However...
What I personally think is really interesting here is the bundle. I don't want to pay $10/month for a Twitter clone. I don't want to pay it for VPN. I don't want to pay it for email, or file storage, or contact manager, or payment system.
But as a bundle?
$10/month to actually solve all of my digital privacy concerns?
That's a rather appealing proposition. I'm not sold Librem One truly solves this, for all the reasons in this HN thread. But I think the idea that I could make a single Netflix-sized monthly payment to simply solve privacy across-the-board is something I could get behind. And I'm cheap AF.
They're onto something.
If Purism is offering clean and transparent connections to services backing them combined with some sort of delivery (update) + support mechanism, that is already far better than just telling someone to download 5-6 apps + subscribe to 3-4 services (VPN, email server, backup server, etc).
It's not as ideal as a purely decentralized, multi-party system for securities sake, but it's better than what 99% of people are going to be using otherwise - in the real world.
Everybody is still free to set up a server at home or on a VPS. But there has to be a place you can point ordinary people to.
It seems preferable to the donation model.
The challenge, at least in my neck of the woods, is that all the independent ISPs got purchased by bigger players who aren't exactly in a rush to be innovative.
Librem Chat = Riot.im
Librem Social = Mastodon (specifically the Tusky app)
Librem Mail = K9 Mail
Librem Tunnel = OpenVPN
Otherwise, seems like a pretty neat idea -- it could open the door to more lay-people using open protocols like Matrix without everyone jumping on Matrix.org for free or having to self-host. I am interested to see how the Librem Files/Backup system will work if it comes about (I would guess NextCloud but if they have a better solution I'd like to see it since I've had my fair share of pain with self-hosting NextCloud). It looks like there would be some kind of cohesive management of all these services, which I think is a great example of the usefulness (for users) that open standards can have.
It does bother me a bit that the apps are clearly mild reskins and there is no mention of the original app creators -- obviously this helps with brand recognition but seems a little bit dishonest. Really, you're paying for hosting (which is totally fine), and it should be clearer that they're just giving you mostly-consistent apps that work with their service out-of-the-box.
I also am doubtful the Librem Pay idea will pan out though. The number of real businesses which accept $x-coin is effectively zero for most people.
It's a bit of a shame that WireGuard still requires out of tree components to work.. I'm rooting for it to get accepted/merged, but until it does it just becomes a greater risk to build a business off of it.
But honestly though, the risk is identical to any other kernel module -- the author and future subsystem maintainer ensures it builds and works with all new and old kernels, and releases snapshots very regularly. Almost all distributions have packages for WireGuard which are automatically rebuilt with new kernel releases.
There are arguments against using it because it's still (on paper) pre-1.0 software but given it's had fairly widespread use for the past 3 years and no security nightmares it's shown to be quite a bit more secure than
[1]: https://marc.info/?l=linux-netdev&m=155323912319537&w=2 [2]: https://lwn.net/Articles/770750/
The offering is a bundle of services that respect you and your privacy. $7.99/mo for a software suite: Librem Chat (Riot), Librem Social (Mastodon), Librem Mail (K9), Librem Tunnel (OpenVPN), and more services coming soon e.g. Librem Files, Librem Backup, Librem Contacts, Librem Pay, Librem Dial.
The key value for me is all of these are curated, updated, available/accountable via one vendor, etc. Other people who prefer free-as-in-beer versions can still get Riot, Mastodo, K9, OpenVPN, etc. as is.
And if any of you are product managers or technical marketers, have a look at the Librem products matrix and explanations area-- in my opinion it's the among the best in the industry: https://librem.one/#mce_1
You can't call something ethical without going into detail about what you mean. and:
Policy No Ads No Tracking We respect you
is not useful.
The value in ethics is in the conversation around what is ethical, not in a big, friendly "this is ethical" sticker.
This is as useful as "do no evil", and from the vague wording on the landing page, I'd imagine the people behind librem don't think google is very ethical right now.
so... no-one can say their product/service is "ethical" without getting into a semantic argument about what "ethical" means
or... anyone can call their product/service "ethical" and it's up to the buyer to work out if their definition of that agrees
What I would like is for services like this to provide, up-front, a more complete discussion of how they've arrived at their recommendations, and what criteria they consider.
I actually agree 100% with you, however I think at this stage of the market development, its enough to have a 3rd choice who's apps and services are open.
