Tag: Software freedom

GNOME Foundation Partners with Purism to Support Its Efforts to Build the Librem 5 Smartphone

Orinda, CA/San Francisco, September 19, 2017 – The GNOME Foundation has provided their endorsement and support of Purism’s efforts to build the Librem 5, which if successful will be the world’s first free and open smartphone with end-to-end encryption and enhanced user protections. The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. Read more

GNOME & KDE: The Purism Librem 5 phone is building a shared platform, not walled gardens

You might have heard about our Librem 5 phone campaign that we recently launched and that has now crossed the $300,000 milestone. If you are reading this particular blog post, it is quite probably because you are a member of the great GNOME/KDE/freedesktop community, and if you were expecting the Librem 5 to be only “a GNOME phone” and exclusionary of others you will be happy to know that Purism is working with both KDE e.V. and the GNOME Foundation, and will continue to do so.

As a matter of fact, to the question “Will you be running GNOME, Plasma, or your own custom UI?”, our campaign page’s FAQ stated, from the beginning:

“We will be working with both GNOME/GTK and KDE/Plasma communities, and have partnered with the foundations behind them for the middleware layer. PureOS currently is GNOME-based and our great experience with working with GNOME as an upstream as well as GNOME’s OS and design-centric development model; however we will also test, support, and develop with KDE and the KDE community, and of course we will support Qt for application development. We will continue to test GNOME and Plasma, and should have a final direction within a month after funding success. Whatever is chosen, Purism will be working with both communities in an upstream-first fashion.”

As a point of clarification, Purism is supporting GNOME/GTK and will continue to do so; Purism is also supporting KDE/Plasma and will continue; forming partnerships with these great communities is a way to establish our long-term commitment to those goals.

Likewise, Purism will ship PureOS by default on the Librem 5, but will support and work with other GNU/Linux distributions wishing to take advantage of this device.

The Librem 5 is about users reclaiming their rights to freedom, privacy and security on their mobile communication devices (also known as pocket computer, smartphone, etc.) with a platform that they love and trust. It is not about creating walled gardens, erecting barriers and division in the free desktop community, and reigniting the Desktop Wars of the past:

We are planning to empower users to run both GNOME, KDE, or whatever they see fit, on their GNU+Linux phone—just like we can have both GNOME and KDE on the same desktop/laptop today. The fact that we are going to be making an integrated convenient product that may or may not be a vanilla or heavily modified version of one of these two desktops as the “official recommended turnkey product choice for customers” takes away nothing from the value of these environments or from the ability to run and tinker with whatever Free and Open-Source software you see fit on your device—a device that you can truly own.

What we are providing here is a reference platform that is not Android, for both GNOME and KDE communities—we just so happen to need to provide it as a turnkey usable product for less tech-savvy customers as well, while doing it 100% in the open, upstream-first, like a true Free Software project should be. Right now, the exact set of software technologies we will base our “integrated product” on—whether closely based on KDE, or GNOME—is something we are still evaluating and will decide along the way. There is no “us” vs “them” here. The two projects are in different states of advancement when it comes to mobile and touch technologies, and both communities have their specificities, expertise, and strengths. No matter which project we pick as the basis to invest most of our technical resources in, both projects will win:

  • Even if one project is not chosen as the reference product user interface, it gains a hardware reference platform that community members can standardize on, and thus improve itself however they see fit.
  • This is not the nineties. GNOME and KDE have had a healthy collaboration relationship for the better part of a decade now!
  • We light up a competitive fire again in the hearts of contributors in both communities—and beyond. We can now fight for a platform we truly own, from the backend and middleware to the graphical user interface. No more proprietary UIs, no more “fork everything in middleware!”
  • We will still provide support to developers and testers across the board, everybody is welcome.

From a higher perspective, we believe this campaign is vital to the relevance of Free Software and the viability of GNU+Linux (vs Android+Linux) beyond the desktop, and to protect ourselves from pervasive surveillance and data capitalism. We hope you will see it in this light as well.

