Language Selection

English French German Italian Portuguese Spanish

Purism

Syndicate content Purism
High-quality laptops that protect your freedom and privacy
Updated: 7 hours 18 min ago

The Librem 5 Smartphone in Forbes

Tuesday 13th of August 2019 05:40:57 PM
Todd Weaver helps Moira Vetter answer the question “Is America Finally Ready For A Surveillance-Free Smartphone?” in a recent article in Forbes.

The article begins by pointing out that several companies have tried to release private, secure smartphones–and most have failed. Does that mean privacy and security are impossible to achieve? Well, not really, because:

One company wants to change the privacy-focused technology landscape

And that company is Purism. Not depending on the traditional Silicon Valley Venture Capital marketplace, and being a Social Purpose Company, Purism will never compromise its users security, or their privacy, for profit.

Purism’s crowdfunding campaigns on the Crowd Supply platform consistently achieved more than their funding goal. The latest, concerning the Librem 5 smartphone, raised over $2 million. And what makes the Librem 5 smartphone different from other phones? Several factors, such as the business model, an engaged community, and the fact that privacy and security are starting to be a great concern– and not just for everyday smartphone users, but for the government as well.

While the world continues to “opt-in” and share their every move, thought, comment, viewing whim, personal home climate preference, and family behavioral profile with the 2 or 3 companies running the world, there are people that find this repugnant.

Ultimately, desiring privacy does not mean having to go off the grid: a privacy-enhancing smartphone both empowers and enables its user.

 

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post The Librem 5 Smartphone in Forbes appeared first on Purism.

Curbing Harassment with User Empowerment

Thursday 8th of August 2019 02:25:32 PM
User empowerment is the best tool to curb online harassment

Online harassment is both a privacy and a security concern. We all know the story of how someone (typically a woman, studies say) states their opinion online and is then harassed to the point of leaving the service (or worse). Using the infamous “with an opinion” hook, we can frame a user story that affects more than 50% of the population:

User story: I am a marginalized person with an opinion. I want to intercept online harassment, so that I can communicate safely with friends and strangers.

The truth is that a motivated mob can target anyone, marginalized or not. We would all benefit from effective anti-harassment tools.

Don’t rely on the operator

Many current and proposed solutions to stop or curb harassment rely on one or more of these methods:

  • Human content moderation. Typically volunteer or low-paid, and subject to burnout. A moderation team simply does not scale, and cannot moderate private messages (we define “private” as “end-to-end encrypted”).
  • Server-side tracking. Error-prone “algorithms”, with little or no transparency, regularly make mistakes. And once more, they cannot apply to private messages.
  • Shoot-first takedown laws that skip the deliberative process and are frequently abused.
  • Corporate censorship, or any of the above distorted by bottom line.

It is tempting to rely on a server-side solution, whether that means the machine itself or humans working on your behalf. This can work on tiny scales if you have a trusted friend with both technical and legal know-how, but in all other cases the issues are compounded. To mashup two misunderstood quotes:

You solved a harassment problem by ceding control to the service? Now you have two problems.

Empower the user

We suggest that user empowerment via client-side features is a more robust and safer approach. Potential design patterns include:

1. Client-side heuristics

Server-side solutions necessarily put power in the hands of a developer or sysadmin. By contrast, client-side heuristics put power in the hands of the user, including the power to turn them off. Privacy Badger is a great example of this in practice:

  • Fresh installations use rules generated by offline training.
  • Additional rules based on behavior-based heuristics.
  • Additional customization for experienced users.
  • No ads, no calling home, no tracking.
  • Turn it off, for example if you are researching trackers.

Moving forward we aim to enhance all Librem One clients with badger-like functionality. We believe that the majority of cases won’t require machine learning, and could be handled with simple heuristics:

2. Safety mode

We can classify online correspondents into three groups:

  • Trusted contacts. People we talk to regularly, and trust.
  • Strangers. People we don’t know well, or don’t know at all.
  • Bad actors. People we don’t want to interact with, possibly based on the advice of a trusted contact.

Typically, we want to communicate with strangers online, so this should be possible by default. But if we are being actively harassed, we can assume that further messages from strangers are unsafe, and switch our account to “safety mode”–rejecting messages, invites and other interactions from strangers. We can rely on our trusted contacts for help and support, including passing on well-wishes from strangers.

At-risk individuals might choose to start their account in safety mode.

Trusted caretakers might maintain lists of bad actors, but trusting a caretaker should require very careful consideration: What is their governance model? What is their appeals process? Do they leak information about list recipients?

3. Crowd-sourced tagging for public content

In the specific case of public posts, we believe that public crowd-sourced tagging (aka, folksonomy) is a sustainable and fair replacement for human moderation, caretaker-lists and takedowns.

This approach takes moderation power out of the hands of a few sysadmins and corporate moderation teams, and grants it to all users equally. Users are free to decide which user-moderator they trust, and filter based on their tags–or skip moderation entirely.

Nicole Faerber nominated for “CTO of the Year” by Women in IT Awards

Wednesday 7th of August 2019 01:56:51 PM
Our very own Nicole Faerber has made it to the short-list for “CTO of the Year” by the Women in IT Awards!

Congratulations are in order–we are so proud to say that Nicole Faerber just got nominated to the short-list of such a meaningful award. Nicole’s nomination means a lot to Purism, and we are here today to say just so.

She totally deserves this nomination (and, if we may say so ourselves, she’d also deserve to get the award…) for oh-so-many reasons:

  • for her amazingly innovative work on our upcoming Librem 5 smartphone
  • for her concerns about privacy and security and avoiding data and user exploitation
  • and of course her assertive presence in the free software community, where she contributes to making free software an industry standard… helping the rest of the world take its possibilities seriously.

So thank you, Nicole Faerber for all that you do!

“Women have been an important part in creating the very foundations of modern IT, naming Ada Lovelace as just one example (here and here are some more), and have ever since played an important role in IT and computer science.” – Nicole

Women in technology are clearly not represented enough: they amounted to somewhere between 2% and 5% of all programmers a decade ago, and about 10% now. At Purism, we pride ourselves on being gender diverse, in addition to being racially and geographically diverse. Our full team is comprised of 20+% women (with women accounting for 37+% of our board, and 33+% of Purism executives) and we continue to work to increase that percentage. Diversity is an asset, and creates safe workplace environments. If you want a safe workplace environment that respects diversity, we are hiring.

The post Nicole Faerber nominated for “CTO of the Year” by Women in IT Awards appeared first on Purism.

What a No-Carrier Phone Could Look Like

Thursday 1st of August 2019 01:00:03 PM

Now that we are in the home stretch for the Librem 5 launch, it’s a good time to start discussing some visions for the future. While the Librem 5 can operate as a traditional cellular phone today, in this post we are going to discuss its potential as a “no-carrier phone.”

The term “no-carrier phone” is used for a mobile phone that does not get its phone number from a carrier. This can take a couple of forms: a WiFi connection-only phone, or a Cellular Data connection-only phone.

In other industries, for instance in media distribution, this is called “Over-The-Top” (OTT); the underlying idea is that Internet Service Providers (ISPs) should be, and are just, “dumb pipes”. Why?, because they provide internet data only–and all the services ride over-the-top of the internet connection. Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. This was done against the wishes of many entrenched media groups and ISPs, of course–but the majority of us have now adopted the OTT model: we call them streaming services.

Over-The-Top can (and, in my humble opinion, should) apply to every form of service on the internet.

