Language Selection

English French German Italian Portuguese Spanish


Syndicate content Purism
High-quality laptops that protect your freedom and privacy
Updated: 2 hours 11 min ago

Software Freedom Day

Saturday 21st of September 2019 06:17:22 AM
Today we celebrate software freedom!

In case you haven’t heard of it before, “software freedom” is a commitment made by programmers: to release apps in a way that always benefits the everyday user. A “free software” application upholds these four essential freedoms, defined by the Free Software Foundation:

  • The freedom to run the program as you wish, for any purpose

  • The freedom to study how the program works, and change it so it does your computing as you wish; access to the source code is a precondition for this

  • The freedom to redistribute copies, so you can help others

  • The freedom to distribute copies of your modified versions to others; by doing this, you give the whole community a chance to benefit from your changes (access to the source code is a precondition for this)

As part of its social purpose charter, all software released by Purism is free software. That means our software includes a lot of free software created by others–thank you!

We make this commitment with a “free software license” that formally grants these freedoms. This means you don’t need to ask us permission to use our software–you already have it. If you are a programmer, you are free to tweak or even overhaul an application. If you are a consultant, you are free to provide supporting services. If you are an everyday user, you are free to choose whoever you like to provide programming and other services, or even learn how to do it yourself.

There’s a veritable rabbit-hole of information about the software freedom movement out there

But here are four simple actions you can take today to support software freedom:

  1. Join or donate to the Free Software Foundation. They originated, and continue to spearhead, the free software movement. In many ways they foresaw the troubles with digital civil rights that we have today; giving them a louder voice will very likely help forestall more troubles tomorrow.

  2. Buy something from Purism

Mirrors for Speedier Downloads

Friday 20th of September 2019 05:33:33 PM

To put it briefly, PureOS provides ISO images and packages for download. Recently, we’ve seen increased traffic on our download site, and we expect that traffic to grow. We’re hoping to address increased traffic with mirrors for both package updates and downloads.

We’re very happy to announce that Sonic, a highly-ranked and privacy-respecting ISP, has offered to host a mirror for PureOS. This will alleviate some of the traffic, especially for those in North America, without compromising security. The security of the packages remains guaranteed by our signatures; the mirror simply holds another, identical set of packages, signed with Purism’s key.

The mirror is easy to use. For example, if you’d like to use the mirrors for downloading an image, simply use this URL: And here’s the link to the most recent GNOME Live build.

If you’d like to use the mirror for your packages, you have two choices:

1. use the command line to edit your /etc/apt/sources.list
2. use Software to add the mirror URL

The first choice is pretty quick and easy. In the terminal, use your favorite text editor to edit this file, /etc/apt/sources.list, and insert the following line:

deb amber main
deb-src amber main

Then run and apt-get update, and you should be all set.

If you prefer to use the Software tool, simply open Software. You can find it among the apps, by going to the upper left-hand corner of the desktop and clicking on “Activities”; then “Show Applications”, which is the last icon in the dock usually–a collection of nine squares.

Once you see all your apps you can either search for “Software” or scroll down a bit until you see it. And once the first “Software” is open, go to the menu on the top bar where it says “Software” again. There, the drop-down menu will show you an entry for “Software repositories”–and that is where we’ll make our changes, in order to use the new North American mirror. Appropriately enough, once you’ve clicked on the Software repositories menu entry you’ll see the “Software & Updates” screen. In the “Other Software” tab you can enter the new mirror’s URL by clicking on the “Add” button in the bottom left. Now, enter this entire line:

deb amber main

You’re almost done. Hit the “Add Source” button and authenticate with your password. Finally, hit “Close” then “Reload” and you should have a snappy, speedy new mirror for your packages.

Packages are updated four times a day on the mirrors and more can be done if necessary, but this will be more than enough for now. Enjoy! And thank you very much to Sonic.

The post Mirrors for Speedier Downloads appeared first on Purism.

SIM Application Toolkit: Avoid Being Exploited

Wednesday 18th of September 2019 09:47:58 PM

Technologies are often created with good intent, to make our life easier, to solve problems in a convenient way. The Management Engine in Intel’s CPUs, for instance, was intended to make the life of admins easier. It allowed for remote access on a very low level, so they could even do complete remote reinstalls of a machine. And if you have to manage a large fleet of machines, distributed within a larger enterprise, this can save huge amounts of effort, time–and thus money.

Implementation details matter

Sadly, many of these technologies that were meant as good are implemented in a way that bears more harm than advantages. The ME, for example, is fully proprietary and closed. It is even undocumented in most parts, so it can not be publicly reviewed and audited. It is a piece of software, software has bugs and so has the ME implementation; the news are full of it lately.

The same is true for something that many mobile phone users are totally unaware of–the SIM Application Toolkit, also called SIM Toolkit, SAT/USAT or STK.

The SIM Application Toolkit

Its name already points to the origin: the SIM card. It is the tiny chip card you insert into your phone, to get access to the cellular network of an operator. The SIM card used to be a fairly simple device, which you can imagine as the key to unlock the access to the network: i.e., it stores a secret (a cryptographic key) along with an ID (the IMSI) and some details about the issuing operator, etc. This data set grants you access to the operator’s network.

But phones [also called handset, or ‘terminal equipment’ (TE), in mobile terms] have become more and more powerful. And setting up these cards has become more and more complicated; you need an SMS center number, details for the MMS server, mailbox dial-in number… and a lot more. All this needs to be properly set up in the mobile, to make full use of both the mobile and the network. To make this even more complicated, these details (and the way to set them up) are different from operator to operator. The process for this initial setup is (also) called provisioning. It was to make this (and other things) as convenient and least painful as possible for users that SAT was invented.

The name SAT tells us not only that it is SIM-related, but also that it contains the term application: SIM cards can, and today they usually do, indeed contain small applications or applets. They are small computers on their own, they run code, and they can indeed be programmed. Most are based on the JavaCard standard and can be programmed with small Java applets. The SAT defines a standard way to interface the SAT applets with the modem and the phone.

Here comes the tricky part

SAT applets can have access to modem traffic, especially to SMS. They can execute on the SIM card–pretty much without any knowledge from the user. SAT applets can even initiate unsolicited communication (e.g. sending SMS) and can get updated and/or changed by the operator, over the air. All this is part of the 3GPP standards. SAT applets can also interact with the user, if the handset implements the user interface parts of SAT with simple menus, limited icon display and reading input from the ‘dial pad’.

SAT applets are an important part of the provisioning by the operators, when new SIM cards get activated. But their implementation details are not public. Their code is not public, and is thus likely to contain security flaws.

The SIM Jacker and the S@T Browser

One of these flaws has just surfaced: it is called SIM Jacker, and it exploits the S@T Browser component, found in many SIM cards. It allows for exposing critical user data, like the currently connected cell tower ID. The cell tower ID can easily be matched against databases, and is pretty much equal to having a geographical position. An attacker would thus be able to locate a user–accurately enough to determine, for example, if someone is at home or not. And it must be assumed that more information about the user can very well be extracted in a similar way.

This is possible when attackers send a specially crafted SMS to a mobile. It is not visible to the user and will initiate, again without the user knowing, an automated response by the mobile. The mobile then sends it back to the attacker, exposing for example what the user cell tower ID is.

Protecting the Librem 5

Purism is actively working with its modem manufacturers in order to protect Librem 5 users from such exploits. We are also investigating how to have a configuration option: how to opt-in to SAT, if you really need it (e.g. for initial provisioning), and disable it again afterwards–in order to avoid any such forms of exploitation.


Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post SIM Application Toolkit: Avoid Being Exploited appeared first on Purism.

A Guest Post by Evon Ho

Tuesday 17th of September 2019 03:05:04 PM

Evon Ho, a first year Computer Science student at Southern New Hampshire University, asked us a few questions about Purism. Todd Weaver, Purism’s founder and CEO, answered them, and Evon wrote the following essay:

Purism: A Privacy Based Computer Company

It all started when Todd Weaver, Founder and CEO of Purism, realized Big Tech could not be trusted as moral guardians of his and his children’s data. The current paradigm of corporations data hoarding is, as Todd describes it, built on “a tech-stack of exploitation”–and not by accident, but by design. Companies such as Google and Microsoft–and especially Facebook–intentionally collect, store and share user data to whomever they see fit. In recent events, the California Consumer Privacy Act, which becomes effective on January 1, 2020, will make residents of California able to know what personal data is being collected about them, know whether their personal data is sold or disclosed and to whom, say no to the sale of personal data, access their personal data, request a business delete any personal data information about a consumer collected from that consumer and not be discriminated against for exercising their privacy rights. This sounds good, and it is, but not according to Big Tech. Big Tech such as Facebook hired a firm to run ads that said things like “Your next click could cost you $5! Say no to the California Consumer Privacy Act”. Big Tech does not care about privacy, they care about their bottom line. This is where Purism comes in.

