10 Ways to Protect Your Privacy with Purism
In today’s day and age, the information superhighway is increasingly becoming a battleground for cyber-warfare. The internet is an amazing tool for freely learning and sharing information, but it’s also being used as a tool to harm real-life “meat-space” humans, economies, and governments. Bullies have convinced others to commit suicide. Cyber-terrorists have taken company computer systems hostage and have received massive amounts of money to release the encryption so the systems can be used again. Social network engineering groups have influenced government election results. Facebook is spreading your data all over the place for profit. Identity theft can ruin your finances without your knowledge. Even scooters aren’t safe!
Big companies that we once thought were trustworthy, are being found to be quite abusive to their users. There’s a huge amount of mal-intent out there where people are using technology to take advantage of people and potentially cause them harm.
How do we protect ourselves?
What are we to do to protect ourselves, our privacy, and our human rights in this world of technologically advanced businesses and politics that are designed to take away our freedom?
First we’ve got to learn a lot about how these cyber-terrorists, governments, and greedy corporations are trying to take advantage of us. Then we’ve got to arm ourselves with technological weapons of self-defense. If you don’t think you need major privacy protections because you’re a law abiding citizen, that might be what makes you a good target. It’s probably a good idea to learn about personal privacy & security if only to protect yourself from things like identity theft and ransomware.
Personally, I’ve recently gained more interest in learning about privacy & security partly because of the Librem 5 phone that’s currently in development which will run on Pure OS; something totally different from Android and iOS. There seems to be a large and growing community of people interested in this kind of technological freedom and with good reason.
What are Pure OS and Librem?
Pure OS and Librem are products of a company called Purism whose goal is to make secure devices and software that protects its users rather than exploits them. Librem is the name given to Purism’s line of devices (and services) which currently includes two laptop computers (a 13″ and 15″ model which periodically get generational hardware upgrades), a Librem Key, and will eventually include a smartphone called the Librem 5. Since Windows Phone is gone, Apple’s iOS suffers from iCloud attacks and monopolistic-style lock-ins (you practically have to send your entire life story to Apple just to use an iPhone), and Google Anroid’s whole business model is about violating user privacy… a new privacy-friendly smartphone operating system could be very attractive to many users.
Pure OS is the software operating system pre-installed on Librem hardware and it’s completely free of proprietary code.
10 ways to protect your privacy
Pure OS is based on Debian Linux with a Gnome 3 interface and Wayland display controller. The entire operating system is open-source and audit-able by you and anyone else. That means anyone can look at the code and find vulnerabilities, but it also means anyone can fix the vulnerabilities. Linux community members are constantly looking for security holes and patching things to make these types of operating systems better. The Pure OS distribution comes with a few programs and plug-ins that give you more tools for protecting your privacy. Purism is so adamant about including only free open-source audit-able software that the proprietary Bluetooth hardware drivers necessary to enable Bluetooth on their own Librem laptop computers are not included by default, though they are working on making some open-source Bluetooth drivers themselves. You’ll have to add a different Debian repository and install the Bluetooth drivers manually if you want to use the Bluetooth radio.
Pure OS can be downloaded separately for free and installed just like any other Linux distribution in case you want to try it out in a virtual machine or your own hardware, but it’s made specifically for Purism’s Librem 13 and Librem 15 laptops… and soon, the Librem 5 smartphone.
It’s not enough to have an open-source operating system when it comes to being secure, as espionage can happen on many levels. It’s possible to embed malware or spyware into a computer’s BIOS/UEFI or firmware as well. Purism’s Librem computers use “coreboot” instead of a proprietary BIOS. This way you can ensure that nothing built into this level of the computer is allowing for remote access to the camera & microphone, file system, or other parts of the PC. Purism is also working on adding “Heads” support which will help keep the BIOS from being tampered with, thus reducing the likelihood that someone might be able to flash your BIOS with a different version that provides a back-door.
Purism is also working on a complete secure boot solution called “PureBoot” which involves using a Librem Key (USB drive) to scan and verify everything that goes on in the boot process as well as decrypting the disk without needing a pass-phrase.
One way to steal your data is to take the hard disk or solid state drive right out of your computer, plug it into another computer and read the data with some data recovery software. Or you can often boot the computer to an OS on a USB drive and access things that way. In most cases, your data is all just sitting there ready to be copied off. One way to protect yourself is with disk encryption, and the Librem computers come pre-installed with the open-source LUKS software. As soon as you boot up for the first time, you’ll be prompted to set up the disk encryption and create a password that you’ll need to enter every time you boot up in order to be able to access the disk. I kind of wish this feature also had a secondary “wipe disk” password for quick emergency deletions.
You know how there’s all sorts of file syncing services out there like Dropbox, Google Drive, OneDrive, etc.? They’re extremely convenient for being able to access your files from anywhere there’s internet access. However, cloud syncing is just copying your files to someone else’s computer. That’s not private or secure. Yes, some of those services offer data encryption, but your data is still going out there somewhere that you don’t have control over. Plus files stored in those cloud services can easily be lost or subpoenaed without your knowledge. The smarter, safer option is to roll your own cloud that you personally own. Nextcloud is free server software that you can download and install yourself to make a cloud-connected file server in your house or office.
You’ll need to make your own Nextcloud Linux server with a Dynamic DNS or static IP on the internet. You can even use a cheap Raspberry Pi for this or buy something pre-made. Give it an external hard drive or SSD with as much storage space as you want and you’ll be all set. You’ll probably want to enable HTTPS with an SSL certificate for encrypted connections. You can get free SSL certificates from Letsencrypt.org just so you know. NextCloud also supports advanced security features like two-factor authentication through notifications, plus stricter CSP and V3 of app-tokens. Then you can set up the Librem laptop, as well as any other Windows, Linux, macOS, iOS, and Android devices that you have, to sync with your new cloud server.