We do not need to get our primary mobile phone number from a carrier—routing all our voice data, messaging data and internet data. If the carriers were just “dumb pipes”, they would offer us data-only connections, allowing us to get personal services from any competitor offering an internet tool we need or like–including a phone number. Sure, the carriers could bundle their own a la carte offering of services, but as the US Congress established a while ago with the FCC during the phone-number-lock-in wars (from the US Telco providers) people should be able to keep their phone number and just switch providers.

Over-The-Top means you would have a fully-functioning phone–and a phone number–portable to whatever internet connection you desire; be that a cellular carrier, a prepaid SIM card, a coffee-shop WiFi, tethered to a friend’s device, USB hotspot or whatever other fun thing you’d like to try (BlueTooth mesh network, anyone?).

This No-Carrier vision could be realized with the Librem 5 combined with Librem Dial–a future part of Librem One bundle.

Once Librem Dial is released in the future, it would mean you could have a non-carrier-provided phone number which could be used no matter what connection you have over-the-top; that you could make or receive calls to your primary phone number if you are on WiFi and no Cellular connection. You could flip the Cellular Modem Hardware Kill Switch (HKS) on your Librem 5 and still call or text from your primary phone number while at that coffee-shop WiFi.

This would offer you the ability to have a no-carrier phone–in either form–that now you only have when on WiFi–which means no triangulation-location tracking from cellular towers. Or you could have it tethered via WiFi to another device; or a no-carrier phone number whereby you use a prepaid data-only SIM card, or even opt to have a data-only SIM card from a carrier. I would still call this a no-carrier phone, as the phone’s number is not attached to any carrier.

This approach of over-the-top has many added benefits–and only one down-side:

Because cellular carriers offer voice and SMS messaging even when you are outside of cellular data regions, you can still make or receive a call (or send and receive text messaging) with very weak data signals. This is why you can still call and text even if you turn off cellular data on your phone. In a no-carrier model—where the service rides purely over the data connection—your services would only work when there is data connection to your phone, be that WiFi or cellular data. Even with this downside, the benefits are tremendous of course–including having complete privacy control of your device’s location, control over when you’d like to connect and use your cellular data plan, and the ability to switch providers without ever having to reconfigure your accounts or settings.

As you can see, Purism has grandiose plans, and we continue to advance towards them rapidly.

Triple-digit, year-over-year growth offers us a unique opportunity to serve society–as our Social Purpose Corporation status requires–changing society for the better all along the way.

 

By pre-ordering the Librem 5 phone and signing-up for Librem One services, you will be supporting a platform with the potential to cut the cord from your carrier and move toward the no-carrier phone!

Get Librem One

Pre-Order Librem 5

The post What a No-Carrier Phone Could Look Like appeared first on Purism.

Librem 5 Smartphone – Final Specs Announced

Monday 29th of July 2019 02:58:09 PM
We are proud to unveil the final specifications for the Librem 5 smartphone, set to begin shipping in Q3 of 2019. Here’s the high level hardware specs:

Librem 5

Display : 5.7″ IPS TFT screen @ 720×1440
Processor: i.MX8M (Quad Core) max. 1.5GHz
Memory: 3GB RAM
Storage: 32 GB eMMC internal storage
External Storage: microSD storage expansion
Wireless: 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4
Baseband: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
GPS: Teseo LIV3F GNSS
Smartcard: Reader with 2FF card slot (SIM card size)
Sound: 1 earpiece speaker, 3.5mm headphone jack
Accelerometer: 9-axis IMU (gyro, accel, compass)
Front Camera: 8 MPixel
Back Camera: 13 MPixel w/LED flash
Vibration motor: Included
USB Type C: USB 3.0 data, Charging (Dual-Role Port), Video out
Battery: User replaceable – 3,500 mAh

You can pre-order the Librem 5 for the early bird discounted price of $649 — with the price going up $50 after July 31st.

Here’s a more detailed breakdown of the Librem 5 hardware and specific components included: CPU i.MX8M @ max. 1.5GHz
  • Quad core Cortex A53, 64bit ARM
  • GPU: Vivante GC7000Lite (hardware supports OpenGL/ES 3.1, Vulkan, OpenCL 1.2)
  • Auxiliary Cortex M4
RAM:
  • 3GB RAM
Storage:
  • Internal 32GB eMMC
  • microSD storage expansion slot (max 2 TB)
Display:
  • 5.7″ IPS TFT screen @ 720×1440
3 Hardware Kill Switches:
  • WiFi / Bluetooth
  • Cellular Baseband
  • Cameras & microphone
  • All 3 off = additionally disable IMU+compass & GNSS, ambient light and proximity sensors
Other Buttons:
  • Power button, Volume ± buttons
Battery:
  • 3,500mAh, user replaceable
Wireless:
  • 802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4
Baseband:
  • Option 1: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
  • Option 2: Broadmobi BM818 (made in China)
  • nanoSIM tray for cellular
GPS:
  • Teseo LIV3F GNSS
Cameras:
  • Rear camera @ 13 MPixel
  • Camera flash LED for rear camera
  • Front camera @ 8 MPixel
USB Type-C Port:
  • USB3.0 data
  • Power Delivery (Dual-Role Port)
  • Video out
Audio:
  • 1 earpiece speaker + digital microphone
  • 3.5mm headphone jack with stereo out and mono microphone input
  • Audio DAC: Wolfson Media WM8962
  • 1 loudspeaker
Smartcard:
  • Reader with 2FF card slot (SIM card size)
Notification Lights:
  • RGB LED with PWM control per color
Other Sensors, Components:
  • Acceleration, gyro and compass sensor (“9-axis” by ST, LSM9DS1)
  • Ambient light and proximity sensor: VCNL4040
  • Haptic motor

The post Librem 5 Smartphone – Final Specs Announced appeared first on Purism.

Happy SysAdmin Day!

Friday 26th of July 2019 12:47:59 PM

The Purism team enjoys celebrating across all time zones. So far this year we’ve posted in celebration of Women’s Day, Pi Day and Towel Day–and today we’re celebrating System Administrator Appreciation Day!

Because behind every network, big or small, system administrators are working hard to make sure that servers are secure, updates are painless and metaphorical fires are quickly put out. They frequently go beyond their job description to provide additional support to individual users on the network.

One big, well-kept secret is that most of the Internet runs on free software. The other big secret is that all of the Internet runs on SysAdmins.

So today we’d like to thank our SysOps team for their tireless work, juggling the demands of company resources, our shop and various websites, as well as our Librem One services. Your laptop, services –and soon your phone–will make their way to you in large part thanks to the infrastructure they maintain.

We’d also like to thank other members of our team who contribute to the DevOps process.

If you’re feeling generous, send a shout-out to the admins of the network you’re using right now (your ISP, school or work LAN, phone operator) and say thanks for their hard work! And on a day when something goes wrong, don’t forget to send a little #hugops their way

Consent Matters: When Tech Takes Remote Control Without Your Permission

Thursday 25th of July 2019 01:59:44 PM

In my previous post I talked about why consent matters when it comes to privacy; and yet, privacy is only one of the areas where tech companies take advantage of users without their consent. Recently, tech companies have come to a troubling consensus: that they can change your computer, remotely (and often silently) without your knowledge or permission.

Some examples of this include:

Below you will find the origins of this mentality, the risks and harm that arise from it, and what it says about who really owns a computer.

Enterprise IT and the origins of “remote control”

Anyone who has ever worked for a large company in the computer age has experienced first-hand the authoritarian, controlling, and restrictive policies that IT employs to manage company computers. Starting with centralized systems like Active Directory, IT teams were able to create policies that controlled what sorts of passwords employees could use and whether employees could install applications, access printers, and even, in some cases, insert USB drives.

