Language Selection

English French German Italian Portuguese Spanish


Syndicate content Purism
High-quality laptops that protect your freedom and privacy
Updated: 1 hour 30 min ago

Librem One Design Principles: Services You Can Trust

Thursday 18th of July 2019 02:24:03 PM
Engineering trustworthy services for everyone

Our hardware and software puts users back in control of computing–but, you may be wondering, can we do the same with our services? With Librem One, the answer is yes. We have big, no, huge dreams about what we can achieve with your support and the wealth of free software that already exists. But we need to keep our feet firmly on the ground.

In this post we will outline the touchstones we have used to do just that–engineer trustworthy services that everyone can use–with a design process called user-centered software engineering. We hope it will facilitate communication with friends and colleagues as we hack towards a common goal… and also show all non-technical readers that human beings are at the center of our bits and bytes. So, how did we do it?

User stories

In the beginning, we created user stories. A user story is a plain-language description of the goal that you, the person using the services, want to achieve–and represents a high-level system feature.

Primary user story

I am an everyday user without my own infrastructure. I want a single point of trust (account and applications), so that communication from my existing devices is both safe and easy.

This story highlights the essential reason we all use online services: we use our phones and laptops to communicate with others, and we don’t own or control all the machines in between. Typically, we need at least one “go-between” to relay messages.

Sysadmin user story

I am a well-intentioned sysadmin. I want to host a service on a hostile network (the Internet), so that I can help strangers communicate without compromising their digital civil rights.

This story highlights a key difference between Librem One and other online services. Our ultimate goal is that anyone with infrastructure and time should be able to rebrand and replicate our services. Users at either provider should still be able to communicate, just like you can email or phone anyone else, no matter who their email or telephone provider is.

User personas

While user stories are abstract, user personas are character sketches that help designers and developers keep a concrete person in mind, while they talk about kerning and for-loops. (These personas are minimal and not based on ethnological observation, so do take them with a grain of salt.)

Three friends

Alice, Haruto and Thandi are college friends who keep in touch. They’re aware of front-page privacy issues (Snowden, Cambridge Analytica…) and are unhappy knowing that their messages, and those of their friends and family, are mined, monetized and otherwise abused.


Alice is a doctor who uses phone and email to communicate with colleagues, and short text messages to keep in touch with her family during the day. She has a demanding job and an active social life, so she doesn’t have much time to fiddle with her laptop and phone, or log support issues. She expects software to “just work”. She is our reference for an everyday user.

Why Alice?

Alice illustrates that just because you know where the palatine uvula is, it doesn’t mean you have the time–or the inclination–to learn every technical trick there is just to stay private.


Haruto is a grief counselor who uses email for work, and a variety of tools to communicate with clients about personal, sensitive issues. He enjoys trying out new apps and features in his spare time, but would never compromise the trust of his clients. He expects core communication tools to “just work”, but doesn’t mind tweaking or reinstalling experimental tools, posting questions on forums or reporting problems informally. He is our reference for a privacy enthusiast.

Why Haruto?

Haruto illustrates that, no matter how mild our threat model, at some point we all rely on the tools that fascinate us.


Thandi is a sysadmin by day, managing sensitive data on a corporate intranet and VPN, and a sysadmin by night, managing infrastructures for local at-risk communities–none of whom she knows in person. She has professional expertise in software development and engineering (including command-line usage and logging reproducible issues in an issue tracker) and security best practices. She is our reference for an experienced user.

Why Thandi?

Thandi illustrates that, as expertise and responsibility grow, time diminishes. And additionally, that your recommendations and contributions impact real people.

But what about…

This post has hopefully outlined the high-level concerns driving our development process. But there are, of course, many other issues to consider: legal, technical, compatibility, accessibility, language, demographics… the list goes on, but the important thing for us is that the human element always remains at the center.

And, in case you liked them, please feel free to re-use our user stories, personas and images (drawn by David Revoy) under our always-on BY-SA license.

The post Librem One Design Principles: Services You Can Trust appeared first on Purism.

Consent Matters: When Tech Shares Your Secrets Without Your Permission

Tuesday 16th of July 2019 04:22:43 PM
Privacy is About Consent

There is a saying that goes around modern privacy circles that “Privacy is about Consent.” This means that the one big factor that determines whether your privacy is violated comes down to whether you consented to share the information. For instance, let’s say Alice tells Bob a secret: if Bob then tells the secret to someone else, Bob will be violating Alice’s privacy, unless he had asked Alice for permission first. If you think about it, you can come up with many examples where the same action, leading to the same result, takes on a completely different tone–depending on whether or not the actor got consent.

We have a major privacy problem in society today, largely because tech companies collect customer information and share it with others without getting real consent from their customers. Real consent means customers understand all of the ways their information will be used and shared, all the implications that come from that sharing–now, and in the future. Instead, customers get a lengthy, click-through privacy policy document that no one is really expected to read or understand. Even if someone does read and understand the click-through agreement, it still doesn’t fully explain all of the implications behind sharing your location and contact list with a messaging app or using voice commands on your phone.

Big Tech has been funded, over the past two decades, by exploiting the huge influx of young adults who were connected to the Internet and shared their data without restriction. While it’s a generalization that young adults often make decisions based on short-term needs, without considering the long-term impacts, there’s also some truth behind it–whether we are discussing a tattoo that seemed like a good idea at the time, posting pictures or statements on social media that come back to bite you or giving an app full access to your phone. Individuals didn’t understand the value of this data or the risks in sharing it; but tech companies knew it all along and were more than happy to collect, store, share and profit off of it, and Big Tech is now a multi-billion-dollar industry.

Tech companies (and much of society until a very recent past) have dismissed privacy concerns by concluding that “people don’t care about privacy” when the truth is that most people were simply unaware of the data they were sharing, the implications of sharing that data, and of the potential risks of sharing it. Therefore, any consent they gave wasn’t informed consent–companies weren’t motivated to educate customers on the risks they were taking, because it might mean losing their consent.

The main reason everyone is starting to talk about privacy now is because it takes time for long term effects to be felt. As these adults entered the workforce, their youthful indiscretions began to impact their job prospects. Then, with controversies like the Cambridge Analytica scandal, everyone got a clear-cut example of how the data that ad tech collected could be used against them–to do more than show them ads. Privacy has become the tattoo removal of the information age as everyone is looking for a way to cover up mistakes from the past. Now that “privacy” has become marketing gold, these same companies have rallied around redefining the word to apply it to their products without actually protecting their customers.

Solving the Privacy Problem

The reality is that people do care about privacy, but they don’t feel empowered to do anything about it. Between Big Tech, advertisers and governments all wanting to collect and analyze your data, what are you to do? The solution is simple: consent. Society is educating college students on the importance of affirmative consent in sexual encounters and that the default is a position of no consent. This means that it’s not enough that a person didn’t say ‘no’ (opt-out) to escalating sexual contact; they need to say ‘yes’ (opt-in). Affirmative consent grants each individual power over their own body in a way that opting out doesn’t; if these large tech organizations, who started from a position of no consent, were now required to get explicit and informed consent (opt-in) from customers–before capturing and sharing their data–people using them would finally be in control.

But that is unfortunately not what’s happening. Instead, each time privacy proposals come before the government, these same companies that tout privacy in their marketing campaigns fight to remove any requirement that they need to get your consent before collecting and sharing your data. They realize that most people wouldn’t consent if asked, so they’d prefer you ask them to stop (opt-out) and hope most people won’t bother, or understand. When you later discover how they’ve used and abused your data, they can claim you never opted out. They’d much rather ask for forgiveness than for permission.

This privacy problem is why Purism was founded, is cemented into our corporate charter, defines how we build all of our products; it is why we created Librem One services and why we are asking the California legislature to require tech companies to get consent before using your data. You should be the one in control of your technology and your data, and the key to that control is consent.

The post Consent Matters: When Tech Shares Your Secrets Without Your Permission appeared first on Purism.

Librem 5 July Update

Friday 12th of July 2019 04:25:24 PM

Hi Everyone! The Librem 5 team has been hard at work. and we want to update you all on our software progress. These last few weeks have been heavily focused on polishing the UI and bug fixes, in order to get ready for a string of journalist demos.

When we deliver the Librem 5, its software will focus on the most critical applications a phone needs: calls, messages, and web browsing. Some supporting projects will be delivered too, like GNOME Settings, the shell, and GNOME Initial Setup. So without further ado, let’s take a tour through the software we guarantee we’ll deliver, as well as some other applications that have seen some major changes.

Applications Libhandy

We have made a few minor fixes to libhandy, like improving the homogeneity of the login screen buttons. And HdyHeaderBar now has a back button instead of its window decorations if it is placed inside a HdyDialog, to further enable adaptive dialogs.


We made some changes to calls’ UI, to display digits pressed during a phone call and use a libhandy widget to switch between recent calls and the dial pad. Also, messages (error or otherwise) are now displayed for only a short time. An ALSA use case-configuration was added for the devkit’s SGTL5000 sound card, which also keeps PulseAudio from setting the microphone to mute.


