designs:

• Latest Shell mockups
• Latest Messages mockups
• Latest cellular settings mockups

Software Work

Images

The images are still being built based off of Debian buster but now they can be built with PureOS as the base distro. Also to clean up some cruft on the images, some SSHd host key generation scripts have been added to the image and the mass of dependencies moved into the librem5-base package.

As both the dev kits and phone will be based off of i.MX 8M SoM boards, much work has gone into bringing up the 4.18 kernel and building images for those future boards.

Phosh

In phosh, there have been many bugs fixed and the code has been cleaned up. Also an effort has gone towards translations, updating the German and French translations as well as standardizing the po headers to hopefully make it less confusing for new translators.

An initial app switcher has been added and initial touch based application switching has been added.

The top panel has been cleaned up, which makes it look nicer as well as matching the design mockups a bit better.

If that isn’t enough, the first release version (0.0.1) of phosh has been tagged!

GNOME Settings

The GNOME Settings application has started being ported to the Librem 5 and continues to be worked on.

gnome-session/gnome-settings-daemon

An upstream issue around starting gnome-session with debugging enabled has been fixed.

There’s been some plugin work as well. An initial WWAN plugin has been proposed upstream to handle SIM card PIN unlock.

This patched gnome-settings daemon as been added to the images until it’s upstreamed so that the SIM unlock stuff we proposed upstream is added to our image for the time being.

Wlroots/Keyboard

Some major improvements have gone into virtboard recently. Among the many bugs fixed, a notable one is that the display and scaling issues have been corrected. The input-method-v2, text-input-v3, and significant glue has been added to virtboard and input-method-v2 is in the process of being upstreamed. Virtboard now pops up and starts by default on the images and the keyboard has been improved to behave more as expected.

Similarly, some changes were upstreamed to wlroots and GTK+ in addition to what has already been mentioned. We fixed some issues affecting virtual keyboards in GTK+. It is important for cursor movements to be treated as relative to surfaces, not only the screen, so we made a patch to do just this. There was also an issue on tag generation that has been fixed and submitted upstream.

Calls

The Calls application has also seen a lot of progress recently, with many bug fixes, audio work, and an ongoing makeover to the UI. Now GTK+ Inspector can be opened on the Calls flatpak.

To prepare for the dev kits, a QMI-derived ModemManager driver for the SIMCom modems has been completed to mix QMI and the audio streaming AT commands and add call audio support. A Debian package of ModemManager has been created that contains these call audio patches.

Since the modem used on the actual phone may be different from that of the dev kits, some initial testing has begun on the Gemalto PLS8 modems.

Also, a partial UI overhaul of the Calls application has been done with more exciting UI changes to come!

There is a new daemon, Hægtesse, that has been written to ferry audio data between the modem and PulseAudio. The daemon has been integrated into our image builds to run on startup.

Libhandy

The libhandy library has also seen quite a bit of change since the last progress report. Besides the many minor bugs fixed, there have been a couple of widgets added. A HdyTitleBar widget was added to workaround titlebar glitches, and a HdyHeaderGroup widget was added to automatically update all header bars. The existing HdyLeaflet got an added fold property too. To assist the community in playing with libhandy, the libhandy example application has been updated with styling fixes too.

Libhandy 0.0.3 was released and uploaded to Debian unstable but a newer version, 0.0.4, was just released too.

It is really exciting to start to see libhandy being used in the wild too. Podcasts is the first third-party app to ship with libhandy! Here’s a short video demonstrating libhandy’s progress and current behavior.

GTK+

Our close collaboration with the GTK+ team has led to a number of changes to separators among other things. There was a selection-mode separator styling issue reported and the look of separators was improved when separating two header bars in selection mode. Additional Adwaita fixes around separators, titlebar issues, and simplifying setting the selection mode got merged upstream.

Other fixes and documentation changes were made upstream too. For example, a fix was included upstream around the serial number while text-input is alive (needed for the keyboard).

And if you haven’t read it, take a look at Guido Gunther’s blog post on GTK+ and the application id. This will likely be helpful to those of you planning to write flatpak applications for the Librem 5.

Upower

Upower is a good candidate of API that other programs might want to use to e.g. extract battery information so several upstream documentation improvements were added.

Contacts

The Contacts application needs to be made adaptive using libhandy so checkout the adaptive fork of Contacts. Changes are being submitted to upstream to eventually no longer need a fork. A simple separator styling fix and a simple size requirement fix were submitted upstream. The app menu and online accounts shortcut needed to be moved as well.

Messaging

The Chatty application has some new additions and changes. Also Chatty can be built as a flatpak now too.

The “bubble-chat” view is being turned into a widget and a basic version of the msg-list widget has been finished and will be included in libhandy soon. Some GTK+ changes were needed to present libpurple conversations in separate chat-lists and the buddy list is now working too!

A libpurple plugin was tested for message logging into a SQLite database but in order for it to be useful, it will require replacing the libpurple logging functions with a custom logging-subsystem that supports the handling of SMS send-reports. There was some work done on a parser for purple log-files so that chat history is loaded into msg-bubbles now. So, the parser of the purple log-files is just a tentative solution to provide some chat history to the message-view for the time being.

We are currently working on the accounts-management. Some setup-screens have been introduced for registering XMPP accounts and for enabling/disabling them separately. Some work has also been done on the blist UI (formatting of the list entries, round icons, switching the font to bold when unread messages are available, added a timestamp) to make it look nicer.