Of Laptops and Phones

On Thursday, we have revealed our plans to build the world’s first encrypted, free/libre and open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. This naturally comes after having announced the general availability and inventory of our Librem 13 and Librem 15 laptops in June this year. Our newest line of laptops are undergoing shipping after a short delay related to finishing our coreboot porting work (look forward to our technical update on this subject, to be published this Tuesday).

In preparation for the phone project, in addition to our regular work we have spent 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, and have now reached the point where we are launching the crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

Enabling the next generation of cable-cutters, we are making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. We will also offer regular baseband functionality separated off from the CPU, and work towards the goal of freeing all components.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, we hope to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. We have built our reputation within the GNU/Linux community on creating laptops designed to specifically meet user concern about digital privacy, security, and software freedom.

Starting at $599—less than the cost of many popular smartphones—and featuring a bona fide GNU/Linux operating system (PureOS) instead of Android or iOS, the Librem 5 is intended to give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

  • Make encrypted calls that mask your phone number
  • Encrypt texts and emails
  • Set up VPN services for enhanced web browsing protection
  • Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network
  • Edit or develop on the source code, which will be made publicly available, as a community-oriented FLOSS project (not “read-only open-source”)
  • Run PureOS or most modern GNU+Linux distributions—not yet another Android-based phone!
  • Enable hardware kill switches for the camera, microphone, WiFi/Bluetooth and baseband

Visit the Librem 5 crowdfunding campaign on our online shop to back the phone project!

Additionally, we will soon be posting a progress update on our laptop enablement coreboot work. Stay tuned for Youness’ technical report on Tuesday!

Purism Unveils Plans to Build Librem 5, the World’s First Encrypted, Open Smartphone Ecosystem Giving Users Complete Device Control

Security focused laptop maker launches crowdfunding campaign to gauge market demand and feature requests to begin fabrication

SAN FRANCISCO, Calif., August 24, 2017 — Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has revealed its plans to build the world’s first encrypted, open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. After 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, Purism is opening a self-hosted crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

The plans to build the Librem 5 smartphone come on the tails of Purism opening general availability and inventory for its increasingly popular Librem laptop line in June 2017, which includes the Librem 13 and Librem 15 laptop models and has seen 35 percent average monthly growth in the past year.

Partnering with open source communications project Matrix, Purism is making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. Matrix is an open ecosystem for interoperable encrypted communication, supporting a rapidly growing community of over 2 million users for VoIP and Slack-style messaging.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, Purism hopes to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. Purism has built a strong reputation within the GNU/Linux community by delivering laptops designed to specifically meet user concern about digital privacy, chip-by-chip, line-by-line, to respect our common rights to privacy, security, and freedom.

Starting at $599—less than the cost of many popular smartphones—the Librem 5 will give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

  • Make encrypted calls that mask your phone number
  • Encrypt texts and emails
  • Set up VPN services for enhanced web browsing protection
  • Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network
  • Edit or develop on the source code, which will be made publicly available
  • Run PureOS or most GNU+Linux distributions
  • Enable hardware kill switches for the camera, microphone, WiFi/Bluetooth and baseband

“I believe digital rights should mirror physical rights. Our Librem 5 phone will get humanity closer to that goal by giving people choices about how they want to protect or share their digital identity,” said Todd Weaver, founder & CEO at Purism.

“Purism has been doing genuine and important work around making truly free yet desirable laptops. The communities I work with would very much like to see the same philosophy replicated in a phone that runs a GNOME based stack where community members can participate in equal terms and that ensures respect for the users’ privacy and security,” said Alberto Ruiz, GNOME & Fedora Laptop Enablement. “While pulling this off is hard, Todd seems like someone who sincerely cares about these issues and has a great track record executing. I think the efforts of Purism deserve the support of the free software community.”

A veteran of successful crowdfunding campaigns with more than $2.5 million raised over the past two years, Purism is self-hosting the Librem 5 crowdfunding effort on their web site. Users can back the project here: https://puri.sm/shop/librem-5

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@puri.sm
See also the Purism press room for additional tools and announcements.
 