We have also made some minor feature additions to Chatty recently. A --safe-mode option has been added, so that if one of a user’s many accounts is failing, it becomes easier to find which one is at fault. If an account validation fails, there is now an account validation retry; and the about dialog is easier to close. When a new contact is added, the template is cleared of previous info, and the chat history list is now ordered so that the newest chat is at the top of the history. Message list height is now used to improve content placement, and the styling of the message bubbles has also been improved by tweaking the CSS.

We have addressed some severe issues as well: a buddy list-related crash, a history-related crash and a memory leak were fixed. Chatty now waits until the modem is ready, before the SMS account is active–and some remaining purple_log parsing functions were removed so as to fix a crash–thanks to Leland Carlyle for the patch!


Startup connection, reconnection and plugin state have been improved–and an auto-reconnect was added.


Testing and integration of the Lurch plugin is completed, and it is even being built as a package!


GTK 3 is stable upstream, but we need to make some parts of it adaptive for the phone (e.g. the open file dialog), and so we will ship it with some downstream patches–but we are still interested in upstreaming the changes to GTK 3 (if there is interest), and aim to get them into GTK 4. These downstream changes have been added to our build jobs, so that it is shipped on the devkit image.

Our GTK 3 changes also include a lot of dialog work: the file chooser and about dialogs have been ported to the phone; the message dialog has also been ported to the phone, by making their buttons vertical. Also, transient windows and dialogs with a close-button will now have a back-button instead. Resizable windows (hence, most of them minus message dialogs) will be maximized to fill the screen.

Web Browsing

In general, we made a serious effort to overhaul the preferences windows. The history does not overflow the screen anymore, and all the data management dialogs have been overhauled to work better on the phone and look nicer in general (“history”, “cookies”, “passwords” and “personal data” dialogs). Web is now using a mobile user agent too, and most websites look better on the phone.

The tabs popover has been turned into a tabs page, taking the whole window, and it looks great. Plus, the tabs icon has been replaced by a new icon, showing the number of tabs you have open. Thanks so much to Christopher Davis and Alexander Mikhaylenko for these additions!

We are also building WebKit now, to provide rapid scrolling.

Initial Setup

GNOME initial setup has mostly been ported to the Librem 5!


We are working hard to port GNOME Contacts to the Librem 5. One of the issues we tackled was fixing the birthday picker and making it adaptive–and one other awesome change was improving the UX/UI for unlinking contacts.


We all know that time is important and cannot be ignored… and that is why GNOME Clocks has been ported to the devkit!


We are currently working on porting GNOME Settings to the Librem 5, and so far, our effort has been mostly focused on the WWAN/Cellular panel (see the cellular panel design); users can now select Network Operator, either manually or automatic, set the allowed modem mode (like 2G only, 3G only, 3G and 4G, etc), and set/change/disable the PIN for their SIM card. The groundwork has also been laid for configuring the APN settings tied to the SIM card, by using mobile-broadband-provider-info and nm-applet APIs, so users can select a default APN via the dialog–and also save them to NetworkManager connections. Roaming can now be set/unset as well.


The latest images are now using a 5.2 kernel, have a new keyboard, lots of UI improvements, and more!


We are so happy to tell you about one of the major changes since the last blog post: we now have a new keyboard, squeekboard!

The keyboard now indicates when you’ve pressed a key–many thanks to Hysterical Raisins for helping us prune this issue!

Compositor + Shell

We have mentioned before that the compositor will be switched from rootston to a new phone compositor using the wlroots library (phoc), and now phoc is the default compositor. Phoc has seen some recent bug fixes, like regarding login integration and hiding the cursor when there is no external mouse connected. Touch events are now not lost when destroying a surface.

The look and feel of the shell is always improving, getting closer to what we are familiar with on smart phones–and there have been lots of changes in the shell! Phosh v0.0.3 has just been released, featuring so many of these cool changes!

We also made sure dialogs are now wrapped to better fit the narrow screen, there have been some spacing improvements, CSS changes to phosh (to bring the shell closer to matching the design), and improvements in the system modal dialogs. Many translations have been added and updated to phosh–thanks to the community for contributing them via zanata–and Libhandy is now built as a subproject of phosh, so thanks, Zander Brown, for the patch!

The lockscreen looks much more modern than it did a few weeks ago; we added the date, and fixed an issue regarding WiFi not showing on the lock screen all the time. To keep the lockscreen arrow animation from eating up too much battery, that arrow animation is stopped after 15 cycles. Also, the battery icon now indicates when the board is receiving power too–take a look at the new start screen below, as it now includes the weekday and date!

We have been making some changes to the overview too, to make sure the user is focused on the main applications. The system prompter LayerSurface has been made to behave more like regular GTK widgets.

And since wallpapers are important to most of us, there was a focus on the background: we added a PhoshBackgroundManager, and backgrounds have been re-enabled. The background is drawn at full resolution on HiDPI screens, too! Background zoom mode was implemented, background colors are now supported (besides wallpapers), and the background surface has been modified so that it’s not hidden behind a panel in order for a wallpaper to be centered.

A lot of work has gone into the app switcher too, which has been overhauled–thanks to Zander Brown for all of his work on this!

And if all this wasn’t enough, we have fixed a few bugs, such as a pesky pixel offset issue and that annoying flickering on boot that we reduced by changing the lockscreen background to black, since the shell’s background is black too (desktop background is configurable). Kernel

Since we upstreamed the devkit’s device tree, the natural next step afterwards was to start on the Librem 5’s device tree–and the first cut of the phone device tree is available here. We also submitted the flash-kernel upstream; both cpufreq and cpuidle are working and there is a noticeable temperature (5-10°C) drop; and when it comes to the graphics stack, one more driver for the imx8MQ display-driver has been merged upstream–only two more to go! We also made some devkit LCD panel improvements, and version 12 of the Mixel MIPI DPHY driver has been accepted upstream!


The guide on setting up WiFi has been improved by us, and we also provide more guidance on debugging compositor crashes and LCD problems now. Some other updates concern the information about simple I/O devices, some additional warnings about battery usage and screen area constraints. Core contributors are also likely to find the new documentation on our package building infrastructure helpful.

This is it for today–a big “Thanks!” to everyone who has helped review and merge changes into upstream projects: your time and contribution are much appreciated. Stay tuned for more exciting updates to come!

The post Librem 5 July Update appeared first on Purism.

Purism and the Linux 5.2 Kernel

Wednesday 10th of July 2019 04:51:58 PM

Hello again. Following up on our report for the Linux 5.1 kernel, here’s a list of contributions for the Linux 5.2 kernel cycle, for which our team recently contributed with 14 patches–including a new driver for the Librem 5 devkit’s panel:

Support for the Librem 5 devkit’s proximity and light sensor

The following series of patches added support to the devkit’s VCNL4040 proximity and light sensor, the VCNL4000 driver:

Support for the imx8MQs thermal management unit

In this case, the driver was already there–but the device tree needed quite a few additions to enable the TMU:

Support for the Librem 5 devkit’s LCD panel

This series of patches added a new DRM panel driver to the devkit’s LCD panel:

DMA related fixes

Here are several SDMA-related fixes, which are important when it comes to sound:

DSI related fixes

Finally, a clock addition, in preparation for DSI support:

We have also contributed with two reviews to already published patches.

That’s it for today, many thanks to all the reviewers so far—and do stay tuned, there’s more to come for the 5.3!

The post Purism and the Linux 5.2 Kernel appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 3

Wednesday 10th of July 2019 03:09:21 PM

We’ve been showcasing a different piece of software running on the Librem 5 Smartphone Development Kit every day for the last twenty days.  Twenty.  In a row.

And we’re not done.  Because, holy smokes, do we have a lot more to show.  And, let’s be honest, these are just plain fun.  Daily videos kick back off tomorrow (July 11th) with video number 21.

You can enjoy Days 15 through 20 below — and Days 1 through 14 in the Week 1 and 2 posts.

If you pre-order the Librem 5 before July 31st, you save $50.

Day 15 – Cryptocurrency Tracker (also on YouTube)


Day 16 – Something a little different… (also on YouTube)


Day 17 – GNOME Contacts (also on YouTube)


Day 18 – Telnet (also on YouTube)


Day 19 – Sudo (also on YouTube)


Day 20 – PureOS Store (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 3 appeared first on Purism.

Up and Running With Your Librem in Three Minutes

Monday 8th of July 2019 12:48:54 PM Security and privacy for everyone

The right to respect and privacy should be unconditional; within the digital world itself, it shouldn’t be necessary to be an expert in computer science to guarantee you can–and know how to–be entitled to those rights. Making secure and respectful devices is essential, but to be fully ethical, those devices also need to be simple to use, so everyone can use them.

Our mission at Purism is to make technologies that respects people, whoever they are and whichever background they come from. That is why we make sure that everything we develop conforms to the Ethical Design manifesto, The manifesto itself is quite simple in what it states: that everyone should have the right to be respected and to have a delightful user experience.

