Tag: Product or service launch

Introducing the Librem Key

A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59.

What is a USB Security Token?

In case you haven’t heard of USB security tokens before, they are devices typically about the size of a USB thumb drive that can act as “something you have” for multi-factor authentication. With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor. USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.

In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).

Why Make a Librem Key?

There are many other vendors out there who offer their own security tokens, so why make our own? The first reason is that few security tokens out on the market align with our values here at Purism, in particular with respect to freedom. I’ve explained in a previous post why freedom is essential to security and privacy and this is especially true for a device that is holding some of your most sensitive secrets. We wanted a security token that used open hardware, free software firmware, and free software user applications and that is why we partnered with Nitrokey to produce a security token that respected your freedom from the beginning.

We also wanted to make the Librem Key because of all of the integration possibilities with our existing products that would make customers more secure in a way that’s also more convenient. When you can bundle a security token with your own laptop and operating system, there are so many interesting possibilities, especially when the firmware and user applications are free software so we can easily modify them to add even more features.

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

  • Insert the Librem Key at boot and automatically decrypt your hard drive
  • Automatically lock your laptop whenever you remove the Librem Key
  • Use your Librem Key to log in

Provable Security, Made Easy

One of the most exciting opportunities the Librem Key opens up to us is in integrating with our tamper-evident Heads BIOS to provide cutting-edge tamper-evident security but in a convenient package that doesn’t exist anywhere else.

Currently with Heads, when you want to prove that the BIOS hasn’t been tampered with, you need to set up a TOTP application on your phone and scan a QR code from within Heads. Then at each boot you compare the 6-digit code Heads displays on the screen with the code in your phone. If the codes match, the BIOS is safe. This method works but is a bit cumbersome and with the Librem Key we can do better.

We have worked with Nitrokey to add a custom feature to our Librem Key firmware specifically for Heads. This custom firmware along with a userspace application allows us to store the shared secret from the TPM on the Librem Key instead of on a phone app. Then when Heads boots, if the BIOS hasn’t been tampered with the TPM will unlock its copy of the shared secret, and Heads will send the 6-digit code over to the Librem Key. If the code matches what the Librem Key itself generated, it flashes a green light. If the codes don’t match, it flashes a red light.

So if you are concerned about someone tampering with your computer when you aren’t around, just boot with the Librem Key inserted. If it blinks green you are safe, if it blinks red you’ve been tampered with. There is no other product on the market today that offers this kind of simple but strong tamper-evident protection, much less one that respects your freedom where the keys are fully in your control.

Even Stronger Anti-Interdiction Protection

The Librem Key opens up possibilities for even stronger anti-interdiction protection for customers who need it. We will be able to link a Librem Key with a laptop running Heads at our facility and then ship them separately. Then when each package arrives you can immediately test for tampering with an easy “green is good, red is bad” test.

Convenient Security for the Enterprise

Many companies have already incorporated 3rd party security tokens into their engineering teams as a way for software engineers to sign their code pushes securely or as convenient multi-factor token. The Librem Key offers enterprises a way to combine all of the other features they are used to with other security tokens along with our cutting-edge tamper-evident boot process on our Librem laptops in an easy and convenient package where all of the keys are fully under their control.

Since the firmware and userspace tools are free software, that means enterprises can also easily customize these tools to suit their own internal policies whether with their own software teams or by working with Purism. That could mean anything from providing a customized error page to employees when Heads detects tampering to actively preventing employees from booting a tampered-with machine.

Only the Beginning

Knowing that our customers have a secure and freedom-respecting security token opens up all sorts of other possibilities and today we are only scratching the surface on what we will be able to do with Librem Key both for new customers and those that have been with us from the beginning. Stay tuned for future posts where I will dive deeper into some of the Librem Key’s features and explain how to get the most out of it. In the mean time you can order your own Librem Key from the Librem Key product page.

Update: read more in our follow-up post explaining the interaction between the Librem Key and our coreboot+Heads BIOS replacement to learn more about how the tamper detection works.

