Tag: Security

Purism Warrant Canary Updated January 1st 2017

Happy GNU year!

Before (or on) the first day of each quarter, Purism, following the general rules of warrant canaries, will update its own Warrant Canary page if none of the listed items occurs.

warrant-canary-64x70px

Warrant Canary, January 1st 2017

  1. We have not placed any backdoors into our software or hardware, and we have not complied with any requests to do so.
  2. We have not received, nor complied with any National Security Letters or FISA court orders.
  3. We have not been subject to any gag order by a FISA court.

The next statement will be published on the first day of each quarter (January 1st, April 1st, July 1st, October 1st). Please refer to the Warrant Canary page for details and digital signatures.

Purism Warrant Canary Updated October 1st 2016

Before (or on) the first day of each quarter, Purism, following the general rules of warrant canaries, will update its own Warrant Canary page if none of the listed items occurs.

warrant-canary-64x70px

Warrant Canary, October 1st 2016

  1. We have not placed any backdoors into our software or hardware, and we have not complied with any requests to do so.
  2. We have not received, nor complied with any National Security Letters or FISA court orders.
  3. We have not been subject to any gag order by a FISA court.

The next statement will be published on the first day of each quarter (January 1st, April 1st, July 1st, October 1st). Please refer to the Warrant Canary page for details and digital signatures.

Meet up at Defcon & Todd joins Leo on The Twit Network

Purism’s Director of Technology, Zlatan Todoric, will be at the Defcon 24 through August 7th.  He will be available for any questions that you may have regarding Purism and our products.  He will also be happy to show off the Librem 13 to anyone wishing to take a look at our hardware.  You can contact him on Twitter @zlatandebian or via email zlatan.todoric(at)puri.sm

CEO Todd Weaver will be on the Twit network on Saturday August 6th, 2016 for an appearance with Leo Laporte on The New Screen Savers.  Todd will be discussing with Leo, among other things, the Purism line of products, the importance of free/open source software, what sets the Librem line apart from other free and non-free offerings from other companies, our web browser, our operating system and Purism’s Philosophy.  Join him here live at 3pm PT.

ICYMI: https://twit.tv/shows/new-screen-savers/episodes/65?autostart=false  Interview starts at 52:15

Apple v FBI: It’s About Control

86.5% of Americans use a cell phone. When you purchased your phone, you most likely believed you owned it outright, just as you own your toaster, your electric razor, or your hair dryer. The device in your purse or pocket, however, is not your own–you are essentially renting it from companies such as Apple, Google and Microsoft. Once you purchase an Apple product, for example, you relinquish control of the device, thereby giving up your legal rights to Apple.

How was this allowed to happen? By agreeing to the terms of service and upgrades, along with the proprietary software pre-installed on the phone, you married yourself to a machine that is essentially controlled by these companies. The news of the collusion and voluntary surrender of information to the NSA of our data, emails, and phone calls–all of which were collected whether or not the information was needed–is fresh in our memory.

It appears Apple, Google and Microsoft would like the American public to forget they voluntarily and summarily collected and offered up all of our data to the NSA in the name of national security post 9-11; now, they would like us to believe they are protecting our rights and our privacy by refusing to allow the FBI access to the phone used by one of the shooters in the San Bernardino attack. While some believe Apple noble to not provide a bypass to the FBI, others are on the side of the government, thinking these companies should be doing whatever it takes to protect America. It is obvious, however, that both sides are missing the point.

We can use the only known legal precedent as an analogy. If you have a safe that requires a key to unlock it, a warrant is legally required to force the holder of that key to turn it over, thus gaining access to the contents of the safe. If, however, you have a combination safe, you can claim the 5th amendment, and no warrant, no court, can compel you to incriminate yourself, extracting the combination from your brain.

That same logic can be applied to the Apple v FBI case. Apple has the key to your phone, by controlling the operating system. Apple can, at any time, circumvent the security features that are supposed to protect you by simply upgrading the operating system.

Think of it this way: If you stay in a hotel, you are renting a room. When you check in, you are given a key to access that room; the hotel still has a master key. Apple is the hotel, and your phone is the room. You are renting it from Apple and they can come in, clean, look around, divulge, steal, expose your information, or not.

You don’t actually own your phone. If we truly owned our phones, court ordered warrants would be served directly to the owner of the phone. The warrants in the case of Apple v FBI were served to Apple, who actually has control of your phone.

The legal issue of whether Apple must give up the key, whether through legal maneuvering around the First Amendment, or an act of Congress, avoids the larger issue of control: if Apple loses this legal battle, all phones, tablets, and computing devices that are under the control of a company are then legally bound to comply with a warrant to give up the key that controls your device. If Apple, or any organization, controls your device, you are giving your legal rights over to that organization.