I am not saying that Purism’s technology is perfect in the sense of simplicity of use–nevertheless, we are constantly working towards it, and we will always keep that goal in mind. Purism is a Social Purpose corporation, it is funded by the people, and we give back all our research and development to the people. This way we make sure that the initial ethical goal of Purism is a free seed that will grow no matter what.

Up and running in three minutes

That’s all it takes. The video shows it really only takes three minutes to get you up and running with a brand-new Librem laptop. The Librem  laptops ship with PureOS pre-installed, and its setup is pretty straight forward, as you can see. No install process is necessary, no mandatory constraining policy to agree on, no probable spyware to setup for a more convenient advertising experience…

Your Librem may get to take one or two more minutes to start if the Librem One setup is part of the initial setup process, but everything will remain pretty simple–especially if you already have an account. I will be writing more on that subject soon, so stay tuned.

The post Up and Running With Your Librem in Three Minutes appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 2

Wednesday 3rd of July 2019 10:30:51 PM

We have just wrapped up our second week of looking at one new application (or game, or feature) running on the Librem 5 Smartphone Development Kit every single day.  (You can find the first 7 pieces of software running on the Librem 5 being shown in the Week 1 post.)

Below you’ll find the software for Week 2 (days 8 through 14) — from Emacs to Torrents to Games.

Side note: If you pre-order the Librem 5 before July 31st, you save $50.

Day 8 – GNOME Clocks (also on YouTube)


Day 9 – Emacs (also on YouTube)


Day 10 – Password Safe (also on YouTube)


Day 11 – OpenTTD (also on YouTube)


Day 12 – GNOME Podcasts (also on YouTube)


Day 13 – Fragments Torrent Client (also on YouTube)


Day 14 – Drawing (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 2 appeared first on Purism.

Librem 5 App Design Tutorial — Part III

Tuesday 2nd of July 2019 03:44:45 PM
Naming your app

So you finally started working on the awesome idea you had for a GNOME app, designed a great interface for it and want to start building it. You open Gitlab in order to create a new repository… and oh no!, it wants a name.

Existential dread sets in. Naming things is hard, and naming user-facing things even more so. App names are read, pronounced, heard of and remembered by lots of people. A name is, along with an icon, the most important identifier for your project. This tutorial will help you find a great name for your app–or, at least, make it a bit easier.

General Guidance

As the GNOME Human Interface Guidelines puts it:

“An application’s name is vital. It is what users will be first exposed to, and will help them decide whether they want to use an application or not. It is a major part of your application’s public face.”

A good name is hard to find, but putting in a bit of effort up-front is worth it, since renaming the app afterwards is much harder (and messier). A good name should consist of one or two simple nouns; be related to the app’s domain (e.g. Celluloid for a video app); be short (less than 15 characters) and easy to pronounce. It should also make it easy to come up with a good icon (e.g., reference an object that could be turned into an icon), and use title case (e.g. Icon Preview instead of iconPreview).

On the other hand, a good name should probably avoid using trademarks or names of other projects (e.g. GNOME MPV); having a “G” prefix (e.g. GParted); being overly complicated, whether a name or an acronym (e.g. GIMP, GNU Image Manipulation Program); relying on puns and inside jokes (e.g. D-Feet), using non-standard punctuation and whitespace (e.g. UberWriter) or made-up words and word combinations (e.g. Inkscape).

The Process

Having been involved in naming a lot of projects, I now have a process which consistently produces pretty good results: I write down all the words related to the app’s domain I can think of; do a thesaurus search of some of those words, find even more related words and, when I have about 15, I pick out the best-sounding ones, and ask myself: Are they too long? Are they easy to pronounce? Could they have negative connotations? I do a quick check to see if the names are already taken and, among those not taken, choose my favorite one.

Naming an app which is part of GNOME is slightly different, because apps have completely generic names describing their function or type content (e.g. Files, Image Viewer, Fonts, Music). Since this is much simpler–and unusual–in this tutorial we’ll focus on independent, third-party app naming only. Let’s start with a real-world example: a few months ago I was involved in renaming an internet radio app called Gradio–a bad name for many of the above-mentioned reasons. We wanted a nicer name for the new, completely rewritten version of the app.

1. Brainstorm

So, Internet radio. What immediately comes to mind? Well, let’s say Radio, Transmission and Stations. But these are pretty generic terms, so let’s branch out a bit. As with most digital technologies, it’s hard to find nice metaphors, but we can use their analog predecessors (i.e. analog radio).

Are there any related physical objects we can use? Maybe Receiver, Headphones and, say, Antenna? Maybe also something related to analog radio technology, such as Transistor or Frequencies? We also considered the names of people who worked on the technology, like Marconi and Hertz.

2. Thesaurus

Now that we have a few words to start with, let’s plug them into a thesaurus (or a similar site, like and see if there are any good related words. and see if there are any good related words. This is usually pretty hit or miss, as most related words will neither be relevant to the domain, nor make sense as names. But I always find a few good options that I didn’t think of before.

A few additional words from a thesaurus search were Transmission, Shortwave, Wireless and Decibel. We also had a brainstorming session on Matrix with a group of people from the community, which gave us Longwave, Shortrange, Hzzzzz, Spectrum and Waves.

3. Pick the best ones

We had about 20 words, so we stopped brainstorming and started looking for the ones that would make good names. This is not a scientific process: just take each word and imagine it as the app’s name, paying attention to its length, ease of pronunciation, and whether it sounds nice.

My favorites were Transistor, Hertz, Spectrum and Shortwave. They’re all relatively short, easy to pronounce, and sound good as app names. We now need to know if we can use them.

4. Check if they’re taken

I usually start off by searching directly on Github to see if any other FOSS projects are already using a name. If I don’t find anything there, I search for the name on Duckduckgo, adding “app” or “open source”. You’ll often find something somewhere using the name already; not necessarily a problem, if it’s an app/project/company from a different domain–but it’s better to avoid large projects and companies.

It turned out Transistor is already a radio app for Android. Since our app does something very similar, people might think it is affiliated with that project, which we want to avoid; and Hertz is the name of a car rental service. It’s a big company, so best to stay away from that as well. Spectrum is already the name of a forum software (which looks really cool, by the way). The potential for confusion is low here, but the project is well-established, with 6000+ stars on Github, so also not a great option. Finally, Shortwave is used by a bookmarking app; some search results are related to actual analog radio software, but nothing looks too problematic, and it seems viable.

So, the process is always the same: a quick search to check what’s out there and determine the potential for confusion or trademark problems. Since you’re working on a free software app, you’re probably not going to get into legal trouble, but you may have to change the name later on.

5. Pick a winner

You probably know which name you want by now, so go ahead and make it official. In our case Shortwave won. It is good because it is short, distinct-sounding, related to the domain, a pronounceable English word that is not taken by any major projects or companies.

And if all your favorites are taken, go back and do some more brainstorming: the perfect name for your app is out there, and you will find it!


Here are some examples of well-named third party apps in the GNOME ecosystem, and what makes their names great:

Fragments, a torrent app. The name is great because it is unique among torrent app names (which usually reference water, e.g. Deluge), yet clearly connected to its domain, since BitTorrent splits files into lots of tiny parts and sends them in random order.

Peek is a GIF screen-recorder with a very appropriate name: it makes short recordings of small parts of the screen and feels small, quick, and frictionless–all of which the name perfectly encapsulates.

Teleport sends files across the local network. The idea behind it is to make sending the file seem effortless when compared to other methods, such as using web services or USB drives. The Sci-Fi metaphor is perfect for that.

That’s it for now–I hope you enjoyed this tutorial, and if you feel like reading the full version, you can find it here.

The post Librem 5 App Design Tutorial — Part III appeared first on Purism.

Made in USA Librem Key

Thursday 27th of June 2019 04:31:29 PM
Purism is happy to announce the new, made in USA Librem Key What does “Made in USA” mean?

We would never use the words “Made in USA” lightly. We had to meet very strict requirements before being allowed to use that label. It’s well-known that other firms have been fined for mislabeling their Made in China products as Made in USA, for instance because “screwdriver assembly” only (getting electronics made elsewhere and doing final case-assembly in the USA) is not enough to qualify for “Made in USA”. A company can source specific, individual electronics components from around the world (we source chips like the OpenPGP smart card from a European supplier, for example) but must actually make–as in fabricate–the product here, in the US, to be able to label it as “Made in USA.” Protecting the digital supply chain matters

We are investing in improvements all across our supply chain. We have written about the importance of protecting the digital supply chain before, and are now pleased to announce a major, related improvement: the new, made in USA Librem Keys!

The original Librem Keys were manufactured by Nitrokey as part of our initial partnership. We will be manufacturing the Librem Key v2 in the same US facility where we manufactured our Librem 5 devkits; it will have the same features of the original Librem Key, use the same OpenPGP smart card chips, and the inside will look almost the same–but the outside will have a new, re-branded case saying “Made in USA”.

Tight supply chain control is very important, because this device will hold your most sensitive secrets–your GPG keys, your PureBoot secrets. We oversee the complete production of the Librem Key, so they never leave our sight–from PCBA to finished product–until we send them to you. You can trust not only the keys, but also any laptops configured (at our facility) with PureBoot and protected by those same Librem Keys.

