Discussion on Purism

It seems this is already an off-topic here, but I still believe that a discussion of a privacy- and security-focused company may be interesting for Qubes users in general. Perhaps moderators could extract this discussion of Purism the company to a separate thread in a newly created category.

As a strong supporter of free software I can’t help answering to the mentioned accusations and I hope that all the myths can be debunked while only actual concerns are left for us to think about.

Well, yes and no. Of course it is extremely unlikely that such a tiny company can convince Intel to change their mind, while even Google could not. But does it mean that Purism (and the free software community) must give up and obey everything Intel says? Trying is the only way to (eventually) reach your goal, however hard it is. Purism did not give up and are still keeping this goal in mind. At least they created more awareness by creating another petition to Intel, which is a good thing, isn’t it? By the way, Purism is the first company to sell laptops with “neutralized and disabled” Intel ME showing how important it is for the customers. And a few other companies followed afterwards. So you are right by saying that they did not achieve the goal, but you are wrong saying they achieved nothing. You should take into account how hard this problem is.

What is misleading about their pyramid? AFAIK it’s accurate and they don’t deny the proprietary bits, while most of the software is actually free. The neutralized Intel ME is hardly functional and it’s definitely much more secure than the alternative. (Note that this marketing is directed toward people not familiar with all those details. Most of the time security threats come from the other parts of the pyramid which are free here.)

Not sure what you don’t like about the Pureboot marketing, but it’s the only verifiable secure boot process in the world, where users are owning it and not corporations. Perhaps you don’t like that the name implies perfect purity and you are right; but it’s the nearest thing we have, so it is not totally unreasonable (and they intend to continue freeing it as I mentioned above).

A Purism laptop was officially certified for some time. Then indeed the certification was cancelled. While the official announcement does not explain much, I think the community found out the actual reason. Tl;dr: it’s just too expensive for this tiny company. To be extremely clear, certification is not necessary for flawlessly working Qubes OS; even the laptops of Qubes developers are not certified AFAIK.

You can also look at how much the currently certified laptops cost while having pretty low specs. This is what I would call “overpriced” by the way.

This is true. However, currently FSF-certified laptops are all from 2008 and are vulnerable to Spectre and Meltdown, so Purism laptops are the most secure and free practically usable laptops in the market. By the way, even Stallman was using proprietary BIOS while there was no other choice.

Most of the claims made by Zlatan Todoric are proven to be false by the actual news, including that the phone would never ship or would be full of proprietary blobs, or Purism the company would very soon disappear. The company has been doing fine. Perhaps it is true that working in a startup was hard and low-paid; sad but true. This does not influence the fact that the actual good hardware exists though and does not necessarily mean the company’s atmosphere is still the same. This is a pity people believe such suspicious claims; seems like FUD.

This is my main point. You don’t judge Purism in a vacuum, you judge it in comparison to other companies. Are you aware of any better alternative (modern) hardware company supporting free software and changing the industry?

No, you should not trust, you should verify. And AFAIK Pureboot is the only boot software working on modern hardware which is verifiable.

I already replied to that above: it should already work with Qubes OS, just needs testing.

Now, to be fair, I want to mention one real concern with Purism, and this is the lack of annual Social Purpose reports which any SPC should provide. I don’t think this problem is big enough to stop supporting them; this is not a problem with hardware, but I want to be honest.

To summarize, I want to say that Purism currently produce the best hardware (including laptops) in terms of freedom and security and nothing else comes close. The free software community should support such companies in order to fight for the freedom and there are too few choices too loose this one due to bad marketing decisions or FUD.

3 Likes