Purism is a privacy focused company. Their devices, the Librem5, Librem13 and Librem15 run PureOS–a GNU/Linux distribution that puts privacy, security and freedom first, by design. It includes popular privacy-respecting software such as PureBrowser. The OS helps you “Surf the web safely without being tracked by advertisers or marketers” and allows you to easily encrypt your entire OS and data with your own encryption keys. This is huge, especially if you understand how much of your “private” data is actually being shared.

I e-mailed the company asking questions about the entrepreneurial aspects of running a computer company, expecting an employee to send over a typical pre-written list of information. To my surprise and excitement, the CEO and Founder Todd Weaver e-mailed me himself, and answered my questions. This was very inspiring.

There are quite a few entrepreneurial aspects of running a computer company. You must manufacture your own computers and design your own software. Because the software in PureOS is free software, there exists a community of paid and volunteer developers who maintain it. This is beneficial in many ways, such as it allows the code to be freely auditable and if there’s a bug it’s usually fixed fairly quickly. There are some challenges that one must overcome as well, such as delays in manufacturing and the management of growth based on cash flow–this is crucial. With dedication and perseverance, these challenges are easily overcome, and one can move onto the designing process.

To design a computer from scratch, you must have a goal in mind. Purism’s goal is to give consumers “a computer that you fully own and control”. This goal then allows them to list all the reasons why current laptops and phones cannot meet such a goal. They then look to solve each reason of incompatibility to produce a new and improved device that allows one to fully own and control their device. To fund such a company, one needs an investment of capital. Founder and CEO Todd Weaver invested his own money into the company initially, then ran crowd-funding to bring the first product to market.

Purism’s goals for the future include continuing to improve and expand their products to offer a convenient alternative that respects people and their digital lives. This is a noble and respectable goal, and I for one would love to use a Librem when I graduate Southern New Hampshire University and work as a software developer.

In conclusion, if one has a worthy goal in mind such as Purism’s privacy-first approach, nothing is impossible–not even running a successful computer company.

Thank you, Evon–we loved it, and are very proud that you chose us. Keep up the good work!

The post A Guest Post by Evon Ho appeared first on Purism.

Librem 5 Batch FAQ

Thursday 12th of September 2019 10:40:27 PM
We have been getting a lot of questions related to our announcement of the Librem 5 shipping schedule. Here, we will post the answers to some frequently asked questions, and update this document as new questions come in.

Q: The shipping announcement says the first batch of the Librem 5 will have a “loose fit”. Does this mean the phones will be low-quality?

A: Every Librem 5 that rolls off the assembly line will be a high-quality smartphone. Every component, tested and lovingly assembled. “Loose fit” in this case leaves us room to have ribbon cables, antenna cables, camera spacer and LED alignment have a looser tolerance than later batches.

Q: The first batch of Librem 5s is listed as having “unfinished switch caps”. What does that mean?

A: That the hardware kill switches will be the bare switch pole, without the ergonomic covers on top that will make them easier and more comfortable to use.

Q: Will all software updates be released for all shipping batches of the Librem 5? If I get batch Birch, will I get the same software updates as later batches?

A: Yes! All batches will receive the same software updates at the same time. That means new (and updated) applications will arrive at the same time, no matter which batch you received.

Q: If I receive the Librem 5 from one of the first batches, will I have a fully functional phone?

A: Yes! Even the very earliest batches will be capable smartphone, including a modern web browser and core cell phone functionality.

Q: How do I know which shipping batch my order will be part of?

A: You will receive an email letting you know which shipment batch you are scheduled to be part of, based on your place in the queue.

Q: Will it be possible to replace the case (or other components) in the Librem 5 I receive with parts from a later batch?

A: Very likely, yes: screw-holes in the PCBA and basic mechanical design are unlikely to change; minor adjustments for ease of assembly or antenna placement are examples of case modifications between batches.

Q: Can the operating system the Librem 5 ships with (the GNU/Linux based PureOS) be replaced with another operating system?

A: Yes! There are community efforts underway to port UBports, Plasma, and PostmarketOS to the Librem 5. We will be publishing a blog post soon with details about the progress of these projects. However, Purism has invested heavily in PureOS for the Librem 5 and will only be able to support PureOS on the Librem 5 directly.

Q: What is PureOS, exactly?

A: PureOS is a GNU/Linux-based operating system, which powers all of the privacy-focused laptops Purism ships. PureOS has been lovingly and painstakingly optimized for the touch screen of the Librem 5. PureOS is also Free Software Foundation endorsed.

Q: I REALLY want one of the Librem 5s from the first batch (Aspen)! Pretty please?

A: Thank you for asking politely! We will be assigning each customer a batch according to when their order was placed. If a customer in an earlier batch chooses to wait for a later batch, we will reassign that slot.

Q: If I order today, what shipping batch will I be in and when will my Librem 5 arrive?

A: Orders placed today will likely fall in Batch Evergreen. Order now to secure your place in line–we are doing everything we can to process orders faster than the queue is filling up, and will continue in that effort.


Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post Librem 5 Batch FAQ appeared first on Purism.

The California Consumer Privacy Act

Wednesday 11th of September 2019 12:13:31 PM

Next January, California is set to have one of the strongest laws in the nation, passed last year with unusual bi-partisan support, seeking to add some first-of-their-kind state protections over our personal data. It is called the California Consumer Privacy Act (CCPA) of 2018. It nicely reflects the fact that our state is one of the only states in the country whose constitution in Article 1, Section 1, actually contains an express right of privacy guaranteed to all Californians.

This past year, since the bill’s passage, Purism has worked tirelessly–and dedicated substantial staff resources–to help make sure the new law is not substantially thrashed by Big Tech’s huge army before the fledgling law can even take effect: an army of highly-paid lobbyists. The stakes for Big Tech are large, but the stakes for consumer privacy, and for Purism’s philosophy of consumer privacy protection and control, are so much bigger.

To try to stem the extraordinary political muscle of Big Tech in Sacramento, Purism has worked in close collaboration with California’s top privacy protection groups including the ACLU, EFF, Consumers Union, Common Sense Kids Action and the Privacy Rights Clearinghouse, and many others to try to stop the onslaught of Big Tech-sponsored bills seeking to vitiate the new law.

Our CEO has testified in legislative hearings against the weakening measures, and has recently co-written a powerful editorial published in the Mercury News, the newspaper in the backyard of Big Tech in Silicon Valley, against these bills. As Purism’s legislative advocate, I have met with key California legislators to try to thwart Big Tech’s predictable onslaught against this new law.

The new law is obviously a long overdue first step

It seeks to give consumers quite a bit more control over the vast data companies collect, store, share and sell about them–all without their knowledge or meaningful consent. Needless to say, the secret collection and sale of these extraordinarily valuable troves of personal data have made Big Tech companies some of the most valuable companies in the world, the most politically powerful–and the greatest threat to our most basic privacy rights.

Among the new law’s key requirements:

  • Businesses must provide certain disclosures when selling consumers’ personal information. This includes disclosing the categories of information the business has collected or sold, the categories of sources from which the information is collected, and the specific pieces of information collected about the consumer.
  • Additionally, the CCPA allows consumers who are 16 years of age or older to opt out of the sale of their personal information, with younger consumers needing to opt in before a business can sell their information.
  • Consumers can also request that certain personal information be deleted.
The new law is also obviously far from perfect, as Purism’s CEO repeatedly testified this year in the Legislature

It does not even require companies to give consumers the fundamental right to first affirmatively agree to opt in–to the selling or sharing of their private information, before it can ever be shared or sold–instead forcing unknowing consumers to try to figure out the labyrinth of (often purposely tedious and confusing) website requirements in order to opt out of the sharing of their most personal data.

Like all laws, it reflects substantial political and policy compromise. It only came about because the California Legislature felt it had no choice back in 2017: to respond to a pending, highly popular statewide ballot initiative which sought to empower consumers, to find out what information businesses were collecting on them, and give them the choice to stop the sale of their personal information. In exchange for the introduction of the new California Consumer Privacy Act, the sponsors of the ballot initiative agreed to withdraw their initiative, and the new CCPA was quickly shepherded through the legislative process and signed into law.