This is only the beginning

Made in USA Librem Keys are only the beginning: we have already tested the capabilities of our US facility by making Librem 5 devkits there, and as we continue to fine-tune our operations with the Librem Key, we are testing how many more of our products we can build there.

Having Made in USA, in-house fabrication ensures freedom, security, and privacy for people and enterprises. This is the second Made in the USA product by Purism, but only the beginning of what we have coming.

If you are interested in Made in USA Librem Keys, you can find more information about them here.

The post Made in USA Librem Key appeared first on Purism.

Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA

Thursday 27th of June 2019 04:14:46 PM
Version 2 of the first and only security key offering tamper evident laptop protection has a tightened supply chain to ensure privacy and security for users

SAN FRANCISCO, Calif., June 27, 2019 – Purism, the social purpose corporation which designs and produces popular hardware and software that protects users’ digital lives, today announced its Librem Key product will be the first device of its category to be made in the USA.

Librem Key, the first and only OpenPGP smart card closely integrated with the Heads-firmware offering a tamper-evident boot process, launched in September 2018. Initially manufactured in-part by partner Nitrokey, Purism is now manufacturing Librem Keys entirely from Purism’s Carlsbad, California headquarters – the same U.S. facility used to manufacture its Librem 5 smartphone devkits in 2018. Version 2 also stores up to 4096-bit RSA keys and up to 512-bit ECC keys and securely generates keys directly on the device.

Supply chain security is a rising concern due to the lack of control hardware companies have over manufacturing links. Threats include security hacks, malware concerns, cyber-espionage, and even copyright theft. Purism sees protection of its supply chain as an existentially important issue, and has invested in supply chain improvements including the launch of Librem Key V2.

“Having a secure supply chain is critical for hardware that holds your most sensitive secrets,” said Kyle Rankin, Chief Security Officer of Purism. “By making the Librem Key in the USA, we’ve removed even more links in the supply chain and can directly oversee the complete process from Librem Key production to shipping to the customer. Here at Purism we hope to lead by example, lessening uncontrolled links and understanding every step of our supply chain.”

Purism takes the “Made in USA” label seriously, especially as other firms have been fined for mislabeling their products as American made when they were made in China. For example, “screwdriver assembly” – electronics made elsewhere and doing final case assembly in the USA – does not qualify a “Made in USA” stamp of approval. And while a company can source specific individual electronics components like resistors or unpopulated circuit boards from around the world, the company must fabricate the product here in the US to qualify as “Made in USA.”

“Librem Key’s USA fabrication is yet another area where Purism is beating the technology giants by ensuring a secure supply chain for critical hardware, and it has been our goal to do so since we formed in 2014,” said Todd Weaver, founder and CEO of Purism. “As we start to move more and more of our manufacturing to the U.S., it will give us complete control over the production lifecycle, which means that eventually our devices will never leave our purview, from schematics, through PCBA (Printed Circuit Board Assembly), to finished product.”

This move will enable Purism to exponentially increase manufacturing volume to meet growing sales demands.

A Key to the future

Made in USA Librem Keys is the beginning of Purism’s journey to a tighter supply chain. Since the inception of Purism in 2014, the company has been working toward a U.S. supply chain because of the security implications and benefits.

Purism has already tested the capabilities of its U.S. facility by making Librem 5 devkits late last year, and the company continues to fine-tune operations with the Librem Key and setup for more of its products to be built there.

The investment in protecting user privacy and security has paid off. Purism has seen triple-digit sales growth year-over-year since its founding in 2014 and even with a rapidly growing 60+ person team continues to grow funded from profits.

Made in the USA Librem Key will begin shipping on July 4, 2019. Learn more about Librem Key here:

About Purism:

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco, California, and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact:
Marie Williams

The post Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 1

Wednesday 26th of June 2019 04:21:36 PM

As we steadily work towards the release of the Librem 5 smartphone (Q3 of 2019), we’re taking a look at one new application (or game, or feature) running on the Librem 5 Development Kit every single day.

Below is the first week worth–Solitaire, web browser, system tools, note taking… just all over the map. Some of these are mobile optimized applications. Others are desktop Linux applications, running unmodified on Librem 5 development kit hardware.

What will the next week hold? Which applications and games will we take a look at over the coming week? Who knows! (Well. I do. But I’m not telling.)

Side note: If you pre-order the Librem 5 before July 31st, you save $50. And fifty bucks is fifty bucks.

Day 1 – Solitaire (also on YouTube)


Day 2 – Gedit and Apt (also on YouTube)


Day 3 – Web Browser (also on YouTube)


Day 4 – GNOME Calculator (also on YouTube)


Day 5 – GNOME Dictionary (also on YouTube)


Day 6 – Evince Document Reader (also on YouTube)


Day 7 – Annotated Note Taking with Xournal (also on YouTube)

The post Runs on the Librem 5 Smartphone – Week 1 appeared first on Purism.

The New Generation of Tech and Stronger Privacy Laws

Tuesday 25th of June 2019 08:23:14 AM
Read all about how Todd Weaver and Brendan Eich reject Big Tech’s efforts to weaken California’s privacy law.

In a nutshell, what you can read in The Mercury News is how every Big Tech company seems to care about privacy now—while quietly attempting to dismantle the California Consumer Privacy Act before it even goes into effect. Why? California’s new privacy law requires large companies to respect basic information rights: what is collected, sold, traded or shared.

Sharing intimate information and manipulating users’ choices and actions are serious mistakes.

Our colleagues in Big Tech worry about privacy violations too… and that’s why so many of them don’t allow their own children to use the products and services they sell.

Regulate us. Seriously.

We don’t believe in building things we wouldn’t let our own kids use, and that’s why we want to strengthen California’s consumer privacy law. Our industry knows how to innovate and adapt, we thrive in the startup mindset of tackling new challenges, we know how to conquer what seems impossible. Regulation that helps civilians is critical; regulation that creates a barrier to entry for competition and protects technology giants is not.

We know how to imagine, dream, innovate, and implement.

We want to make sure our customers, their families and our families–everyone’s privacy rights–are protected. It is imperative. Because strong privacy laws are good for everyone.

Read the full article in The Mercury News post–written by our CEO, Todd Weaver, and Brave CEO, Brendan Eich.

The post The New Generation of Tech and Stronger Privacy Laws appeared first on Purism.

Librem 5 June Software Update

Wednesday 19th of June 2019 04:27:26 PM

Hi everyone! The Librem 5 team has been hard at work, and we want to update you all on our software progress.


A couple of blog posts back, we mentioned that our hardware engineer gave a talk at KiCon—and it is available for watching now!

Also, recently Tobias Bernard attended the Libre Graphics Meeting, where he had lots of conversation around the future photo viewing application for the Librem 5 phone.

Applications Libhandy

Libhandy v0.0.10 was released and has a slew of cool new widgets! In summary, the new widgets are:

  • HdyViewSwitcher: a view switcher which can automatically adjust its layout to fit narrow screens
  • HdySqueezer: a widget that allows switching where the view switcher is
  • HdyHeaderBar: an advanced header bar
  • HdyPreferencesWindow: an adaptive preferences window for all applications

A nice aesthetic change is that HdyComboRow handles long labels better now—by ellipsizing them.

Below you can see how HdyViewSwitcher makes the Clocks application adaptive.

Below you can see how the HdyPreferencesWindow is used in GNOME Web to make the preferences window adaptive.

We also improved Libhandy’s test suite.


Work has continued to extend wys to instantiate PulseAudio’s loopback module—which ties the modem’s and codec’s ALSA devices together when a call is activated, and de-instantiates the module when the call is terminated. Since this causes conflicts with hægtesse, a scheme was devised to keep both hægtesse and wys from running at the same time.


A chat history is being implemented via an SQLite database. Thank you, Leland Carlyle, for all of your hard work in this area!

Account verification has been added so that now, when you add a new account, a connection is established to the server and (in case of failure) the user is alerted. Thanks to Benedikt Wildenhain for the patch!


We are very committed to providing encrypted messaging when the phone ships, so we have made an extra effort to implement OMEMO encryption, via the Lurch
. Recent changes in this plugin have led us to ongoing integration and testing with Chatty.

There is a padlock symbol in the message bar now, indicating whether the chat is encrypted or not. You can also view your fingerprint—as well as your conversation partner’s fingerprints (see example below). Thanks, Richard Bayerle, for all of your work on the Lurch plugin!

Web Browsing

GNOME Web will benefit from the new widgets released in Libhandy 0.0.10, as mentioned above. Additionally, since recent testing has identified some bugs in GNOME Web, our development team has been looking into some of these issues. The outcome has been the reporting of many of those issues upstream.

Initial Setup

We plan to deliver GNOME Initial Setup in the first shipment of the phone—because it is very important for setting up your environment. Before any major porting effort was possible, though, some design effort was needed—and now porting work is underway!


So many exciting things are happening at the system level!

After many revisions, the librem5-devkit device-tree has been accepted upstream. To prepare for this, the same device tree name is used both in the kernel and in the flash-kernel as well.