Librem is facing the "Grandmother problem". In order for this concept to actually succeed, it eventually needs regular folks to buy it. Its not enough to tell thousands of grandmothers to "buy our phone hardware and simply download and install any of the dozens of confusing and competing software stacks by following these 20 instructions on github". It needs to be marketed and sold as coherent integrated product, otherwise just buy an old Samsung and root it yourself....
I think it would be a huge mistake to NOT tailor a specific experience for a Linux phone since it would then be doomed to obscurity (more than just by fact of not being Android or IOS) like the million Linux desktop distributions that never "just get it" out of the box for 99% of people.
If all you want is a "Linux phone", you could buy a PinePhone for $150 or work on porting postmarketOS to an Android phone. The Librem 5 clearly has higher ambitions and could prove to be a more mass-market product.
Which means that "which means we put social good above exploiting people" should really be "which means we can put social good above exploiting people" as it's not a requirement.
So, what's the purpose of a SPC instead of just a for-profit company? A for-profit can also consider social and environmental issues, AFAIK.
I don't understand encrypted email very much at all. Is encryption on emails that I have received controlled by the sender? Almost all of the transactional emails I have received (receipts, confirmation numbers, etc) are probably unencrypted, right? This doesn't sound desirable.
The sender encrypts a message with the sender's priv key and the recipient's pub key.
The recipient decrypts the message with the the sender's pub key and the recipient's priv key.
> Almost all of the transactional emails I have received (receipts, confirmation numbers, etc) are probably unencrypted, right?
Totally up to your email provider and a sender's email provider. Your provider may choose to send/accept email over TLS, which is also encrypted. Gmail, for example, does this.
You just need the recipient's public key to encrypt. Are you thinking about the sender adding a cryptographic signature, too?
> The recipient decrypts the message with the the sender's pub key and the recipient's priv key.
You don't need the sender's public key, just the recipient's private key to decrypt. Though, if there's also a cryptographic signature from the sender, then you would need the sender's public key to verify the signature.
What am I missing that causes this to make sense as a feature?
Regarding the VPN row, I don't think this is a case of being dishonest - meaning, Purism is lying. Rather, this chart simply feels like it was created hurriedly.
What motive would they have for saying they are in competition with PIA, when PIA is most likely the service behind Librem Tunnel. Perhaps someone goofed.
Edit: My suspicion that this page was rushed is seemingly confirmed when I see:
"In the Press As mentioned in:"
But there is nothing there.
1: https://librem.one/wp-content/uploads/2019/03/competitive-ta...
https://lh3.googleusercontent.com/R3_hK1xk1oBWLb_jXB9EsWETnO...
On Tuesday, 30 April 2019 at 23:29, [me] wrote: > Hi there, will you support custom email domains? I'd love to migrate from > Google Apps!
We're looking into it, but cannot say nothing for sure for now.
> -[me]
Kind regards,
-- [support person] Purism support
..."The Corporation will only use and distribute free/libre and open source software in the kernel, OS, and software in its products."...
However, I'm going to hold off on paying for the service until I see how it evolves over the next year or two.
There is no point is free/ethical/etc file storage if I still have to use Microsoft Office to edit files, which is neither free nor very collaborative. Text editors are relatively easy to replace. Google Sheets are really really hard to replace. Even Microsoft Excel seems somewhat inferior to Google Sheets to me now.
Not even as a planned app?
First, most users will never want to pay for a service, especially things like chat, email, social. What I mean by that is, the market is already there for social apps that allow completely free usage by using user data, think Facebook, Twitter, Instagram, etc.
Second, asking users to pay for a service at about $8/mo is pretty steep. Purism/librem aren't building all the apps themselves.
> "A lawful request for account information was received"
Maybe sometimes, but the US government has an unconstitutional tool up its belt it has been using freely since 2001:
https://www.law.cornell.edu/uscode/text/18/2709
> 18 U.S. Code § 2709. Counterintelligence access to telephone toll and transactional records
> (c) Prohibition of Certain Disclosure.—
> If a certification is issued under subparagraph (B) and notice of the right to judicial review under subsection (d) is provided, no wire or electronic communication service provider that receives a request under subsection (b), or officer, employee, or agent thereof, shall disclose to any person that the Federal Bureau of Investigation has sought or obtained access to information or records under this section.
TLDR: If the FBI tells them not to, they can't tell you they've given your information away.
In the interest of full disclosure, I believe they should warn people about this.