But if you control your device, there is no master key. Only you have the combination under your control, and never have to relinquish that control. This is the ultimate in security and privacy.

The discussion about whether or not Apple should be compelled to give up the master key is missing the larger point, that Apple should never have had the key to begin with. It is possible to control your device by using free software. With Purism products and the free software that comes with it, you own and control your device. Purism will never be issued a warrant to force us to give up anything relating to your device. Purism doesn’t control the products we sell—you do.


You might also like: “Android and iOS’s Secret Backdoors, and How Purism’s Business Model Avoids This Type of Threat

Hardware Can Be Your New Best Friend

A visitor to the Purism site contacted us with a question. It’s a question that we sometimes encounter when we’re with friends or at events, and so we thought we’d share the response to his query.

Q: On your website, you state:

“All other laptops use hardware chips coupled with software that can betray you. News stories have shown how these chips can surreptitiously transmit voice, networking, picture or video signals. Other chips are used to install spyware, malware or viruses.”

I know about software vulnerabilities, but I had not heard of hardware itself having built-in backdoors. Could you provide any news articles to back up this assertion?

Computerworld—a sober, technical publication—has an article outlining 17 Exploits the NSA Uses to Hack PCs, Routers and Servers for Surveillance, providing many links to original sources. It concerns their Tailored Access Operations Program (TAO) and reports from the Snowden Archive are six years old. Thus what we know of today is almost certainly worse that what’s current. And what we know now is very, very troubling.

As the computer trade magazine notes, before giving four screens of examples:

Some of the exploits are deployed remotely and others are physically installed. Those hands-on operations may occur while the product is being shipped; it could be snagged during shipping so an obscure group like an FBI black bag team can do the NSA’s domestic dirty work. There are too many exploits listed in the leak to cover in one post, but I thought you might like to know about some that target servers, routers and PCs. Please note, however, that ANT can exploit nearly every major software, hardware and firmware.

Noted computer security authority and journalist Jacob Appelbaum referenced exploits used to spy on Americans and foreigners alike – with the data-sharing agreements in place, it’s important to recognize this is fast becoming an academic distinction – by observing, “This is Turnkey Tyranny and it is here.”

Videos for the 30th Chaos Communication Congress, where Mr. Appelbaum’s two lectures (and many more covering this topic) are here.

As our blog article, “Shine A Light On It: Why Verifying Is Required, Why Only Libre Allows It” notes,

In the tech field, what a few do today, more will do tomorrow and nearly everyone will be doing next week. Even if you trust intelligence agency bureaucracies – yours or others – to not spy too much on you, your family and your friends, it’s not “just” them. It’s those that will follow that will also be able to spy on you and yours using similar techniques, for much cheaper.

Just since June ’15 alone, the OPM hacks purportedly by Chinese agents and—the irony—the Italian Hacking Team itself getting hacked proves our blog article’s concerns were, if not prescient, accurate. Smaller agencies than the NSA/GCHQ and even private parties—both who can categorically be characterized as not being particularly protective of American or even European citizens’ rights, security or well-being—are using similar exploits.

It’s code. It’s protocols. It doesn’t check first for the proper badge before running. There is no “magic golden key” allowing only The Good Guys™ from executing code.

All of this leaving aside the issue that hardware and software are becoming more conceptual categories than practical ones. Securing one or the other is no longer a guarantee of safety. You need to have both secured. And, given the complexities involved, the only reliable way to do this is to use the F/LOSSH (Free/Libre Open Source Software and Hardware) model. Since without verification, there can be no trust. Since, even though we may trust an institution or person now, we can’t have faith that five years from now, these organizations will be the same, or the people we trusted still in place.

We genuinely wish we lived in a world where our caution we have for our customers was unjustified or even, hysterical. We genuinely wish there wasn’t a need for someone like Purism to develop verifiably secure, transparent ways for people to organize their thoughts then share them. The world would be a better place. We’d probably all enjoy a bit more extra sleep. But that’s not the world we’ve inherited. So instead, we’re energized at the challenges we all face. And we’re excited at the opportunity to do our small part in correcting this very unwelcome change in our digital environment.

The Four [Browser] Freedoms

Seventy-five years ago, Franklin D. Roosevelt proposed four fundamental freedoms that people everywhere in the world should enjoy. Purism now proposes four fundamental freedoms we should insist in our digital lives. In the first of a series of discussions, we focus on what we demand in a web browser before it’s included in PureOS.

Purism’s default web browser—PureBrowser—is one of the most secure, private, and freedom-respecting browser available, with a philosophy that will keep it respecting users’ rights in the future as new exploits and vulnerabilities are exposed and discovered.