Purism launches Librem Key, the first and only security key to offer tamper evident protection to laptop users

New OpenPGP smart cards now available for purchase on Purism’s website

SAN FRANCISCO, Calif., September 20, 2018 — Purism, the social purpose corporation which designs and produces popular digital rights respecting hardware, software, and services, has launched its new security token, the Librem Key, which is the first and only OpenPGP smart card providing a Heads-firmware-integrated tamper-evident boot process. The new Librem Key, built with Open Hardware USB OpenPGP security tokens from Nitrokey, can store up to 4096-bit RSA keys and up to 512-bit ECC keys and can securely generate them directly on the device. Librem Keys are now available for purchase on Purism’s website, with Librem laptops or as a single order. Librem Keys will be able to provide basic security token functions on any laptop, but have extended features that work exclusively with Purism’s Librem laptop line and other devices that support Trammel Hudson’s Heads security firmware. Read more

Last Call for Librem 5 Dev Kit: order yours before June 1st 2018

Purism has finalized the specifications for the Librem 5 development kit and will be placing all the component parts order and fabrication run the first week of June 2018. If you want to have early access to the hardware that will serve as the platform for the Librem 5 phone, you must place your dev kit order before June 1st, 2018. The price for the development kit is now $399, up from the early-bird pricing that was in effect during the campaign and until today. The dev kit is a small batch, “limited edition” product. After this batch, we are not planning for a second run (as the production of the phone itself will replace the dev kit in 2019).

Improved specifications

We decided to wait to get the latest i.MX 8M System On Module (SOM), rather than utilizing the older i.MX 6 SOM, therefore having the dev kit align nicely with the ending phone hardware specifications. This means the dev kits will begin delivery in the latter part of August for the earliest orders while fulfilling other dev kits in September. Choosing to wait for the i.MX 8M SOM also means our hardware design for the Librem 5 phone is still on target for January 2019 because we are pooling efforts rather than separating them as two distinct projects. Our dev kit choices and advancements benefit the Librem 5 phone investment and timeline.

The current dev kit specification is (subject to minor changes during purchasing):

  • i.MX 8M system on module (SOM) including at least 2GB LPDDR4 RAM and 16GB eMMC (NOTE: The Librem 5 phone will have greater RAM and storage)
  • M.2 low power WiFi+Bluetooth card
  • M.2 cellular baseband card for 3G and 4G networks
  • 5.7″ LCD touchscreen with a 18:9 (2:1) 720×1440 resolution
  • 1 camera module
  • 1 USB-C cable
  • Librem 5 dev kit PCB
    • Inertial 9-axis IMU sensor (accel, gyro, magnetometer)
    • GNSS (aka “GPS”)
    • Ethernet (for debugging and data transfer)
    • Mini-HDMI connector (for second screen)
    • Integrated mini speaker and microphone
    • 3.5mm audio jack with stereo output and microphone input
    • Vibration motor
    • Ambient light sensor
    • Proximity sensor
    • Slot for microSD
    • Slot for SIM card
    • Slot for smartcard
    • USB-C connector for USB data (host and client) and power supply
    • Radio and camera/mic hardware killswitches
    • Holder for optional 18650 Li-poly rechargeable battery with charging from mainboard (battery not required and not included!)

The dev kit will be the raw PCB without any outer case (in other words, don’t expect to use it as a phone to carry in your pocket!), but the physical setup will be stable enough so that it can be used by developers. As we finalize the designs and renders we will publish images.

Purism Integrates Trammel Hudson’s Heads security firmware with Trusted Platform Module, giving full control and digital privacy to laptop users

Librem devices add tamper-evident features to further protect users from cybersecurity threats by offering users the full control that no mainstream computer manufacturer ever has before

SAN FRANCISCO, Calif., February 27, 2018 — Purism, maker of security-focused laptops has announced today that they have successfully tested integration of Trammel Hudson’s Heads security firmware into their Trusted Platform Module (TPM)-enabled coreboot-running Librem laptops. This integration allows Librem laptop users to freely inspect the code, build and install it (and customize it) themselves, and own control of the secure boot process as Heads uses the TPM on the system to provide tamper-evidence. Read more

Trusted Platform Module now available as an add-on for Librem laptops

Over the past few months, we have been busy with a plethora of great projects being set afoot. We have been incrementally building a laptop inventory to ship from, we have been continuing the coreboot enablement work on our laptops, neutralizing—and then disabling—the Intel Management Engine, and launching our much awaited Librem phone campaign, which ended in a very motivating success—involving many great organizations part of the Free Software community, such as Matrix, KDE e.v., the GNOME Foundation, Nextcloud, and Monero.