These centralized tools have evolved over the years: they can now add and remove files, install new software and software updates, remotely control machines over the network in order to view what’s on their screens and access local files. This controls extends into Active Management Technology features embedded into the Intel Management Engine, that lets administrators remotely control computers even if they are turned off. Now that smartphones are critical tools in many organizations, MDM (Mobile Device Management) tools are also often employed at enterprises to bring those devices under a similar level of control–with the added benefit of using GPS to track employee phones even outside the office.

The most common justification for these policies is convenience. If you are an IT department and have thousands of employees–each with at least one computer and one smartphone that you need to support–one of the ways to make sure that the appropriate software is on the systems, and updates get applied, is to push them from a central location. Companies often have custom in-house software their employees rely on to do their jobs, and throughout the life of the company more tools are added to their toolbox. You can’t expect the IT team to go desk-by-desk installing software by hand when you have thousands of employees working at offices all over the world: when an employee’s computer breaks, these same tools make it easy for IT to replace the computer so the employee can get back to work quickly.

The main justification for the strictest–and most controlling–IT policies isn’t convenience, though: it’s security. IT pushes software updates for protection against security bugs. They push anti-virus, anti-malware and remote monitoring tools, to protect both employee and company from dangerous email attachments, from software they might download from their web browser. IT removes local administrative privileges from employees in the name of protecting them from installing malware (and, practically speaking, from installing games and other time-wasting apps). They disable USB storage devices so employees can’t insert disks containing malware or copy off sensitive company documents. Each of these practices have valid reasons behind them for companies facing certain threats.

Are users children?

Information security professionals spend much of their time solving problems in the enterprise IT space; as a result, they often take on some of the same patronizing views of users you find in IT. Many view themselves as parents and users as children, their role being to wrap the hard corners of the digital world in foam so users don’t hurt themselves. This patronizing view leads them to pick security measures that remove control and autonomy from end users, and centralizes that power in the hands of IT or information security. The repeating refrain is “just trust us” and that users must place full trust in the internal security team, or the third party enterprise security vendor, to be safe.

Most users tend to bristle against this kind of security policies–especially as generations are entering the workforce who grew up with computers, and are increasingly savvy and knowledgeable about how to use them. All the same, in the workplace employees have grown accustomed to giving up much of their autonomy, control, and privacy for the sake of the company. Yet you can tell that this approach runs against our nature, because so many companies have had to explain these policies in new hire documents and require that employees agree to, and sign them, when they are hired. These documents inform the employees that the computers they use and the documents they access are company property–and that the company is authorized to monitor and control their property at all times.

Remote control spreads to consumer devices

You could make a convincing argument that, since companies have paid for, and do own, all of the computers they provide to their employees, and pay IT teams to maintain them, it’s their right to set up software to control them remotely. As draconian and privacy-invading as some corporate policies are, you can still argue that employees consented to this level of control when they signed their employee contract. The problem is that this patronizing, authoritarian approach to enterprise IT has now found its way into consumer devices as well, because it’s in a tech company’s interest to have as much power over their customer as possible. Unlike in the enterprise, though, this remote control is on by default and without explicit consent.

More and more tech companies are hiring themselves as their customers’ IT staff, are granting themselves remote control over their customers’ computers, always in the name of convenience and security. The most common form of remote control is that of automatic updates; on the surface, automatic security updates make sense–people can’t be expected to know about all of the security vulnerabilities in all of their software, so it makes sense to make patching easier for them.

The problem is that many companies now set this behavior as the default–without user consent–and don’t limit themselves to security updates: instead, they also push other changes they want, including normal feature updates, adding new advertising to the OS, automatically logging users into their Google accounts, and any other change they want on your computer. These updates often have critical bugs themselves, but since they go along for the ride with security updates, people are left with the false choice between security and stability.

Because these updates happen behind the scenes, without any prompts or notices for the user, users have little to no control over whether, or when, the updates happen. On phones, this control can also extend to whether a user is allowed to install an application, use it after they installed it, or in the famous example of Google and Huawei being caught up in the US/China trade war, a customer losing the ability to update their phone. Most recently, Adobe has told its customers they could be sued if they don’t upgrade–using older versions of the software they bought apparently being against their licensing agreement!

Who owns your computer?

The irony is that, decades ago, when your average person had minimal experience with computers, those inexperienced users had much more control and autonomy over them. Many people grew up with computers and smartphones today, and technology is second-nature to them. Many switch between operating systems, laptops and phone vendors as effortlessly as if they were switching between car brands. Yet, at a time when individuals are much more capable of using computers, and computers are simpler to use than ever before, tech companies have decided people can’t be trusted to manage their own devices, that the vendor should have more control than ever before.

In the case of enterprise IT, it’s clear that the company owns employee computers and exercises their rightful control over their own property. But what does it mean if a tech company exercises the same kind of control over consumer computers or phones? If hardware vendors have the power to change your computer silently, without your consent–including 3rd party applications you installed yourself–is the computer really yours? If phone vendors decide which applications you can install, can remotely disable applications from running and can stop you from getting updates, is the phone really yours? If software vendors can install major feature changes without your permission, force you to update, even sue you if you don’t update to their latest versions–is the software really yours?

The solution is consent

The solution to this problem of remote control is pretty simple: consent. While many people in security circles believe the ends justify the means, there are  many examples where the same action, leading to the same result, takes on a completely different tone– all depending on whether or not the actor got consent.

Some people may be more than happy to make their hardware or software vendor, or the IT department,  in charge of their devices, but the vendor should still get permission first. While many vendors will point to their click-through agreements as proof of consent, customers aren’t expected to read (or understand) these agreements, and so they are no more valid a form of consent than a click-through privacy policy. If you have to accept a license agreement before you can use a computer or software, it’s not really consent–it’s an ultimatum.

Consent doesn’t need to mean users will be at risk from malware or security bugs; it just means they give permission before a company changes files on their computer. Vendors can add a simple prompt that explains what’s about to happen, so the customer can approve it. The customers that don’t care or that fully trust the vendor will still click Accept regardless; customers that do care retain control over their computer and can investigate and approve the change first. The problem with removing everyone’s power because you assume most people are apathetic, is that many people are apathetic precisely because they feel powerless in the face of Big Tech companies.

 

All of Purism’s products are aimed at removing control from tech vendors (including ourselves) and giving freedom back to users. This is true in the free software we use throughout our hardware, the open standards (again, and free software) we use for our services, in our approach to moderation for Mail, Chat and Social. We ask for your permission before we update software on your computer and explain exactly what’s being updated and why. You shouldn’t have to outsource all of your trust and control to a vendor to be secure. With Purism products, you are in control.

The post Consent Matters: When Tech Takes Remote Control Without Your Permission appeared first on Purism.

Runs on the Librem 5 Smartphone – Round 4

Wednesday 24th of July 2019 10:16:22 PM

We’re back for another glorious round of looking at software running on the upcoming Librem 5 Smartphone!

If you’ve missed any of the previous videos, check out parts One, Two, and Three to get all caught up — then enjoy the 8 videos below (ranging from a music player to running the Apache Web Server right on the Librem 5).  And you better believe we’ve got more on the way.  A lot more.

If you pre-order the Librem 5 before July 31st, you save $50.