Though Big Tech companies were unable to stop the passage of this law, they were able to secure a major procedural loop-hole to give them future “bites at the apple” this year, before the new consumer protection law actually takes effect next year. They got the Legislature to agree to postpone its legal effect until next January 1st–giving Big Tech the chance to try to undermine the key protections the new law contains.

Some Big Tech CEOs publicly continue to assert they have become true converts to the importance of protecting consumer privacy

Instead, they–and their legions of powerful lobbyists–have, disappointingly, spent this past year in the California Legislature quietly attempting to do all they can to weaken California’s new privacy law before it even goes into effect.

I am therefore very pleased to report that, as the legislative year winds to a close this hot summer in California’s Capitol, Purism’s tenacious efforts, in collaboration with many other committed, non-profit privacy groups like ACLU and EFF–and the commitment to privacy by key legislators in Sacramento–appear to be paying off for California consumers. Although some measures are continuing to move forward that may relax some of the provisions in the CCPA, the many Big Tech-supported bills that have sought to substantially curtail consumer privacy rights have, at least for now, been halted.

Purism and its supporters can therefore be very proud; we are not just “talking the privacy talk” but “walking the privacy walk” when it comes to fighting for consumer privacy rights and consumer empowerment. Though the political battles are clearly never over, the social benefit company’s efforts to better protect our cherished personal privacy, and consumer control over our, and our children’s, privacy will always be worth the substantial effort and cost.

We shall continue this worthy fight.

The post The California Consumer Privacy Act appeared first on Purism.

Purism at GUADEC 2019

Tuesday 10th of September 2019 03:46:05 PM

GUADEC 2019 took place in Thessaloniki, Greece, and some of Purism’s team members were there. This year’s program was excellent, with plenty of interesting presentations; among them, Tobias Bernard’s talk about adaptive patterns and GNOME apps that work well across different form factors, from phones to desktops. Below is a video of his talk, which we think you should really watch when you have a chance–and here are the slides.

One of the main themes of the talks was around containerized applications and the security involved. We learned about punching holes through flatpaks, with portals to provide the flatpak with temporary access to a service, and how to better secure multi-process flatpak applications with bubblewrap.

And after busy days of talks, we found the time to relax and casually chat at the picnic hosted at beautiful Platanakia:

Heather Ellsworth, François Téchené, Julian Sparber, Bob Ham, Tobias Bernard and Adrien Plazas

There were also a few meals, involving food, drinks and some interesting discussions about possible software ethics rating systems encouraging ethical practices like encryption, discouraging unethical ones like tracking.

From left to right, Heather, with Adrien and Bob in the back; in the front row and also from left to right are François, Tobias and Julian


The one where we invited the little hacker-in-training

Finally, after attending GUADEC talks and BoFs (and the occasional picnic), we went to the beach on Wednesday; we even have a picture, so you can see it really did happen…

@media (min-width:769px) {.media-embed {max-width: 125%; margin-left: -12.5%; margin-right: -12.5%; width: 125%; } }

The post Purism at GUADEC 2019 appeared first on Purism.

PureOS Rolls On as Stable

Friday 6th of September 2019 02:04:11 PM
PureOS was originally conceived as a rolling release.

A rolling release receives periodic updates in a “rolling” fashion–they just keep rolling in. This is good, as you get the latest cutting edge changes to applications and system libraries. But unfortunately there is a side effect to rolling releases: they are bad for stability, because the changes they bring are often not yet widely used, or tested, in real world situations. This issue is inherent to any fast moving body of code, and PureOS is no different; we attempt to solve it by putting the user at the center of our design choices. With this in mind, we polled our forum and worked internally to devise a pragmatic solution that follows best practices, while continuing to provide options for users.

Our solution is straightforward; we’re making our PureOS release a stable release, and creating a new rolling release. In addition to this stable release, we’re adding two complementary suites–amber-security and amber-updates–which work together to bring a rock solid release. We will also build and release a rolling release just like the one our users are used to, meant for those who are willing to use, and test, the latest software from upstream. Both releases will receive security updates, of course, but the rolling release will lack real-world testing, by design.

How do I get the new stable release?

You likely already have the new stable release. We’ve tested it for a while, and are now adding it as a normal update to PureOS base files. It should be an uneventful update–but if there are any issues at all, please let us know via bug report in our tracker system. We’ll announce our new rolling release in the near future. We will continue working on it, and during the period where our upstream has moved from stable to a new testing release there will likely be a bit of churn. Waiting for that to settle will likely benefit the quality of the new rolling release.

You can also download the new release. We’ll continue to update our documentation on the new release though very little has fundamentally changed. All our current documentation is routinely updated, and it all pertains to this latest release.

The post PureOS Rolls On as Stable appeared first on Purism.

Librem 5 Shipping Announcement

Thursday 5th of September 2019 02:52:34 PM

SAN FRANCISCO, Calif., September 5, 2019 — Purism begins its iterative shipping schedule for the much anticipated Librem 5 phone running PureOS.

The Librem 5 phone is built from the ground up to respect the privacy, security, and freedoms of society. It is a revolutionary approach to solving the issues that people face today around data exploitation — putting people in control of their own digital lives.

Due to the high volume, growing demand for the Librem 5, and in the interest of openness and transparency, Purism is publishing its full, detailed, iterative shipping schedule. This expands on the existing commitment to start shipping in Q3 by defining specific batches, their features, and their corresponding ship dates.

Most companies keep their release and product plans secret right up until mass production launch, so they can avoid publicizing any setbacks or delays; but we have decided to bring our community and customers along with us for the Librem 5 journey, and have been transparent about our progress from the beginning. This means you have been able to celebrate along with us as we have reached milestones like shipping our devkit in 2018, the NXP CPU silicon issues we had to overcome, placing our first call in early 2019, sending our first SMS. You have been able to track our software progress directly from our public code repositories and watch live updates to libhandy, Phosh, Chatty, and the rest of our software. And we are compliant with, and submitting for, the “Respects Your Freedom” certification from the Free Software Foundation.

The iteration schedule starts in September, 2019, and the Librem 5 will be shipping in batches with incrementing code names. Each iteration improves upon the prior in a rapid rolling release throughout the entire first version of the phone, including the public plans for the second revision of the phone for context.

Every iteration includes updates to hardware, mechanical design, and software. We will be contacting each customer to confirm their shipping address, which modem and power supply they would like, and to confirm which shipping batch they are currently scheduled to receive — and to give them an opportunity to select a later batch than they are scheduled for, should they prefer to wait for a later iteration. As slots in a particular early batch free up, we will open it up for others in a later batch to join in, according to the date of the order.

If you haven‘t yet placed your order (or want to place an additional order) — the sooner you order, the earlier the shipping batch you will be added into.

Batch Aspen

Hardware: Initial board, all hardware components included.

Mechanical Design: Individually milled case, loose fit, varying alignment, unfinished switch caps (hand crafted).

Software: Initial release of core Apps, manage contacts, basic web browsing, early power management, software updates from the PureOS Store via the terminal.

Certifications: FCC and CE for Radios

Shipping window: September 24th – October 22nd

Batch Birch

Hardware: Next run of board, all hardware included.

Mechanical Design: Aspen + tighter fit, improved alignment.

Software: Aspen + improved setup, improved web browsing, improved power management.

Certifications: FCC and CE for Radios

Shipping window: October 29th – November 26th

Batch Chestnut

Hardware: All hardware included.

Mechanical Design: Birch + capped switches.

Software: Birch + final setup, improved web browsing, improved power management.

Certifications: FCC and CE for Radios

Shipping window: December 3rd – December 31st

Batch Dogwood

Hardware: All hardware included.

Mechanical Design: Chestnut + refinements.

Software: Chestnut + core apps improved, additional applications, refined graphical PureOS Store.

Certifications: FCC and CE for Radios

Shipping window: January 7th – March 31st

Batch Evergreen

Hardware: All hardware included.

Mechanical Design: Molded case.

Software: Long term support release

Certifications: FCC and CE

Shipping window: Q2 2020

Batch Fir

Hardware: 14nm Next Generation CPU

Mechanical Design: Version 2

Software: Long term support release

Certifications: FCC and CE

Shipping window: Q4 2020

Thank you to all the supporters who continue to share the Purism story with the world — this is a long-term movement around creating a digital society that respects people. Purism started in 2014 and has been growing triple digits year-over-year. The Librem 5 project started in 2017 with early bird backers rapidly funding the 60 day campaign that blew past the $2.5m mark. The Librem 5 devkit was released in December 2018. Software inventions and releases have been ongoing for a few years. Now we begin the iterative production releases of the Librem 5 phone, which our entire team is very excited to share.