Kernel/mesa/etnaviv/libdrm

As mentioned earlier, a newer CPU (i.MX 8) will be on the dev kits and phones versus what we started tinkering with (i.MX 6). Incidentally there has been a large effort towards bringing up a newer (4.18) kernel on the i.MX 8 CPU, as well as work done on etnaviv and mesa. Here are some of the progress highlights.

Since the dev kits and phones will have USB type-C power delivery, a patch was sent upstream to the kernel to support this.

Etnaviv now mostly works with our drm layer on arm64 and 4.18. Etnaviv was enabled in Debian’s libdrm. More offsets to sensitive states were added to etnaviv to avoid warnings and a patch was upstreamed to allow the command parser to work.

Our mesa tree is available for anyone to look at while patches are being merged upstream. The aarch64 builds of mesa have been improved. A patch for an rs alignment check was proposed and uncached mapping issues on arm64 were addressed.

We would like to thank the etnaviv maintainers of the Linux kernel, libdrm and mesa for their support since we’re building heavily on what was already there and they have been a big help in upstreaming these patches.

Fractal

Since we are also investing in the Fractal end-to-end (E2E) encryption effort, it is exciting to report that the E2E module in development supports basic functionality now and we could already start working on integrating it. There is still plenty of work to be done but we’re getting there.

Hardware Work

Our hardware engineers and Nicole are working closely with the team that will be assembling the dev kits. So all of the final prototype manufacturing files (prototype fabrication and assembly drawings from KiCad) were sent to assembly team. Nicole traveled to Carlsbad (California) to assist them in building, assembling, and testing of a small print run of dev kit prototypes, to verify the soundness of our electronics design. There have been some hiccups like components being lost in the mail and needed to be reacquired, but all obstacles have been overcome thus far! Assuming all goes well with the testing of these prototypes, the full print run of the final dev kits (that will be shipped to backers) will begin very shortly.

Community Outreach

The Librem 5 team continues to work with the Plasma team and is working towards building a Plasma image to be used on the dev kit. Currently, there are Jenkins jobs to build necessary Plasma packages and the Plasma team members are working with us to fix the failures.

The developer documentation has seen some updated GTK+ documentation and a new code example.

Since we’ve received offers to help translating parts of the OS, we have begun to use a public Zanata instance to enable community to contribute translations. Currently, the phosh project is available on Zanata for translation contributions and the other projects (libhandy, calls, chatty, virtboard) will be added soon.

A big “Thanks!” goes out to all of the external teams that have helped review and merge changes into upstream projects. Everyone’s time and contribution is much appreciated!

That’s all for now folks. Stay tuned for more exciting updates to come!

The post Librem 5 general development report — October 15th, 2018 appeared first on Purism.

During internal beta testing of the install script a while ago, we realized that coreboot didn’t work with our NVMe SSDs, as all my testing had been done with a SATA M.2 SSD. I spent some time fixing coreboot so that it would initialize the NVMe SSD, and SeaBIOS so it can boot from the NVMe drive, and then I’ve figured out how to fix the NVMe issues I’ve been having after linux boots.

The story began with my blog post about the interference of the AMI BIOS with coreboot. What I didn’t mention back then is that after I figured out the issue and managed to unbrick Francois’ Librem, he wasn’t able to boot into his SSD from coreboot because it wasn’t getting detected. I then realized that he had an NVMe SSD and not a SATA SSD.

• A SATA drive is controlled using the SATA controller on the motherboard which talks to the SATA drive using 4 data lines.
• A NVMe drive is actually a PCIe device all on its own, which could use up to 16 data lines (4 per lane and the M.2 specification defines up to 4 lanes per device).

If a SATA device is detected, then the integrated SATA controller will talk to the drive using the SATA protocol, if a PCIe device is detected, then the device will be initialized as any other PCIe device (like the Wifi module for example) and in the case of NVMe drives, the NVMe protocol will be used directly (without passing through an onboard controller) to communicate with the device.

With that knowledge, I figured out my simple mistake then: the PCIe port used for the M.2 connector is Port #6, which is a “Flexible I/O” which can be used for either SATA or PCIe according to the Intel Broadwell datasheet. Unfortunately, in the Librem 13 coreboot configuration, the PCIe Port #6 was disabled (since it was never used, but that was only because I only ever tried a SATA drive). So the fix was simple: enable the PCIe port #6, and once coreboot initializes that PCIe port, the NVMe drive is initialized and working.

Francois tested this for me and confirmed he could boot on his drive. I needed to do my own tests however, so I ordered an NVMe drive (The Intel 600p Series SSD) and before I received it, someone (a regular Librem user) found and decided to test my script. With a lot of courage and determination, he was the first non-purism-employee beta tester of the coreboot install script and unfortunately, it didn’t work for him. While the coreboot install was fine, SeaBIOS wasn’t detecting his NVMe drive (he could boot into a live USB and flash back his Factory BIOS, so nothing to be alarmed about). I didn’t know why it worked for Francois but not for jsparber (our volunteer beta tester). I then realized that SeaBIOS itself didn’t have NVMe support, or more precisely, the NVMe support that was added to SeaBIOS was never tested outside of the qemu emulator, and was actually disabled for real hardware, so I enabled NVMe support for non-qemu hardware and sent the updated image to our beta tester who confirmed it to be working.

Why was it working for Francois if SeaBIOS didn’t have NVMe support, though? That’s a bit mysterious, but I think that his specific NVMe drive had some sort of SATA-compatibility mode in order to allow booting from older BIOS that don’t support NVMe devices.

