Category: FAQs and documentation

What the CIA Vault 7 Documents Mean

WikiLeaks has recently released a treasure trove of documents, codenamed Vault 7, that will take weeks to digest. And we will digest it all. But before we go document by document, we wanted to address top-level concerns users have, and how our philosophy and business model are the only ones that can withstand the test of time against this type of user device control. Read more

A better-organized website

old website contents summary
A partial overview of some of the contents we’ve revised for the new website

As some of you might have noticed, I have been progressively deploying Purism’s new website over the past few weeks, after some months of small improvements and preparations.

Far from being merely a visual style update, the main goal of this initiative was to reorganize all the contents, to make them easier to find, and more pleasant and interesting to read. Indeed, the existing website had tons of contents, spread everywhere with no clear logic, often buried in obscure parts of the blog that nobody would ever see.

I spent quite a while reading and annotating all the contents of the website, ripping and remixing it into something that makes sense. The screenshot you can see on the right is the summary (without duplicated content) of some of the pages we have reviewed and reworked. And some of the contents are still pending review and improvements.

The new contents organization achieves the following:

  • Introduce a clear structure and hierarchy
    • Clean up the menus, and spread items across menus in a fully thought-out way
    • Clean, human-readable and memorable URLs, based on sections
    • Completely rethought blog taxonomy (categories and tags), and exposed posts structure allowing easy browsing based on your fields of interest
  • Introduce the “Why Purism?” section to explain our business from two perspectives: our philosophy and our methodology. Add new content to cover the most frequent philosophy and methodology questions we get
  • Deduplicating contents
  • Reusing contents dynamically (to avoid inconsistencies)
  • Turn insightful posts into permanent reference pages to prevent them from being lost and forgotten
  • Revise, rewrite, clarify or remove obsolete contents
  • Interlinking related pages, particularly in the educational topics of the “Why Purism?” section
  • Introduce a ton more imagery, graphics, and visuals to give your eyes a rest amidst the big amount of written contents
  • Improved forums notification emails!

A side effect of this: we had to break almost every important hyperlink and URL! However, I put redirects in place everywhere to let you find the contents even if you are accessing them from an old URL.

On top of those content changes, the new visual design I deployed across the website is also fundamentally superior from a typographic standpoint: it made the contents much more legible and readable—not only is it objectively easier to read characters and words all over the place, it is now significantly more pleasant (and thus encouraging) to read anything longer than a few lines. Last but not least, the new design also makes it easier to manage the content layout across pages.

We hope you appreciate these changes as much as we do. Feel free to drop us a line at feedback at puri.sm!

We updated our FAQ — Here’s why it matters

Recently, we have updated our Frequently Asked Questions. “Who cares!” you might say. Well, here’s why I think it may be more important than you think. For the longest time we had five FAQ’s. Five. As a small company with little staff, FAQ’s and documentation were initially not as big of a priority as they perhaps should have been. Things that needed to be addressed have often been put on the back burner as we had larger issues to address. But, in recent weeks, we have begun to try and make changes in our approach, changes in our communication with you.

As we have begun this process, we are altering our previous method of outreach and communication to focus, quite simply, on these aspects: “more,” “better” and “engagement.” We have heard many of your calls for us to communicate more often and better.  We consider important, especially for the free and open source community, to have engagement and a back and forth dialogue between you and us. From here on, this blog will be updated more often with all of us chipping in at times. Our FAQ’s have been updated to address many of the common questions that we get asked and it will continue to be updated as more questions come in to us. With our new communication team, we have also recently changed our approach on social media as well, aiming for more engaging conversations with you and moving away from the previous “privacy news fire hose” approach where we were sharing too many Fear, Uncertainty & Doubt (FUD) articles that overall impaired our credibility. All in all, we’d like to bring some fun back to our social media process and to talk WITH you instead of AT you.