About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco, California, and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism +1 415-689-4029

See also the Purism press room for additional tools and announcements

The post Librem 5 Shipping Announcement appeared first on Purism.

Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory

Tuesday 3rd of September 2019 06:39:16 PM

We have been promoting the benefits of our PureBoot tamper-evident firmware with a Librem Key for some time, but until now our laptops have shipped with standard coreboot firmware, that didn’t include tamper-evident features. To get tamper-evident features, you had to reflash your Librem laptop with PureBoot firmware after the fact, using our standard firmware update process. One of the biggest challenges for most people using PureBoot was the initial setup process–but many people might  find installing an OS challenging too.

The best way to solve this challenge is for us to do the setup for you–and that’s what we are happy to announce today.

While we will still default to our standard coreboot firmware, starting today, if you order a Librem laptop and select the “PureBoot Bundle” option for the firmware, you can choose to have PureBoot installed and configured at the factory. The PureBoot Bundle includes a Librem Key, as well as a “Vault” USB drive that will contain the GPG public key we generated at the factory. You can use the Vault drive later to store backups of GPG keys you generate and store them in a safe place.

With the PureBoot Bundle, you will be able to detect firmware tampering and rootkits out of the box! Just unbox the laptop, plug in the Librem Key and turn it on–if the Librem Key blinks green, your laptop is safe; if it blinks red, it was tampered with in transit. Also, now that our Librem Keys are made in the USA next to our fulfillment center, we have even tighter control over the supply chain for the most critical trusted component in this equation.

If you pick a PureBoot Bundle, we will perform the following additional steps on top of the standard PureOS install process
  • Reflash the firmware with PureBoot
  • Factory-reset the Librem Key and set default user and admin PINs
  • Generate a new, unique GPG key on the Librem Key
  • Copy the corresponding GPG public key to a USB flash drive shipped with the laptop
  • Sign all of the files in /boot with this GPG key
  • Add the GPG public key to the firmware’s GPG keyring and reflash the firmware
  • Reset the TPM and set a default admin PIN
  • Store the known-good firmware measurements in the TPM
  • Share a secret in the TPM and Librem Key to detect later tampering

When you get your PureBoot Bundle, you can immediately test whether the firmware was tampered with during shipment. For an additional charge, you can contact us about our anti-interdiction services which, among other measures, ships the Librem laptop and Librem Key separately.

We believe you should have full control over your keys

Once you have verified the integrity of the firmware, you can set new passwords and secrets on the Librem Key and TPM, generate new GPG keys (or copy over GPG keys you already have), and re-sign all of the files, all with keys under your control, at any time.

We hope that, by setting it up for you at the factory, we can get this next-generation tamper-detection technology into more customers’ hands. Everyone–not just hardcore geeks–deserves the peace of mind of knowing that their systems are safe from tampering; and unlike with other secure boot systems, PureBoot gives you tamper-evident firmware without vendor lock-in–you control all of the keys.

To get the PureBoot Bundle, order a Librem 13 or Librem 15 and on the configuration page in the shop, select “PureBoot Bundle” under the firmware option.

The post Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory appeared first on Purism.

Why the Total Dossier on Everybody Must Stop

Tuesday 3rd of September 2019 01:51:40 PM
Where people go, what people do, and who talks to whom, should be kept private.

There is a total dossier on everybody, and you are likely a willing, yet oppressed, participant. Willing because of how convenient it is; oppressed, because everything you do is under the complete control of others.

Gang-stalking by corporations must stop. We have seen before what can happen when all the whereabouts of all people are tracked. The German Secret Police (the Stasi) had over 250,000 spies, who served in a four-decade long despotic regime over a population of 17 million, committing crimes against their own people–crimes that were viewed to be as brutal as those perpetrated by their Nazi predecessors–reminds us what oppression is. We have seen what happens when your privacy is invaded, when what you do is tracked. Decades before the Stasi, the Gestapo had 40,000 spies watching over a country of over 80 million, committing the worst atrocities on civilians ever; this is what oppression is.

We have seen what happens when who talks to whom turns into a demagogic tragedy. McCarthyism was coined from recklessly slandering public figures, ruining the lives of hundreds of US citizen with unsubstantiated accusations; this is what repression is.

The amount of data gathered on people from any of the aforementioned organizations is infinitesimally small, when compared to the astronomically large, nearly incomprehensible amount of personal data gathered from your mobile phone in just one day.

Where you go is known with satellite-measured accuracy, within a meter of your position on earth. Polling every millisecond–even when offline, for later synchronizing–your exact location is recorded at every moment of every day, permanently. What floor you’re on, who you are near, how long you’re near them, what speed you’re traveling at, who you’re traveling with, are all elementary level mathematics to establish. Cross-linking a single data point like your longitude and latitude to a second data point like the radio distance to a cellular tower or three, adding in what Wi-Fi you connect to and the strength of connection, makes confirming your location in triplicate extremely easy.

What you do is matched against where you go, how long you are there, and how much you interact with your phone or health monitoring app. Knowing you’re at an event, bar, game, restaurant, hotel or friends house is matched against photos, videos, social media posts, chats, heart rate–or simply how often you look at your phone–and can determine what you’re doing with a remarkable degree of accuracy. Were you bored or engaged? Were you hungry, or did the salad you paid for suffice until the after-dinner pizza you had delivered late-night, after your ride-share (aka taxi+tracking) service dropped you off at 11:04pm?

Who talks with whom is egregiously recorded forever, and in nearly all cases what is said to whom is also flagrantly squirreled away for eternity. You chatting with your mother–yep, spied on. You texting your spouse–spied on. You calling to cancel cable–spied on. Your photo sent to your colleague–spied on. It’s easier to list all the things kept between just you and the intended recipient, because it is absolutely nothing. There is no app that can guarantee it’s just two people involved in a text string; because apps, the underlying operating systems, and the underlying cellular networks, are controlled by the very same groups that surveil all of society.

Your oppression is not entirely your fault; knowledge is purposefully and behaviorally restricted from your purview.

It’s either buried in the hundredth paragraph of a terms-of-service you didn’t read, or shrouded in enough mystery you follow the rest of the anchovies in a collective experiment wondering “if it is this bad, why hasn’t anybody stopped it?”

It takes any one of three things to solve this–as history has shown: governments regulating to benefit civilians; business models changing to respect society; people switching to products and services that are ethical for society. Surveillance companies are working daily to remove the last one from happening; people switching requires a network effect, and they put up anti-competitive barriers for any new competition to have a level playing field. These same companies–all Big Tech companies–are so gargantuan that they don’t have to change their business practices toward helping society; they opt to use marketing slogans to keep their oppressive regimes dominating instead.

This leaves governments to step in and consider regulating the behemoths–never forgetting that lobbying efforts will work hard to adding regulation that keeps the companies gigantic, rather than regulation that benefits civilians, since this type of regulation makes smaller but growing competition need to jump higher and higher to vault over the new regulatory hurdle.

To rid yourself of the unethical dossier collected on you takes having a (convenient) alternative that avoids knowing where people go, what people do, who talks to whom, all it takes is governments to stand up and regulate to benefit its civilians.

And most importantly, it takes you leading by example, using products designed to respect your rights.

The post Why the Total Dossier on Everybody Must Stop appeared first on Purism.

The Librem 5 Application Compatibility Chart

Friday 30th of August 2019 04:58:51 PM

All of the applications below are confirmed to run on the Librem 5 Smartphone running PureOS.

Each application is grouped into one of three categories based on how optimized it is for the mobile screen.

Mobile Optimized – Fine tuned for mobile screen and touch input.

Visual Issues – Some visual elements could use additional fine tuning for mobile screens.

Needs Mobile Optimization – Runs and is functional, but not all visual elements are visible or fit on the screen.

This list was last updated on August 30, 2019 and some items are maintained by the team at Purism.  This is not a complete list of all pieces of software that run on the Librem 5 (either currently or in the future) and additional applications will be added to this chart as they are tested and verified.

The Librem 5 Application Compatibility Chart

ApplicationMobile OptimizedVisual IssuesNeeds Mobile Optimization
Phone Calls

SMS, Messaging

Web Browser
GNOME Contacts
GNOME Settings
GNOME Clocks
King's Cross Terminal✓
Music Player
GNOME Archive Manager

Image Viewer
Eye of GNOME
GNOME Disk Utility
Graphic Design
Torrent Client
GNOME Podcasts
PDF Editor
GNOME Calculator
If you see any incorrect entries or bugs, please file them here

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.librem-5-compatibility td.column-1 img {width:64px !important;filter: drop-shadow(0 1px 12px rgba(0,0,0,0.05)) drop-shadow(0 -1px rgba(0,0,0,0.05)) drop-shadow(1px 0 rgba(0,0,0,0.1)) drop-shadow(0 1px rgba(0,0,0,0.3)) drop-shadow(-1px 0 rgba(0,0,0,0.1));}.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post The Librem 5 Application Compatibility Chart appeared first on Purism.