It really has been a whirlwind of events, and this has been happening in parallel to us continuing our existing R&D and operations work, such as preparing a new batch of laptops—namely the much anticipated Librem 13 with i7 processor.

One particular security R&D project dear to our hearts has been the beginning of our collaboration with “Heads” developer Trammell Hudson, a project that has been quietly going on behind the scenes for the past few months. We are very pleased to announce today that we are making a positive step to make this effort within reach of early adopters, with the availability of a Trusted Platform Module (TPM) as an optional component for currently pending and near-future laptop orders. Read more

Purism Collaborates with Cryptocurrency Monero to Enable Mobile Payments

Purism plans to utilize Monero’s privacy respecting platform to build a cash-like, digital payment system for Librem 5 smartphone users

SAN FRANCISCO, Calif., October 13, 2017 — Purism, maker of security focused hardware and software, today announced a collaboration with Monero, the only secure decentralized currency that is private by default. Purism recently started accepting Monero for payments in its online store, and this is a continuation of the company’s support for the cryptocurrency.

As more central services like Equifax are hacked, exposing vulnerable user data in unprecedented ways that cause permanent damage to people’s privacy, it has become clear that centralized, individually identifiable, historic, and permanent digital footprints create a serious threat to digital privacy and human rights. Purism, on the heels of its successful smartphone crowdfunding campaign which has raised more than $1.5 million, is looking to address this threat by incorporating cryptocurrencies by default into its mobile phone design, beginning with Monero.

“We must proactively plan for and address digital rights issues in the here and now, because by the time we face them in the future the damage will be irreversible,” said Todd Weaver, Founder & CEO of Purism. “Collaboration with Monero allows us to offer users a much lower barrier to entry for leveraging the benefits of a cryptocurrency, and our aim is to make it incredibly simple to use your Librem 5 smartphone to make secure, cash-like payments that safeguard your private information.”

Monero’s cryptocurrency offers a fungible, decentralized, private currency that is created to be identical to centuries of physical world transaction processes, primarily that cash given for goods or services is a one-time, non-recorded, mutual transaction.

“Collaborating with Purism addresses a major pain point for Monero. The Librem 5 makes it easy for the average user to use Monero for real world transactions on a mobile platform. In addition, the Librem 5, by using Free Libre Open Source Software provides the user with the opportunity to verify to a very high level its end point security, privacy and decentralization. This is in sharp contrast to many mobile platforms where the user has to trust a proprietary implementation. I am very excited to see the Librem 5 planning to have Monero support by default,” Francisco Cabañas, Core Team Member, The Monero Project.

“Creating a future where a person can buy or sell digital goods or services and still respect their privacy, similarly to cash but on the Internet, is a long-time dream that we plan to make a reality,” says Weaver.

Integrating Monero into Purism’s Librem 5 smartphone as part of its default mobile payment system can solve the problems plaguing the online transaction space, removing banks from the transaction, removing all central storage of private user data, keeping transactions private between two parties, all backed by the strength of an immutable cryptographic blockchain ledger.

About Monero

The Monero Project is a grassroots, community-driven initiative that advocates for privacy on a global scale by producing several free libre open source software projects, with the flagship offering being Monero, a fungible and decentralized cryptocurrency. The important guiding philosophies of Monero are security (ensuring that users are able to trust Monero with their transactions, without risk of error or attack), privacy (ensuring that users can transact Monero without fear of coercion, censorship, or surveillance), and decentralization (ensuring that no single person or group can control the network or reverse transactions). The goal is to provide a level of fungibility and privacy that is analogous to that of cash for the digital world.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@shop.puri.sm
See also the Purism press room for additional tools and announcements.
 