Recently our staff at Purism has grown. We have more, dedicated people in key positions to assist you and provide you with timely answers. Our community forums have undergone a significant improvement moving away from the barren wasteland of spam and unanswered posts to one with zero spam and a much improved response time. We have already begun the process of setting up a viewable shipping queue overview, so that you can see where you are in the ordering process. Finally, we have set up a new email, feedback(at)puri.sm, along with increasing the number of people that the support(at)puri.sm emails go to in another effort to improve communication. No longer will your emails, posts, and questions go unanswered.

The truth is this: we realize that we have made mistakes in our past communications and we are now trying our best to correct many of them with our new team dedicated to this. Certain things on our part have not been addressed, explained correctly – or explained at all – and this has led to several miscommunications between us and you. We realize that we will have to regain some of your trust and respect and we hope that these changes are met with your approval.

So, the FAQ’s have been updated. “Who cares,” you say? We do.

Question? Comment? Send an email to feedback(at)puri.sm

M.2 (NGFF) vs standard SATA drive sockets in Purism Librem laptops

We have gotten many questions on the M.2 (NGFF) drive in the Librem laptops, those questions ranging from:

  1. Can you boot from the M.2?
  2. Can you have both M.2 and SATA Drives?
  3. Which one is primary, which one is secondary?

So we wanted to confirm and answer those questions. In short:

  1. Can you boot from the M.2? Yes!
  2. Can you have both M.2 and SATA Drives? Yes!
  3. Which one is primary, which one is secondary? M.2 is primary

We also wanted to provide a brief HOWTO when you order with, or use, both an M.2 and a SATA drive.

Camera/Microphone Hardware Kill Switch Behavior on Librem Laptops

All Librem laptops come with a Hardware Kill Switch (HKS) which physically severs the circuit to the Camera and Microphone. The Librem laptops are the first to offer this feature and it works quite well. And in some cases, a bit TOO well.

Specifically a Librem laptop Camera and Microphone Hardware Kill Switch will work with any GNU/Linux OS, but only as long as one obeys these simple rules:

  • Rule #1: Always have the Camera/Microphone HKS in the ON position when booting the laptop. This ensures the kernel is aware the device is there. Once the OS starts up you can toggle the Camera/Microphone OFF and ON as you wish, but…
  • Rule #2: Always have the Camera/Microphone HKS in the ON position BEFORE starting a program that uses the Camera, like CHEESE. Once the program starts you can turn the Camera/Microphone OFF, but you will have to close and restart the program, with the HKS in the ON position, to get the Camera to work with that program.

If any of these rules are violated, the Camera may NOT work until a reboot.

camera-microphone-on

camera-microphone-off

The longer term plan is to develop proper kernel loading and unloading or software application polling of the devices, so the user flow becomes irrelevant. Obviously the kernel and software never took into account severing the circuit during operation, therefore we decided to post this to help user flow, and to provide a roadmap to ideal performance.

Hardware Can Be Your New Best Friend

A visitor to the Purism site contacted us with a question. It’s a question that we sometimes encounter when we’re with friends or at events, and so we thought we’d share the response to his query.

Q: On your website, you state:

“All other laptops use hardware chips coupled with software that can betray you. News stories have shown how these chips can surreptitiously transmit voice, networking, picture or video signals. Other chips are used to install spyware, malware or viruses.”

I know about software vulnerabilities, but I had not heard of hardware itself having built-in backdoors. Could you provide any news articles to back up this assertion?

Computerworld—a sober, technical publication—has an article outlining 17 Exploits the NSA Uses to Hack PCs, Routers and Servers for Surveillance, providing many links to original sources. It concerns their Tailored Access Operations Program (TAO) and reports from the Snowden Archive are six years old. Thus what we know of today is almost certainly worse that what’s current. And what we know now is very, very troubling.

As the computer trade magazine notes, before giving four screens of examples:

Some of the exploits are deployed remotely and others are physically installed. Those hands-on operations may occur while the product is being shipped; it could be snagged during shipping so an obscure group like an FBI black bag team can do the NSA’s domestic dirty work. There are too many exploits listed in the leak to cover in one post, but I thought you might like to know about some that target servers, routers and PCs. Please note, however, that ANT can exploit nearly every major software, hardware and firmware.