Purism CTO Presents “A Mobile Phone that Respects Your Freedom” at CCCamp

Wednesday 28th of August 2019 06:05:50 PM

It is not easy to build hardware that respects your freedom, and it becomes even more challenging when that hardware is a mobile phone. No one knows this better than Purism CTO Nicole Faerber–and at CCCamp 2019 she elaborated on these challenges in a 45-minute presentation: “A Mobile Phone that Respects Your Freedom.” While we strongly suggest everyone view the talk itself (it’s so good!), in this post we will pull out a few of the highlights:

Mobile phone market is a small number of big players

As everyone knows, the current smartphone market is a duopoly with the majority of phones running Android, and the rest running iOS. But the chipset market and the bulk of the smartphone supply chain is in the hands of only a few large companies. Two companies only (Mediatek and Qualcomm) account for the bulk of Android phones, which itself accounts for the majority of phones on the market. That’s not just a lot of control in a small number of companies, it also presents its own challenges if you want to create a device that respects freedom in a marketplace where the norm is proprietary software. This means most phones integrate as much as possible into as few chips as possible–and those chips generally require proprietary firmware and drivers to function.

Patents present a unique challenge

One thing many people don’t understand outside of the mobile space is the impact that patents have. Every new generation of phone technology brings with it hundreds, if not thousands, of patents. While patent holders have certain requirements to license these patents to others, they also use their patents to control the market. This is particularly relevant when you consider just how important mobile phones have become in everyone’s lives–having, in many cases, replaced the traditional personal computer as the primary computing device. This control over the market via patents presented us with a lot of challenges, in particular when attempting to source a standalone 4G modem that supported voice.

Unveiling the Librem 5 PCB

We want a smartphone that respects people’s freedom with an open, hackable design and published schematics. In fact, we are seeking “Respects Your Freedom” certification from the FSF, so we went to great effort to source freedom-respecting chips that worked with free software drivers. One big area where we could not work around proprietary blobs was the modem, so between that and our desire to use hardware kill switches–for the WiFi and the cellular baseband–we went with a design that separated out those components into their own chips (in the case of the cellular baseband, a removable M.2 card). We started by releasing a devkit in December 2018, and in this talk Nicole unveils the first public pictures of the actual phone PCB!


Hardware is hard, and making mobile phone hardware that respects your freedom is even harder. Challenges include finding suppliers, language barriers when working with Chinese suppliers (in many cases the only viable avenue for certain mobile phone work, these days), often dealing with long lead times, regulations and certifications. There’s also a general lack in available hackable hardware, which means that there isn’t nearly enough expertise in mobile phone hacking in the community–something we hope to change!

Nicole’s talk was marvelous–both informative and interesting–and you should really watch the video in its full version bellow, because there’s so much more to it than what we just wrote about!


Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we–the people–stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post Purism CTO Presents “A Mobile Phone that Respects Your Freedom” at CCCamp appeared first on Purism.

How To Promote Real Social Good

Thursday 22nd of August 2019 03:25:22 PM

It was big news this week when the nation’s most powerful chief executives finally acknowledged that corporations should contribute more to society than maximizing shareholder value. The new mission statement of the Business Roundtable, as their group is known, contains the following goals:

  • Delivering value to our customers. We will further the tradition of American companies leading the way in meeting or exceeding customer expectations.
  • Investing in our employees. This starts with compensating them fairly and providing important benefits. It also includes supporting them through training and education that help develop new skills for a rapidly changing world. We foster diversity and inclusion, dignity and respect.
  • Dealing fairly and ethically with our suppliers. We are dedicated to serving as good partners to the other companies, large and small, that help us meet our missions.
  • Supporting the communities in which we work. We respect the people in our communities and protect the environment by embracing sustainable practices across our businesses.
  • Generating long-term value for shareholders, who provide the capital that allows companies to invest, grow and innovate. We are committed to transparency and effective engagement with shareholders.

There is a lot of speculation around what has motivated this change, ranging from genuine altruism to a response to politicians who have made corporate greed a talking point in their stump speeches, or even to using it as a hedge to explain future losses driven by a possible recession. This article does not address any of that speculation. Instead, this article will address whether the Business Roundtable’s new mission statement is likely to significantly affect corporate behavior, based on our experience as perhaps the first Social Purpose Corporation in the technology space.

“The Business Roundtable CEOs could just re-incorporate as a Social Purpose Corporation, if their motives aligned with their words.” Todd Weaver, Founder & CEO of Purism stated.

This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation. We chose this form or corporation to ensure that our foundational purpose to advance the freedom, privacy and security of our customers would not be undermined by those who seek to maintain the ability of Big Tech to profit off of customers’ personal information. We also wanted to protect our company’s ability to achieve its purpose as it grew, in particular once it took on outside investment. One big threat we knew we’d face if we went through the traditional C corporation model was that future investors could potentially sue us for pursuing social good above maximizing shareholder value.

According to the Washington State Bar Association, “An SPC’s directors may give weight to one or more of the social purposes, rather than solely considering the best interest of the corporation. RCW 23B.25.050. This allows the founder to elevate a particular social cause rather than maximize profit at the expense of society. It allows a company to be socially responsible without being considered financially irresponsible.”

As laudable as the mission statement by the Business Roundtable is, the fact remains that its members’ corporate structures and broader objectives will continue to be centered around profit maximization. Let’s keep in mind that CEOs of large companies typically have much of their compensation based on the performance of the company’s stock. Will CEOs whose compensation can run into the hundreds of millions of dollars per year put their personal financial interests aside for the greater good? And, more importantly, one must unfortunately admit that often times the very nature of the businesses conducted by the largest companies is, at their core, contrary to the public good.

Consider, for example, the social media companies who know their platforms are being manipulated to fuel division and discord in societies around the world, and yet they fail to stop the abuses. Consider the role of large banks in economic calamities around the globe. Consider the role of pharmaceutical companies in making drugs unaffordable for many people, and in contributing to the opioid crisis. Consider the fossil fuel companies who continue to extract and burn fossil fuels knowing that they are an existential threat. Consider the role of chemical companies in polluting the environment. And consider the fact that our company was born out of the need to protect people from the challenges to their privacy, security and freedom brought on by Big Tech. Sadly, the shift in emphasis by the Building Roundtable does not address the biggest problem with many of the largest corporations, which is that their business objectives are not compatible with general health and welfare. Saying that companies should deal fairly and ethically with their employees and partners even if it affects the bottom line is nice–but beside the point. It would be far more beneficial for these companies to reevaluate their overall effect on society.

We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

The post How To Promote Real Social Good appeared first on Purism.

Librem 5 August Update

Wednesday 21st of August 2019 02:36:07 PM

Hi Everyone! The Librem 5 team has been hard at work again, and we want to update you all on our software progress.

We are preparing everything for the Librem 5 to be delivered soon, and its software will focus on the most critical applications a phone needs: calls, messages and web browsing. There are supporting projects that will be delivered too, like GNOME Settings, the shell, GNOME Initial Setup, and GNOME Contacts. So without further ado, let’s take a tour through the software we will deliver–as well as some other applications that have seen some major changes.

Applications Libhandy

We have made some adaptive dialog improvements to HdyHeaderBar’s back button. There is a really nice new pagination widget for the app drawer. A general overhaul of the app drawer is almost finished–thanks so much, Alexander Mikhaylenko, for all of your hard work on this!

Also, be sure to check out the newly packaged demo app.

And Libhandy 0.0.10 has been uploaded to Debian and to PureOS.


We have worked on a few recent main efforts on Calls: adding a calls history, allowing the Contacts app to dial numbers, and enabling the system to receive calls when the shell is locked.

To lay the foundation for the calls history, the records have to be recorded in an SQLite database. Then, to complete the work, the database was connected to the UI.

In order to allow Contacts–or any other application–to dial calls, a tel url handler was added to Calls.

Calls now starts up in a new daemon mode when GNOME starts, so that incoming calls can always be received.


The team fixed several crashes, and the welcome screen was reworked; there is also an ongoing effort to integrate with libfolks, which is used by Contacts.