Day 21 – Music Player (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-021-MusicPlayer.mp4

 

Day 22 – DOSBox (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-022-DOSBox.mp4

 

Day 23 – GNOME Disk Utility (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-023-GNOMEDiskUtility.mp4

 

Day 24 – July Librem 5 Update (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-024-JulyLibrem5Update.mp4

 

Day 25 – Image Viewer (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-025-ImageViewer.mp4

 

Day 26 – Apache Web Server (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-026-ApacheWebServer.mp4

 

Day 27 – GNOME File Open Dialog (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-027-GNOMEFileOpenDialog.mp4

 

Day 28 – GNOME Help Viewer (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-028-GNOMEHelpViewer.mp4

The post Runs on the Librem 5 Smartphone – Round 4 appeared first on Purism.

Librem One Design Principles: Simple, Secure Applications

Tuesday 23rd of July 2019 12:38:59 PM
Design principles for simply secure applications

The primary appeal of Librem One is that you get privacy without sacrificing convenience. There is already a wealth of free software available, both applications and services, with numerous security and privacy options. However, learning what they are and keeping up-to-date is generally neither simple nor convenient.

To combat configuration fatigue, we apply the following design principles to Librem One applications:

  • Identify simple security features
  • Make simple security the default
  • Work with upstream
  • Make it easy for everyone
Identify simple security features

Flawed patterns are design patterns and workflows that allow the user to expose themselves without realizing it, and those patterns must be eliminated.

Simple security features are those that make no difference to the everyday user experience. They should be enabled by default, and the corresponding widget removed.

Experimental security features are cutting-edge design patterns that are subject to change: they might burden the everyday user experience, which often leads to poor security hygiene. So, they should be disabled by default, but be available for privacy enthusiasts and experienced users.

In general, we seek to transform experimental security features into simple security features.

Make simple security the default

Moving forward, we aim to make simple security the default. Security features are enabled and cannot be disabled; enhancements are applied when you update. Experimental security features are disabled by default, but you can enable them at any time.

Work with upstream

Once our philosophies are aligned, we will simply push these changes upstream. Some applications and services prefer to keep configuration options open, in this case we will still push bug fixes and enhancements.

Healthy, vibrant upstreams ensure that users have the option to mix and match both services and applications. So you can always use the upstream version of an application if you prefer, or any other compatible app.

Make it easy for everyone

Remember our user personas? With these design principles it’s easy for everyone…

Alice likes to keep things simple and get on with her day. When she enables a service or installs an application, no further configuration is required. When her services and apps are updated, any simple security enhancements are applied automatically.

Haruto likes to try out the latest features, even when they aren’t ready for everyday use. When he enables a service or installs an application, he sometimes looks through the settings. Or he reads a blog post about an experimental feature and wants to try it out; if it’s tedious or doesn’t really work, he disables it.

Thandi, on the other hand, is comfortable trying out experimental features in both client and server applications. She also contributes upstream to the design and implementation of new protocols and features, helping shepherd them to everyday use.

And that’s it for today; if you want to know more about Librem One, you can sign up right here!

 

Find out more about Librem One

The post Librem One Design Principles: Simple, Secure Applications appeared first on Purism.

Librem One Design Principles: Services You Can Trust

Thursday 18th of July 2019 02:24:03 PM
Engineering trustworthy services for everyone

Our hardware and software puts users back in control of computing–but, you may be wondering, can we do the same with our services? With Librem One, the answer is yes. We have big, no, huge dreams about what we can achieve with your support and the wealth of free software that already exists. But we need to keep our feet firmly on the ground.

In this post we will outline the touchstones we have used to do just that–engineer trustworthy services that everyone can use–with a design process called user-centered software engineering. We hope it will facilitate communication with friends and colleagues as we hack towards a common goal… and also show all non-technical readers that human beings are at the center of our bits and bytes. So, how did we do it?

User stories

In the beginning, we created user stories. A user story is a plain-language description of the goal that you, the person using the services, want to achieve–and represents a high-level system feature.

Primary user story

I am an everyday user without my own infrastructure. I want a single point of trust (account and applications), so that communication from my existing devices is both safe and easy.

This story highlights the essential reason we all use online services: we use our phones and laptops to communicate with others, and we don’t own or control all the machines in between. Typically, we need at least one “go-between” to relay messages.

Sysadmin user story

I am a well-intentioned sysadmin. I want to host a service on a hostile network (the Internet), so that I can help strangers communicate without compromising their digital civil rights.

This story highlights a key difference between Librem One and other online services. Our ultimate goal is that anyone with infrastructure and time should be able to rebrand and replicate our services. Users at either provider should still be able to communicate, just like you can email or phone anyone else, no matter who their email or telephone provider is.

User personas

While user stories are abstract, user personas are character sketches that help designers and developers keep a concrete person in mind, while they talk about kerning and for-loops. (These personas are minimal and not based on ethnological observation, so do take them with a grain of salt.)

Three friends

Alice, Haruto and Thandi are college friends who keep in touch. They’re aware of front-page privacy issues (Snowden, Cambridge Analytica…) and are unhappy knowing that their messages, and those of their friends and family, are mined, monetized and otherwise abused.

Alice

Alice is a doctor who uses phone and email to communicate with colleagues, and short text messages to keep in touch with her family during the day. She has a demanding job and an active social life, so she doesn’t have much time to fiddle with her laptop and phone, or log support issues. She expects software to “just work”. She is our reference for an everyday user.

Why Alice?

Alice illustrates that just because you know where the palatine uvula is, it doesn’t mean you have the time–or the inclination–to learn every technical trick there is just to stay private.

Haruto

Haruto is a grief counselor who uses email for work, and a variety of tools to communicate with clients about personal, sensitive issues. He enjoys trying out new apps and features in his spare time, but would never compromise the trust of his clients. He expects core communication tools to “just work”, but doesn’t mind tweaking or reinstalling experimental tools, posting questions on forums or reporting problems informally. He is our reference for a privacy enthusiast.

Why Haruto?

Haruto illustrates that, no matter how mild our threat model, at some point we all rely on the tools that fascinate us.

Thandi

Thandi is a sysadmin by day, managing sensitive data on a corporate intranet and VPN, and a sysadmin by night, managing infrastructures for local at-risk communities–none of whom she knows in person. She has professional expertise in software development and engineering (including command-line usage and logging reproducible issues in an issue tracker) and security best practices. She is our reference for an experienced user.

Why Thandi?

Thandi illustrates that, as expertise and responsibility grow, time diminishes. And additionally, that your recommendations and contributions impact real people.

But what about…

This post has hopefully outlined the high-level concerns driving our development process. But there are, of course, many other issues to consider: legal, technical, compatibility, accessibility, language, demographics… the list goes on, but the important thing for us is that the human element always remains at the center.

And, in case you liked them, please feel free to re-use our user stories, personas and images (drawn by David Revoy) under our always-on BY-SA license.

The post Librem One Design Principles: Services You Can Trust appeared first on Purism.

Consent Matters: When Tech Shares Your Secrets Without Your Permission

Tuesday 16th of July 2019 04:22:43 PM
Privacy is About Consent

There is a saying that goes around modern privacy circles that “Privacy is about Consent.” This means that the one big factor that determines whether your privacy is violated comes down to whether you consented to share the information. For instance, let’s say Alice tells Bob a secret: if Bob then tells the secret to someone else, Bob will be violating Alice’s privacy, unless he had asked Alice for permission first. If you think about it, you can come up with many examples where the same action, leading to the same result, takes on a completely different tone–depending on whether or not the actor got consent.