Once I received my own NVMe SSD, I thought that it would just be a formality to get it to work, and indeed, it was detected by SeaBIOS but I couldn’t boot on it because it was still blank, so I tried to install PureOS on it. Unfortunately, that failed. I was getting an error halfway through the installation and the NVMe device was disappearing completely. My dmesg output had (among a flood of I/O errors) :

nvme 0000:04:00.0: controller is down; will reset: CSTS=0xffffffff, PCI_STATUS=0xffff
nvme 0000:04:00.0: Refused to change power state, currently in D3
nvme nvme0: Removing after probe failure status: -19
nvme0n1: detected capacity change from 256060514304 to 0

After searching for a long time, I’ve found a few mentions of this error. At first, I thought that this lauchpad bug was the one affecting me, but it was saying that it was fixed in kernel 4.4.0, and 4.8. The PureOS live USB was sporting kernel 4.7 back then, so I thought that maybe I needed a higher kernel version still. I tried to install Ubuntu 17.04, but it wouldn’t even boot, and then the Fedora 25 live USB would have the same issue, even though it had kernel 4.9.6. I decided to try the Archlinux installer, which had the 4.10.6 kernel, and I had the same problems, then I found this other bug which says it might happen since kernel 4.10.0 had support for APST and some drives had quirks which made them fail when APST was enabled, but the fix here was simple, a kernel option at boot and the bug should disappear, so I tried it but no luck.

At that point, in order to remove coreboot from the equation, I had flashed back an AMI BIOS on my Librem, but I was still getting all these issues.

I gave up after a while, and I figured out that if it’s not a kernel issue, maybe it’s not a Linux issue at all, so I tried installing Windows on the NVMe, and the same issue happened again! “Well, if the problem happens with Windows and the factory BIOS, then there’s nothing I can do, the problem is with the drive itself, it’s defective! Right?”

While I was trying to find the original packaging to ship it back for a replacement, I had an idea: I put the NVMe drive in the Librem 13 v2 prototype that I had, and it worked! So I figured that the problem was with my own Librem 13 v1 which might have had defective hardware (maybe a scratch on the motherboard or something?)

However, for a week, while working on other things, I kept thinking that there must be something else I can do, that the issue can’t be as simple as “it’s a hardware issue”, but I didn’t know what more I could do if Windows+AMI Bios were failing, and the SSD itself was fine.

Then Francois told me that he was having issues with his Librem, where the NVMe device would “disappear”. This looked a lot like the problem I’ve been having, but for him, it wouldn’t happen within the first 5 minutes of use like me, it would happen after 48 hours instead, sometimes after putting the laptop to sleep, sometimes not—very unpredictable. Unfortunately, he had also reinstalled his system at the same time when he flashed coreboot, so this new problem could be coming from coreboot or from the new OS he installed—but lo and behold, after he flashed his original BIOS back, he was still having the same issue of his NVMe disappearing.

Since I don’t believe in coincidences, I decided to start my research again from scratch—forget all the various links and explanations and datasheets I found—and just looked at the problem from a blank slate. After I searched for the error I was getting again, I found a post on the Lenovo forums where someone was complaining about the same issue on their ThinkPad X270 and the thread was marked as “SOLVED“, so that was very promising. After reading through it, I found that the solution was a new BIOS update for the Lenovo X270 that fixed the problem. And when I looked at the changelog of that update, this is what it said about NVMe support:

- (New) Disable NVMe L1.2
- (New) Disable NVMe CLKREQ

Now that was interesting… what was this “L1.2” and “CLKREQ”? I did some more research and I found an article that explained that L1.2 is simply a lower-power mode of operation for a PCIe device. Going back to the original dmesg output, I then realized that it said something very interesting about the drive and its power state:

Refused to change power state, currently in D3

According to this MSDN article, the “D3” there refers to a device power state, and more precisely, D3 is the lowest power state of the device. That seems to coincide with the L1.2 PCIe state which is also the lowest power state. I’ve decided to do what Lenovo did and disable CLKREQ and L1.2 in the PCIe device. The CLKREQ seems to be used by the CPU or by the device to request activation of the clock and to allow exit of the L1.2. According to the PCI specification, I’ve found a document that states :

“The CLKREQ# signal is also used by the L1 PM Substates mechanism. In this case, CLKREQ# can be asserted by either the system or the device to initiate an L1 exit”

The “L1 PM substates” is referring to that L1.2 (L1.1 and L1.2 are referred to as L1 substates, and “PM” here means “Power Management”), so my theory was that the drive goes into low power mode, and when it needs to get out of it, the CLKREQ should be used, but wasn’t working, causing the drive to never know that it needs to wake up. Disabling CLKREQ would fix it because some other mechanism would be used to wake the drive, or disabling L1.2 would also fix it because the drive would never go into that D3 low power mode.

I looked extensively at the Broadwell LP datasheet and I saw that the CLKREQ for PCIe port #6 is multiplexed with GPIO 23, and looking at the gpio.h in coreboot for the Librem 13, I see GPIO 23 set as “INPUT”, while GPIO 18 and 19 (which are for PCIe ports #1 and #2) are set as “NATIVE”. So I’ve set GPIO 23 to NATIVE and tried it, but this made NVMe undetectable; coreboot was simply unable to detect anything on port #6, and I have no idea why. Not only do I not know what a “native” gpio means, but I also don’t know why changing it from input to native would cause the PCI bus scan to fail.