We continue to improve the SMS plugin, too, and fixed an issue with multipart SMS reception: all SMS fields are initialized as soon as the first part is received (thanks a lot, Aleksander Morgado, for the patch). There is also handling for SMS messages that were received by the modem when Chatty isn’t running, support for delivery reports, and phone number formatting according to E164.

The conversation view was improved by introducing lazy loading for pulling the chat history patch, which gradually loads the chat log into the conversation view as the user scrolls up. Thanks, Leland Carlye, for the awesome patch!


The team added many mobile tweaks: from file chooser dialogs to about dialogs, message dialogs, adaptive presentation dialogs, dialog maximization, and info bars.

Web Browsing

We have backported many mobile improvements, which we also included on the devkit image. The Epiphany “new tab” page and several other in-viewport pages have been made adaptive, and there is a continued effort to push for Epiphany to adopt HdyPreferencesWindow.

Soon, you will be able to edit CSS from Epiphany’s preferences; and the search engine management dialog has been ported.

In order to address the application manager overflow issue, the about: applications now has improved CSS for responsiveness.

Initial Setup

We have refactored adaptive changes for some long-needed cleanups, which will be submitted upstream eventually.


We have some brand new functionalities, such as new buttons, added for making a call and sending sms.

In preparation for Contacts integration with Calls and Chatty, we have been doing some investigation into libfolks, gnome-contacts-search-provider, and evolution-data-server. This led us to a major refactoring of GNOME Contacts, so as to reduce complexity.

We have added some fixes to avoid crashing when taking a webcam picture, using GNOME 3.32 avatar styles for fallback–and the avatar is no longer cut off. A long press for selecting contacts was also implemented.

We are still working on fake persona.


We are working hard to redesign GNOME Clocks for mobile/adaptiveness–and to get the Alarm UI to use new list patterns.


We did it–GNOME Help now works on the devkit!


We are focusing a lot of effort on the WWAN panel, where locked SIM cards are now handled (and there’s a dialog to enter a PIN to unlock the SIM), data can be enabled and APN can be set, and auto-connect for default APN is also enabled so that it is persistent across device restarts. The UX has been improved too, by using HdyColumn to center align the panel and porting to HdyDialog. Finally, the WWAN panel now also detects multiple modems!

But that’s not everything: other areas of GNOME Settings have seen adaptive changes too, such as the background panel, search locations dialog, and notifications dialog, which have been made adaptive; the GNOME Online Accounts has also been made adaptive, by reducing the account widget margins and setting a minimum and natural size–which required the account dialog to be adapted. Plus, we are currently updating the format dialog for the Region panel (in GNOME Online Accounts).

There’s a new design for the WiFi panel being discussed upstream, which will need to be implemented once consensus is reached.

Additional adaptive fixes are still under review upstream, and include fixing HiDPi scaling issue of background images, region panel, and privacy panel dialogs.


We have a shiny, new, user-friendly terminal for mobile screens called Kings Cross, which is now default on the Librem 5. Thank you so much, Zander Brown, for all of your hard work on this!

We have also set a default background image. In order to help debugging efforts, debug symbol packages have been added by default. We’re now shipping a patched UPower that detects the devkit’s charger and power supply.

Support for the Librem 5 has been upstreamed in Debian’s flash-kernel.


Our team fixed several keyboard crashes, too: keyboard visibility on DBus is properly toggled now, for example, and a text-input issue preventing the OSK from showing up automatically in the correct windows is fixed. We also made lots of cleanups across the code base (see some cleanups and imservice cleanups for more detail) as well as getting tests added, error-checking made stricter, and many other fixes.

Some scaling improvements were made by calculating the scale factor instead of pre-scaling; honoring the widget scale factor, and setting a constant font size.

Additional rendering upgrades included avoiding infinitely redrawing the keyboard (since this was making the keyboard blurry, as well as eating up battery and CPU cycles), fixing the blurry text and icons and making the widget easier to style. We also added frame rendering, in order to make the keyboard match the design.

To avoid hiding content behind the keyboard, LayerSurface improvements were made–and newer layer shell code from phosh implemented–to hide/show the window, instead of destroying and redrawing it every time. This helped us make squeekboard our default keyboard.

Sound support is being added in the keyboard.

And, thanks to Piotr Tworek, we fixed an out-of-bounds memory-read bug!

XKB keymaps are being generated from XML instead of using premade ones, to allow for more keymap flexibility, so we have also decided to make some keyboard geometry adjustments to make the XML simpler.

The navigation between keyboard views was significantly improved, and landscape orientation was added so the keyboard no longer takes up the full screen, being centered instead. Similarly, the keyboard is now centered horizontally. We have also started working on improving symbol input, and adding support for non-ASCII languages.

The text-input protocol has been updated; it now supports notifying when no OSK is needed.

Compositor + Shell

The compositor has seen many fixes by now–although at first you may hardly notice them. Stack handling works better now, and unmapped surfaces won’t be raised in the stack. In order to mitigate any accidental rendering bugs when, for instance, focus rules cause the function to return early, the view damage in set_focus, to where the drawing list is handled, has been moved. Additional work has been done to move the focus back to first shell surface when unfocusing layer surface. To make recent GTK dialog fixes behave properly, maximize/fullscreen state is now taken into account on view init.

The team has also made a few layer surface changes: a layer shell crash was fixed and unused protocols were removed.The system modal dialogs now match the design much better; the ability to unmaximize auto-maximized layers was removed to avoid a broken state; we fixed the layer shell show/hide, and now have the ability to use enums as types. Some protection was put in place to guard against negative exclusive zone when surfaces set negative margins.

Other noticeable changes are that you can now close an app from the overview, and the keyboard button is hidden when the keyboard is unfolded.

We have also added touch support in X11 backend!

We were worried about a few compositor crashes, which led us to make some input grab fixes for xdg_popups and remove input method’s resource from the list on destroy.

Other changes we made include dropping the pointer emulation on touch and auto-maximizing before mapping the surface, to avoid flicker for example when starting new applications.

Phosh has seen the addition of PhoshToplevelManager and PhoshToplevel classes for managing and representing toplevel surfaces; this switches from a private protocol to wlr-foreign-toplevel-management, which is more complete than our previous private protocol and makes phosh usable with other compositors that implements the new protocol. Reporting the surface’s parent is still pending upstream review.

As you boot your devkit now you’ll notice that you see your list of favorite apps immediately. This is the result of our recent effort to move the favorites to home screen–once again, thanks to Alexander Mikhaylenko, in this case for fixing the sizing of the activities! You’ll also notice our new animated arrows when folding/unfolding the home screen, and fix favorites changing via gsettings.


If you haven’t already, take a moment to read our blog post that details the Librem 5 team’s contributions to the 5.2 kernel.

But a few things have happened since: support has been added for our accelerometer and gyroscope, and it’s been submitted upstream. In order to make IIO-sensor-proxy work correctly, we mainlined an accelerometer driver bugfix–meaning we will soon be able to use IIO-sensor-proxy by default and auto-rotate so that we can remove the “Rotation” switch in the top bar.. and rely on the sensors to decide the orientation that should be displayed!

We have been working very hard to improve the graphics stack too. MXSFB support has been added into mesa, and several patches are in review upstream: v1 and v2 of the NWL MIPI DSI driver, v2 of the LCD panel patches to make it work embedded in a panel_bridge(which is used by the NWL driver), v1 of the MXSFB patch to handle NWL timing requirements. Some tests with MXSFB were fixed.

A couple of minor patches were made to fix a typo in i.MX8MQ reset names and IPUV3 kconfig.

Power Management

The team is trying very hard to better manage the power consumption of the phone and reduce the overall temperature: to make sure we don’t lose basic kernel support, we now check for cpuidle sysfs nodes and DRM render node. We are also working on helping NXP to mainline thermal-idle to cool the CPU by idle-injection; to ease kernel updates, we improved kernel tests–and the CPUs now slow down when hot, instead of overheating and shutting down.

Also, thermal management investigations have led us to a focused effort on S3 suspend/resume.


The mailing list now receives build status mails–if you’re interested, you can sign up for and receive them.

And the images will soon include our patched version of gnome-settings-daemon.


We have made several updates to the existing documentation: the low-level touchscreen reading hints, GNOME platform section, and application settings have all been updated, for example. We have also made many one-line updates to be able to use recent links, a more recent version of GNOME, etc.

As always, a big “Thanks!” to everyone that has helped review and merge changes into upstream projects; your time and contribution are much appreciated. That’s all for now, folks–stay tuned for more exciting updates to come!