We have a major privacy problem in society today, largely because tech companies collect customer information and share it with others without getting real consent from their customers. Real consent means customers understand all of the ways their information will be used and shared, all the implications that come from that sharing–now, and in the future. Instead, customers get a lengthy, click-through privacy policy document that no one is really expected to read or understand. Even if someone does read and understand the click-through agreement, it still doesn’t fully explain all of the implications behind sharing your location and contact list with a messaging app or using voice commands on your phone.

Big Tech has been funded, over the past two decades, by exploiting the huge influx of young adults who were connected to the Internet and shared their data without restriction. While it’s a generalization that young adults often make decisions based on short-term needs, without considering the long-term impacts, there’s also some truth behind it–whether we are discussing a tattoo that seemed like a good idea at the time, posting pictures or statements on social media that come back to bite you or giving an app full access to your phone. Individuals didn’t understand the value of this data or the risks in sharing it; but tech companies knew it all along and were more than happy to collect, store, share and profit off of it, and Big Tech is now a multi-billion-dollar industry.

Tech companies (and much of society until a very recent past) have dismissed privacy concerns by concluding that “people don’t care about privacy” when the truth is that most people were simply unaware of the data they were sharing, the implications of sharing that data, and of the potential risks of sharing it. Therefore, any consent they gave wasn’t informed consent–companies weren’t motivated to educate customers on the risks they were taking, because it might mean losing their consent.

The main reason everyone is starting to talk about privacy now is because it takes time for long term effects to be felt. As these adults entered the workforce, their youthful indiscretions began to impact their job prospects. Then, with controversies like the Cambridge Analytica scandal, everyone got a clear-cut example of how the data that ad tech collected could be used against them–to do more than show them ads. Privacy has become the tattoo removal of the information age as everyone is looking for a way to cover up mistakes from the past. Now that “privacy” has become marketing gold, these same companies have rallied around redefining the word to apply it to their products without actually protecting their customers.

Solving the Privacy Problem

The reality is that people do care about privacy, but they don’t feel empowered to do anything about it. Between Big Tech, advertisers and governments all wanting to collect and analyze your data, what are you to do? The solution is simple: consent. Society is educating college students on the importance of affirmative consent in sexual encounters and that the default is a position of no consent. This means that it’s not enough that a person didn’t say ‘no’ (opt-out) to escalating sexual contact; they need to say ‘yes’ (opt-in). Affirmative consent grants each individual power over their own body in a way that opting out doesn’t; if these large tech organizations, who started from a position of no consent, were now required to get explicit and informed consent (opt-in) from customers–before capturing and sharing their data–people using them would finally be in control.

But that is unfortunately not what’s happening. Instead, each time privacy proposals come before the government, these same companies that tout privacy in their marketing campaigns fight to remove any requirement that they need to get your consent before collecting and sharing your data. They realize that most people wouldn’t consent if asked, so they’d prefer you ask them to stop (opt-out) and hope most people won’t bother, or understand. When you later discover how they’ve used and abused your data, they can claim you never opted out. They’d much rather ask for forgiveness than for permission.

This privacy problem is why Purism was founded, is cemented into our corporate charter, defines how we build all of our products; it is why we created Librem One services and why we are asking the California legislature to require tech companies to get consent before using your data. You should be the one in control of your technology and your data, and the key to that control is consent.

The post Consent Matters: When Tech Shares Your Secrets Without Your Permission appeared first on Purism.

Librem 5 July Update

Friday 12th of July 2019 04:25:24 PM

Hi Everyone! The Librem 5 team has been hard at work. and we want to update you all on our software progress. These last few weeks have been heavily focused on polishing the UI and bug fixes, in order to get ready for a string of journalist demos.

When we deliver the Librem 5, its software will focus on the most critical applications a phone needs: calls, messages, and web browsing. Some supporting projects will be delivered too, like GNOME Settings, the shell, and GNOME Initial Setup. So without further ado, let’s take a tour through the software we guarantee we’ll deliver, as well as some other applications that have seen some major changes.

Applications Libhandy

We have made a few minor fixes to libhandy, like improving the homogeneity of the login screen buttons. And HdyHeaderBar now has a back button instead of its window decorations if it is placed inside a HdyDialog, to further enable adaptive dialogs.

Calls

We made some changes to calls’ UI, to display digits pressed during a phone call and use a libhandy widget to switch between recent calls and the dial pad. Also, messages (error or otherwise) are now displayed for only a short time. An ALSA use case-configuration was added for the devkit’s SGTL5000 sound card, which also keeps PulseAudio from setting the microphone to mute.

Messages

We have also made some minor feature additions to Chatty recently. A --safe-mode option has been added, so that if one of a user’s many accounts is failing, it becomes easier to find which one is at fault. If an account validation fails, there is now an account validation retry; and the about dialog is easier to close. When a new contact is added, the template is cleared of previous info, and the chat history list is now ordered so that the newest chat is at the top of the history. Message list height is now used to improve content placement, and the styling of the message bubbles has also been improved by tweaking the CSS.

We have addressed some severe issues as well: a buddy list-related crash, a history-related crash and a memory leak were fixed. Chatty now waits until the modem is ready, before the SMS account is active–and some remaining purple_log parsing functions were removed so as to fix a crash–thanks to Leland Carlyle for the patch!

SMS

Startup connection, reconnection and plugin state have been improved–and an auto-reconnect was added.

XMPP

Testing and integration of the Lurch plugin is completed, and it is even being built as a package!

GTK

GTK 3 is stable upstream, but we need to make some parts of it adaptive for the phone (e.g. the open file dialog), and so we will ship it with some downstream patches–but we are still interested in upstreaming the changes to GTK 3 (if there is interest), and aim to get them into GTK 4. These downstream changes have been added to our build jobs, so that it is shipped on the devkit image.

Our GTK 3 changes also include a lot of dialog work: the file chooser and about dialogs have been ported to the phone; the message dialog has also been ported to the phone, by making their buttons vertical. Also, transient windows and dialogs with a close-button will now have a back-button instead. Resizable windows (hence, most of them minus message dialogs) will be maximized to fill the screen.

Web Browsing

In general, we made a serious effort to overhaul the preferences windows. The history does not overflow the screen anymore, and all the data management dialogs have been overhauled to work better on the phone and look nicer in general (“history”, “cookies”, “passwords” and “personal data” dialogs). Web is now using a mobile user agent too, and most websites look better on the phone.

The tabs popover has been turned into a tabs page, taking the whole window, and it looks great. Plus, the tabs icon has been replaced by a new icon, showing the number of tabs you have open. Thanks so much to Christopher Davis and Alexander Mikhaylenko for these additions!

We are also building WebKit now, to provide rapid scrolling.

Initial Setup

GNOME initial setup has mostly been ported to the Librem 5!

Contacts

We are working hard to port GNOME Contacts to the Librem 5. One of the issues we tackled was fixing the birthday picker and making it adaptive–and one other awesome change was improving the UX/UI for unlinking contacts.

Clocks

We all know that time is important and cannot be ignored… and that is why GNOME Clocks has been ported to the devkit!

Settings

We are currently working on porting GNOME Settings to the Librem 5, and so far, our effort has been mostly focused on the WWAN/Cellular panel (see the cellular panel design); users can now select Network Operator, either manually or automatic, set the allowed modem mode (like 2G only, 3G only, 3G and 4G, etc), and set/change/disable the PIN for their SIM card. The groundwork has also been laid for configuring the APN settings tied to the SIM card, by using mobile-broadband-provider-info and nm-applet APIs, so users can select a default APN via the dialog–and also save them to NetworkManager connections. Roaming can now be set/unset as well.

