Librem One Affected By Nasty Security Bug On Launch Day, Acknowledges Rebranded Apps
Yesterday Purism launched the Librem One suite of services that initially consists of a privacy-minded, but even with priding themselves on security, there ended up being a nasty launch-day security issue uncovered. The fact that their offered software was quietly re-branded open-source software also rubbed some users the wrong way.
The security issue yesterday affected Librem Chat and allowed any user into any account on the service due to a typo in the Matrix.org code. The issue ended up being reported and after some brief downtime taken care of, as outlined via the Purism blog. While it happened on launch day, so far there are less than two thousand users, so the overall impact isn't that much and it doesn't appear the issue was exploited for nefarious intent.
With Librem One costing $7.99 USD per month or $14.99 USD for a "family pack", a number of users have been expressing frustration with Purism largely just re-branding various pieces of open-source software that comprise this suite. As to that, they sought to address those concerns in How Purism Works Upstream and Gives Back. Purism argues that re-branding these pieces of software provides convenience and gives them a leg up in competing with tech giants like Apple and Google. From the linked blog post, "By putting services under a centralized brand, we make these decentralized services just as convenient to use as the big tech alternatives. That way an end-user doesn’t have to know what Matrix, ActivityPub, or even IMAP are or try to find all of the applications that work with those services on their particular platform. Instead, they just need to know that they want to chat, join social media, or send email."
We'll see how well the Librem One suite ends up working out especially with Purism being stretched so thin as is trying to deliver their Librem 5 smartphone next quarter, which is already coming two quarters later than originally anticipated.
The security issue yesterday affected Librem Chat and allowed any user into any account on the service due to a typo in the Matrix.org code. The issue ended up being reported and after some brief downtime taken care of, as outlined via the Purism blog. While it happened on launch day, so far there are less than two thousand users, so the overall impact isn't that much and it doesn't appear the issue was exploited for nefarious intent.
With Librem One costing $7.99 USD per month or $14.99 USD for a "family pack", a number of users have been expressing frustration with Purism largely just re-branding various pieces of open-source software that comprise this suite. As to that, they sought to address those concerns in How Purism Works Upstream and Gives Back. Purism argues that re-branding these pieces of software provides convenience and gives them a leg up in competing with tech giants like Apple and Google. From the linked blog post, "By putting services under a centralized brand, we make these decentralized services just as convenient to use as the big tech alternatives. That way an end-user doesn’t have to know what Matrix, ActivityPub, or even IMAP are or try to find all of the applications that work with those services on their particular platform. Instead, they just need to know that they want to chat, join social media, or send email."
We'll see how well the Librem One suite ends up working out especially with Purism being stretched so thin as is trying to deliver their Librem 5 smartphone next quarter, which is already coming two quarters later than originally anticipated.
6 Comments