The post Librem 5 August Update appeared first on Purism.

The Librem 5 Smartphone in Forbes

Tuesday 13th of August 2019 05:40:57 PM
Todd Weaver helps Moira Vetter answer the question “Is America Finally Ready For A Surveillance-Free Smartphone?” in a recent article in Forbes.

The article begins by pointing out that several companies have tried to release private, secure smartphones–and most have failed. Does that mean privacy and security are impossible to achieve? Well, not really, because:

One company wants to change the privacy-focused technology landscape

And that company is Purism. Not depending on the traditional Silicon Valley Venture Capital marketplace, and being a Social Purpose Company, Purism will never compromise its users security, or their privacy, for profit.

Purism’s crowdfunding campaigns on the Crowd Supply platform consistently achieved more than their funding goal. The latest, concerning the Librem 5 smartphone, raised over $2 million. And what makes the Librem 5 smartphone different from other phones? Several factors, such as the business model, an engaged community, and the fact that privacy and security are starting to be a great concern– and not just for everyday smartphone users, but for the government as well.

While the world continues to “opt-in” and share their every move, thought, comment, viewing whim, personal home climate preference, and family behavioral profile with the 2 or 3 companies running the world, there are people that find this repugnant.

Ultimately, desiring privacy does not mean having to go off the grid: a privacy-enhancing smartphone both empowers and enables its user.


Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post The Librem 5 Smartphone in Forbes appeared first on Purism.

Curbing Harassment with User Empowerment

Thursday 8th of August 2019 02:25:32 PM
User empowerment is the best tool to curb online harassment

Online harassment is both a privacy and a security concern. We all know the story of how someone (typically a woman, studies say) states their opinion online and is then harassed to the point of leaving the service (or worse). Using the infamous “with an opinion” hook, we can frame a user story that affects more than 50% of the population:

User story: I am a marginalized person with an opinion. I want to intercept online harassment, so that I can communicate safely with friends and strangers.

The truth is that a motivated mob can target anyone, marginalized or not. We would all benefit from effective anti-harassment tools.

Don’t rely on the operator

Many current and proposed solutions to stop or curb harassment rely on one or more of these methods:

  • Human content moderation. Typically volunteer or low-paid, and subject to burnout. A moderation team simply does not scale, and cannot moderate private messages (we define “private” as “end-to-end encrypted”).
  • Server-side tracking. Error-prone “algorithms”, with little or no transparency, regularly make mistakes. And once more, they cannot apply to private messages.
  • Shoot-first takedown laws that skip the deliberative process and are frequently abused.
  • Corporate censorship, or any of the above distorted by bottom line.

It is tempting to rely on a server-side solution, whether that means the machine itself or humans working on your behalf. This can work on tiny scales if you have a trusted friend with both technical and legal know-how, but in all other cases the issues are compounded. To mashup two misunderstood quotes:

You solved a harassment problem by ceding control to the service? Now you have two problems.

Empower the user

We suggest that user empowerment via client-side features is a more robust and safer approach. Potential design patterns include:

1. Client-side heuristics

Server-side solutions necessarily put power in the hands of a developer or sysadmin. By contrast, client-side heuristics put power in the hands of the user, including the power to turn them off. Privacy Badger is a great example of this in practice:

  • Fresh installations use rules generated by offline training.
  • Additional rules based on behavior-based heuristics.
  • Additional customization for experienced users.
  • No ads, no calling home, no tracking.
  • Turn it off, for example if you are researching trackers.

Moving forward we aim to enhance all Librem One clients with badger-like functionality. We believe that the majority of cases won’t require machine learning, and could be handled with simple heuristics:

2. Safety mode

We can classify online correspondents into three groups:

  • Trusted contacts. People we talk to regularly, and trust.
  • Strangers. People we don’t know well, or don’t know at all.
  • Bad actors. People we don’t want to interact with, possibly based on the advice of a trusted contact.

Typically, we want to communicate with strangers online, so this should be possible by default. But if we are being actively harassed, we can assume that further messages from strangers are unsafe, and switch our account to “safety mode”–rejecting messages, invites and other interactions from strangers. We can rely on our trusted contacts for help and support, including passing on well-wishes from strangers.

At-risk individuals might choose to start their account in safety mode.

Trusted caretakers might maintain lists of bad actors, but trusting a caretaker should require very careful consideration: What is their governance model? What is their appeals process? Do they leak information about list recipients?

3. Crowd-sourced tagging for public content

In the specific case of public posts, we believe that public crowd-sourced tagging (aka, folksonomy) is a sustainable and fair replacement for human moderation, caretaker-lists and takedowns.

This approach takes moderation power out of the hands of a few sysadmins and corporate moderation teams, and grants it to all users equally. Users are free to decide which user-moderator they trust, and filter based on their tags–or skip moderation entirely.

Nicole Faerber nominated for “CTO of the Year” by Women in IT Awards

Wednesday 7th of August 2019 01:56:51 PM
Our very own Nicole Faerber has made it to the short-list for “CTO of the Year” by the Women in IT Awards!

Congratulations are in order–we are so proud to say that Nicole Faerber just got nominated to the short-list of such a meaningful award. Nicole’s nomination means a lot to Purism, and we are here today to say just so.

She totally deserves this nomination (and, if we may say so ourselves, she’d also deserve to get the award…) for oh-so-many reasons:

  • for her amazingly innovative work on our upcoming Librem 5 smartphone
  • for her concerns about privacy and security and avoiding data and user exploitation
  • and of course her assertive presence in the free software community, where she contributes to making free software an industry standard… helping the rest of the world take its possibilities seriously.

So thank you, Nicole Faerber for all that you do!

“Women have been an important part in creating the very foundations of modern IT, naming Ada Lovelace as just one example (here and here are some more), and have ever since played an important role in IT and computer science.” – Nicole

Women in technology are clearly not represented enough: they amounted to somewhere between 2% and 5% of all programmers a decade ago, and about 10% now. At Purism, we pride ourselves on being gender diverse, in addition to being racially and geographically diverse. Our full team is comprised of 20+% women (with women accounting for 37+% of our board, and 33+% of Purism executives) and we continue to work to increase that percentage. Diversity is an asset, and creates safe workplace environments. If you want a safe workplace environment that respects diversity, we are hiring.

The post Nicole Faerber nominated for “CTO of the Year” by Women in IT Awards appeared first on Purism.

What a No-Carrier Phone Could Look Like

Thursday 1st of August 2019 01:00:03 PM

Now that we are in the home stretch for the Librem 5 launch, it’s a good time to start discussing some visions for the future. While the Librem 5 can operate as a traditional cellular phone today, in this post we are going to discuss its potential as a “no-carrier phone.”

The term “no-carrier phone” is used for a mobile phone that does not get its phone number from a carrier. This can take a couple of forms: a WiFi connection-only phone, or a Cellular Data connection-only phone.

In other industries, for instance in media distribution, this is called “Over-The-Top” (OTT); the underlying idea is that Internet Service Providers (ISPs) should be, and are just, “dumb pipes”. Why?, because they provide internet data only–and all the services ride over-the-top of the internet connection. Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. This was done against the wishes of many entrenched media groups and ISPs, of course–but the majority of us have now adopted the OTT model: we call them streaming services.

Over-The-Top can (and, in my humble opinion, should) apply to every form of service on the internet.

We do not need to get our primary mobile phone number from a carrier—routing all our voice data, messaging data and internet data. If the carriers were just “dumb pipes”, they would offer us data-only connections, allowing us to get personal services from any competitor offering an internet tool we need or like–including a phone number. Sure, the carriers could bundle their own a la carte offering of services, but as the US Congress established a while ago with the FCC during the phone-number-lock-in wars (from the US Telco providers) people should be able to keep their phone number and just switch providers.

Over-The-Top means you would have a fully-functioning phone–and a phone number–portable to whatever internet connection you desire; be that a cellular carrier, a prepaid SIM card, a coffee-shop WiFi, tethered to a friend’s device, USB hotspot or whatever other fun thing you’d like to try (BlueTooth mesh network, anyone?).

This No-Carrier vision could be realized with the Librem 5 combined with Librem Dial–a future part of Librem One bundle.

Once Librem Dial is released in the future, it would mean you could have a non-carrier-provided phone number which could be used no matter what connection you have over-the-top; that you could make or receive calls to your primary phone number if you are on WiFi and no Cellular connection. You could flip the Cellular Modem Hardware Kill Switch (HKS) on your Librem 5 and still call or text from your primary phone number while at that coffee-shop WiFi.