System

The latest images are now using a 5.2 kernel, have a new keyboard, lots of UI improvements, and more!

Keyboard

We are so happy to tell you about one of the major changes since the last blog post: we now have a new keyboard, squeekboard!

The keyboard now indicates when you’ve pressed a key–many thanks to Hysterical Raisins for helping us prune this issue!

Compositor + Shell

We have mentioned before that the compositor will be switched from rootston to a new phone compositor using the wlroots library (phoc), and now phoc is the default compositor. Phoc has seen some recent bug fixes, like regarding login integration and hiding the cursor when there is no external mouse connected. Touch events are now not lost when destroying a surface.

The look and feel of the shell is always improving, getting closer to what we are familiar with on smart phones–and there have been lots of changes in the shell! Phosh v0.0.3 has just been released, featuring so many of these cool changes!

We also made sure dialogs are now wrapped to better fit the narrow screen, there have been some spacing improvements, CSS changes to phosh (to bring the shell closer to matching the design), and improvements in the system modal dialogs. Many translations have been added and updated to phosh–thanks to the community for contributing them via zanata–and Libhandy is now built as a subproject of phosh, so thanks, Zander Brown, for the patch!

The lockscreen looks much more modern than it did a few weeks ago; we added the date, and fixed an issue regarding WiFi not showing on the lock screen all the time. To keep the lockscreen arrow animation from eating up too much battery, that arrow animation is stopped after 15 cycles. Also, the battery icon now indicates when the board is receiving power too–take a look at the new start screen below, as it now includes the weekday and date!

We have been making some changes to the overview too, to make sure the user is focused on the main applications. The system prompter LayerSurface has been made to behave more like regular GTK widgets.

And since wallpapers are important to most of us, there was a focus on the background: we added a PhoshBackgroundManager, and backgrounds have been re-enabled. The background is drawn at full resolution on HiDPI screens, too! Background zoom mode was implemented, background colors are now supported (besides wallpapers), and the background surface has been modified so that it’s not hidden behind a panel in order for a wallpaper to be centered.

A lot of work has gone into the app switcher too, which has been overhauled–thanks to Zander Brown for all of his work on this!

And if all this wasn’t enough, we have fixed a few bugs, such as a pesky pixel offset issue and that annoying flickering on boot that we reduced by changing the lockscreen background to black, since the shell’s background is black too (desktop background is configurable).

https://puri.sm/wp-content/uploads/2019/07/less-flickering-on-boot.mp4 Kernel

Since we upstreamed the devkit’s device tree, the natural next step afterwards was to start on the Librem 5’s device tree–and the first cut of the phone device tree is available here. We also submitted the flash-kernel upstream; both cpufreq and cpuidle are working and there is a noticeable temperature (5-10°C) drop; and when it comes to the graphics stack, one more driver for the imx8MQ display-driver has been merged upstream–only two more to go! We also made some devkit LCD panel improvements, and version 12 of the Mixel MIPI DPHY driver has been accepted upstream!

Documentation

The guide on setting up WiFi has been improved by us, and we also provide more guidance on debugging compositor crashes and LCD problems now. Some other updates concern the information about simple I/O devices, some additional warnings about battery usage and screen area constraints. Core contributors are also likely to find the new documentation on our package building infrastructure helpful.

This is it for today–a big “Thanks!” to everyone who has helped review and merge changes into upstream projects: your time and contribution are much appreciated. Stay tuned for more exciting updates to come!

The post Librem 5 July Update appeared first on Purism.

Purism and the Linux 5.2 Kernel

Wednesday 10th of July 2019 04:51:58 PM

Hello again. Following up on our report for the Linux 5.1 kernel, here’s a list of contributions for the Linux 5.2 kernel cycle, for which our team recently contributed with 14 patches–including a new driver for the Librem 5 devkit’s panel:

Support for the Librem 5 devkit’s proximity and light sensor

The following series of patches added support to the devkit’s VCNL4040 proximity and light sensor, the VCNL4000 driver:

Support for the imx8MQs thermal management unit

In this case, the driver was already there–but the device tree needed quite a few additions to enable the TMU:

Support for the Librem 5 devkit’s LCD panel

This series of patches added a new DRM panel driver to the devkit’s LCD panel:

DMA related fixes

Here are several SDMA-related fixes, which are important when it comes to sound:

DSI related fixes

Finally, a clock addition, in preparation for DSI support:

We have also contributed with two reviews to already published patches.

That’s it for today, many thanks to all the reviewers so far—and do stay tuned, there’s more to come for the 5.3!

The post Purism and the Linux 5.2 Kernel appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 3

Wednesday 10th of July 2019 03:09:21 PM

We’ve been showcasing a different piece of software running on the Librem 5 Smartphone Development Kit every day for the last twenty days.  Twenty.  In a row.

And we’re not done.  Because, holy smokes, do we have a lot more to show.  And, let’s be honest, these are just plain fun.  Daily videos kick back off tomorrow (July 11th) with video number 21.

You can enjoy Days 15 through 20 below — and Days 1 through 14 in the Week 1 and 2 posts.

If you pre-order the Librem 5 before July 31st, you save $50.

Day 15 – Cryptocurrency Tracker (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-015-CryptocurrencyTracker.mp4

 

Day 16 – Something a little different… (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-016-SomethingALittleDifferent.mp4

 

Day 17 – GNOME Contacts (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-017-GNOMEContacts.mp4

 

Day 18 – Telnet (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-018-Telnet.mp4

 

Day 19 – Sudo (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-019-Sudo.mp4

 

Day 20 – PureOS Store (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-020-PureOSStore.mp4

The post Runs on the Librem 5 Smartphone – Week 3 appeared first on Purism.

Up and Running With Your Librem in Three Minutes

Monday 8th of July 2019 12:48:54 PM
https://videos.puri.sm/how-to/librem-first-run/librem-setup-final.mp4 Security and privacy for everyone

The right to respect and privacy should be unconditional; within the digital world itself, it shouldn’t be necessary to be an expert in computer science to guarantee you can–and know how to–be entitled to those rights. Making secure and respectful devices is essential, but to be fully ethical, those devices also need to be simple to use, so everyone can use them.

Our mission at Purism is to make technologies that respects people, whoever they are and whichever background they come from. That is why we make sure that everything we develop conforms to the Ethical Design manifesto, The manifesto itself is quite simple in what it states: that everyone should have the right to be respected and to have a delightful user experience.

I am not saying that Purism’s technology is perfect in the sense of simplicity of use–nevertheless, we are constantly working towards it, and we will always keep that goal in mind. Purism is a Social Purpose corporation, it is funded by the people, and we give back all our research and development to the people. This way we make sure that the initial ethical goal of Purism is a free seed that will grow no matter what.

Up and running in three minutes

That’s all it takes. The video shows it really only takes three minutes to get you up and running with a brand-new Librem laptop. The Librem  laptops ship with PureOS pre-installed, and its setup is pretty straight forward, as you can see. No install process is necessary, no mandatory constraining policy to agree on, no probable spyware to setup for a more convenient advertising experience…

Your Librem may get to take one or two more minutes to start if the Librem One setup is part of the initial setup process, but everything will remain pretty simple–especially if you already have an account. I will be writing more on that subject soon, so stay tuned.

The post Up and Running With Your Librem in Three Minutes appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 2

Wednesday 3rd of July 2019 10:30:51 PM

We have just wrapped up our second week of looking at one new application (or game, or feature) running on the Librem 5 Smartphone Development Kit every single day.  (You can find the first 7 pieces of software running on the Librem 5 being shown in the Week 1 post.)