Wannacry, Petya, NotPetya, Vault 7, Dark Matter, Show Numerous Key Flaws in Popular Devices

Purism Librem laptops are immune to such threats because of a deeply rooted philosophical difference about security

SAN FRANCISCO, CA—July 5th, 2017—Purism, the social purpose corporation which designs and produces security focused hardware and software, has released a new report on the latest cybersecurity threats and why nearly all devices are vulnerable to such attacks. The very design of modern hardware and software invites a host of threats, from sophisticated attacks, criminal activity, to hobbyist attempts, and reactive software patches simply cannot be released quickly enough to plug security holes. All manufacturers beside Purism are reactive to security threats only. Being proactive about security comes down to philosophy, business model, and reducing the attack surface to begin with.

There are 4 key factors as to why popular devices produced by large manufacturers are susceptible to rising security concerns:

  1. Proprietary software, where the source code is not auditable, leaving exploitable holes for criminals to take advantage of without the public knowing until it is too late
  2. Software written to address a wide array of hardware, leaving a large attack surface, rather than being small and tightly integrated with hardware
  3. Monolithic proprietary UEFI/BIOS with low-level remote access capabilities, rather than coreboot, a small secure fast boot firmware
  4. Inadequate reactive software updates to patch security vulnerabilities, rather than the more proactive removal of security holes to begin with, and having public source code to be audited

The best security in software follows a simple set of rules that the largest manufacturers fail because of their business models:

  1. Release the source code
  2. Tightly integrate the software with the hardware removing useless exploitable software
  3. Use less code, pre-install less bloatware, equals less attack area
  4. Avoid mystery binary code for critical components like WiFi cards
  5. Put protecting users over corporate profit; such as do not track users, do not require financial details to install apps, do not phone home with identifiable data, do not participate in corporate surveillance

WannaCry, Petya, and NotPetya, are increasing in complexity in a whack-a-mole, distributed criminals vs centralized corporation software battle where the users are the victim. The current proposed solutions from proprietary software vendors is reactive to these threats, which by definition means they will continue to happen in increasing frequency and potency. There is real motive for criminals to create ransomware, wreak havoc, and upset markets, and the reactive proprietary software patching approach is unacceptable as a security story.

Lower level threats a lot released with Vault 7, like Dark Matter, Intel AMT, EFI/UEFI exploits highlight that criminals are going deeper than software and operating systems, where even the reactive approach does not help, since proprietary operating system vendors do not release EFI/UEFI updates, and BIOS, EFI/UEFI updates are not commonly done by users.

In a proactive model, where the source code is released, making the attack surface small, and sharing the code for audit, has been the philosophical difference as to why Purism Librem laptops have been immune to all these threats.

“Protecting our digital life is a growing concern for individuals, reactive patching does not provide the peace of mind that users want” said Todd Weaver, CEO and Founder at Purism. “We provide that peace of mind by making security protection easy and the default for users.”

Purism’s Librem laptop line has been specifically designed to address these gaping security issues that big box manufacturers are unable and unwilling to combat due to being reactive and not releasing the source code. To date, Librems have been completely immune from the following cybersecurity attacks: Wannacry, Intel AMT, Petya, Dark Matter, All Vault 7 EFI/UEFI exploits, and NotPetya.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops, tablets and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@puri.sm
See also the Purism press room for additional tools and announcements.
 

A fleet of coreboot laptops assembles

Following up on our status update where we revealed the imminent shipping date and general availability of our laptops this June, we’re happy to let you know today that we’ve recently had a breakthrough in our work to port the new laptops to coreboot, thanks to the fruitful collaboration between our coreboot developer Youness “KaKaRoTo” Alaoui and Matt “Mr. Chromebox” DeVillier (to whom we sent a prototype unit). Our coreboot port is now working for both the Librem 13 v2 and the Librem 15 v3, with all the test cases passing.

