Why FSF Endorsing PureOS Matters – Purism


It was three years ago today, December 21, 2017, that the Free Software Foundation announced it had endorsed PureOS. Getting FSF endorsement is not an easy task and involves a lot of rigorous evaluation. Sometimes people ask us why we decided to create and maintain PureOS instead of using an existing distribution such as Debian (which PureOS is based on). After all, it’s a lot of extra work to maintain your own distribution, and even more work to maintain one that qualifies for FSF endorsement. In this article we will discuss why we consistently choose the harder road and why PureOS being endorsed by the FSF benefits your freedom, your privacy and your security (in particular supply chain security).

Tech companies, especially those who are in the FOSS community, often find themselves in a situation where they must choose between compromising on their values to take an easier path, or sticking with those values even if it means a lot of extra work. At each step in Purism’s history we would have had a much easier path if we had compromised like so many others have. Instead we have consistently chosen the longer and more difficult road because we believe in free software to our core.

Choosing the Harder Road

It would have been a lot easier to rebrand an off-the-shelf laptop, slap a pre-existing Linux distribution on it, use proprietary drivers for everything, and not care about coreboot support. There are plenty of successful businesses out there that do precisely that.

It was a lot harder to design our own laptop not just so it had kill switches to protect privacy, but design it so that all the hardware worked out of the box with free software drivers and the CPU supported coreboot. It was also extra work to maintain our own Linux distribution that only had free software, so we could qualify for FSF endorsement.

It would have been a lot easier to take an off-the-shelf ARM phone that already had kernel support with proprietary drivers, and use some pre-existing mobile-only OS. It would have been easier (and thinner!) to discard modularity and just have everything on one chip.

It was a lot harder to design a phone from the ground up so that it would qualify for RYF (a designation that not even everyone in FOSS community values, much less society at large), that separated the cellular modem from the CPU, and made it possible to disable it with a hardware kill switch. It was also harder to invest the software engineering time to have our phone supported in the mainline Linux kernel and write (and upstream!) phosh/phoc/libhandy/squeekboard so that the current Linux desktop ecosystem could work on a mobile platform not just in PureOS, but Debian (and any other distribution that wanted to package it) as well.

What’s In It For Me?

So why is it so important that the Free Software Foundation endorsed PureOS? In addition to the fact that we firmly believe in free software, we also believe that having an operating system that runs on 100% free software directly benefits you and the rest of society. We often say that we sit on a three-legged stool of Freedom, Privacy and Security. Let’s talk about how an OS that runs 100% free software directly benefits you in each of those categories.

Freedom

Perhaps the most obvious benefit of PureOS being 100% free software is freedom. Every piece of software in PureOS has a corresponding source code repository that is licensed with a FSF-approved license. This means you are free to download, inspect, and modify any of the software in PureOS directly. If you want to improve a piece of PureOS software you are free to fix it and share your fix with the rest of the world under the same freedom-preserving license.

You are also free from the whims or poor decisions of a software maintainer. If a software developer decides to abandon their project, if they take it in a direction you or the community don’t like, or if you submit improvements the maintainer doesn’t accept, you are even free to create a competing version of the software (forking) based on your modified code.

Privacy

Privacy is perhaps a benefit that isn’t so obvious in free software. Yet, one of the main effects of smartphone apps being proprietary shareware is that they are funded by and large by ads and directly or indirectly capture and share your private data. This same approach often extends into proprietary desktop applications as well.

Because PureOS is 100% free software, it doesn’t suffer from these same privacy problems. Why? Besides the fact that all software has to go through a rigorous acceptance process before it is added to the OS, if a developer decided to write software that benefited you while also violating your privacy, you would be free to fork their code and remove the privacy-violating bits.

Many proprietary phone apps hide their privacy-violating features as well. After all, why exactly does a flashlight application need full access to the Internet, your contact list, your location, and your photos? In the free software world, you could inspect such an application and confirm whether they are actually capturing any of that data, discover how they are using it, and disable or remove those bits.

Security

The final area where free software provides a huge benefit is in security. Supply chain security has started to be a hot topic in the security world, for good reason, and you cannot get better supply chain security than with free software. While we’ve written about protecting the digital supply chain before in the context of how we protect our products both in firmware and software, it’s worth highlighting here where a free software OS provides the biggest benefits.

At the initial level free software and proprietary software use similar security measures to protect against supply chain attacks. A software repository is owned by a limited list of maintainers who control what source code and files are allowed in the repository and approve all changes. Both free and proprietary software developers these days typically sign their code changes with a personal signature verifying that the change came from them. When the software gets packaged, that binary package is also typically signed with a key owned by the company or software project so the end user can verify that the package hasn’t been modified by anyone else, before they install it.

Yet we have seen that supply chain attacks can bypass these security measures most often by compromising build servers, injecting malicious code into the binary package, and getting it signed with official signatures so it looks legitimate. While supply chain attacks do sometimes target the source code itself, it’s rarer because it’s easier to trace and more difficult to hide changes to the source code long-term, even with proprietary software which has a smaller group of people allowed to audit the code.

Free software adds an additional layer of supply chain security that proprietary software simply can’t, due to the freedom of the code. While an attacker can try to sneak malicious code into the source code itself, it’s much more challenging to hide that code long-term, given that code changes are not only audited by the software maintainers themselves, but any interested third party as well as security researchers and even regular end users. While some security researchers are just as comfortable auditing binaries as source code, for many it’s a lot easier and faster to audit code for backdoors when the code is freely available.

Finally, free software has a gigantic advantage over proprietary software in supply chain security due to Reproducible Builds. With Reproducible Builds you can download the source code used to build your software, build it yourself, and compare your output with the output you get from a vendor. If the output matches, you can be assured that no malicious code was injected somewhere in the software supply chain and it 100% matches the public code that can be audited for back doors. Because proprietary software can’t be reproducibly built by third parties (because they don’t share the code), you are left relying on the package signature for all your supply chain security.

Conclusion

We are proud of PureOS’s Free Software Foundation endorsement, not only because we spent a lot of effort to get it, because we believe in free software, or because of our Social Purpose Corporation charter, but also because we believe free software directly benefits our customers and society at large and that is why our laptops, PCs, servers and phones all ship with PureOS.