But wait, there’s more! With NextCloud, you can also use that server software to enable Contact and Calendar syncing via CardDAV and CalDAV. NextCloud also offers more expensive on-premises servers that will allow you to run your own video conferencing calls, instant messaging, and even groupware email.
If you want to test drive NextCloud before putting all of that effort into building your own server, there are also NextCloud hosting providers that you can sign up with. Most of them have a free level that gives you a limited amount of storage to try out, and you can purchase more storage if you want, but having someone else host your data is kind of the thing you want to avoid.
Pure OS and Librem laptops come with Mozilla Firebird pre-installed for email, and they also included the Enigmail Email encryption add-on. Email originally wasn’t designed to be terribly secure. It was just made to be functional. We’ve upgraded email systems over the years so that now we’ve got numerous more-secure log-in methods and transport layer security for encryption over the wire. But maybe you want more security. You can also encrypt the messages themselves so that they can only be opened by the person who has the key on the other end. That’s what the Enigmail add-on enables.
With Enigmail you can send digitally signed messages with OpenPGP GnuPG encryption. You can set up per-account encryption defaults as well as per-recipient rules for encryption key selection and signing.
Not to be confused with the world’s first Christian web browser, PureBrowser is included with Pure OS and it’s mainly a recompiled fork of Mozilla Firefox with some extra plug-ins for improving privacy and security.
It includes the HTTPS Everywhere plug-in for secure connections to web pages that may not have SSL enabled by default or in the links within the site. The UBlock Origin plug-in is also included and that’s useful for blocking ads, tracking sites, and advertisement-based malware.
PureBrowser works about as well as Firefox, but I did have a couple issues. For example, Outlook Web Access in Office 365 can’t save calendar appointment edits. I had to install Chromium for that. WordPress’s admin UI doesn’t work well with the UBlock and HTTPS plug-ins enabled either, so I had to white list some sites just to get that working.
Duck Duck Go is a search engine for the web that boasts a lack of tracking and advertising features that other search engines depend on for revenue. Duck Duck Go won’t save your search history, won’t sell ads, and won’t keep any identifying data about what your doing online. This is the default search engine included with Pure OS and the PureBrowser.
This is another Purism partner which was only recently announced, but support for the PIA VPN will be added to Pure OS, soon. PIA has always refused to log user data, provides encrypted connections, and let’s you pay for its service anonymously using gift cards from Walmart, BestBuy, Starbucks, etc. Basically, after purchasing a service plan, you can set your computer to tunnel all internet traffic through PIA servers instead of accessing the internet directly. This allows you to hide your actual internet protocol address from outside sources thus making it more difficult to track you and more difficult to compromise your system with remote-access tools.
9 – Hardware kill switches
What’s the easiest, most obvious way to protect your computer from cyber-criminals trying to access it from the internet? Unplug it!
Unfortunately, with many of today’s laptops, tablets, and mobile phones, that’s easier said than done. Most wireless networking & connectivity radios are controlled only by software, as are most cameras and microphones built into these devices. If some one takes control of your device remotely, they can disable your ability to use the software to disable their ability to take control of your device.
That’s why the Librem laptops and soon the Librem 5 phone include physical kill switches for the wireless radios, camera and microphone hardware. These are literal switches on the side of the device that completely cut power to those components. Turn that Wifi/Bluetooth switch to off and you’re guaranteed that nothing is going to be able to get in or out because those radios are literally cut off from the system. Turn the Camera/Microphone switch to off and it’s like those components are completely gone from your computer. Sometimes the simplest solution is the best.
10 – Librem One app suite
While previously, Librem was mainly the name for Purism’s line of hardware, they just released a suite of apps for Android and iOS that make some open-source social networking and communications systems a little more user friendly by hosting a bundle of them under one user account. Similar apps will presumably be coming to Pure OS at some point as well, and they’re sure to be part of the Librem 5’s version of Pure OS. Currently, the Librem One suite includes free chat using the Matrix protocol, free social networking using the ActivityPub protocol (which is compatible with Mastodon), paid email account with OpenPGP encryption, and paid virtual private networking tunneling support. All are basically re-branded existing iOS and Android open-source apps made to connect to the Librem One servers by default.
While all of those services are certainly going to be better than using Gmail, Facebook, Instagram, Whatsapp, and Twitter in terms of privacy protection. You’re still putting your content on some one else’s server. So your best bet may be to still make your own, though of course that’s way more work.
It’s not easy being free
If some of this sounds really complicated and difficult, it is… and the above listing is only the tip of the iceberg. There are many other tools to protect your technological freedom that we didn’t have time to mention or even research yet. There’s a whole other world of privacy protections on the Tor network as well. We’re talking about Purism because it’s an interesting company that seems to be trying to make these privacy and security protections easier for normal users while also helping to educate them.
Switching to Linux and open-source “libre” software isn’t fool proof. There are still going to be security problems. The list of vulnerabilities is constantly being updated and fixes are constantly being added to repositories. Some email clients have recently been found to be vulnerable to OpenPGP encryption spoofing. The Matrix messaging system has issues sometimes too. But the advantage here is the transparency.
Using a Linux computer has its challenges for people who are used to Windows or MacOS PCs as well. You’re not going to find all of the software programs that you can on other platforms and the alternatives available on Linux can have major feature deficits, learning curves, and user interface problems. Yes, there are some ways to get certain Windows programs running, but it’s not easy. That’s the cost of technological freedom though and it may increasingly become worth the trouble these days.
Your computer is an extension of your brain. Don’t let someone else control it.