Purism Meets Its $1.5 Million Goal for Security Focused Librem 5 Smartphone One Week After Surging Past the 50% Mark

Self-hosted crowdfunder out grosses combined funding of Purism’s previous three campaigns

SAN FRANCISCO, Calif., October 9, 2017 — Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has reached its $1.5 million crowdfunding goal to create the world’s first encrypted, open smartphone ecosystem that gives users complete device control, the Librem 5. After amassing incredible support from GNU/Linux enthusiasts and the Free/Open-Source community at large, forging partnerships with KDE and the GNOME Foundation in the process, Purism plans to use the remaining two weeks of the campaign to push for its stretch goals and start working on the next steps for bringing the phone to market.

Reaching the $1.5 million milestone weeks ahead of schedule enables Purism to accelerate the production of the physical product. The company plans to move into hardware production as soon as possible to assemble a developer kit as well as initiate building the base software platform, which will be publicly available and open to the developer community.

Breaking away from the iOS/Android OS duopoly, the Librem 5’s isolation-based security-focused PureOS will offer basic communication services: phone, email, messaging, voice, camera, browsing, and will expand after shipment and over time to update with more free software applications, through shared collaboration with the developer community (not “read-only open source”, but true free software collaboration). In addition to the ability to integrate with both GNOME and Plasma Mobile, the $599 Librem 5 will come equipped with hardware kill switches, a popular feature in Purism’s laptops, that allow for users to turn on and off the camera, microphone, WiFi and Bluetooth at will.

“We are thrilled that the community has supported us in making this goal a reality, and now comes the real work of bringing the Librem 5 to production and into the hands of our backers,” says Todd Weaver, Founder and CEO, Purism. “We believe we’ve demonstrated a growing interest in technologies that proactively protect and secure our digital identities, and are proud to be a part of catalyzing this movement.”

The impressive milestone has already generated celebration in the community:

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@shop.puri.sm
See also the Purism press room for additional tools and announcements.
 

Of Laptops and Phones

On Thursday, we have revealed our plans to build the world’s first encrypted, free/libre and open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. This naturally comes after having announced the general availability and inventory of our Librem 13 and Librem 15 laptops in June this year. Our newest line of laptops are undergoing shipping after a short delay related to finishing our coreboot porting work (look forward to our technical update on this subject, to be published this Tuesday).

In preparation for the phone project, in addition to our regular work we have spent 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, and have now reached the point where we are launching the crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

Enabling the next generation of cable-cutters, we are making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. We will also offer regular baseband functionality separated off from the CPU, and work towards the goal of freeing all components.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, we hope to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. We have built our reputation within the GNU/Linux community on creating laptops designed to specifically meet user concern about digital privacy, security, and software freedom.

Starting at $599—less than the cost of many popular smartphones—and featuring a bona fide GNU/Linux operating system (PureOS) instead of Android or iOS, the Librem 5 is intended to give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

  • Make encrypted calls that mask your phone number
  • Encrypt texts and emails
  • Set up VPN services for enhanced web browsing protection
  • Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network
  • Edit or develop on the source code, which will be made publicly available, as a community-oriented FLOSS project (not “read-only open-source”)
  • Run PureOS or most modern GNU+Linux distributions—not yet another Android-based phone!
  • Enable hardware kill switches for the camera, microphone, WiFi/Bluetooth and baseband

Visit the Librem 5 crowdfunding campaign on our online shop to back the phone project!

Additionally, we will soon be posting a progress update on our laptop enablement coreboot work. Stay tuned for Youness’ technical report on Tuesday!

Purism Unveils Plans to Build Librem 5, the World’s First Encrypted, Open Smartphone Ecosystem Giving Users Complete Device Control

Security focused laptop maker launches crowdfunding campaign to gauge market demand and feature requests to begin fabrication

SAN FRANCISCO, Calif., August 24, 2017 — Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has revealed its plans to build the world’s first encrypted, open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. After 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, Purism is opening a self-hosted crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users.

The plans to build the Librem 5 smartphone come on the tails of Purism opening general availability and inventory for its increasingly popular Librem laptop line in June 2017, which includes the Librem 13 and Librem 15 laptop models and has seen 35 percent average monthly growth in the past year.

