A San Francisco-based start-up is creating a line of Linux-based laptops and mobile devices designed with hardware and software to safeguard user privacy.
Purism this week announced general availability of its 13-in. and 15-in. Librem laptops, which it says can protect users against the types of cyberattacks that led to the recent Intel AMT exploits and WannaCry ransomware attacks.
The laptop and other hardware in development has been “meticulously designed chip by chip to work with free and open source software.”
“It’s really a completely overlooked area,” said Purism CEO Todd Weaver. “We also wanted to start with laptops because that was something we knew we’d be able to do easily and then later get into phones, routers, servers, and desktops as we expand.”
The company has already designed a 11.6-in. Linux-based 2-in-1 that can currently be pre-ordered. Weaver expects the 2-in-1 to be available in about six months. The 2-in-1 with a basic 256GB SSD and 8GB of memory retails for $1,398.
Purism’s 2-in-1 is based on the same Linux OS as its laptops and has physical toggle switches that can turn off its cameras, microphone and wireless connectivity.
Around the same time, the company wants to ramp up development of an open-source smartphone that will also sport native security features such as an encrypted messaging platform. The company still needs $5 million in capital to develop the privacy-based smartphone, Weaver said.
Now that the Purism has built up an inventory of laptops, however, it will begin targeting businesses as customers for its laptops; wait times for one should only be a few weeks.
“The nice thing about the B2B sales is our core audience — the software developers, hardware geeks and hardcore security individuals,” Weaver said. “CTOs and CIOs are, of course, in that core audience and they recommend technology to buy. So, we’ll start picking up small businesses…and be able to expand that to much larger enterprises because we have a depth of credibility they’re interested in.”
By “depth of credibility,” Weaver means his company’s philosophy that it will always release its system source code, enabling it to be audited and known vulnerabilities eliminated in order to avoid even theoretical cyberthreats.
For example, in May, Intel announced that PCs sold after 2010 with its server chipsets could be remotely hacked due to a critical vulnerability in its Active Management Technology (AMT) firmware, a component of Intel’s 7th Generation Intel Core vPro processors. Intel released a patch for the vulnerability.
The vulnerability was first discovered in March by a researcher at Embedi, a security product provider. Along with allowing a potential hacker to gain control of a PC’s mouse and keyboard, the vulnerability also enabled a hacker to bypass a computer’s password authentication processes.
“Prior to the Intel publishing the AMT (Active Management Technology) exploit, it was all just a theoretical threat,” Weaver said. “We took it upon ourselves to say that is a theoretical threat, so we’re going to remove it. The way we remove it is, of course, we don’t use an Intel networking card, we don’t use a management engine that has that networking stack in it, and we don’t use a CPU that has vPro, which means AMT isn’t able to be used.”
Because Purism’s laptops don’t natively run Windows or macOS or applications, they’re not suseptible to common ransomware attacks, such as the WannaCry attack in May, Weaver said.
Purism’s 15-in and 13-in Librem laptops.
The computers come preinstalled their version of the LibreOffice suite of business applications, software created by The Document Foundation, a non-profit organization based in Germany. The suite includes email, spreadsheets, graphics, drawing, presentation, media player and Purity’s own browser called PureBrowser.
PureBrowser is based on the Firefox web browser but includes security add-ons such as the Privacy Badger, a plug-in created by the non-profit Electronic Frontier Foundation (EFF) that blocks spyware and browser trackers.
The laptops also come with a preinstalled Tor Browser, an anonymizing browser that uses encryption and anonymous routing to protect users’ rights, and the EFF’s HTTPS Everywhere, a browser extension that encrypts communications with many major websites.
Despite the company’s plans, analysts say it could have a tough climb.
Mikako Kitagawa, a principal research analyst at Gartner, said a vendor as small as Purism will have a difficult time breaking into even the midsized corporate market, as that laptop market is already dominated by Lenovo, Dell and HP.
“The reality is that large companies do not really get their hardware from unknown vendors,” she said.
Additionally, when Purism announced the Librem laptop line in 2015, it caused something of a stir in the open-source software community from developers who argued the company wasn’t fully delivering on its promise of a completely open-source computer because it used an Intel processor and a proprietary BIOS.
“The criticism comes down to the strictness of Free Software Foundation enthusiasts, which is completely understandable,” Weaver said. “The concern from that audience…is that they wanted us to be further along than we are.”
Now that Purism is using Coreboot, there is only 200KB worth of proprietary binary code remaining on the computer, Weaver said.
He compared the laptops and their software to a layer cake in which the first seven layers are open source, and only the last layer remains to be freed through reverse engineering.
“Yes, we know we have this binary, but it’s at the lowest level. We’re investing [revenue] back into the supply chain and reverse engineering the management engine, which is the last remaining binary we have,” Weaver said.
Purism launched a crowdfunding campaign in 2014 to raise money to develop the two laptops and a 2-in-1 tablet. The crowdfunding campaign for the 13-in laptop raised about $462,000 of a $250,000 goal; the 15-in laptop raised nearly $600,000 of its $250,000 goal.
All together, Purism said it’s raised more than $2.5 million (including seed funding) and has seen 35% to 38% average monthly growth in orders over the last year for its Librem 13-in and 15-in laptops, respectively. Previously, the laptops were only made-to-order, meaning it took up to three months to get one.
Along with free, open-source software, the laptops come with two physical toggle switches, one to turn off the microphone and camera and another to shut off wireless/Bluetooth connectivity. The laptops also sport something called a “Purism Key,” a one-touch method to search the computer for documents and applications.
The laptops have a distinctively MacBook-like look to them. They include a multi-touch track pad that can scroll, click, zoom, and scale the view in the same way a MacBook’s trackpad works.
Weaver said that’s no coincidence, as purchasing any sturdy, all-aluminum laptop case from third-party vendors who mimic Apple designs leaves little room for customization. And, in fact, a lot of Purism’s core customers are Apple enthusiasts and will be familiar with the build quality.
This story, “Purism aims to push privacy-centric laptops, tablets and phones to market” was originally published by Computerworld.