The devkit image went through lots of changes, too. Wlroots v0.6.0 is now available, and contains many of our necessary changes. To make the overall experience look nicer, the shell now prefers the dark theme, and the keyboard auto-hides when the app drawer is opened. Detecting corrupted downloads of images has been made faster by adding a size verification. Thanks to Hugo Grostabussiat for the patch! The devkit image has support for the camera, too–and below you can see the devkit’s first selfie

The New libhandy 0.0.10

Monday 17th of June 2019 12:15:23 PM
Libhandy 0.0.10 just got released, and you can get this new version here. It comes with a few new adaptive widgets for your GTK app we’d like to tell you about: The View Switcher

GNOME applications typically use a GtkStackSwitcher to switch between their views. This design works fine on a desktop, but not so well on really narrow devices like mobile phones, so Tobias Bernard designed a more modern and adaptive replacement – now available in libhandy as the HdyViewSwitcher:

In many ways, the HdyViewSwitcher functions very similarly to a GtkStackSwitcher: you assign it a GtkStack containing your application’s pages, and it will display a row of side-by-side, homogeneously-sized buttons, each one representing a page. It differs in that it can display both the title and the icon of your pages, and that the layout of the buttons automatically adapts to a narrower version, depending on the available width. We have also added a view switcher bar, designed to be used at the bottom of the window: HdyViewSwitcherBar (and we’d like to thank Zander Brown for the prototypes!). The Squeezer

To complete the view switcher design, we needed a way to automatically switch between having a view switcher in the header bar, and a view switcher bar at the bottom of the window.

We added HdySqueezer; give it widgets, and it shows the first one that fits in the available space. A common way to use it would be:

<object class="GtkHeaderBar"> <property name="title">Application</property> <child type="title"> <object class="HdySqueezer"> <property name="transition-type">crossfade</property> <signal name="notify::visible-child" handler="on_child_changed"/> <child> <object class="HdyViewSwitcher" id="view_switcher"> <property name="stack">pages</property> </object> </child> <child> <object class="GtkLabel" id="title_label"> <property name="label">Application</property> <style> <class name="title"/> </style> </object> </child> </object> </child> </object>

In the example above, if there is enough space the view switcher will be visible in the header bar; if not, a widget mimicking the window’s title will be displayed. Additionally, you can reveal or conceal a HdyViewSwitcherBar at the bottom of your window, depending on which widget is presented by the squeezer, and show a single view switcher at a time.

Another Header Bar?

To make the view switcher work as intended, we need to make sure it is always strictly centered; we also need to make sure the view switcher fills all the height of the header bar. Both of these are unfortunately not possible with GtkHeaderBar in GTK 3, so I forked it as HdyHeaderBar to, first, make sure it does not force its title widget to be vertically centered, and hence to allow it to fill all the available height; and second, to allow for choosing between strictly or loosely centering its title widget (similarly to GtkHeaderBar).

The Preferences Window

To simplify writing modern, adaptive and featureful applications, I wrote a generic preferences window you can use to implement your application’s preferences window: HdyPreferencesWindow – and organized it this way:

• the window contains pages implemented via HdyPreferencesPage;

• pages have a title, and contain preferences groups implemented via HdyPreferencesGroup;

• groups can have a title, a description, and preferences implemented via rows (HdyPreferencesRow) or any other widget;

• preferences implemented via HdyPreferencesRow have a name, and can be searched via their page title, group title or name;

• HdyActionRow is a derivative of HdyPreferencesRow, so you can use it (and its derivatives) to easily implement your preferences.

The next expected version of libhandy is libhandy 1.0. It will come with quite a few API fixes, which is why a major version number bump is required. libhandy’s API has been stable for many versions now, and we will guarantee that same stability starting from version 1.0.

The post The New libhandy 0.0.10 appeared first on Purism.

Todd Weaver on Digital Trends Live

Thursday 13th of June 2019 05:55:06 PM
Data privacy and security are important for all of us, no matter if we are talking about a corporation or just somebody who’s on a social network.

I have just had a wonderful conversation with Greg Nibler, from Digital Trends Live, about all kinds of different ways these issues are being tackled. Greg started by asking me to introduce Purism, and why we do what we do.

Well, we started around 2014 as a Social Purpose Company: we advance social good over maximizing profit. We build laptops, a secure token called a Librem Key, and we are also coming out with the Librem 5: a smartphone that doesn’t run on Android nor IOS, but our own operating system PureOS (the same you get on our laptops). These are available today, with the Librem 5 phone (on pre-order now) coming out in Q3 of this year. Our services—chat, email, social media, VPN—are all standardized protocols, decentralized, with no data retention and end-to-end encrypted. We are going to continue to put out more and more hardware, software, and services as we progress.

I’m kind of a hardcore geek, both in the hardware and software side—but I also am a digital rights activist, making Purism my dream come true by combining hardware, software and services together, in one convenient package. What is awesome is that our entire team is excited about the exact same thing: making convenient products that respect people. Hardware is a little bit more security-minded and privacy-focused, it is where the hardcore audience is: it really gets down to a trust and verified model. The same happens with software: it all needs to be released.

It’s just like with organic food – you have to inspect the soil, so regulators can say ‘hey, this is actually organic’. We do that same entire model within the hardware realm: we release everything for verification, and that gives us peace of mind at that low level—all the way up to services.

We also believe services should always be end-to-end encrypted, and they should never track people. We bundle all of our ethical services together into one package, and if we hand you a laptop you don’t have to know that the schematics were released, that the software was all released. What we offer was built by a Social Purpose Company, you can just turn it on and use it.

Kill-switches on a Librem laptop

Greg was curious about the kill-switches we install in our laptops: I told him it’s kind of an old thing, a reboot of the kill-switches on early devices – just like a light switch, it allows you to toggle off the hardware. You can physically sever the circuit of the webcam and microphone, so they don’t have any power to the actual device.

And they are really, really easy to use. We are going to have them on the Librem 5 phone as well, so you can turn the webcam and microphone off, Wi-Fi and Bluetooth, even the cellular connection if you want to. Why don’t Big Tech companies use these any longer? It was easy to do it in software; then it became this trust issue, where you could have your webcam on even though the light didn’t come on… What’s fascinating is we’re actually starting to see Big Tech companies use these, and a few other devices, because of these privacy-invading concerns. Big Tech is going to be pushing this privacy talk as well—even though it’s more a marketing thing than related to any type of credibility.

How do I see these issues evolving? They are clearly going to continue to grow around how much data is being gathered, where things are joining together, and data leakage. Data retention policies are going to start coming out: how long somebody holds the data for, what data is being stored, how all of these little bits of data add up to a giant story about you—and how that story is exploited.

We ended the interview with a clear notion of what Purism is—successfully, ethically—competing against. It was a cool chat, do watch the video and listen to the full version here. And thank you, Greg Nibler and Digital Trends Live!

The post Todd Weaver on Digital Trends Live appeared first on Purism.

“See Your Junk” – Behind the scenes

Wednesday 12th of June 2019 02:28:08 PM

At Purism, we aim to promote privacy and freedom through the use of free software (and we see it as ethical software). When we work, and in order to produce our content–such as what you see in this page–we use free software, too. And so, with a small budget and some basic audio and video gear, along with a few Librem laptops (running free software only, of course), we have made this video the ethical way, using ethical tools from beginning to end.


Pre-production took us the longest, and kept us working for quite some time–we ended up taking over a month to prepare everything. Todd, Purism’s founder and CEO, handed me a really funny script that he had written himself; I read it and started organizing the shoot with the help of Jenny Lavery, who did an amazing job of finding the perfect actors, location and props.

After planning every shot I started drawing a storyboard, using GIMP, my Librem 13, and a simple graphics tablet.


Once everything was planned for, I packed my suitcase and traveled to Austin, Texas, with Therry Cazorla, a fellow French countryman. Therry is the director of photography with whom I have been working for years.

We were so lucky with the weather; the weather is always a big question mark, and a nightmare in what comes to delaying everything, when shooting outside. I had planned on spending two full days shooting the entire video, but everything went so well–and everybody was so professional–that we ended up managing to shoot it in just one day, which was amazing!

Like I said before, we chose to use free software only. That choice led us to shoot with a camera that is compatible with Magic Lantern, a free software add-on that… well, adds features to the camera we used, and that also allowed us to shoot in RAW format–i.e., straight from the sensor and generating an uncompressed file, resulting in the maximum possible raw image quality.

The RAW format is also very useful for it allowed me to process the look of our initial footage as soon as I finished recording; I used a software called MLV-App to do just that, because it lets me analyze my raw footage and apply a flat look to it. This is a personal preference, it’s what I prefer to do regarding color grading technique and results. Everything flowed so well I managed to put together a first, rough edit, the very day we finished shooting.

Post production

Shooting in the USA was fun, but once we finished I had to travel back to France, to my home studio, where I had all the material I needed to start editing.

Video editing

I used Kdenlive to edit the video; it is a very complete, very professional, free software, non-linear video editor.