Either way, I’ve set it back to “INPUT” and tried to see how to disable CLKREQ from some PCI configuration. Unfortunately, the code in soc/intel/broadwell/pcie.c—which mentions “CLKREQ”—does things that I can’t understand, it modifies/sets PCI configuration values on offsets that don’t match anything in the datasheet and I have no idea if I’ve been reading the datasheet incorrectly or if the code is wrong somehow.

One simple example is this code snippet:

/* Per-Port CLKREQ# handling. */
if (gpio_is_native(18 + rp - 1))
/*
* In addition to D28Fx PCICFG 420h[30:29] = 11b,
* set 420h[17] = 0b and 420[0] = 1b for L1 SubState.
*/
pci_update_config32(dev, 0x420, ~0x20000, (3 << 29) | 1);

First of all, it’s checking for the gpio to be native (which is what I did before without success), but it’s setting the PCI configuration at offset 0x420, but the only offset 0x420 I see in the datasheet (page 736) is the “PCI Express* Configuration Register 3”:

Bit    Description

31:1   Reserved 
0      PEC3 Field 1—R/W. BIOS may set this bit to 1b

Possibly these 31 “Reserved” bits are only described in a confidential Intel document, but in any case I didn’t know what that code was doing and I wouldn’t know what to change to make it behave the way I want it to.

I eventually found that this low power mechanism is called “ASPM” and the cbmem output from coreboot had a line that said “ASPM: enabled L1” which didn’t match any string in that soc/intel/broadwell/pcie.c file, so after I searched for the “ASPM:” string, I found that there is code in device/pciexp_device.c which is what actually configures the ASPM on the device!

The code in pciexp_device is rather straightforward since it does this:

/* Check for and enable Common Clock */
if (IS_ENABLED(CONFIG_PCIEXP_COMMON_CLOCK))
    pciexp_enable_common_clock(root, root_cap, dev, cap);

/* Check if per port CLK req is supported by endpoint*/
if (IS_ENABLED(CONFIG_PCIEXP_CLK_PM))
    pciexp_enable_clock_power_pm(dev, cap);

/* Enable L1 Sub-State when both root port and endpoint support */
if (IS_ENABLED(CONFIG_PCIEXP_L1_SUB_STATE))
    pciexp_config_L1_sub_state(root, dev);

/* Check for and enable ASPM */
if (IS_ENABLED(CONFIG_PCIEXP_ASPM))
    pciexp_enable_aspm(root, root_cap, dev, cap);

Unfortunately, those configs for L1_SUB_STATE and CLK_PM are forced-enabled in the menuconfig of coreboot, so I couldn’t disable it (I had already noticed them before but couldn’t disable them), so I just changed the code to remove the line that calls the
pciexp_enable_clock_power_pm function, and tested it. I could then see in the cbmem log that coreboot didn’t enable CLKREQ anymore, but the install was still failing, so I also removed the code that calls  pciexp_config_L1_sub_state, and tried again, and my installation was successful!

I had previously done around 50 installation attempts on that NVMe and the drive would always crash between 50% and 80% through the installation. With my new changes, I had now done 3 successive installs that went all the way to 100% without crashing a single time. This demonstrated that my changes worked, that disabling the CLKREQ+L1.2 substate on the NVMe drive fixed the issue. My “fix” was obviously not the most elegant way of solving the issue, but I was now happy to report that we would be able to use the NVMe drives.

Some users might be wondering whether not being able to put their NVMe drives into low power mode would affect battery life, and the answer is, “In theory yes”, but in practice the difference would be a very small percentage. Back then, I doubted anyone would actually notice it, and so far it seems nobody did, so it looks like the issue is fairly minor in the grand scheme of things.

Purism customers now had working NVMe support for their Librem laptops running coreboot, and this solved a big headache for our operations & support team (who had temporarily put on hold all NVMe-based orders because of the bug, favouring the SATA-based laptop configurations as they were more reliable at that time).

Interestingly, this also meant that we had a superior user experience to similar laptops with a proprietary BIOS: users now had NVMe drives working with coreboot, NVMe drives that had never worked on the AMI BIOS we compared to!

During my testing of the install script, I had also tweaked some of the coreboot options and we had coreboot booting in about 350 miliseconds, which is a lot faster than the few seconds it took for the AMI BIOS to boot.

My fix was merged into coreboot in July 2017, via these two patches and this patch to SeaBIOS.

Some additional notes…

One might wonder if a possible reason behind the problem could have been an error in the design of the motherboard on the first-generation librems where the CLKREQ signal wouldn’t be properly routed, though it doesn’t look that way according to the schematics, so I’m not entirely sure why it was happening after all. At least, the fix was “simple” enough, and it worked on the Librem 13 v1 I had available to test.

Interestingly enough, François’ NVMe drive kept failing on his Librem 13 v1 after 2 to 3 days of use, even with my final fix. I was unable to figure out why that was still happening back then; why would his NVMe drive go into D3 power state if coreboot wasn’t enabling the L1.2 substate anymore? We eventually tabled the matter for a while as François switched to the newly released Librem 13 “version 2” a few weeks later. The answer came to me completely by chance, a year or so later, as I was looking through some PCIe code and saw that the PCIe device itself could have “L1.2 support” set even if it’s not enabled, so maybe his Linux kernel was enabling L1.2 if it saw that the device “supported” it. Unfortunately, by then, Francois wasn’t able to reproduce the issue on his NVMe drive anymore even with his old laptop, so it was impossible to test our hypothesis. The question of why he had started having those issues “all of a sudden” back then (when he didn’t encounter such issues before) shall remain a mystery!