Partnering with open source communications project Matrix, Purism is making the Librem 5 the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralized communication in its dialer and messaging app. Matrix is an open ecosystem for interoperable encrypted communication, supporting a rapidly growing community of over 2 million users for VoIP and Slack-style messaging.

As increasing concern among Android and iOS users grow around personal data they give up through WiFi connections, application installations and basic location services, Purism hopes to address those concerns by manufacturing phones that will operate with free/libre and open source software within the kernel, the operating system, and all software applications. Purism has built a strong reputation within the GNU/Linux community by delivering laptops designed to specifically meet user concern about digital privacy, chip-by-chip, line-by-line, to respect our common rights to privacy, security, and freedom.

Starting at $599—less than the cost of many popular smartphones—the Librem 5 will give users unprecedented control and security with features unavailable on any other mainstream smartphone, including:

  • Make encrypted calls that mask your phone number
  • Encrypt texts and emails
  • Set up VPN services for enhanced web browsing protection
  • Use the phone on any 2G/3G/4G, GSM, UMTS, or LTE network
  • Edit or develop on the source code, which will be made publicly available
  • Run PureOS or most GNU+Linux distributions
  • Enable hardware kill switches for the camera, microphone, WiFi/Bluetooth and baseband

“I believe digital rights should mirror physical rights. Our Librem 5 phone will get humanity closer to that goal by giving people choices about how they want to protect or share their digital identity,” said Todd Weaver, founder & CEO at Purism.

“Purism has been doing genuine and important work around making truly free yet desirable laptops. The communities I work with would very much like to see the same philosophy replicated in a phone that runs a GNOME based stack where community members can participate in equal terms and that ensures respect for the users’ privacy and security,” said Alberto Ruiz, GNOME & Fedora Laptop Enablement. “While pulling this off is hard, Todd seems like someone who sincerely cares about these issues and has a great track record executing. I think the efforts of Purism deserve the support of the free software community.”

A veteran of successful crowdfunding campaigns with more than $2.5 million raised over the past two years, Purism is self-hosting the Librem 5 crowdfunding effort on their web site. Users can back the project here: https://shop.puri.sm/shop/librem-5

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@shop.puri.sm
See also the Purism press room for additional tools and announcements.
 

“Ship from inventory” has begun

With the new  batch of Librem 13 and Librem 15 this summer, we created our first ever “inventory” to shift from a purely build to order (preorders) model to a build to stock model. In other words, for the first time in our existence, we now have more laptops in stock than the amount of orders, which means new orders can be fulfilled in 7-10 days instead of taking months. We made a formal announcement about this a few days ago, and would like to take the time today to thank you, early supporters, for having made it possible for us to reach this milestone! As we finish working through our backlog and finalizing our coreboot port to correct some last minute bugs (more on this later), some users have already started receiving their Librems:

P.s.: got your Librem? Feel free to post a photo while mentioning us on Twitter, or in this forum thread!

At the forefront

These new models ship with coreboot preloaded and the newest version of PureOS—featuring Wayland and GNOME 3 by default. We are, in fact, the first independent hardware manufacturer of brand new laptops to do this.

We are also uniquely positioned to ship with Skylake processors immune to the hyperthreading issue recently disclosed by OCaml developers, independently of whether or not you run PureOS on your Librem, as we have bundled the fix and rebuilt our coreboot images for the current inventory being shipped out from this week forward (those who have already received their Librems last week will be able to apply a BIOS update to fix the issue on their machines). Think about this for a second: there are no other manufacturers of brand new laptops in the world who can provide such a timely BIOS update, while shipping, within 48 hours of a CPU issue being publicly disclosed by a third-party mailing list.

Get them while they’re hot

We are expecting to sell through this first inventory fairly quickly. For those who did not want to preorder and wanted to buy only when inventory becomes available, this is your chance—don’t miss it! Afterwards, we will manufacture increasingly frequent batches until we reach cruising speed and have a tightly controlled right-on-time rolling inventory to ship from.