Todd Weaver

Todd Weaver

Founder and CEO
PGP Fingerprint: B8CA ACEA D949 30F1 23C4 642C 23CF 2E3D 2545 14F7
Todd Weaver

Welcome to Purism, a different type of technology company.

We believe you should have technology that does not spy on you.
We believe you should have complete control over your digital life.
We advocate for personal privacy, cyber security, and individual freedoms.
We sell hardware, develop software, and provide services according to these beliefs.
To do all that, we think differently across all areas of business and technology.


Purism Differentiator Series, Part 6: Security

To offer proper security it is about making sure that the user (or IT team of a company or agency) has complete control of every aspect of the hardware, software, and services. This means being able to verify schematics, control the boot security and encryption, be able to verify source code, and also control the encryption and software for any services that run on the device. Purism knew this before building our products and therefore started with this security need in mind to build out all the hardware designs, software, and services.

Hardware Supply Chain Security

Manufacturing the Liberty Phone in the United States of America showcases a best in hardware supply chain manufacturing. It is on US soil at the Purism facility, under Purism management and oversight, using known western distributors, and inventoried, manufactured, and assembled all by Purism staff. Purism shares the schematics, releases all the source code, and establishes that the owner of the end device is able to run their own encryption by default. Controlling the keys of the end device fully. This is the gold standard Purism strives for in each product offering and as we grow more and more products will adhere to this hardware supply chain best practice.

Additionally our From Fab to Table: Liberty Phone Supply Chain Security, goes into greater depth about hardware supply chain security that goes beyond the country of origin.

Purism also has the first and only USB Security Token to be Made in the USA.

Firmware Supply Chain Security

Purism has a number of strategies it uses to protect the firmware supply chain. The first strategy is to limit the overall threat by reducing the amount of proprietary firmware on our hardware as much as possible. We select the hardware components in our devices so that we can run them with free software drivers that anyone can audit. Like a dairy that only packages milk from antibiotic-free cows, we can avoid a lot of other audit worries by starting with a clean source. With Purism’s PureBoot, you can control your own keys and take advantage of our high security boot process (more below).

Whomever Controls the Keys Controls the Device

“Put all your eggs in one basket and then watch that basket.” — Andrew Carnegie

Many people take Carnegie’s advice to heart when it comes to security. They anchor almost all of their security with a single vendor, and the vendor is more than happy to oblige. Most infosec vendors seem incapable of designing security architectures that don’t put their products at the root of all trust. “Just give us your keys,” they say, “and we’ll take care of the rest.” Purism’s Security Self-Sufficiency article goes into greater depth on why Purism makes sure you control your keys.

Software Supply Chain Security

At Purism we are solving for threats associated with supply chain security by developing a secure OS, PureOS which is a 100% free operating system (OS) running on smartphones, PCs, and servers manufactured by Purism. The advantages PureOS offers includes the ability for anyone to audit the firmware and software to identify backdoors, malicious code, and security bugs.

One of the largest stories in recent history was the supply chain compromise of SolarWinds Orion which allowed attackers to ship malicious updates with backdoors to customers with perfectly valid signatures. Once these updates were applied and attackers were in these networks, this access allowed a large-scale attack of government agencies and tech and security companies, perhaps one of the single largest attacks of US networks in history. These stories keep coming up.

Code is Malware if You Cannot Verify The Source

If the source code is not available to verify from OS and App Developers, it is malicious by limiting your rights to freedom. It controls you. The Department of Homeland Security Science and Technology published a Study on Mobile Device Security that describes intrusive apps as “Malicious” apps enabling the developer to conduct audio, video, and physical surveillance on Android and iOS end users by way of hardware such as the camera and microphone, plus sensors such as GPS, NFC Tags, Bluetooth, and the accelerometer.

Purism has a great advantage over proprietary software vendors when it comes to protecting the software supply chain because we can offer a 100% free software operating system, PureOS, on our devices.

Security Boot Firmware with PureBoot

PureBoot is our high-security boot firmware we offer on our Librem devices. In combination with a Librem Key, PureBoot allows you to detect tampering in the boot firmware itself, and in your OS’s kernel and other boot files with your own encryption keys (not Purism nor any other vendor control).

Hardware Kill Switches

Our most famous hardware security feature is our hardware kill switches (HKS), a set of physical switches that disables the webcam and microphone, or WiFi, in hardware; and on our phones we added cellular as well as lockdown mode. Placing a sticker over a webcam is a nice start, but with HKS you can be sure that your computer isn’t spying on you and can conveniently enable the camera and microphone only when you need it.

Anti-interdiction Service

Purism established the best-in-class anti-interdiction service, an add-on service that we custom-tailor for each customer to add multiple levels of tamper detection to an order. With anti-interdiction in place, a customer can detect any attempt to tamper with the package, the computer hardware, or the firmware during shipping. This service is a remarkably popular add-on request for customers highlighting the importance of our efforts around security and user control over their security.

Removing Low Level BIOS/UEFI Exploits

The more doors you have the more doors can be opened, at Purism we remove the BIOS/UEFI and either install coreboot or PureBoot, which oftentimes allows us and our customers the pleasurable experience of avoiding critical security exploits that oftentimes occurs with the large (aka bloated) BIOS/UEFI found on other companies’ devices. One such example from 2017 still resonates today why our approach improves user security.

Purism addresses security by putting the user (or IT team of a company, organization, or agency) in control of the device and the keys. Whomever controls the keys controls the device, and we want that control to be squarely in your hands and not in ours. This security policy is written and enforced by our articles of incorporation where we specifically state “The Corporation will prioritize privacy, security, and freedom for its customers.” and “The Corporation will release encryption tools and services and will design these tools such that The Corporation will have no means to access users’ encrypted data.”


Purism Products and Availability Chart

 ModelStatusLead Time 
USB Security Token Purism Librem KeyLibrem Key

(Made in USA)
In Stock
($59+)
10 business days
Librem 5In Stock
($699+)
3GB/32GB
10 business days
Librem 5 COMSEC BundleIn Stock
($1299+)
Qty 2; 3GB/32GB
10 business days
Purism Liberty Phone with Made in USA ElectronicsLiberty Phone
(Made in USA Electronics)
Backorder
($1,999+)
4GB/128GB
Estimated fulfillment February
Librem 5 + SIMple
(3 GB Data)
In Stock
($99/mo)
10 business days
Librem 5 + SIMple Plus
(5 GB Data)
In Stock
($129/mo)
10 business days
Librem 5 + AweSIM
(Unlimited Data)
In Stock
($169/mo)
10 business days
Librem 11In Stock
($999+)
8GB/1TB
10 business days
Most Secure Laptop Purism Librem 14Librem 14Backorder
($1,370+)
Estimated fulfillment December
Most Secure PC Purism Librem Mini
Librem MiniBackorder
($799+)
10 business days
Most Secure Server Purism Librem ServersLibrem ServerIn Stock
($2,999+)
45 business days
The current product and shipping chart of Purism products, updated on October 18th, 2024

Recent Posts

Related Content

Tags