The post Adventures with coreboot and NVM Express storage appeared first on Purism.

James has been with Purism since its early days, being the very first team member to join and has remained a dedicated, honest, hardworking chap who brought enjoyment to our lives daily.

Purism is a team of people located in all corners of the world, and those of us who have had the privilege to meet James in person know that his human qualities were a model to us all. James was one of the warmest, pure-hearted and kind people you can find, and had a passion for bringing ethical technology within the reach of the general public. I wish he lived on to see the long-term impact of his efforts on society.

James was the customer’s advocate as director of product, and also the cheerful voice of Purism on social media from 2016 to this day. If you have interacted with Purism on Twitter, Mastodon, Google+, Facebook and other outlets, know that in 99% of cases, you had been discussing with James. He was also the main writer behind the “Frequently Asked Questions” area of our website, and the shift in tone in our social media interactions when he took over in 2016 was largely thanks to him and his humane, down-to-earth approach.

In recent months, James had been deeply involved in defining requirements and improvements to our current and future products.

More importantly, James was not just a close collaborator, he had quickly become a personal friend of mine. We shared the joys, the laughter and the burdens of moving mountains to fulfill our mission as a social purpose corporation taking on the world against all odds.

I and various Purism team members will be travelling to attend James’ memorial service this Saturday.

In honor of James, we hope to engrave his name into the interior of the Librem 5 phone. We are working with his close family to support them in these difficult times. Additionally, we are giving James a special send-off and honoring his wife’s request by having James’ remains sent to space in 2019 for his kids. It will be a farewell for him, and he will return to earth and burn up as a “shooting star”.

Goodbye James, you will be sorely missed.
— Jeff

Many purists join me in mourning him, and some here wanted to add below a personal public statement to this effect.

Mladen Pejaković said:

Farewell James, I’ll miss our meetings and the fun and laugh we had. Rest in peace, dear colleague.

David Seaward said:

I finally got to meet James in person this year after working with him remotely. I had always admired his affability, warmth and respect for people, but was really blown away when I got to experience those qualities from him first-hand. I remember how lucky I felt to get to know such a great guy better. How lucky I felt that there was someone at work so capable of bringing those attributes which are all too often missing in our industry. I wish I could preserve that feeling and that memory in a bottle and leave it here for his children so that they could know what a humble and humane man their father was. I hope his family and friends know how much his colleagues appreciated him.

Everyone in our finance team said:

All is silent with James. Rest in peace, brother. Your colleagues here are dedicated to carrying our shared ideals to the four corners of the globe. A tribute to you and the life you led…

Todd Weaver said:

The universe is less bright without James in it and I will miss him immensely. He was a funny, thoughtful, and caring person who brightened up everything just by being present.

Nicole Færber said:

During a lifetime one meets a lot of people. Some you like to forget instantaneously again, some you are fine to work with but you don’t want them to be around more than necessary, some are good pals for a party, a hangout or a special occasion, some are great to talk to.

And then there are some people who you simply enjoy having around you whenever and wherever, who fill any room with kindness, understanding and empathy, who make you feel welcome, understood and accepted, unconditionally—this is what James was to me.

I had the honor and pleasure to work with James, mostly remote over the Internet, but still his positive energy could always be felt, even through the wires. Just a few weeks ago we finally had the pleasure to meet in person and enjoyed a wonderful time together with the team, which even further increased our bond.

James leaves a big hole in our hearts.
Our thoughts are with his family now, his wife and children.

Farewell James, may peace be with you, we miss you. We will try our best to keep your spirit alive, but it will never be the same without you.

François Téchené a dit:

Thank you James. Thank you for having been such a great colleague, such a nice and bright person. Thank you for having been my friend. I am very proud to have been working with you, for the last three years, on making the world a better place. It feels empty without you. I will sincerely miss you. May you know peace forever.

Zlatan Todorić said:

James and I have been working together for nearly three years, so we had time to become friends. Even though we never met in person, I can say that James was a rare genuinely good, kind-hearted person. His presence in our chats, and his voice in our meetings were soothing to me. He will be dearly missed but he will live through-out our memories of him. His beliefs in a better world will continue to live in me forever. Thank you my friend for having presence in my life and may you watch over us wherever you are now.

Heather Ellsworth said:

James was always a pleasure to work with and had a wonderful way of making his team members around the world laugh. I feel fortunate to have been his teammate and he will always have a fond place in my thoughts. My deepest sympathies go out to the family in this difficult time and may they too find peace in their cherished memories.

Kyle Rankin said:

People in technology have a tendency to solve problems in a way that suits only their own selfish needs. But not James. The word advocate gets overused these days, to the point that it sometimes has lost its meaning. Yet James was a real and true advocate for technology working for everyone, not out of some cynical drive to grow market share, but because that’s where his heart was. He believed that technology should be accessible and intuitive, and he consistently pushed to improve everything we did with that in mind. Those fingerprints are in everything we have made so far. If only we had more people with a heart like James in technology, we would all be much better off.

Chris Lamb said:

Whilst I never had the privilege of meeting James in-person I will not quickly forget the many thoughtful conversations and interactions I had with him. That he appeared to make an immediate impact on everyone who was fortunate enough to have come across him, even through the oft-distancing medium of faceless and impersonal technology, is truly a credit to his character. My deepest sympathies towards his wife and his children.

Theodotos Andreou wrote:

Farewell beloved colleague. Purism will miss you.

The post In memory of James M. Rufer appeared first on Purism.

