Todd Weaver

Todd Weaver

Founder and CEO
PGP Fingerprint: B8CA ACEA D949 30F1 23C4 642C 23CF 2E3D 2545 14F7
Todd Weaver

Welcome to Purism, a different type of technology company.

We believe you should have technology that does not spy on you.
We believe you should have complete control over your digital life.
We advocate for personal privacy, cyber security, and individual freedoms.
We sell hardware, develop software, and provide services according to these beliefs.
To do all that, we think differently across all areas of business and technology.


Purism Differentiator Series, Part 3: Operating System

Building an Operating System that avoids Big Tech allowed us to build out a new convergent operating system that could work across all our products that does not spy on the user where we release all the source code so it is peer-reviewable. This was a massive multi-year multi-million dollar undertaking to create PureOS as an alternative to Google’s Android, Apple’s iOS, and Microsoft Windows. There is no data mining in PureOS, and you are in complete control.

Google, Apple, and Microsoft vs Purism

The Big Tech companies who author the operating systems in wide use: Google with ChromeOS and Android, Apple with OSX and iOS, and Microsoft with Windows, designed these operating systems to control the user. They do this by failing to release the source code to have it peer reviewed, they fail to allow you to use it how you wish, and fail to allow you to change it to how you need. These companies require you to click “I Agree” to egregious terms of service that most fail to read, because the product will not operate unless you agree to the terms.

Purism is the opposite. Purism with PureOS as our Operating System is designed to give complete control to the user. We do this by releasing all the source code so it can be peer reviewed, we allow you to use it how you wish, and allow you to change it how you need. We do not require you to click “I Agree” to use our products.

Free Software Foundation Endorsement

PureOS is a Free Software Foundation endorsed distribution and that means, according to John Sullivan, FSF’s executive director at the time: “The FSF’s high standards for distributions help users know which ones will honor their desire to be fully in control of their computers and devices. These standards also help drive the development work needed to make the free world’s tools more practical and powerful than the proprietary dystopia exemplified by Windows, iOS, and Chrome. PureOS is living — and growing — proof that you can meet ethical standards while also achieving excellence in user experience.”

Freedom, Privacy, and Security with PureOS

Why FSF endorsing PureOS matters explains in greater detail the topics of freedom, privacy, and security that this endorsement showcases:

Freedom

Perhaps the most obvious benefit of PureOS being 100% free software is freedom. Every piece of software in PureOS has a corresponding source code repository that is licensed with a FSF-approved license. This means you are free to download, inspect, and modify any of the software in PureOS directly. If you want to improve a piece of PureOS software you are free to fix it and share your fix with the rest of the world under the same freedom-preserving license.

You are also free from the whims or poor decisions of a software maintainer. If a software developer decides to abandon their project, if they take it in a direction you or the community don’t like, or if you submit improvements the maintainer doesn’t accept, you are even free to create a competing version of the software (forking) based on your modified code.

Privacy

Privacy is perhaps a benefit that isn’t so obvious in free software. Yet, one of the main effects of smartphone apps being proprietary shareware is that they are funded by and large by ads and directly or indirectly capture and share your private data. This same approach often extends into proprietary desktop applications as well.

Because PureOS is 100% free software, it doesn’t suffer from these same privacy problems. Why? Besides the fact that all software has to go through a rigorous acceptance process before it is added to the OS, if a developer decided to write software that benefited you while also violating your privacy, you would be free to fork their code and remove the privacy-violating bits.

Many proprietary phone apps hide their privacy-violating features as well. After all, why exactly does a flashlight application need full access to the Internet, your contact list, your location, and your photos? In the free software world, you could inspect such an application and confirm whether they are actually capturing any of that data, discover how they are using it, and disable or remove those bits.

Security

The final area where free software provides a huge benefit is in security. Supply chain security has started to be a hot topic in the security world, for good reason, and you cannot get better supply chain security than with free software. While we’ve written about protecting the digital supply chain before in the context of how we protect our products both in firmware and software, it’s worth highlighting here where a free software OS provides the biggest benefits.

At the initial level free software and proprietary software use similar security measures to protect against supply chain attacks. A software repository is owned by a limited list of maintainers who control what source code and files are allowed in the repository and approve all changes. Both free and proprietary software developers these days typically sign their code changes with a personal signature verifying that the change came from them. When the software gets packaged, that binary package is also typically signed with a key owned by the company or software project so the end user can verify that the package hasn’t been modified by anyone else, before they install it.

Yet we have seen that supply chain attacks can bypass these security measures most often by compromising build servers, injecting malicious code into the binary package, and getting it signed with official signatures so it looks legitimate. While supply chain attacks do sometimes target the source code itself, it’s rarer because it’s easier to trace and more difficult to hide changes to the source code long-term, even with proprietary software which has a smaller group of people allowed to audit the code.

Free software adds an additional layer of supply chain security that proprietary software simply can’t, due to the freedom of the code. While an attacker can try to sneak malicious code into the source code itself, it’s much more challenging to hide that code long-term, given that code changes are not only audited by the software maintainers themselves, but any interested third party as well as security researchers and even regular end users. While some security researchers are just as comfortable auditing binaries as source code, for many it’s a lot easier and faster to audit code for backdoors when the code is freely available.

Finally, free software has a gigantic advantage over proprietary software in supply chain security due to Reproducible Builds. With Reproducible Builds you can download the source code used to build your software, build it yourself, and compare your output with the output you get from a vendor. If the output matches, you can be assured that no malicious code was injected somewhere in the software supply chain and it 100% matches the public code that can be audited for back doors. Because proprietary software can’t be reproducibly built by third parties (because they don’t share the code), you are left relying on the package signature for all your supply chain security.

PureOS: An Operating System for Public Good

We are proud of PureOS’s Free Software Foundation endorsement, not only because we spent a lot of effort to get it, because we believe in free software, or because of our Social Purpose Corporation charter, but also because we believe free software directly benefits our customers and society at large and that is why our laptops, PCs, servers and phones all ship with PureOS.


Purism Products and Availability Chart

 ModelStatusLead Time 
USB Security Token Purism Librem KeyLibrem Key

(Made in USA)
In Stock
($59+)
10 business days
Librem 5In Stock
($699+)
3GB/32GB
10 business days
Librem 5 COMSEC BundleIn Stock
($1299+)
Qty 2; 3GB/32GB
10 business days
Purism Liberty Phone with Made in USA ElectronicsLiberty Phone
(Made in USA Electronics)
Backorder
($1,999+)
4GB/128GB
Estimated fulfillment early November
Librem 5 + SIMple
(3 GB Data)
In Stock
($99/mo)
10 business days
Librem 5 + SIMple Plus
(5 GB Data)
In Stock
($129/mo)
10 business days
Librem 5 + AweSIM
(Unlimited Data)
In Stock
($169/mo)
10 business days
Librem 11Backorder
($999+)
8GB/1TB
Estimated fulfillment mid-October
Most Secure Laptop Purism Librem 14Librem 14In Stock
($1,370+)
10 business days
Most Secure PC Purism Librem Mini
Librem MiniBackorder
($799+)
Estimated delivery November
Most Secure Server Purism Librem ServersLibrem ServerIn Stock
($2,999+)
45 business days
The current product and shipping chart of Purism products, updated on September 12th, 2024

Recent Posts

Related Content

Tags