Noted computer security authority and journalist Jacob Appelbaum referenced exploits used to spy on Americans and foreigners alike – with the data-sharing agreements in place, it’s important to recognize this is fast becoming an academic distinction – by observing, “This is Turnkey Tyranny and it is here.”

Videos for the 30th Chaos Communication Congress, where Mr. Appelbaum’s two lectures (and many more covering this topic) are here.

As our blog article, “Shine A Light On It: Why Verifying Is Required, Why Only Libre Allows It” notes,

In the tech field, what a few do today, more will do tomorrow and nearly everyone will be doing next week. Even if you trust intelligence agency bureaucracies – yours or others – to not spy too much on you, your family and your friends, it’s not “just” them. It’s those that will follow that will also be able to spy on you and yours using similar techniques, for much cheaper.

Just since June ’15 alone, the OPM hacks purportedly by Chinese agents and—the irony—the Italian Hacking Team itself getting hacked proves our blog article’s concerns were, if not prescient, accurate. Smaller agencies than the NSA/GCHQ and even private parties—both who can categorically be characterized as not being particularly protective of American or even European citizens’ rights, security or well-being—are using similar exploits.

It’s code. It’s protocols. It doesn’t check first for the proper badge before running. There is no “magic golden key” allowing only The Good Guys™ from executing code.

All of this leaving aside the issue that hardware and software are becoming more conceptual categories than practical ones. Securing one or the other is no longer a guarantee of safety. You need to have both secured. And, given the complexities involved, the only reliable way to do this is to use the F/LOSSH (Free/Libre Open Source Software and Hardware) model. Since without verification, there can be no trust. Since, even though we may trust an institution or person now, we can’t have faith that five years from now, these organizations will be the same, or the people we trusted still in place.

We genuinely wish we lived in a world where our caution we have for our customers was unjustified or even, hysterical. We genuinely wish there wasn’t a need for someone like Purism to develop verifiably secure, transparent ways for people to organize their thoughts then share them. The world would be a better place. We’d probably all enjoy a bit more extra sleep. But that’s not the world we’ve inherited. So instead, we’re energized at the challenges we all face. And we’re excited at the opportunity to do our small part in correcting this very unwelcome change in our digital environment.

Alternative Free and Open Source Software

A common request for anybody using free and open source software is “What would be equivalent to <insert_branded_software_name_here />?” So we wanted to make a simple table that shows common branded proprietary software and what free and open source software replaces or is an acceptable alternative to it.

Proprietary SoftwareFree and Open Source Software
Office Suite
Microsoft WordMicrosoft Word; word processingLibreOffice WriterLibreOffice Writer; word processing, a direct alternative for Microsoft Word
Microsoft ExcelMicrosoft Excel; spreadsheetLibreOffice CalcLibreOffice Calc; spreadsheet, a direct alternative to Microsoft Excel
Microsoft PowerpointMicrosoft Powerpoint; presentationLibreOffice ImpressLibreOffice Impress; presentation, a direct alternative to Microsoft Powerpoint
Microsoft AccessMicrosoft Access; graphical databaseLibreOffice BaseLibreOffice Base; graphical database, a direct alternative to Microsoft Access
Email and Calendaring
Microsoft OutlookMicrosoft Outlook; email and calendaringEvolutionEvolution; email and calendaring, a direct alternative for Microsoft Outlook, Apple Mac Mail, and Apple Mac iCal.
Apple Mac MailApple Mac Mail; email
Apple Mac iCalApple Mac iCal; calendaring
Graphics
Adobe PhotoshopAdobe Photoshop; graphicsGNU Image Manipulation Program (GIMP)Gimp; graphics, a direct alternative to Adobe Photoshop
Web Browser
Microsoft IEMicrosoft IE; browserMozilla FirefoxMozilla Firefox; browser
Google ChromeGoogle Chrome; browserAbrowserAbrowser; browser, a firefox derivative with greater privacy controls, a direct replacement for Mozilla Firefox, Microsoft IE, Google Chrome, and Apple Safari
Apple SafariApple Safari; browser