PureOS isn't as secure as it says it is
Open, HighPublic

Description

I recently saw this video from a YouTuber (Switched to Linux) that shows that PureOS doesn't have any of the special modifications that the website says it does. I decided to test this in my own VM, and so I downloaded and verified my ISO for PureOS. In the live environment, I get the same results that Switched to Linux (the youtuber) mentions, with none of the extensions installed, Google as default, etc. After the installation, the same results show up.

For "A user friendly, secure and freedom respecting OS for your daily usage", this doesn't seem really secure at all. This is basically a version of debian with a "secure" browser, and gnome slapped on top of it all (with a Plasma version on the download server). This makes me question about the Librem 5. Will it have the same problems as this OS does?

I've also noticed firefox esr 46, which is out of date compared to esr 52 and 60.

EchedeyLR added a subscriber: EchedeyLR.EditedJul 23 2018, 8:02 PM

PureOS 8 is still in beta state. Maybe, the developers will add some features later.

There are packet conflicts and they have to choose and prepare the default software, among other problems ...

EchedeyLR added a comment.EditedJul 23 2018, 8:08 PM

On the browser case, it would be great if you compare the about:config between firefox (the based version) and purebrowser. On many firefox forks related with privacy and security (like tor browser) about:config have a lot of changes or some of them like disable location services, referer or website fonts, etc.

PD: I have not compared them, i have not idea about changes, etc. I only believe these changes would be added.

d3vid added a subscriber: d3vid.Jul 24 2018, 8:57 AM

@SheepKid12 regarding the PureBrowser version, I get:

$ purebrowser --version                                                                                                                                             
Purism PureBrowser 52.9.0

...as expected. Is your package up-to-date?

Additionally, can you create a ticket for each actionable issue and/or link to existing tickets. See, for example, https://tracker.pureos.net/project/profile/1/ for a list of existing PureBrowser issues.

I saw the older version in the repos, that's why I thought that's what was installed. Sorry for that.

hethi added a subscriber: hethi.Jul 25 2018, 3:27 PM
jeremiah.foster triaged this task as "High" priority.
jeremiah.foster added a subscriber: jeremiah.foster.

The video mentions specifically a couple of items;

  1. Tor browser launcher not installed on device at default. (16:33)
  2. httpseverywhere not isntalled (16:59)
  3. Google is the default search engine (17:32)
  4. Does using the default Wayland build change settings in the browser (comments re: 13:33)
jeremiah.foster added a project: Restricted Project.Jan 17 2019, 2:41 PM

Add Comment