We are now pretty confident that we should be able to have coreboot firmware ready in time for factory preloading of the new inventory we’ll be shipping from in June. As we receive the first “production” units, we will ship some of those across the border, so that Youness can re-test and finalize the port on those machines (the results should be the same, but we want to make sure everything is top-notch). I will also seize the opportunity to take good reference images in our photo studio.

In the meantime, Youness is currently busy preparing his code contributions to be upstreamed officially to the coreboot project, after which he will be attending the 2017 edition of the coreboot conference in Denver. You will also soon be able to read his latest technical findings as part of the current round of coreboot ports.

The only model that will remain to be ported to coreboot afterwards will be the Librem 15 v2 (it turns out that the “v1” was an early demonstration unit that was sent out to some reviewers but never made it into large-scale production, so it does not actually need to be ported), thus reaching a milestone and honouring a promise that many of you have been eagerly looking forward to. That remaining port should be fairly straightforward to do, now that Youness has gained a lot of experience with other models. Then, depending on how the timing plays out this summer, our reverse engineering work is expected to resume from where we left off.

Releasing the beta of PureOS 3

After our alpha release in November, we are today releasing the beta for PureOS 3.0, which we intend to release as a final release in time for our upcoming new laptop batch shipment (more news on that soon).

As PureOS uses a rolling release model, software all across the stack continued to receive updates since our first alpha some months ago, even though the core of our work has been to improve and deploy new infrastructure to support efficient development of this operating system and to make the PureOS experience more pleasant for users, too. The PureOS infrastructure is now better at exposing migration/update issues, which means that we iron out broken or missing package dependencies more quickly (with the goal of preventing them from ever being encountered by users, although such occurrences are already rare). Building this infrastructure for PureOS is some very ambitious—and often invisible—work that we are accomplishing as the foundation for all PureOS development.

We are also in the final stages of preparing proper developer documentation, closely modeled on Debian’s contributors documentation and procedures, but pointing to the right bits and pieces when it comes to PureOS.

FSF endorsement is work in progress: we are working with the FSF and addressing any concerns or requests they may have. As per the FSF’s requests:

  • The new PureOS website is now fully separate and works with LibreJS.
  • Iceweasel/Firefox was removed from the archive (its presence there was actually due to a repository synchronization bug) and we modified the add-ons system to avoid the possibility of installing non-free add-ons by mistake. That said, this is one of the reasons why PureBrowser exists, and PureBrowser will continue to be the default. The forced removal of Firefox/Iceweasel caused some trouble with the PureOS package repositories archive but this will be fixed before the final release.
  • TorBrowser is now torbrowser-launcher, a package that downloads and installs the official Tor browser with updates being applied as soon as the Tor project publishes them.

On the security front:

  • A Wayland-based GNOME 3 experience remains what we ship by default.
  • We have started preparing our Linux kernel to be based on the grsecurity kernel. This is available as a package in the beta’s repositories but is not enabled by default, as we consider it requires more testing (you can help!) so we can use it as the default Linux kernel in the future (for PureOS 3.0’s final release, hopefully!)… so feel free to install and try it out (don’t forget to install paxctld as well)! This will be a huge step forward in terms of security. While most regular GNU/Linux distributions are more secure and privacy-respecting than proprietary OSes, having the grsecurity patchset in PureOS’ Linux kernel by default will bring PureOS far above the norm in terms of desktop GNU/Linux security practices.
  • We look forward to integrating flatpak in the future to benefit from its sandboxing capabilities

As you can see, we’re making some nice progress and PureOS has great plans ahead to achieve a great user experience that balances security and usability. This is quite a bit better than running OSes that work against you or that strip you of control over the applications layer!

What the CIA Vault 7 Documents Mean

WikiLeaks has recently released a treasure trove of documents, codenamed Vault 7, that will take weeks to digest. And we will digest it all. But before we go document by document, we wanted to address top-level concerns users have, and how our philosophy and business model are the only ones that can withstand the test of time against this type of user device control. Read more