Below you’ll find the software for Week 2 (days 8 through 14) — from Emacs to Torrents to Games.

Side note: If you pre-order the Librem 5 before July 31st, you save $50.

Day 8 – GNOME Clocks (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-008-Clock.mp4

 

Day 9 – Emacs (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-009-emacs.mp4

 

Day 10 – Password Safe (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-010-PasswordSafe.mp4

 

Day 11 – OpenTTD (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-011-OpenTTD.mp4

 

Day 12 – GNOME Podcasts (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-012-Podcasts.mp4

 

Day 13 – Fragments Torrent Client (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-013-Torrent.mp4

 

Day 14 – Drawing (also on YouTube)

https://puri.sm/wp-content/uploads/2019/07/Librem5-014-Drawing.mp4

The post Runs on the Librem 5 Smartphone – Week 2 appeared first on Purism.

Librem 5 App Design Tutorial — Part III

Tuesday 2nd of July 2019 03:44:45 PM
Naming your app

So you finally started working on the awesome idea you had for a GNOME app, designed a great interface for it and want to start building it. You open Gitlab in order to create a new repository… and oh no!, it wants a name.

Existential dread sets in. Naming things is hard, and naming user-facing things even more so. App names are read, pronounced, heard of and remembered by lots of people. A name is, along with an icon, the most important identifier for your project. This tutorial will help you find a great name for your app–or, at least, make it a bit easier.

General Guidance

As the GNOME Human Interface Guidelines puts it:

“An application’s name is vital. It is what users will be first exposed to, and will help them decide whether they want to use an application or not. It is a major part of your application’s public face.”

A good name is hard to find, but putting in a bit of effort up-front is worth it, since renaming the app afterwards is much harder (and messier). A good name should consist of one or two simple nouns; be related to the app’s domain (e.g. Celluloid for a video app); be short (less than 15 characters) and easy to pronounce. It should also make it easy to come up with a good icon (e.g., reference an object that could be turned into an icon), and use title case (e.g. Icon Preview instead of iconPreview).

On the other hand, a good name should probably avoid using trademarks or names of other projects (e.g. GNOME MPV); having a “G” prefix (e.g. GParted); being overly complicated, whether a name or an acronym (e.g. GIMP, GNU Image Manipulation Program); relying on puns and inside jokes (e.g. D-Feet), using non-standard punctuation and whitespace (e.g. UberWriter) or made-up words and word combinations (e.g. Inkscape).

The Process

Having been involved in naming a lot of projects, I now have a process which consistently produces pretty good results: I write down all the words related to the app’s domain I can think of; do a thesaurus search of some of those words, find even more related words and, when I have about 15, I pick out the best-sounding ones, and ask myself: Are they too long? Are they easy to pronounce? Could they have negative connotations? I do a quick check to see if the names are already taken and, among those not taken, choose my favorite one.

Naming an app which is part of GNOME is slightly different, because apps have completely generic names describing their function or type content (e.g. Files, Image Viewer, Fonts, Music). Since this is much simpler–and unusual–in this tutorial we’ll focus on independent, third-party app naming only. Let’s start with a real-world example: a few months ago I was involved in renaming an internet radio app called Gradio–a bad name for many of the above-mentioned reasons. We wanted a nicer name for the new, completely rewritten version of the app.

1. Brainstorm

So, Internet radio. What immediately comes to mind? Well, let’s say Radio, Transmission and Stations. But these are pretty generic terms, so let’s branch out a bit. As with most digital technologies, it’s hard to find nice metaphors, but we can use their analog predecessors (i.e. analog radio).

Are there any related physical objects we can use? Maybe Receiver, Headphones and, say, Antenna? Maybe also something related to analog radio technology, such as Transistor or Frequencies? We also considered the names of people who worked on the technology, like Marconi and Hertz.

2. Thesaurus

Now that we have a few words to start with, let’s plug them into a thesaurus (or a similar site, like relatedwords.org) and see if there are any good related words. and see if there are any good related words. This is usually pretty hit or miss, as most related words will neither be relevant to the domain, nor make sense as names. But I always find a few good options that I didn’t think of before.

A few additional words from a thesaurus search were Transmission, Shortwave, Wireless and Decibel. We also had a brainstorming session on Matrix with a group of people from the community, which gave us Longwave, Shortrange, Hzzzzz, Spectrum and Waves.

3. Pick the best ones

We had about 20 words, so we stopped brainstorming and started looking for the ones that would make good names. This is not a scientific process: just take each word and imagine it as the app’s name, paying attention to its length, ease of pronunciation, and whether it sounds nice.

My favorites were Transistor, Hertz, Spectrum and Shortwave. They’re all relatively short, easy to pronounce, and sound good as app names. We now need to know if we can use them.

4. Check if they’re taken

I usually start off by searching directly on Github to see if any other FOSS projects are already using a name. If I don’t find anything there, I search for the name on Duckduckgo, adding “app” or “open source”. You’ll often find something somewhere using the name already; not necessarily a problem, if it’s an app/project/company from a different domain–but it’s better to avoid large projects and companies.

It turned out Transistor is already a radio app for Android. Since our app does something very similar, people might think it is affiliated with that project, which we want to avoid; and Hertz is the name of a car rental service. It’s a big company, so best to stay away from that as well. Spectrum is already the name of a forum software (which looks really cool, by the way). The potential for confusion is low here, but the project is well-established, with 6000+ stars on Github, so also not a great option. Finally, Shortwave is used by a bookmarking app; some search results are related to actual analog radio software, but nothing looks too problematic, and it seems viable.

So, the process is always the same: a quick search to check what’s out there and determine the potential for confusion or trademark problems. Since you’re working on a free software app, you’re probably not going to get into legal trouble, but you may have to change the name later on.

5. Pick a winner

You probably know which name you want by now, so go ahead and make it official. In our case Shortwave won. It is good because it is short, distinct-sounding, related to the domain, a pronounceable English word that is not taken by any major projects or companies.

And if all your favorites are taken, go back and do some more brainstorming: the perfect name for your app is out there, and you will find it!

Bonus

Here are some examples of well-named third party apps in the GNOME ecosystem, and what makes their names great:

Fragments, a torrent app. The name is great because it is unique among torrent app names (which usually reference water, e.g. Deluge), yet clearly connected to its domain, since BitTorrent splits files into lots of tiny parts and sends them in random order.

Peek is a GIF screen-recorder with a very appropriate name: it makes short recordings of small parts of the screen and feels small, quick, and frictionless–all of which the name perfectly encapsulates.

Teleport sends files across the local network. The idea behind it is to make sending the file seem effortless when compared to other methods, such as using web services or USB drives. The Sci-Fi metaphor is perfect for that.

That’s it for now–I hope you enjoyed this tutorial, and if you feel like reading the full version, you can find it here.

The post Librem 5 App Design Tutorial — Part III appeared first on Purism.

Made in USA Librem Key

Thursday 27th of June 2019 04:31:29 PM
Purism is happy to announce the new, made in USA Librem Key What does “Made in USA” mean?

We would never use the words “Made in USA” lightly. We had to meet very strict requirements before being allowed to use that label. It’s well-known that other firms have been fined for mislabeling their Made in China products as Made in USA, for instance because “screwdriver assembly” only (getting electronics made elsewhere and doing final case-assembly in the USA) is not enough to qualify for “Made in USA”. A company can source specific, individual electronics components from around the world (we source chips like the OpenPGP smart card from a European supplier, for example) but must actually make–as in fabricate–the product here, in the US, to be able to label it as “Made in USA.”

https://puri.sm/wp-content/uploads/2019/06/key.mp4 Protecting the digital supply chain matters

We are investing in improvements all across our supply chain. We have written about the importance of protecting the digital supply chain before, and are now pleased to announce a major, related improvement: the new, made in USA Librem Keys!

