David Seaward

Director of Trustworthy Services at Purism

Latest posts by David Seaward (see all)

With pre-orders confirmed, the Librem Mini is available and shipping soon. It might seem counter-intuitive, but this is also an exciting development for Librem One. If you’ll pardon me dreaming out loud, I’d like to set two long-term milestones before getting back to the daily grind.

The second trifecta

One view of Purism is a convenient place to get your hardware, your software and your services, with the bonus that unlike other vendors you are not locked in. You can mix and match or switch it up, according to your needs and preferences. But if we zoom in on the hardware department, we can now see another trifecta: handheld mobile, reliable laptops and mini server (optionally headless).

Now as soon as you have two devices, let alone three, let alone a household of different phones or an office with a BYOD policy, you need a network so they can communicate. If you’re in the same room or building, a LAN will do. But step outside (or work remotely) and you encounter two issues:

  1. You need to use hotspots or phone data. We’ve solved the associated issues here with Librem Tunnel.
  2. You need to keep all these devices in sync!

Traditional synchronization sends your personal and sensitive data to “the cloud”, a murky place where everything is merely obscured, until there’s a breach and it comes pouring out.

Two devices synchronize via a cleartext database in a leaky cloud

A secure bridge and a server you can trust with your data

Librem Sync is a work in progress that will allow you to securely synchronize structured account data between devices. So, for example, you could update your calendar on your laptop and see the change on your Librem 5. Unlike traditional synchronization the update will be end-to-end encrypted, only your two trusted devices can see it, the bridge is just a conduit with no access to what’s inside.

Two devices synchronize a structured unicorn over a secure bridge

But not all data is structured or limited to one account. And sometimes you just need to do funky things. Traditional solutions require that you move processing and data into the cloud where it is merely obscured. But with the Librem Mini, you have a trustworthy on-premises server in your home or office. You can send unstructured data over a secure bridge (for example, Librem Files) to the server, which can store the data and process results, sending them back over the bridge, accessible to any device.

(If you need industrial-strength processing, you can do the same with a rack of Librem Servers, but I’m focusing on the home and small office scenarios.)

Two devices synchronize unstructured data via encrypted bridges to a trusted mini

Plus, a router

And finally, if you include the wifi option, you can use your Librem Mini as a tunnel-powered router. These days most ISPs prefer that you install a router that they own and control. On the plus side, it is theoretically easier for them to keep the router secure and up-to-date without your intervention and it is (again theoretically) easier for them to troubleshoot connectivity problems. On the minus side, your home connection is now only marginally more trustworthy than a random hotspot.

So hook up your Librem Mini directly to the router by ethernet. Disable wifi on the router, and enable it on the Librem Mini. Install Librem Tunnel and activate it. Switch your phones, laptops and other devices over to the hotspot created by the Librem Mini. Now all your traffic runs through the tunnel, inaccessible to your ISP.

One device uses the mini as a router, skipping over ISP and cloud snooping

As I mentioned, making this work out-the-box is a longer term milestone for the Librem One team, but as with all things at Purism we will iterate towards perfection!

Recent Posts

Related Content

Tags