(Yall probably have heard about this in the form of Warrant Canaries: https://en.wikipedia.org/wiki/Warrant_canary)
I like the message, I like the intent, I like what Librem does. I like that they're going to have data after this seeing just how many people are willing to pay money for privacy. I am. I'll probably pay for this software regardless. It's just a shame our own governments are standing between us and actual privacy - I'm starting to wonder who is serving who these days.
I hate ads and care about my privacy as much as anyone else here. However, the argument that a free ad-supported product X available to anyone in the world with an internet connection is less ethical than product Y which requires a monthly payment for access seems tenuous at best. Especially when you consider that the price is out of the question for those in developing countries.
This is a luxury purchase, not an ethical one.
The existence of crypto near any product makes me immediately do a double take anymore, because there are tax implications there that you're kinda forcing on people.
The design of these apps needs to be much more refined if you want to charge money for them. I'm usually willing to give a bit on it when it's for the right cause, but... this stuff feels so off that it's tough to look at. If you're gonna play in the iOS app store, you need to be willing to invest in this.
End hot takes, I guess. I want Purism to succeed but I feel like they're just making the same mistakes every "year of the Linux desktop" scenario made, wherein they're not competing on the features that draw eyeballs. It doesn't need to be the focus, but you can't neglect it either.
Maybe for stuff that requires convenience but not security. I don't trust any five eyes country neither.
I currently use Swiss and Romanian services for my business, and while the experience is not as smooth as, say, Gmail or Digital Ocean, it's good enough.
The alternative seems to be walled gardens.
Other companies do similar things, such as Fastmail which develops the open source IMAP server Cyrus [1]. I've been a happy Fastmail customer for years. Cyrus is still free for anyone to use even though Fastmail makes money from it.
Like 5% to Riot, 5% to Mastodon, 5% to K9.
Could also give to the GNOME Foundation, Linux Foundation, and OpenVPN, but I think those are pretty sustainable already.
I'd easily pay $10 a month for this if they make it clear they're going to give back to the open source projects included.
So while you have a point, I think "quite dishonest" is a bit too much condemnation. The stack is so big, with the majority of energy already being siphoned off by SaaS bundlers, it's basically impossible to rebuild the entire stack anti-surveillance-like as one big release. Rather we're going to end up with many approaches, each trying to solve a bit of the problem. The bit of the problem being solved here is really the popularization angle - making an easy touchstone recommendation for someone who is interested in privacy but would/could/should never self-host.
I quickly picked up that the Chat was Matrix, and assumed the tunnel was openvpn or wireguard (designing a new protocol would be a priori cryptographic incompetence). So perhaps constructive feedback to better summarize the underlying software for people "in the know" is worthwhile. But writing off the actual value-add of the project, the productization itself, mainly just results in hindering the ability of the Free community to market.
Personal side note: I’m not a fan of branding open source apps. It delays security updates and waters down the original brands; Riot and K9 have good reputations; Why not utilize those?
Either way, anything that gets people using more encrypted open-source software is totally okay with me.
As long as they are transparent about their stack and the authors of the software are cool with it - why not have it bundled with clean packaging and a slick donation model?
> Librem Mail – end-to-end encrypted email used by nearly everybody already
> Librem Tunnel – end-to-end encrypted VPN tunnel proven by millions of users
> Librem Social – public social media with millions of people already active
I was wondering what they meant, _how could the apps of something that haven't yet launched be used by "millions of active users"_.
But, the Social app looks exactly like a twitter screen shot, and the VPN looks identical to PIA’s iOS app.
The chat UI isn’t great, and the Mail app is even worse. They all look like apps you would find on F-Droid which are great, but I wouldn’t feel excited about paying monthly for an app suite that lacking in polish.
Their claims of millions of active users on each of the services also seem questionable. Maybe if they’re counting the total number of XMPP users I could see that.
Lastly, the framing of donating to what is by definition a for-profit company is off putting for me personally.
Also, while Purism is indeed a for-profit company, it's actually an interesting case since it's a Social Purpose Corporation - it's not there to maximize profits, but to maximize its social purpose. It legally can't do anything that would be at odds with its legally defined social purpose: https://puri.sm/about/social-purpose/
With Librem One you get a Mastodon account on there own Mastodon instance. That instance can speek with all other instances on the fediverse with ActivityPub protocol. So yes, with Librem Social you can easy connect with more then 2 million people.