Making Heads User Friendly

Heads is an incredibly powerful and cutting edge project that takes the boot-time security protections you get with products like Secure Boot but using free software, reproducible builds, and keys that are fully under your control. We are working toward our goal of having Heads on all of our laptops by default, but when we started working on that effort we realized that the default user interface was definitely aimed more toward security experts. At the time, when you booted into Heads you got a console screen with a text menu. If Heads detected any issues, typically it would dump you to a recovery shell with some technical error output.

Since we think every user would benefit from the protections Heads provides, we have done a lot of work to bring more user-friendly GUI menus to Heads. We started with a console-based GUI and later added our own custom tool fbwhiptail which uses the same syntax as the standard whiptail console menu tool used by Debian but outputs an even more user-friendly GUI on a framebuffer.

As we continued to work toward making Heads more user-friendly, we realized we had an opportunity with the Librem Key to add an incredibly powerful, secure, yet easy to use way to detect tampering that was much better than the default. Before we talk about where the Librem Key fits in, though, it’s important to understand how Heads detects tampering by default.

How Heads Detects BIOS Tampering

Heads uses the TPM in a computer as a standalone, trusted, tamper-proof chip it can use to store BIOS measurements and secrets. In my post Demonstrating Tamper Detection with Heads I walk through the full process but I will highlight some of the relevant points here.

The way Heads protects the BIOS from tampering is that when you first set up Heads, you store the current BIOS’s measurements into special registers in the TPM called PCRs (Platform Configuration Registers). At this time Heads also generates a random string and using the TPMTOTP tool originally created by Matthew Garrett it stores this secret in a special encrypted register in the TPM–this process is called sealing. The TPMTOTP tool also takes this secret and converts it into a QR code it displays on the screen. Then you can use a multi-factor authentication application on your phone to take a picture of this QR code and add this to any other multi-factor authentication secrets you manage.

The next time the system boots, measurements from every executable part of the boot process is sent by Heads to the TPM and stored in PCRs. Then Heads requests for the TPM to unseal the TPMTOTP secret it added previously. The TPM will only unseal that secret if all of the measurements in its PCRs match what it has stored from the valid, un-tampered-with BIOS. Once the secret is unsealed, Heads uses TPMTOTP to combine that secret with the current time and convert it into a 6-digit code. You then open up your multi-factor authentication application on your phone and compare the 6-digit code on your laptop screen with the 6-digit code on your phone. If both codes match, the BIOS hasn’t been tampered with. If the codes don’t match, either the time is off on either device, or someone has tampered with the BIOS or the TPM and generated and stored a new secret to replace the old one.

Improving on TOTP Codes

It’s important to note that Heads does not require you to verify the TOTP (Time-based One Time Password) code on the screen each time you boot. In fact it has no way of knowing whether you have or not–the whole point is that the laptop is authenticating itself to you, not the other way around. So there’s a good chance that your average user may not feel like going to the trouble of getting out their phone, launching an app, and inspecting the code each time they boot. Plus, this process requires that a user must have a smart phone that can run one of these apps. Users might test the code every so often but I imagine many would just hit Enter and boot their system more often than not.

We realized we could make the process more convenient and easier to use by taking the phone out of the equation or at least adding a Librem Key to the equation. While the Librem Key doesn’t have a screen like a phone, it does have a green and red LED. What could be easier than plugging in a USB device, booting the computer, and then inspecting the LED to see whether you are safe? By making it easy, users would be more likely to test their BIOS at each boot.

HOTP to Trot

Since we were working with Nitrokey to produce the Librem Key, we started collaborating with them on this feature. The first step was to think through how this authentication would work. Because the Librem Key doesn’t have a clock of its own, and we don’t want it to trust the clock on the laptop, we decided to use HOTP (HMAC-based One Time Password) instead of TOTP as our authentication protocol.

HOTP and TOTP are very similar to each other. In fact, you can argue that TOTP is just a specific implementation of HOTP. With HOTP both sides have a shared secret and initialize an always-incrementing counter. Each side combines its secret with the current counter value and generates an HMAC (hashed message authentication code) that in this case is converted into a 6-digit code. If the codes match, then one side has proven to the other that it has a copy of the shared secret and both sides will then increment their counter. With TOTP, you just exchange the always-incrementing counter with the current timestamp, typically rounded to 30-second increments.

For this to work we needed not only to change the firmware we were going to use for the Librem Key so that it could accept this special HOTP-over-USB authentication, we also needed a userspace tool that knew how to talk to the Librem Key. The end result after working with Nitrokey was a couple of changes to the firmware and a completely new userspace program called nitrokey-hotp-verification that contains two command-line tools we needed to include in Heads, libremkey_hotp_initialize and libremkey_hotp_verification. The former tool will initialize the a Librem Key with the current HOTP secret and counter value and the latter performs various HOTP functions with the Librem Key including testing a 6-digit HOTP code.

Heads, Meet Librem Key

The next step was to add Librem Key support to Heads. This required quite a few UI changes, modifications to the default tools it used when generating new TOTP secrets, and adding libremkey_hotp_initialize and libremkey_hotp_verification command line tools within Heads itself. Instead of doing away with the TOTP code we are actually using the same exact TPM secret, just in addition to converting it into a TOTP code, we are also combining it with the incrementing counter to generate an HOTP code too. So when you tell Heads that you want to seal a new TOTP secret, if your version of Heads has Librem Key support enabled, in addition to showing you a QR code, it will also prompt you to insert your Librem Key and set up the secret there as well using the libremkey_hotp_initialize program.

