Follow

In case you missed it, privacy-friendly laptop maker Purism has launched its own range of open online services:

librem.one

You can follow Purism on their new account at:

@purism

Librem One's services use open standards so that users aren't locked in. For example, Librem Social is a Mastodon instance and part of the Fediverse.

Technically this is nothing new, but it's nice to see all-in-one offers for those who prefer bundles. Non-techies may find Librem One more approachable.

@switchingsocial It may be good to note that developers are calling them out for not crediting the original software they rebranded in some cases. There seem to be some GPL violations afoot.

@Famicoman @switchingsocial which part of the GPL does rebranding violate? If you ask a d they provide you the source, then they're all good, right?

@Famicoman @switchingsocial Is it a GPL violation of Tusky when the source code of the PurismSocial app is available? Hmm... I guess they should still mention the original authors in some about section...yeah,

Anyways, would be cool if #Tusky ported to #iOS using #Purism’s code.

@switchingsocial @purism@librem.one umm. Switching, you might want to wait a bit on this. The Purism Mastodon fork has disabled the ability to report users and seems to be a new Purism branded silo for users. Their Android client is Tusky with all the branding removed and replaced by Purism branding, and the Tusky devs were not told about this.

This doesn't seem to be the actions of a good member of the open source community.

@sixohsix @Famicoman

Hmm... didn't know about GPL violation allegations, thank you for the info.

Maybe @purism could respond to these?

@Famicoman @sixohsix @purism

That's not good :/

I've dropped Purism a line about that thread in particular, hopefully they will respond.

@switchingsocial oh, though I'm concerned about the Purism thing, just want to say that the switching social account is really good. Thank you for your hard work.

@switchingsocial @purism

I didn't follow this closely myself but it seems like they are not doing a lot of new things and use the "fork, re-brand, don't mention the original" strategy. As is it feels really dodgy.

I need to read the responses of this toots more closely but...

Sources:
shelter.moe/@Neil/102020566466
fosstodon.org/@kev/10201678415
chaos.social/@ConnyDuck/102019

@Zykino @purism

As I said in the original post, there's nothing wrong with bundling software into all-in-one offers as this is often easier for non-technical people to grasp (because they're so used to centralised services).

But violating licences (if that is what has happened, I Am Not A Lawyer) and annoying developers is clearly not a good way to build a bundle.

Hopefully Purism will respond to this and make any necessary changes.

@switchingsocial @purism I'm interested to hear not only if they can solve their GPL violation allegations but also The Levison Problem as tooted by @bob earlier.

@eben @purism @bob

Could you explain what that is? (Can't find the toot you refer to.)

@eben @purism @bob

Ah, I get you. You mean there may be privacy problems if servers are based in the US?

@switchingsocial @purism @bob
Also that the services they are running are not all designed to prevent server admins having access to their users data. So it could be very hard to refuse access if the government demanded it in a similar way to Lavabit.

@eben @purism @bob

That sounds like a more general problem with this set of software, rather than Purism's implementation of it?

@switchingsocial @purism @bob
Agree.
However the problem is harder for Purism as they will put a collection of services and data together on a server. Centralising that data so they will be a bigger target than an individual mastodon or matrix instance.

@eben @switchingsocial @purism The hardware that they're supplying, with Intel ME removed or neutralized and baseband isolated, will also make them especially interesting and likely to be targeted.

@bob @eben @purism

So... you're saying the stuff that makes their laptops more private would attract spies' attention?

@bob @switchingsocial @purism
I do still like Purism and think their hardware is very interesting. I hope they can come up with a solution stick around without ending up a victim for drawing the wrong kind of interest like Lavabit did.

@switchingsocial @eben @purism

The Levison Problem is what happened to Lavabit, who ran a private email system used by Snowden. Letter agency people wanted full access to the database, including the encryption keys together with the usual gagging order. Something like "give us what we want or we throw you in jail".

Ladar Levison was then in the ethical dilemma of whether to betray the privacy of his customers and the entire reason for the existence of Lavabit or comply with the legal threats. He tried a few things to slow them down, like printing the encryption key in an unreadably small font and mailing it to them, but ultimately he decided to physically destroy his hard drives and close the business rather than hand over information about Snowden and potentially other dissidents.

@switchingsocial @purism I did the math and the absolute cheapest I could run a Pleroma instance for myself is $5 per month. So I consider this a great deal. Question is if this would allow more than one account. For example, on Twitter, I can set up two or three different accounts for different purposes.

@switchingsocial @purism I know of all of these services and use them but I signed up for Librem.One just to support them.

@switchingsocial @purism The problem is you put all your eggs in one basket. If they get hacked *all* your data is exposed. This also means they are a far larger target.

@JacobNeplokh @purism

Compared to people who are on good separate services, yes going to an all-in-one is more risky.

But the chart indicates Purism is aiming their service at people currently on Apple, Google, Microsoft etc.

These kinds of users are already using all-in-one services, so it's not going to make a huge difference to their "eggs in one basket" status.

@switchingsocial @purism It definitely is a better alternative, but we should still teach people dangers of trusting one company with all of your data.

re: safety of centralized services Show more

@switchingsocial @purism Problem is, they use Pen-Sorce Apps and market them as their own. Not fair.

@switchingsocial They also ripped out all the abuse reporting functionality, so good luck with that not being a walled cesspool.

@BalooUriza

I'm extremely concerned about this. @switchingsocial, I love your account, but putting unmoderateable instances on the fediverse is not 'giving back' anything I'd like to receive. 😕

@celesteh @BalooUriza

I'm not connected to Purism, I was just reporting on this because it seemed like a good alternative for non-techies.

If they are breaking licence terms and/or making developers uncomfortable, then obviously that's not so good.

If you're concerned about their behaviour, please do get in touch with them and tell them.

@celesteh @BalooUriza

Also, a lack of moderation is not a good idea either, as automated mod systems simply don't work.

Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.