I now had the perfect opportunity to test the new Librem 15 with a 4k screen… having this video to finish meant I was simultaneously able to test hardware and software in a real project, and help developers improve product experience. And so I made a first cut of the video, and started to edit the audio.

Audio editing

Audio quality plays a big part in the overall quality of the final, resulting video. I would even go a step further and say the quality of the audio is perhaps more important than that of the image, when making a professional-grade video (but feel free to disagree).

In order to professionally edit the audio, I had to export my timeline from the video editor to a proper audio editor—Ardour, in this case. This import/export feature exists neither in Kdenlive nor in Ardour, but I needed it and had to find a solution—and this is one of the great advantages of using free software: that it is public and belongs to its users, making creating a missing feature (and giving it back to the community) something very doable. And that’s exactly what I did: I created a python script that converts the timeline from my video editor into a timeline for my audio editor. If you want it, you can get it in our Gitlab repository.

This allowed me to perfectly edit my audio, using very professional free software tools; it guaranteed a smooth, even sound, where the cuts between different shots are impossible to hear. Afterwards I added some extra ambient noise to ensure continuity and to give a bit more color–which leads us to the subject of our next chapter.

Color grading

The color of each individual take was then worked in order to guarantee its consistency over the whole video. I later applied a global (meaning, to the whole video sequence) color grading, to give it a consistent style and tone. I like to work over very flat footage that is low in saturation and contrast. I then add some contrast with a bleach bypass effect, and do the final tweaks on the curves and levels filters. The graph monitors in Kdelive let me adjust colors and levels with a high degree of precision—and I can be sure that colors are just right, that my eyes are not tricking me.

Motion design

I added some text effects at the end of the video: mostly, over the Librem One logo.

I made all my text animations in Blender, an amazing 3D free software application with very powerful compositing and animation features.

You might have noticed a subtle light effect in the logo animation (just before the rainbow appears)–it’s actually a handmade, traditional animation made with OpenToonz, a free software app that was also used for some of the biggest productions of the Japanese anime industry.

That’s it, and thank you for your time–it was fun

With Purism Products, You Are in Control

Thursday 6th of June 2019 01:53:01 PM

From its beginning, Purism’s focus has been on building products that respect and protect your privacy, security and freedom. I’ve written about how these three concepts are interdependent before. While Purism is somewhat unique in focusing on all three of these concepts at once, it isn’t the only company that builds products aimed at protecting privacy, security or even freedom. In fact, each of these areas are multibillion-dollar industries.

Security is a huge industry today, and it continues to grow, with companies releasing new products all the time–products they claim will protect you. Privacy is also hot topic right now, with many companies making sure they include “privacy” in their marketing. There is also an entire industry around products built on free software–even Microsoft recently pivoted over to supporting software freedom in its products.

Even with all these companies focusing on the same topics, Purism stands apart from the crowd. How? In our approach. Most other companies build products that coincidentally put them, the vendor, in control. From the beginning, Purism has designed all its products to empower the user, not the vendor. All of our products show this approach–and this post will highlight some of our user-empowerment design decisions.

Control Your Hardware

It is more and more difficult to find laptops that are easy to upgrade and repair. Some cases even demand for experts with special tools and quite a bit of effort to do something as simple as a RAM upgrade (if it’s not soldered on), to replace a hard drive, or to replace a battery. Some vendors justify this by pointing at design sensibilities, but it coincidentally also means you are more likely to buy the more expensive versions of their laptops even if you don’t need the extra resources. Some vendors go even further to control who can upgrade or repair the hardware, and use DRM and security chips to make it difficult to use third-party hardware.

Our laptops have visible Philips screws on the bottom. You can remove the bottom case yourself, without any special tools and without Purism’s permission, and get access to the RAM, drive bays and the battery–and replace them yourself. We added simple hardware kill switches so you can control the webcam, microphone and WiFi hardware–no need for special software.

Control Your Software

Vendors love using software to lock customers into their ecosystem. Proprietary software and proprietary operating systems have been doing this for decades and in that world if you want new features and in some cases even security updates, you have to pay the vendor for the privilege. If the vendor removes a feature, changes a default, or even completely changes the program, you don’t have much recourse. As long as you use that vendor for everything, things might work OK, but the moment someone else offers a better alternative, you discover just how little power you have to switch.

Purism ships its hardware with free software, starting with coreboot boot firmware all the way to the 100% free software PureOS operating system. By using free software, we put you in full control over all of the software on your system. You have the freedom to change any piece of software you like, you can install any OS you wish–and upgrades are free. By controlling the software, you also control the hardware. If you have to root software, you don’t really own it; with Purism hardware you don’t have to root anything.

Control Your Security

When you ask vendors to build a secure system, they end up designing something that keeps full trust and control in their hands, or else has no security at all. Vendors hold the keys to your security, not only because they don’t trust you to manage it, but also because it conveniently locks you into them. If you ask a vendor to secure the boot process, they design a system where every OS must get their approval (signature) before it can boot. If you ask them to secure your communications, their solution is to replace your current system with proprietary software and protocols they control.

We believe you should hold the keys to your security. We have designed each of our security measures so that you are in control, not us. This is why we chose our PureBoot solution over existing signature-based approaches that might lock you into us. With PureBoot you control all of the keys that protect your boot process and can easily change them at any time. You can boot any OS you wish without having to get Purism’s approval or disable boot security. This is also why our Librem Key uses open hardware, firmware and an industry-standard OpenPGP smart card to store your keys securely without any proprietary software. When we secure communications with Librem Chat and Librem Mail, we do it with end-to-end encryption. You hold all of the keys–so no one else, Purism included, can snoop on your communication.

Control Your Phone

The phone ecosystem takes even more control away from the user. Phones are harder to repair and upgrade than laptop hardware, and some require a hardware signature handshake so the vendor must approve any hardware peripherals (like headphones) you might attach. You can only install software the vendor has approved of ahead of time, and upgrade the OS if the vendor says you are allowed, unless you are willing to disable all security protections in the OS and root your phone.

Apple recently demonstrated the level of control it has over phone software when it removed Facebook’s internal iPhone apps; Google demonstrated the control it holds over its own ecosystem when it revoked Huawei’s access to OS updates as part of a larger trade war. With these controls in place, how much of your phone do you actually own?

The Librem 5 phone has been designed to put you back in control. By running free software, starting at the boot firmware and ending with PureOS, there’s nothing to root–you control the full stack. You also can remove the back and have access to the battery, a removable OpenPGP smart card, a removable cellular modem, and a microSD card so you can expand your storage later on. It also includes three hardware kill switches to give you control over the cameras and microphone, WiFi/Bluetooth and cellular modem–and you can combine all of them to disable the rest of the sensors, in what we are calling “Lockdown Mode” for even more control.

Control Your Services

Internet services are a major area where tech companies take control from their users. Ask any of these companies to create a network service, and they’ll invent one where all traffic coincidentally flows through them only, with proprietary clients, servers and protocols they control. You have multiple messaging apps on your phone not because of technical limitations, but because each of the big tech companies wants to lock you into their own proprietary network, and leverage network effects to keep you there. After locking you in to the platform, these companies then capture as much data as they can about you so they can sell access to it (and to you) to third parties. You end up with no control over your own data–or to how it is being used.

We designed Librem One to put you back in control of both your privacy, and your data. By creating a suite of decentralized and open-protocol services using free software servers and clients, and hosting it all under a central brand with a single username, you get all of the convenience of big tech services, but you actually control your data and the service itself. Since we fund Librem One on a standard subscription model, we don’t collect your data, track you, or show you ads.

Each Librem One service lets you communicate with any of the other networks on the Internet that speak the same open protocols (it’s just like being able to email friends regardless of what email provider they use). You can pick our branded Librem One apps for ease-of-use, or any of the excellent free software projects we based them on. If you don’t need the convenience of Purism managing your services, you can even host your own versions of every service we run—we even plan on sharing how we set each of these services up, just to make it easier for you to host them yourself in the future.

Control Social Media

Social media is another area where tech companies have exercised control–not just over its users, but ultimately over speech on the Internet as a whole. Since they fund social media from ads (therefore, from your data and preferences), social media applications are focused on taking control over what information you see. That is why it is so difficult to get a social media application to sort by date–it’s more important for them to train their relevance algorithms, so they know which promoted posts to put in your feed. Everyone has become so used to giving up control over the rest of their lives, they are now asking those same companies to decide not just what they see in their feeds, but what speech is allowed on the Internet at all.

It turns out that, while Big Tech companies are good at building technology, they are not human rights or censorship policy experts, and putting them in control of speech on the Internet has led to a lot of problems–including the silencing of disaffected groups–while not making anyone happy with their centralized moderation decisions. Centralized moderation also has a heavy human cost: it outsources the ugly task of sifting through the worst that the Internet has to offer to low-wage workers, often resulting in emotional and mental trauma.