I mean, I like what Librem does in general and I also think that marketing those apps as a uniform service (without distracting attributions) is definitely a pro for consumers, but if I would be one of the contributors to those projects I might be a bit pissed off if they didn't ask for permission.
Selling people collections of software (which you didn’t code yourself, you simply repackaged) on floppy disk or tape was an old-school practice in the Free Software world and generally considered perfectly fair.
I did wonder how they got all these apps out of the gate so quickly.. they didn't.
Librem Mail – Standard SMTP/IMAP/POP MTA, with OpenPGP
Librem Tunnel – OpenVPN
Librem Chat – Matrix, XMPP (coming soon)
Librem Social – ActivityPub
Edit: formatting
Also notice, in their "alternative graphics" none of the open source clients are listed.
The documented switches like SYNAPSE_CACHE_FACTOR seem to cause wild oscillations in ram use and worsen the OOM problems, when enabled Synapse would jump between 500MB and 3.8GB of ram constantly, eventually OOMing.
Edit: Also, the support channels for Synapse exist, but you will rarely get any response.
One big misconception is that somehow RAM usage is related to the number of users on your server - instead, it's related to the size & complexity of the rooms your users are participating in. In other words, one person who joins thousands of rooms with thousands of users in them will use a lot more RAM than a server with a thousand users who use it only for small group chats.
The things to check if your Synapse RAM is high are:
* Make sure you're running postgres. Sqlite is not currently usable in production.
* Make sure you're running Python 3.7
* Increase the synapse cache factor a bit.
* Check for and prune extremities (https://github.com/matrix-org/synapse/issues/1760), which will soon be a thing of the past, but we're not there quite yet.
If it's still overloaded, then you need to look at splitting the synapse master process off into workers (https://github.com/matrix-org/synapse/blob/master/docs/worke...) or disabling presence.
In terms of whether you get response in the support rooms - whilst the core team has been preoccupied with infrastructure security over the last few weeks, the rest of the community is generally happy to help with synapse tuning and the rooms are far from idle...
The idea that "fiduciary duty" requires directors to pursue profit "above all else" is flatly false, and has led to untold amounts of misunderstanding and meaningless noise since whichever fool monkey first uttered it.
Right at the root of something very fundamentally wrong about our way of conceiving of/enforcing how business is done.
What matters is whether they can win, or cost enough that you have to settle. It appears that shareholders have not had much luck with such gambits.
So this is really more marketing phenomenon: "we won't be as bad as FAGAM", and we rely on the people who chose to work there to keep it honest.
That can work as long as they don't get too big, or too cozy.
Cautionary examples include the American Cancer Society (wholly lost) and the Red Cross (mismanaged).
Both the sender's and recipient's public keys are required to calculate a shared secret. That shared secret is then used to encrypt the message. The recipient's priv key is used to decrypt the message.
Edit: Validating a digital signature is typically part of the process when using all-in-one software (eg: Thunderbird's Enigmail extension). That is why I mention the use of private keys. Again, an oversimplification on my part in response to OP's statement "Is encryption on emails that I have received controlled by the sender?", which is false.
The difficult part is for the sender to get a copy of the recipient's public key. In practice, a sender will always sign with their private key, since they can just send a copy of their public key with the message.
I think GP thought it necessary to give a complete example, but not a complete explanation.
From the page it's clear they are also providing hosted file and email servers via subscription in addition to the branded-clients. Which is why I asked specifically about VPN hosting.
Nope, it's not identical. There's a forcing function (e.g. Linus) to help motivate maintainers to fix their crap in the kernel tree if it breaks. That forcing function does not exist for out of tree patches.
To be honest, that is far more stringent requirements than most subsystems in the Linux tree. Being in-tree is better for a variety of reasons, but just because something is in-tree doesn't make it significantly more stable or safe (I can think of several counter-examples where Linus hasn't motivated maintainers to fix mistakes and breaking changes).
If a product can only exist by violating people's privacy (for the purpose of user tracking ads and whatnot), then perhaps said product shouldn't exist at all. That being said, I highly doubt that you can think of a product that couldn't operate with ethical ads/paid features/non-profit social service funding.
In our bubbles we all certainly do. But in the context of a resident in a developing country who can’t afford to pay, the trade off of allowing access to your data rather than no access at all seems more ethical.