There is only one sure way to ensure total security and privacy: don’t go online. However, that would make us even less free. Freedom compels risk-taking. Inaction is another path to servitude.

PureOS demands four fundamental freedoms:

  1. Useable to everyone; safety in numbers. A secure system few use is as bad as a compromised system everyone uses. Safety is contagious. If only a few people are using online privacy schemes, they stand out to thieves and other hostile entities. This isolation makes them targets. Thus, everyone’s privacy matters. Protecting less technically sophisticated users strengthens even the most sophisticated of us.
  2. Individual & personal. Everyone’s threat model – who is after you, for what, why & how – differs. Even for the same person, it changes, depending on context. Freedom means making knowledgeable choices that best suit our circumstances. Our fluid circumstances.
  3. Collectively verifiable & reliable. With your digital life at stake, promises are the wind. Only by using Free/Libre Open Software & Hardware (F/LOSSH) can we objectively verify claims.
  4. Transparent. Your software and hardware – and those making it – should be forthright in its function, capable in delivering them and limited to doing only what they promise.

Compared to common browsers, PureBrowser respects and protects your rights to privacy, security, and freedom by:

  1. Blocking third party trackers & advertisers by default. These are designed to gather private details about your browsing habits. Opting in should be your choice – not opting out.
  2. Using HTTPS where ever possible by default. Encrypting these connections prevents your behavior and information from being monitored by malicious groups while it is in transit. This also prevents you or the site you think you’re visiting from being hijacked by a third party.
  3. Being Free/Libre Open Software (F/LOSS). Without the ability to audit the software, it’s impossible to be certain how it works. Since Libre software’s source is made available – every line of code, by definition, has to be – it can be verified that it is what it purports to be. Communities together ensure this is the case. F/LOSS principles don’t require that we trust the author, it requires we trust the community.
  4. Never “phoning home” any personally identifying information surreptitiously. Information collected is, inevitably, information used. Chekhov’s Database, if you will.

 

The Four [Browser] Freedoms

 
MS Internet
Explorer
Google
Chrome
Mozilla
Firefox
Apple
Safari
Purism
PureBrowser
Blocks sending identifying details
No
No
No
Partial1
Yes
HTTPS Everywhere by default
No
No
No
No
Yes
Free/Libre & Open Source
No
Partial2
Yes
No
Yes
Blocks 3rd Party trackers by default
No
No
No
Partial3
Yes
1. Sends information to Apple for diagnostic purposes and to facilitate user-anticipated services.
2. Source code is released under free licenses, but other freedom and privacy restricting features exist.
3. Blocks 3rd party cookies; can send HTTP header request to them.

Summarizing the table above:

  • Microsoft’s Internet Explorer – and most likely their in-development browser, Edge – fail all four of these essential tests.
  • Google’s browser fails more than three of the four.
  • As of this writing, the general release of Firefox also fails three-quarters of them.
  • Apple’s Safari fails half.
  • PureBrowser passes all four of these essential tests. From the start, Purism’s PureBrowser blocks your personal information from being sent to groups you most likely do not want them to have.

Purism uses a fork—creates a distinct & separate piece of software—of Firefox, developed by the Trisquel development team. Wikipedia characterizes Trisquel as a fully F/LOSS system without proprietary software or firmware, noting that it is “listed by the Free Software Foundation as a distribution that contains only Free software.” Purism takes this already exemplary version then optimize it for the Librem laptops running PureOS and adds more privacy protections.

We carefully select privacy-enhancing add-ons, by default, such as the EFF’s Privacy Badger, that blocks third-party advertisers tracking literally every site you visit, page you view & video you watch.

PureOS also includes the EFF’s HTTPS Everywhere browser extension, which is also turned on by default.

Finally, we proudly include the superlative Tor Browser from the Tor Project to ensure your anonymity.

The threats we face are many, varied and constantly evolving. Purism will be constantly evolving, too. We’ll continue evaluating the best, most effective add-ons, the tightest, best source code and most cunning new exploits to keep PureBrowser the most rights-respecting browser available to safeguard your privacy.

We were delighted to discover, while writing this article, that the founder of the Free Software Movement, Dr. Richard Stallman, was also inspired by President Roosevelt when he proposed his Four Essential Freedoms. We ecstatically, humbly, follow these two superlative tracks of footsteps.

Rather than close with a The only thing we have to fear…, let us instead close with Mr. Roosevelt’s, Happiness lies in the joy of achievement and the thrill of creative effort.

Purism Installs EFF’s HTTPS-Everywhere by default

EFF‘s HTTPS Everywhere is a browser extension that encrypts your communications with many major websites, making your browsing more secure. HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS. Purism installs HTTP Everywhere so you are have more security by default.

freedom-privacy-settings

https-everywhere