Some have advocated moving to a decentralized network like Mastodon in response. While the network is decentralized, the way the technology is built still puts control over what you see into the hands of the sysadmin who happens to be moderating your instance. Like in Big Tech companies, sysadmin are not human rights, or censorship, experts; since they are often doing this as a side hobby, their approach to moderation (however sincere their efforts) tends to err on the side of whatever is easiest, which tends to be censoring a post, or blocking a user or a network. This has led to a chilling effect on political speech in certain instances, harming some of the same minority groups the moderation policies aim to protect. If a moderator happens to share your values, you’re in luck; if not, your only recourse is looking for another instance.

At Purism, we have taken a completely different approach, with Librem Social aimed at putting you back into control of your social media. We recognize that we aren’t human rights or censorship policy experts, so we’ve deferred to the real experts in the space to help us define an approach to moderation; one that expands the anti-discrimination clause in our Social Purpose charter:

The Corporation will not discriminate against individuals, groups or fields of endeavor.

The Corporation will allow any person, or any group of persons, in any field of endeavor to use its systems for whatever purpose.

You shouldn’t have to outsource your trust to a vendor to be secure, you shouldn’t have to outsource your control to see only the content you want to see. We have added a policy against harassment and illegal activities so you can stay safe, while modifying the existing Mastodon software Librem Social uses so you only see content you opt into.

This is a (great) start, and immediately solves a lot of problems for Librem Social users–but it still leaves some issues for the rest of the Mastodon instances without our opt-in approach. We have big plans to add features to Mastodon at large, features that give moderation control back to the users, not only of Librem Social, but the entire Mastodon network. You should be in full control of the content you see, never having to rely on a central authority (even one you might trust, like Purism) to curate it for you. Whether you want to filter out adult content or politics, or to opt in to them, we aim to build tools that give you, not us, that power.

User Empowerment

All of Purism’s products are aimed at removing control from tech vendors (including ourselves) and giving freedom back to users. This is true in the free software we use throughout our hardware, the open standards (again, and free software) we use for our services, and in our approach to moderation for Mail, Chat and Social. You shouldn’t have to outsource all of your trust to a vendor to be secure, have privacy, or only see the content you want to see in social media. With Purism products, you are in control.

The post With Purism Products, You Are in Control appeared first on Purism.

Librem 5 vs Android — Which boots faster?

Wednesday 5th of June 2019 06:00:10 PM

A simple question: What boots faster — a run-of-the-mill Android phone or a Librem 5 smartphone running PureOS?

We put the Librem 5 dev kit next to an HTC One, both powered completely off, then pushed the power buttons at the same time.

The result… it wasn’t even close.  I almost feel bad for Android.  Almost.

(You can also watch this over on YouTube.)

I mean, sure.  “Boot speed” certainly isn’t the end-all, be-all of performance.  In fact, it may not even be in a “Top 10 Important Performance Metrics.”  But it gives a good indicator of what’s possible with the system — and what to expect.  Add to it, the fact that this was done without any boot speed optimizations at all?  Downright exciting.

The Librem 5 smartphone is schedule to begin shipping in Q3 of 2019.  Stay tuned to this blog — or follow Purism on Librem One or Twitter — for updates and details.

Also worth noting: You can pre-order the Librem 5 now for $649.  That price goes up at the end of July.  So if you want the lower price, now’s the time.

The post Librem 5 vs Android — Which boots faster? appeared first on Purism.

Control, Freedom and Harm

Tuesday 4th of June 2019 03:34:09 PM
Control is the best measurement of both freedom and harm. If freedom can be summarized as not being under the control of another, harm can be summarized as being under the control of another.

The darker side of “control vs. freedom” or “control + harm” casts a shadow on every facet of technology—and it is a digital civil rights issue, where control over you by corporations is causing you harm, all the time, on all your devices.

The answer is rather simple: Don’t. Control. People. Don’t track people

It would be simple to create the exact same technology companies that exist today, without the creepy crossing into personal privacy invasion. Social Media can absolutely exist (and even sell ads) without being invasive; search tools can return valid results (and still sell ads) without recording everything on you (forever); ride sharing services can drive you places without tracking your every location when you’re not using them; ordering history from stores certainly does not need all your personal data after you receive what you ordered.

Don’t retain useless data

There is no reason to retain everything a person has ever done digitally. A simple policy of “once data is no longer needed, it is deleted.” fits perfectly here. Does the police need to hold your GPS location, date and time permanently, after scanning your car’s license plate? Does a social media service need to backchannel your purchase receipts to match who you follow and interact with, against credit card receipts, forever? Not really.

Use free software

Use software where it passes the simple freedom test: Can you run that program as you wish? Can you study the source code? Can you share it alike? If you can, you have complete control over the program, and you can avoid harm.

Don’t Control People. If hardware, software, and services would follow this simple rule of not controlling people, the results would become quickly apparent.

Hardware should not have a corporate controlled lock, so people can own devices, not rent them. Software should be under the full control of the person using it, and source code released. Services should be decentralized, so no single entity can control them and their users. Once all three (hardware, software, services) are in the hands of the people, then they will truly be digitally free.

Big Tech strips Freedom and causes Harm

Let’s take a look at some of big-tech’s big issues below:


Looking at Apple (the censorship and personal control masters), we see they block applications from their platform, censor applications and content to their own liking, disallow them on their platform entirely, invade privacy with excruciating level of detail, are anti-competitive with an unlawful monopoly with its App Store, among many other examples of their control over you. We quickly recognize that people are just renting a device from Apple, that Apple is in complete Orwellian control of it, that all our personal data is also under Apple’s control.

Facebook, Instagram, and Twitter

Welcome to the manipulation and censorship private clubs of social media: these companies control their user-base through haphazard policies to ban posts and manipulate everything you see, trying to influence your opinion. It has been a long upheld legal stance that you may disagree with what a person may legally say, but you must respect their right to say it. The reason? Centuries of jurisprudence showcasing the issues of censorship causing harm. We may want to pay attention to the EFF, FSF, ACLU, California Constitution, and the US Supreme Court, when they all agree that censorship is a terrible idea.


This data hoarder has incomprehensibly large amounts of data on everything you do, from every device every millisecond of every day, and is invading your privacy, controlling your devices, censoring voices, and spying on you. The executives at Google pen opinion pieces on how much they care about privacy while undermining it with lawmakers: their actions are the exact opposite of their words, while they are committing some of the worst digital atrocities of all time.

Uber, Lyft, Spotify, and the rest

These and others all fall into the same Silicon Valley funding process: to write software, services, and applications designed around grabbing as many users and personal data as possible—oftentimes doing an end-run around regulation in the name of innovation (does anybody actually think Uber or Lyft aren’t just non-yellow taxis booked through a mobile app? So why shouldn’t they comply with the same rules and regulations that taxis do? Oh… right, because of ‘innovation‘). All these companies share the same bad habits of writing software that controls the person using it, of exploiting people for profit—be that through tracking your every location detail, your mood, profiling you, leaving you unable to verify the source code and inserting malware into it—continuing abuses of your digital civil rights.

The Solution

Is quite simple: support products and companies that protect your freedoms, put you in complete control, and work to eliminate harm. The interesting side effect is you will also be building a more tolerant, empowering, diverse, and inclusive society.


Get Librem One

Pre-Order Librem 5

The post Control, Freedom and Harm appeared first on Purism.

Introducing Librem Social

Friday 31st of May 2019 08:10:21 AM
Hello there! Let’s talk about Librem Social.

Librem Social is a social network. Think Twitter… if Twitter respected your privacy and didn’t advertise to you.

Librem Social is part of Librem One, the suite of privacy-protecting, no-tracking apps and services created by our team at Purism. Librem One currently includes Librem Mail, Librem Chat, Librem Tunnel, and Librem Social.

Over 2,000,000+ people. Ready to follow.

Librem Social is part of a network of social network servers already boasting over 2,000,000 users!

Two Million!

Follow friends. Make new ones. Share stories, pictures, and videos with them. Librem One is ready and growing. Fast.

Librem Social Opt-In, No Ads, No Tracking

One of Librem Social’s most important features is that, unlike all other social hosts, it is entirely opt-in. You only see posts from people you want to follow.

This means you are not force-fed an unrelenting stream of manipulated content specifically targeting you. No way, no how. Not on Librem One. On Librem One you see the posts from the people you want to see posts from – your friends, family, news sites and favorite celebrities. And that’s it. If you want, you can search for posts from across the Fediverse (more on that later).

We also do not advertise to you. Not at all.

Which means we have no reason to track you. Simple, right?

Available Wherever You Are

Librem One is accessible via:

What Technology Does Librem Social Use?

Librem Social is proudly built on Mastodon, part of what is known as “The Fediverse”, as well as many other Free Software projects that we actively work with and contribute to.

The Fediverse is the decentralized replacement to MySpace, Orkut, Friendster, Google+, Twitter and Facebook (can you spot the trend?). The Fediverse already exists, and it is growing. What makes the Fediverse different to its forebears is that it has no central domain – not even a central service. It’s composed of lots of services, all of them speaking (mostly) the same protocol, known as ActivityPub.

