• About
• Latest Posts

Purism

Beautiful, Secure, Privacy-Respecting Laptops, Tablets, PCs, and Phones

Latest posts by Purism (see all)

• Invisible Dependencies, Visible Damage: The Case for Supply Chain Hygiene - September 12, 2025
• From Typhoon to Action: A Purism Playbook for Hardening Your Defenses - September 11, 2025
• Apple’s Latest iPhone: Sleeker Walls, Same Garden - September 10, 2025

Fighting the Typhoons: Turning FBI/CISA/NSA Guidance into Action

When the FBI, CISA, and NSA release joint advisories, it’s not theory — it’s reality. The latest warnings about Salt Typhoon and Volt Typhoon should be read as a weather alert: the storm isn’t “out there,” it’s already in progress. These campaigns target infrastructure, communications, and supply chains with patience and persistence.

The good news? There’s a way to prepare. And if you take a privacy-first, user-controlled approach — the very foundation of Purism’s technology model — you’ll not only survive the storm, you’ll strengthen your independence from the systems adversaries exploit.

Here’s how to turn government guidance into concrete steps:

1. Assume Compromise, Hunt Proactively

• Baseline your environment: inventory every device, service, and connection.

• Monitor continuously: flag anomalous logins, unexpected data flows, and configuration changes.

• Audit firmware/BIOS: replace with verifiable, open-source builds where possible.

Purism’s fully auditable stack reduces blind spots — no hidden kernel binaries, no “just trust us” source code.

2. Harden the Edge

• Patch immediately: routers, VPNs, firewalls, and load balancers are prime targets.

• Retire “end of life” systems: unsupported means unprotected.

• Disable what you don’t use: every open port is an attack surface.

With Purism, you control updates and lifecycles — not vendors who cut you off at their convenience.

3. Strengthen Identity & Access

• Use phishing-resistant MFA: (FIDO2, hardware tokens, Librem Key).

• Enforce least privilege: access should always be minimal and time-bound.

• Rotate credentials after staff or role changes.

Purism invented cryptographic tamper-detection, hardware-based isolation, giving users security without surveillance.

4. Control the Communications Layer

• Encrypt everything: in transit, at rest, and end-to-end where possible.

• Segment networks: don’t let one breach cascade into many.

• Physically disable attack surfaces: remove what is not needed

Purism’s kill switches cut radios, cameras, and microphones at the hardware level. Purism’s Librem PQC Encryptor and Librem PQC Comms Server are the industry best cryptography in action.

5. Log, Retain, and Review

• Centralize logs from critical systems.

• Retain long-term: Typhoon campaigns run for years, not weeks.

• Correlate logs to spot “low and slow” intrusions.

Purism default is never track, 100% source code release, and is the only vendor where you as the user (or agency) controls the encryption keys.

6. Build a Response Muscle

• Tabletop drills: simulate Typhoon-style intrusions before they happen.

• Playbooks: define who calls whom, in what order, and with what authority.

• External allies: have trusted partners for forensics and remediation.

Purism releases 100% of its source code to easily include reproduction testing, regression testing, and allows you to build out an entire on-premise repository to build automated testing against.

7. Eliminate Blind Trust

• Audit vendors: demand transparency and clear security posture.

• Verify supply chains: insist on reproducible builds, signed firmware, open documentation.

• Reject surveillance-driven business models: your data should never be someone else’s revenue stream.

Purism’s business model isn’t built on exploiting user data. That’s not just a selling point — it’s a security necessity.

The Bottom Line

The warnings from U.S. agencies aren’t hypothetical. Salt Typhoon and Volt Typhoon campaigns prove that long-term, stealthy intrusions are the new normal.

The path forward is clear: own your stack, control your keys, and close the doors adversaries walk through.

Purism’s model — privacy-first, user-controlled, transparent from top to bottom — isn’t just philosophy. It’s resilience in action.

Purism Products and Availability Chart

	Model	Status	Lead Time
	Librem Key (Made in USA)	In Stock ($59+)	10 business days	Learn More Buy Now
	Liberty Phone (Made in USA Electronics)	In Stock ($1,999+) 4GB/128GB	10 business days	Learn More Buy Now
	Librem 5	In Stock ($799+) 3GB/32GB	10 business days	Learn More Buy Now
	Librem 11	In Stock ($999+) 8GB/1TB	10 business days	Learn More Buy Now
	Librem 14	Out of stock	New Version in Development	Coming Soon
	Librem Mini	Out of stock	New Version in Development	Coming Soon
	Librem Server	In Stock ($2,999+)	45 business days	Learn More Buy Now
	Librem PQC Encryptor	Available Now, contact sales@puri.sm	90 business days	Learn More Contact Us
	Librem PQC Comms Server	Available Now, contact sales@puri.sm	90 business days	Learn More Contact Us