The next time you boot, in addition to displaying the TOTP code in the menu as always, it also attempts to communicate with your Librem Key using the libremkey_hotp_verification tool. If the Librem Key isn’t inserted, it gets a specific error and warns the user that the key isn’t plugged in, but it doesn’t stop the user from booting. If the user then plugs in the key and tells Heads to regenerate the code, it can do a second test from the GUI. If you lose your Librem Key or leave it behind somewhere, you can always just fall back to the standard TOTP code + phone approach until you have a new Librem Key to enroll.

After Heads sends the Librem Key an HOTP code, if the code matches what the Librem Key itself generates, it will flash a green LED and return a success code to Heads to display on the laptop screen. If the HOTP codes don’t match, the Librem Key will flash a red LED indefinitely and also send a specific error back to Heads which will cause it to show a red background and error dialog. Note that you shouldn’t trust the Heads UI to display this error, it’s only for convenience. A modified UI could lie to you so you should only trust the Librem Key LED at this phase of the boot process.

Demo Time

Here’s a short demo video of the Librem Key testing a valid BIOS and then one that detects tampering with Heads.

To simulate tampering, I just generate a brand new TOTP/HOTP secret in the TPM with the Librem Key unplugged. Since the Librem Key has the old secret, it will generate a completely different 6-digit HOTP code and take that as an error.

Anti-Interdiction Protection and The Future of Librem Key and Heads Integration

As I mentioned in the Introducing the Librem Key post, having the Librem Key vouch for the integrity of the BIOS opens up a lot of opportunities for more advanced anti-interdiction protection for those customers who are concerned about that risk. The way this would work, we would configure a Librem Key and Librem laptop running Heads before shipping and then ship the two packages separately. The idea here is that it would be more difficult for an attacker to interdict both packages than just one.

Then when you unbox everything, you can immediately test the integrity of your machine before you do anything else. At that point you could also generate completely new secrets between Heads and the Librem Key so there’s not even a chance we could have a copy of your secrets–the keys are under your control. For customers willing to wait, we could even ship the Librem Key first and only ship the laptop after they acknowledge receipt of the Librem Key. With delayed shipping you would have even more assurance that someone wouldn’t be able to modify both the Librem Key and laptop in transit.

If you can’t tell, we are very excited about all of the possibilities the Librem Key opens up to us to better protect you and your secrets, while still keeping security convenient and your keys in your own control. Stay tuned: as we unlock even more features in the Librem Key we’ll be sure to post about it here.

The post The Librem Key Makes Tamper Detection Easy appeared first on Purism.

What is a USB Security Token?

In case you haven’t heard of USB security tokens before, they are devices typically about the size of a USB thumb drive that can act as “something you have” for multi-factor authentication. With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor. USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.

In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).

Why Make a Librem Key?

There are many other vendors out there who offer their own security tokens, so why make our own? The first reason is that few security tokens out on the market align with our values here at Purism, in particular with respect to freedom. I’ve explained in a previous post why freedom is essential to security and privacy and this is especially true for a device that is holding some of your most sensitive secrets. We wanted a security token that used open hardware, free software firmware, and free software user applications and that is why we partnered with Nitrokey to produce a security token that respected your freedom from the beginning.

We also wanted to make the Librem Key because of all of the integration possibilities with our existing products that would make customers more secure in a way that’s also more convenient. When you can bundle a security token with your own laptop and operating system, there are so many interesting possibilities, especially when the firmware and user applications are free software so we can easily modify them to add even more features.

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

• Insert the Librem Key at boot and automatically decrypt your hard drive
• Automatically lock your laptop whenever you remove the Librem Key
• Use your Librem Key to log in

Provable Security, Made Easy

One of the most exciting opportunities the Librem Key opens up to us is in integrating with our tamper-evident Heads BIOS to provide cutting-edge tamper-evident security but in a convenient package that doesn’t exist anywhere else.

Currently with Heads, when you want to prove that the BIOS hasn’t been tampered with, you need to set up a TOTP application on your phone and scan a QR code from within Heads. Then at each boot you compare the 6-digit code Heads displays on the screen with the code in your phone. If the codes match, the BIOS is safe. This method works but is a bit cumbersome and with the Librem Key we can do better.

We have worked with Nitrokey to add a custom feature to our Librem Key firmware specifically for Heads. This custom firmware along with a userspace application allows us to store the shared secret from the TPM on the Librem Key instead of on a phone app. Then when Heads boots, if the BIOS hasn’t been tampered with the TPM will unlock its copy of the shared secret, and Heads will send the 6-digit code over to the Librem Key. If the code matches what the Librem Key itself generated, it flashes a green light. If the codes don’t match, it flashes a red light.

So if you are concerned about someone tampering with your computer when you aren’t around, just boot with the Librem Key inserted. If it blinks green you are safe, if it blinks red you’ve been tampered with. There is no other product on the market today that offers this kind of simple but strong tamper-evident protection, much less one that respects your freedom where the keys are fully in your control.

Even Stronger Anti-Interdiction Protection

The Librem Key opens up possibilities for even stronger anti-interdiction protection for customers who need it. We will be able to link a Librem Key with a laptop running Heads at our facility and then ship them separately. Then when each package arrives you can immediately test for tampering with an easy “green is good, red is bad” test.

Convenient Security for the Enterprise

Many companies have already incorporated 3rd party security tokens into their engineering teams as a way for software engineers to sign their code pushes securely or as convenient multi-factor token. The Librem Key offers enterprises a way to combine all of the other features they are used to with other security tokens along with our cutting-edge tamper-evident boot process on our Librem laptops in an easy and convenient package where all of the keys are fully under their control.