Fediverse developers are currently working on replacements for things we know (shout out to PixelFed!) and other things we can only dream of (shout out to Spritely!). When they do arrive, we can yell out a stretch goal, apply some elbow grease… and once we’re done you can start following them, breaking the cycle of needing a new account to join your friends on whatever’s hot right now.

Public service announcement:

As well as a purely opt-in workflow, we have another very distinguishing feature – that everything on Librem Social is public. Everything. Who you follow, who follows you, your announcements and your replies.

Why? Well, for two major reasons:

Because valuing your privacy doesn’t mean staying indoors with the curtains closed all day. Sometimes you want to go out, socialize, catch up on news – and share your own.

At the same time, you don’t want to blurt out something personal just because there’s a lull in the conversation (it happens). That’s what private chat is for. Librem Social is designed in the context of a service bundle, so you know what tool to use for the right job, with no oopsies – and, more importantly, with none of your personal details on our server.

What if… I don’t like what I see?

We don’t control the content of search results. If you are concerned, please read our quick guide to staying safe online. If you see something illegal, please report it to the relevant authorities, as they are best equipped to handle illegal content. If you are being harassed, or witness online harassment, block and flag the offending user and a moderator will take action. We do not tolerate harassment. This is an area of well-established rights, Librem Social is built on and with the expert policies of ACLU, FSF, and EFF, while avoiding the pitfalls of ham-fisted censorship we all dislike from Big Tech.

We are very pleased to see so many people socializing already. If you want to follow us, or ping us with your thoughts, our Librem Social / Fediverse address is – and you are always welcome!


Purism offers high-quality privacy, security, and freedom-focused computers, phones, and software. Our platform is meant to empower everyone. We believe people should have secure devices and services that protect them rather than exploit them, and we provide everything you need in a convenient product bundle.

We like to give back. Librem Chat is built with free software, created by security and privacy experts. Learn more about how Purism contributes to its community.

The post Introducing Librem Social appeared first on Purism.

More in Tux Machines

Database News on YugaByte Going for Apache 2.0 Licence

  • YugaByte Becomes 100% Open Source Under Apache 2.0 License

    YugaByte, a provider of open source distributed SQL databases, announced that YugaByte DB is now 100% open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The transition breaks the boundaries between YugaByte’s Community and Enterprise editions by bringing previously commercial-only, closed-source features such as Distributed Backups, Data Encryption, and Read Replicas into the open source core project distributed under the permissive Apache 2.0 license. Starting immediately, there is only one edition of YugaByte DB for developers to build their business-critical, cloud-native applications.

  • YugaByte's Apache 2.0 License Delivers 100% Open Source Distributed SQL Database

    YugaByte, the open source distributed SQL databases comapny, announced that YugaByte DB is now 100 percent open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The move, in addition to other updates available now through YugaByte DB 1.3, allows users to more openly collaborate across what is now the world’s most powerful open source distributed SQL database.

  • SD Times Open-Source Project of the Week: YugaByte DB

    This week’s SD Times Open Source Project of the Week is the newly open-sourced YugaByte DB, which allows users to better collaborate on the distributed SQL database. The move to the open-source core project distributed under the Apache 2.0 license makes previously closed-sourced features such as distributed backups, data encryption and read replicas more accessible, according to the team. By doing this, YugaByte plans to break the boundaries between YugaByte’s Community and Enterprise editions. “YugaByte DB combines PostgreSQL’s language breadth with Oracle-like reliability, but on modern cloud infrastructure. With our licensing changes, we have removed every barrier that developers face in adopting a business-critical database and operations engineers face in running a fleet of database clusters, with extreme ease,” said Kannan Muthukkaruppan, co-founder and CEO of YugaByte.

Programming: Ruby, NativeScript, Python, Rust/C/C++ FUD From Microsoft

Security Leftovers

  • Alas, Poor PGP

    The first is an assertion that email is inherently insecure and can’t be made secure. There are some fairly convincing arguments to be made on that score; as it currently stands, there is little ability to hide metadata from prying eyes. And any format that is capable of talking on the network — as HTML is — is just begging for vulnerabilities like EFAIL. But PGP isn’t used just for this. In fact, one could argue that sending a binary PGP message as an attachment gets around a lot of that email clunkiness — and would be right, at the expense of potentially more clunkiness (and forgetfulness). What about the web-of-trust issues? I’m in agreement. I have never really used WoT to authenticate a key, only in rare instances trusting an introducer I know personally and from personal experience understand how stringent they are in signing keys. But this is hardly a problem for PGP alone. Every encryption tool mentioned has the problem of validating keys. The author suggests Signal. Signal has some very strong encryption, but you have to have a phone number and a smartphone to use it. Signal’s strength when setting up a remote contact is as strong as SMS. Let that disheartening reality sink in for a bit. (A little social engineering could probably get many contacts to accept a hijacked SIM in Signal as well.) How about forward secrecy? This is protection against a private key that gets compromised in the future, because an ephemeral session key (or more than one) is negotiated on each communication, and the secret key is never stored. This is a great plan, but it really requires synchronous communication (or something approaching it) between the sender and the recipient. It can’t be used if I want to, for instance, burn a backup onto a Bluray and give it to a friend for offsite storage without giving the friend access to its contents. There are many, many situations where synchronous key negotiation is impossible, so although forward secrecy is great and a nice enhancement, we should assume it to be always applicable. [...] My current estimate is that there’s no magic solution right now. The Sequoia PGP folks seem to have a good thing going, as does Saltpack. Both projects are early in development, so as a privacy-concerned person, should you trust them more than GPG with appropriate options? That’s really hard to say.

  • Armadillo Is An Open-Source “USB Firewall” Device To Protect You Against USB Attacks

    Exchanging data using USB devices is something that we do on a daily basis. But how often do you think that the next USB device that you’ll plug into your PC’s port could be malicious? In the past, researchers have unveiled 29 types of USB attacks that could compromise your sensitive data by simply plugging in a USB device. Globotron’s Armadillo is a device that you could use to protect yourself from USB attacks.

  • Open source solutions in autonomous driving: safety is more than an afterthought [Ed: A lot less likely to contain back doors, unlike proprietary software where this has become rather 'standard' a 'feature']

    In the automotive industry, in-vehicle infotainment (IVI) systems were one of the early adopters of open source operating systems, namely Linux. Today’s innovation and success with IVIs can largely be attributed to this approach. Collaborative efforts such as the GENIVI Alliance and Automotive Grade Linux—where automakers, suppliers, and their competitors agree to share common elements of the IVI software stack—are enabling rapid development in this area.

  • New open source solution reduces the risks associated with cloud deployments [Ed: This is an inherently flawed kind of logic because if you handed over control to AWS, then the Pentagon already controls everything and thus you have zero security, you're 'pwned' by definition]

    The Galahad software will be deployed to AWS and provides a nested hypervisor on AWS instances. There, it will monitor role-based virtual machines virtually across all levels of the application stack including the docker container: the basic unit of software that packages an application to run quickly between computing environments.

  • Open-Source Exploit: Private Keys in MyDashWallet Exposed for Two Months- Users Should Move Funds Immediately [Ed: Highly misleading headline. This has nothing to do with "Open Source"; it's about some fool who uploaded private keys]

    The private keys of Dash crypto coins being held in online software “hot wallet” called MyDashWallet have been exposed to hackers for two months, and anyone using the wallet should immediately move funds out. A “hot wallet” is any cryptocurrency software “wallet” connected to the Internet.

Devices: 'IoT', SparkFun and Beelink L55

  • Top 20 Best Internet of Things Projects (IoT Projects) That You can Make Right Now

    Internet of Things (IoT) is a new predominant technology for this advanced world. This technology can change the lifestyle people lead. Question is what the Internet of Things is? IoT can be described as a network of physical objects connected through the internet. Physical objects could be anything that contains embedded electronics, software, sensor, etc. with the internet. Using the IP addresses, those smart objects can exchange data among the network and can make a decision. A significant number of researches is going on over the IoT trends and projects. In this article, we will talk about a few IoT project ideas based on standard IoT protocols, so that readers get the basic knowledge about the Internet of Things. These internet of things example are keen, useful, and interesting to build.

  • Open-Source SparkFun Module Supports Low-Power TensorFlow Machine Learning

    SparkFun has released the SparkFun Artemis, Engineering Version, an open-source embedded development kit that supports the TensorFlow machine learning environment. Designed for toolchain-agnostic, low-power machine learning development, the 15.5 mm x 10.5 mm Artemis board includes... [...] In addition to a secure firmware update system, flexible, serial peripherals, a suite of clock sources, and camera compatibility, the Artemis board features large SMD pads that support carrier board implementations. SparkFun has launched three carrier boards in conjunction with the release of the Artemis, Engineering version board: the BlackBoard Artemis (Arduino Uno footprint); BlackBoard Artemis Nano (smallest form factor); and BlackBoard Artemis ATP (with 48 GPIO pins).

  • Beelink L55 Review – An Intel Core i3-5005U Mini PC Tested with Windows 10 & Ubuntu 18.04

    With the shortage of Gemini Lake processors, some manufacturers have taken to releasing new mini PCs using older CPUs