The original Librem Keys were manufactured by Nitrokey as part of our initial partnership. We will be manufacturing the Librem Key v2 in the same US facility where we manufactured our Librem 5 devkits; it will have the same features of the original Librem Key, use the same OpenPGP smart card chips, and the inside will look almost the same–but the outside will have a new, re-branded case saying “Made in USA”.

Tight supply chain control is very important, because this device will hold your most sensitive secrets–your GPG keys, your PureBoot secrets. We oversee the complete production of the Librem Key, so they never leave our sight–from PCBA to finished product–until we send them to you. You can trust not only the keys, but also any laptops configured (at our facility) with PureBoot and protected by those same Librem Keys.

This is only the beginning

Made in USA Librem Keys are only the beginning: we have already tested the capabilities of our US facility by making Librem 5 devkits there, and as we continue to fine-tune our operations with the Librem Key, we are testing how many more of our products we can build there.

Having Made in USA, in-house fabrication ensures freedom, security, and privacy for people and enterprises. This is the second Made in the USA product by Purism, but only the beginning of what we have coming.

If you are interested in Made in USA Librem Keys, you can find more information about them here.

The post Made in USA Librem Key appeared first on Purism.

Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA

Thursday 27th of June 2019 04:14:46 PM
Version 2 of the first and only security key offering tamper evident laptop protection has a tightened supply chain to ensure privacy and security for users

SAN FRANCISCO, Calif., June 27, 2019 – Purism, the social purpose corporation which designs and produces popular hardware and software that protects users’ digital lives, today announced its Librem Key product will be the first device of its category to be made in the USA.

Librem Key, the first and only OpenPGP smart card closely integrated with the Heads-firmware offering a tamper-evident boot process, launched in September 2018. Initially manufactured in-part by partner Nitrokey, Purism is now manufacturing Librem Keys entirely from Purism’s Carlsbad, California headquarters – the same U.S. facility used to manufacture its Librem 5 smartphone devkits in 2018. Version 2 also stores up to 4096-bit RSA keys and up to 512-bit ECC keys and securely generates keys directly on the device.

Supply chain security is a rising concern due to the lack of control hardware companies have over manufacturing links. Threats include security hacks, malware concerns, cyber-espionage, and even copyright theft. Purism sees protection of its supply chain as an existentially important issue, and has invested in supply chain improvements including the launch of Librem Key V2.

“Having a secure supply chain is critical for hardware that holds your most sensitive secrets,” said Kyle Rankin, Chief Security Officer of Purism. “By making the Librem Key in the USA, we’ve removed even more links in the supply chain and can directly oversee the complete process from Librem Key production to shipping to the customer. Here at Purism we hope to lead by example, lessening uncontrolled links and understanding every step of our supply chain.”

Purism takes the “Made in USA” label seriously, especially as other firms have been fined for mislabeling their products as American made when they were made in China. For example, “screwdriver assembly” – electronics made elsewhere and doing final case assembly in the USA – does not qualify a “Made in USA” stamp of approval. And while a company can source specific individual electronics components like resistors or unpopulated circuit boards from around the world, the company must fabricate the product here in the US to qualify as “Made in USA.”

“Librem Key’s USA fabrication is yet another area where Purism is beating the technology giants by ensuring a secure supply chain for critical hardware, and it has been our goal to do so since we formed in 2014,” said Todd Weaver, founder and CEO of Purism. “As we start to move more and more of our manufacturing to the U.S., it will give us complete control over the production lifecycle, which means that eventually our devices will never leave our purview, from schematics, through PCBA (Printed Circuit Board Assembly), to finished product.”

This move will enable Purism to exponentially increase manufacturing volume to meet growing sales demands.

A Key to the future

Made in USA Librem Keys is the beginning of Purism’s journey to a tighter supply chain. Since the inception of Purism in 2014, the company has been working toward a U.S. supply chain because of the security implications and benefits.

Purism has already tested the capabilities of its U.S. facility by making Librem 5 devkits late last year, and the company continues to fine-tune operations with the Librem Key and setup for more of its products to be built there.

The investment in protecting user privacy and security has paid off. Purism has seen triple-digit sales growth year-over-year since its founding in 2014 and even with a rapidly growing 60+ person team continues to grow funded from profits.

Made in the USA Librem Key will begin shipping on July 4, 2019. Learn more about Librem Key here: https://puri.sm/products/librem-key/

About Purism:

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco, California, and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact:
Marie Williams
Coderella
415-689-4029
pr@puri.sm

The post Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA appeared first on Purism.

Runs on the Librem 5 Smartphone – Week 1

Wednesday 26th of June 2019 04:21:36 PM

As we steadily work towards the release of the Librem 5 smartphone (Q3 of 2019), we’re taking a look at one new application (or game, or feature) running on the Librem 5 Development Kit every single day.

Below is the first week worth–Solitaire, web browser, system tools, note taking… just all over the map. Some of these are mobile optimized applications. Others are desktop Linux applications, running unmodified on Librem 5 development kit hardware.

What will the next week hold? Which applications and games will we take a look at over the coming week? Who knows! (Well. I do. But I’m not telling.)

Side note: If you pre-order the Librem 5 before July 31st, you save $50. And fifty bucks is fifty bucks.

Day 1 – Solitaire (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-001-Solitaire.mp4

 

Day 2 – Gedit and Apt (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-002-GeditApt.mp4

 

Day 3 – Web Browser (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-003-Web-Browser.mp4

 

Day 4 – GNOME Calculator (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-004-GnomeCalculator.mp4

 

Day 5 – GNOME Dictionary (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-005-GNOMEDictionaryOrientationSwitching.mp4

 

Day 6 – Evince Document Reader (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-006-Evince.mp4

 

Day 7 – Annotated Note Taking with Xournal (also on YouTube)

https://puri.sm/wp-content/uploads/2019/06/Librem5-007-Xournal.mp4

The post Runs on the Librem 5 Smartphone – Week 1 appeared first on Purism.

More in Tux Machines

Dev branch moving towards Qt 6

As you know, Qt 5.14 will be branched pretty soon. After that I would expect that most new development work would start to be aimed towards Qt 6. As it looks right now, 5.15 will be a smaller release where we polish what we have in 5.14, and prepare some things for Qt 6. To reflect that and help us all understand that the development focus is now towards Qt 6, I would like to propose that dev becomes the Qt 6 branch after we branched away 5.14 (and we merge wip/qt6 back into dev). We can then either create a 5.15 branch at the same time, or slightly later, once 5.14 has stabilised a bit more (e.g. after the beta or RC). Read more Also: Qt's Development Branch To Begin Forming Qt 6

Today in Techrights

How to Check Which Debian Version are you Running

Wondering which Debian version are you running? This tutorial teaches you several ways to check Debian version in the terminal. Read more

Tilda: A Great Dropdown Terminal

If you need a full sized, full featured persistent terminal that appears and hides at a single keystroke, Tilda is your friend. Like most Free Software, it has too little documentation, and some conflicting documentation out on the web. That's OK, with this document make Tilda do a heck of a lot of what it was designed to do. This document didn't cover multiple Tilda instance or transparency, but I'm sure both will be easy for you to achieve with a little web search and experimentation. Read more