Since the firmware and userspace tools are free software, that means enterprises can also easily customize these tools to suit their own internal policies whether with their own software teams or by working with Purism. That could mean anything from providing a customized error page to employees when Heads detects tampering to actively preventing employees from booting a tampered-with machine.

Only the Beginning

Knowing that our customers have a secure and freedom-respecting security token opens up all sorts of other possibilities and today we are only scratching the surface on what we will be able to do with Librem Key both for new customers and those that have been with us from the beginning. Stay tuned for future posts where I will dive deeper into some of the Librem Key’s features and explain how to get the most out of it. In the mean time you can order your own Librem Key from the Librem Key product page.

Update: read more in our follow-up post explaining the interaction between the Librem Key and our coreboot+Heads BIOS replacement to learn more about how the tamper detection works.

The post Introducing the Librem Key appeared first on Purism.

SAN FRANCISCO, Calif., September 20, 2018 — Purism, the social purpose corporation which designs and produces popular digital rights respecting hardware, software, and services, has launched its new security token, the Librem Key, which is the first and only OpenPGP smart card providing a Heads-firmware-integrated tamper-evident boot process. The new Librem Key, built with Open Hardware USB OpenPGP security tokens from Nitrokey, can store up to 4096-bit RSA keys and up to 512-bit ECC keys and can securely generate them directly on the device. Librem Keys are now available for purchase on Purism’s website, with Librem laptops or as a single order. Librem Keys will be able to provide basic security token functions on any laptop, but have extended features that work exclusively with Purism’s Librem laptop line and other devices that support Trammel Hudson’s Heads security firmware.

Purism developed the Librem Key through its partnership with Nitrokey. This integration allows Librem laptop users to add unprecedented protection to their device through a key they can insert at boot time to ensure the user is right where they left off without any tampering. Once inserted, if the key blinks green, then you’re right where you left off. If it blinks red, it signals tampering has occurred. The key is fully equipped to integrate with the Librem’s secure boot process with Heads-enabled TPM detailing the tamper evidence. The key enables users to directly test if someone has tampered with the software on their computer starting at the boot level.

With Librem Key, IT departments will have an integrated out-of-the-box solution for disk and email encryption, authentication, and tamper-evident boot security that’s easy to use.

In addition to its industry leading tamper evidence capabilities, the Librem Key also offers the standard security features available in generic security tokens:

• Securely store user GPG encryption/signing keys to make it easier to use their keys in a secure way across devices
• Store authentication GPG keys you can use for Secure Shell (SSH)
• Using One-Time-Passwords (OTP) to login to websites or for two factor authentication (2FA)

Eventually, Purism plans to expand the Librem Key’s features to even further empower users to securely control their devices, such as:

• Detecting tampering during shipping with tamper-evident boot enabled and configured on the laptop and Librem Key and each device shipped separately
• Unlocking disk encryption (instead of having to enter a passphrase) when the Librem Key is inserted at boot
• Locking the screen whenever the Librem Key is removed
• Automatically logging the user into their desktop when the Librem Key is inserted

The launch of Librem Key furthers Purism’s mission to make security and cryptography accessible where its customers hold the keys to their own security. This launch arrives amid growing demand for heightened protection expectations from security key manufacturers.

“Purism’s work to make coreboot measured against an external security token is the realization of a dream we’ve had since 2005,” says Ron Minnich, coreboot Founder.

“It’s not feasible or healthy to monitor your computing devices every second – and that’s especially the case when you travel,” says Kyle Rankin, Chief Security Officer at Purism. “With the Librem Key, we are giving Librem users the keys to completely lock their computer if they’re in an unfamiliar network environment in the same way one would want to have the keys to their car if they needed to drive to an unfamiliar neighborhood.”

“Your privacy is dependent on your freedom. We believe that having true privacy means your computer and data should be secure whether you are with your device or not,” says Todd Weaver, Founder and CEO of Purism. “As we look forward to shipping Heads by default, the Librem Key combined with the rest of our security features will give users the peace of mind that their data is safer than it would be on any other laptop on the market.”

With Purism enabling users to leverage the Heads integrated TPM chip in new Librem 13 and Librem 15 orders moving forward, they will also have the option of purchasing a Librem Key by itself or as an add-on with a laptop order. For future add-on orders, Purism plans to pre-configure the Librem Key at the factory to act as an easy-to-use disk decryption key and ship laptops that are pre-encrypted. Customers will also be able to replace the factory-generated keys with their own at any time.

About Purism

Media Contact

The post Purism launches Librem Key, the first and only security key to offer tamper evident protection to laptop users appeared first on Purism.

Some of the Purism team members attended Akademy 2018 in Vienna. This conference facilitated further discussions with KDE developers and it was nice to meet everyone in person!

We would like to express our gratitude to @Puri_sm, not only for sponsoring #Akademy2018, but also for working with our developers so we can have a Plasma Mobile-based smartphone soon.

— Akademy (@akademy) August 20, 2018

There were also some team members that attended FrOSCon. Coming up, we have Todd presenting at AllThingsOpen, and Capitole du Libre where François and Adrien will be manning a booth (so be sure to stop by and say bonjour if you’re there).

We're excited to have Todd Weaver, Founder & CEO of @puri_sm, presenting at #AllThingsOpen! https://t.co/FXc3M9ENwi pic.twitter.com/piFRSZ5WOL

— All Things Open (@AllThingsOpen) August 29, 2018