The first is that librem may need to make changes that cannot be accepted by upstream. It can be features they need to have now to keep users happy. But another example could be that they want their Riot to default to their homeserver and not to matrix.org. You don't want to wait until you get a trademark conflict with the main project.
The second reason could be that Librem has to market their brand. If they keep Riot for example, people type it in google and end up on the official riot site, then it may be hard for Librem to attract new users.
This isn't valid. They could absolutely ship Riot with its existing branding, with a config set to use their (or any other) homeserver. The matrix.org homeserver just happens to be the default (at the moment).
If the user calls Librem support then they have figure out what is going on. Which costs money and they still have a frustrated user.
Branding is often not about what is technically or legally possible, but about creating the right perception with users.
Fwiw, we're addressing the sqlite issue by stopping servers from federating for now if they are on sqlite (https://github.com/matrix-org/synapse/pull/5078). Sorry you got bitten by this.
Gonna go try the migration guide here :P
And while I love the Matrix.org folks and all the work they've been doing, the recent hack was such a complete shit-show (with so many glaringly bad decisions). This was likely the result of nowhere near enough resources to dedicate to infrastructure, so maintaining thousands of clients' infrastructure as well would be a very bad decision.
Personally, there's no way I would use them for hosting if I was planning on not using matrix.org anyway.
modular.im however runs on entirely different infra, and was set up by a professional ops team, was not compromised during the breach, and should be considered trustworthy. Also, money from Modular goes directly to supporting the core Matrix.org team, so if people don't use it due to concern over the breach it's going to hurt us badly. This is doubly true if people end up using other paid hosting providers (like Librem.one) which don't actually contribute any funding back to the project.
> old infra surrounding the matrix.org server had grown organically and hadn't received any proper ops love
I'm sorry to be a bit harsh, but "hosting package and android signing keys on production servers" and "not putting services on an internal network accessible only by VPN" aren't small mistakes. They're major screw-ups. An "organically grown" setup where the signing keys were on one developer's laptop would've arguably been more secure than the old setup.
Don't get me wrong, I really want you to do well (I've used Matrix for years and have donated >£1500 over that time). But I have to be honest with you that trust in your infrastructure is going to be very hard to get back. Hell, it took until last week for some of the remaining services from the breach to be back up (fedtester was down last week from memory)!
The offer for hosting matrix.org packages on OBS is still open. It'd reduce at least a bit of maintenance overhead and would at least allow homeserver operators to get the latest packages independently of the main matrix.org infra. :D
> and was set up by a professional ops team
Given that the ops team is presumably employed by New Vector, why wasn't the matrix.org infrastructure fixed before launching a new product? Was this something that was planned to happen but never did, or was the long-term plan to shut off matrix.org and get everyone to switch to Modular?
[+] Though I'm surprised that you seem to see public offerings of Matrix homeservers to be a negative rather than a success of the protocol -- surely this plan was obvious given the Librem 5 wanting to use Matrix as the main messaging service. Obviously I think they should contribute back to Matrix.org, but isn't focusing on that missing the wood for the trees? Also the main benefit people will have out of a service like Librem.one is that you are paying for all of the services provided, not just one. I have a feeling selling "just another chat system" to folks (which is what most people think when they first see Matrix) will be much harder than selling "G-suite that protects your privacy".
wrt the security practices on the old infra; yes - clearly they were major screw-ups. all I can do is spell out what we did wrong, and that we are painfully aware of the errors, and what we are doing to fix it going forwards.
> why wasn't the matrix.org infrastructure fixed before launching a new product.
because we put all our energy into getting modular sorted properly to try to increase $ to fund the team, rather than tidying up the old infra, with the expectation of eventually moving matrix.org over to the new hosting infra RSN.
> Though I'm surprised that you seem to see public offerings of Matrix homeservers to be a negative
It's very much a positive from the protocol's perspective. But from the painful practicality of keeping the team funded, it's a problem to spend time supporting Librem-specific issues if there's no $ to cover the time, as it just ends up sucking time from the core project. There is a massive risk of the tragedy of the commons here. In other words: from the perspective of keeping the team paid to work on Matrix as their day job, we'd rather users bought Matrix hosting from providers who funnel some of the revenue back to the core team. Hopefully Purism will end up doing so.
We were hoping they would funnel $ from the Librem 5 campaign to help support Matrix, and there was an agreement to do so if the campaign reached a given threshold. So far we haven't seen anything, but live in hope.