This would offer you the ability to have a no-carrier phone–in either form–that now you only have when on WiFi–which means no triangulation-location tracking from cellular towers. Or you could have it tethered via WiFi to another device; or a no-carrier phone number whereby you use a prepaid data-only SIM card, or even opt to have a data-only SIM card from a carrier. I would still call this a no-carrier phone, as the phone’s number is not attached to any carrier.

This approach of over-the-top has many added benefits–and only one down-side:

Because cellular carriers offer voice and SMS messaging even when you are outside of cellular data regions, you can still make or receive a call (or send and receive text messaging) with very weak data signals. This is why you can still call and text even if you turn off cellular data on your phone. In a no-carrier model—where the service rides purely over the data connection—your services would only work when there is data connection to your phone, be that WiFi or cellular data. Even with this downside, the benefits are tremendous of course–including having complete privacy control of your device’s location, control over when you’d like to connect and use your cellular data plan, and the ability to switch providers without ever having to reconfigure your accounts or settings.

As you can see, Purism has grandiose plans, and we continue to advance towards them rapidly.

Triple-digit, year-over-year growth offers us a unique opportunity to serve society–as our Social Purpose Corporation status requires–changing society for the better all along the way.


By pre-ordering the Librem 5 phone and signing-up for Librem One services, you will be supporting a platform with the potential to cut the cord from your carrier and move toward the no-carrier phone!

Get Librem One

Pre-Order Librem 5

The post What a No-Carrier Phone Could Look Like appeared first on Purism.

Librem 5 Smartphone – Final Specs Announced

Monday 29th of July 2019 02:58:09 PM
We are proud to unveil the final specifications for the Librem 5 smartphone, set to begin shipping in Q3 of 2019. Here’s the high level hardware specs:

Librem 5

Display : 5.7″ IPS TFT screen @ 720×1440
Processor: i.MX8M (Quad Core) max. 1.5GHz
Memory: 3GB RAM
Storage: 32 GB eMMC internal storage
External Storage: microSD storage expansion
Wireless: 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4
Baseband: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
Smartcard: Reader with 2FF card slot (SIM card size)
Sound: 1 earpiece speaker, 3.5mm headphone jack
Accelerometer: 9-axis IMU (gyro, accel, compass)
Front Camera: 8 MPixel
Back Camera: 13 MPixel w/LED flash
Vibration motor: Included
USB Type C: USB 3.0 data, Charging (Dual-Role Port), Video out
Battery: User replaceable – 3,500 mAh

You can pre-order the Librem 5 for the early bird discounted price of $649 — with the price going up $50 after July 31st.

Here’s a more detailed breakdown of the Librem 5 hardware and specific components included: CPU i.MX8M @ max. 1.5GHz
  • Quad core Cortex A53, 64bit ARM
  • GPU: Vivante GC7000Lite (hardware supports OpenGL/ES 3.1, Vulkan, OpenCL 1.2)
  • Auxiliary Cortex M4
  • 3GB RAM
  • Internal 32GB eMMC
  • microSD storage expansion slot (max 2 TB)
  • 5.7″ IPS TFT screen @ 720×1440
3 Hardware Kill Switches:
  • WiFi / Bluetooth
  • Cellular Baseband
  • Cameras & microphone
  • All 3 off = additionally disable IMU+compass & GNSS, ambient light and proximity sensors
Other Buttons:
  • Power button, Volume ± buttons
  • 3,500mAh, user replaceable
  • 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4
  • Option 1: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
  • Option 2: Broadmobi BM818 (made in China)
  • nanoSIM tray for cellular
  • Teseo LIV3F GNSS
  • Rear camera @ 13 MPixel
  • Camera flash LED for rear camera
  • Front camera @ 8 MPixel
USB Type-C Port:
  • USB3.0 data
  • Power Delivery (Dual-Role Port)
  • Video out
  • 1 earpiece speaker + digital microphone
  • 3.5mm headphone jack with stereo out and mono microphone input
  • Audio DAC: Wolfson Media WM8962
  • 1 loudspeaker
  • Reader with 2FF card slot (SIM card size)
Notification Lights:
  • RGB LED with PWM control per color
Other Sensors, Components:
  • Acceleration, gyro and compass sensor (“9-axis” by ST, LSM9DS1)
  • Ambient light and proximity sensor: VCNL4040
  • Haptic motor

The post Librem 5 Smartphone – Final Specs Announced appeared first on Purism.

More in Tux Machines

Chromium/Mozilla Firefox: Chrome 78 Beta, Keygen Setback and iframes

  • Chrome 78 Beta: a new Houdini API, native file system access and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on Chrome 78 is beta as of September 19, 2019.

  • Chrome 78 Hits Beta With Native File System API, Much Faster WebSockets

    Google on Friday released the Chrome 78 web-browser beta following last week's release of Chrome 77. Chrome 78 Beta is coming with a new Houdini API or more formally known as the CSS Properties and Values API Level 1, which lets developers register variables as fully custom CSS properties and can better handle animations and other use-cases.

  • Firefox 69 dropped support for <keygen>

    With version 69, firefox removed the support for the <keygen> feature to easily deploy TLS client certificates. It's kind of sad how used I've become to firefox giving me less and less reasons to use it...

  • [Mozilla] Restricting third-party iframe widgets using the sandbox attribute, referrer policy and feature policy

    Adding third-party embedded widgets on a website is a common but potentially dangerous practice. Thankfully, the web platform offers a few controls that can help mitigate the risks. While this post uses the example of an embedded SurveyMonkey survey, the principles can be used for all kinds of other widgets. Note that this is by no means an endorsement of SurveyMonkey's proprietary service. If you are looking for a survey product, you should consider a free and open source alternative like LimeSurvey.

DM-Clone Target Added To Linux 5.4 For Efficient Remote Replication Of A Block Device

Added to the device mapper (DM) code with the Linux 5.4 kernel is an interesting addition that benefits those wanting to carry out some interesting use-cases around remote replication of block devices. As explained in the original patch proposal for dm-clone, "dm-clone produces a one-to-one copy of an existing, read-only device (origin) into a writable device (clone): It presents a virtual block device which makes all data appear immediately, and redirects reads and writes accordingly. The main use case of dm-clone is to clone a potentially remote, high-latency, read-only, archival-type block device into a writable, fast, primary-type device for fast, low-latency I/O. The cloned device is visible/mountable immediately and the copy of the origin device to the clone device happens in the background, in parallel with user I/O." Read more

Devices: One Laptop Per Child (OLPC) XO-1.75, PiCAN3 CAN-Bus Board and BeagleBoard

IBM, Red Hat and Fedora

  • OpenShift Commons Gathering in Milan 2019 – Recap [Slides]

    On September 18th, 2019, the first OpenShift Commons Gathering Milan brought together over 300 experts to discuss container technologies, operators, the operator framework and the open source software projects that support the OpenShift ecosystem. This was the first OpenShift Commons Gathering to take place in Italy. The standing room only event hosted 11 talks in a whirlwind day of discussions. Of particular interest to the community was Christian Glombek’s presentation updating the status and roadmap for OKD4 and CoreOS. Highlights from the Gathering induled an OpenShift 4 Roadmap Update, customer stories from Amadeus, the leading travel technology company, and local stories from Poste Italiane and SIA S.p.A. In addition to the technical updates and customer talks, there was plenty of time to network during the breaks and enjoy the famous Italian coffee.

  • Powering the hybrid cloud on next-generation hardware: Red Hat Enterprise Linux on IBM System Z and LinuxONE

    For more than five years we have been driving our technology strategy around the idea that the future of enterprise IT does not reside solely in an enterprise datacenter or in the public cloud. Instead the next wave of computing is built on a blend of these technologies and infrastructure: in short, the future is hybrid. The value of hybrid clouds comes from the choice it delivers, pairing the control of the corporate datacenter alongside the scale and flexibility of public clouds. We strongly feel, however, that the most valuable hybrid clouds are those that offer not only a choice of deployment type and location, but also a choice of the underlying architecture and the capacity to run on multiple public clouds. [....] With RHEL available on Z15 and LinuxONE III, this helps pave the way for the rest of Red Hat’s hybrid cloud portfolio, including Red Hat OpenShift, to emerge on IBM enterprise platforms. We’re pleased to continue our work with IBM in bringing the world’s leading enterprise Linux platform to their next-generation systems.

  • Red Hat OpenStack Platform 15 Marks End of Short-Term Support

    Red Hat OpenStack Platform 15 is the last release that will only be supported for a year, as the company moves to a new model to support the open-source cloud platform.

  • Fedora rawhide – fixed bugs 2019/07