Louiss Rossman on Purism

Purism wants me to DELETE my video exposing their refund scam & delay tactic - answer is NO! - YouTube

I’m surprised this hasn’t been posted on here until now. What does the community think about Louiss Rossman’s video on Purism?

How bad is the refund issue?

I’ve thought about buying the Purism Librem 5 a few times since I came across it in 2019. It was pending refunds then that stopped me (but mostly the price). Crazy to think that some people are still waiting who ordered back then!!! Since then I’ve had an iPhone 13 Pro Max. By the sounds of it, that’ll have got through its full 5 years of support before someone ordering today might get their Librem.

What is the official response of Librem?

I hope this post isn’t deleted otherwise I’d seriously question the companies ‘open’ / ‘privacy respecting’ values I suppose

Nah. Current lead time is quoted as 5 weeks. While both delivery of a phone and payment of a refund may be delayed, I don’t think there’s any correlation in the amount of time.

Fulfillment of all outstanding orders is lurching towards its conclusion.

It was posted here a while ago

As a Purism customer and current happy Librem 5 owner, I’ll try to be as objective about the videos as possible, so here’s what you should consider:

• It may have been best for Purism to make a blog post about the funding policy, without making a reference to the videos directly, instead of emailing Rossman (difficulties are to be expected, they should just be communicated well). The explanation about funding and needing to sell other products to subsidize it, which they gave is understandable to me, and should have been communicated to inquiring customers.

• Rossman cannot access the amount of research and development needed for a mainline LInux phone, including kernel patches, adaptive software, phosh… etc., so his assertion that running over budget is invalid betrays a lack of knowledge about the technical aspects of what it takes to develop a brand new smartphone ecosystem. In the end, I feel like he’s just trying to justify the convenience of using Android and just comes across as ignorant on this point.

• I feel like many people, when talking about this, don’t really understand the meaning of terms, including Rossman himself, when he alleges scam, and “a product that doesn’t really exist” which is again ignorant and a lie.

• We have to also understand that Rossman has decided on milking this issue for clicks and monetization (probably his most popular video in a long time, the reality is, people just adore drama.

• My honest advice to people interested in the Librem 5 phone and those who backed it through crowdfunding would be: just wait, yes, it takes a long time to ship, for various reasons, but it is real, and you’ll eventually receive it.

• Once you receive the phone, there’s nothing quite like it, from a technical perspective it is certainly a fascinating ecosystem and a piece of kit un;ike any other.

• No amount of Android-based ROMs can replicate the experience of mainline libre Linux apps on a smartphone. This is an exciting endeavor.

Things like this are difficult for me. On the one hand, like halcek I think being able to run mainline Linux on a phone is fantastic and it is great.

On the other hand the sort of justifying of actions here is not something I can stomach. Being a social purpose company does not give you cart blanche. It doesn’t mean the end justifies the means.

WHY couldn’t Purism, even now, just be honest!? By being honest, they could have avoided this whole youtube video drama. Furthermore, it will have helped their customers to trust them.

But now customers are left to contemplate what other things management has justified that shouldn’t have been? If you are ok with stringing a customer along with sneaky verbiage and intent, would you have any qualms about quality control (my experience says no) deceptions? What about using marketing verbiage in sneaky under handed ways? And where does it end?

You see what I mean hopefully. This is unfair to the developers who are working hard to make the L5 into something. I think Purism’s management has done a HUGE disservice to the team that is actually responsible for all the good that Purism gets to tote.

So Purism, if you want customers, really learn from this. Do a 180 now. A blog post should getting written RIGHT now about how this mindset was wrong, how even though it was for the betterment of the products, it was wrong. Come clean and explain that transparency and honesty are the operating modus now.

This is the only way you can hope to survive this in the long term. Ignore it as you have, and this issueu will continue to erode all current and future customers.

You have a winning product in the Librem 5. Don’t loose that because you refuse to do the right thing. Your developers deserver that at the least.

Edit: and to comment on Louis here: like a typical Youtuber you can tell the guy just loves the sound of his own voice, as he repeats himself many times. The humble brag they constantly espouse about themselves. It is all just super obvious. One final thing, Louis is a self-taught technician who is particularly good at board level repairs with surface mount pcbs. He is NOT a cyber security expert, software engineer, or computer engineer. He is not an authority on ANY of those subjects.

Edit #2: That email written to him was more damaging than both videos combined.

Those are a shitpost videos, he acts like if :

• It was a purchase like any other phone in any kind of phone store, when in 2019 the phone was still in developpement
• There was no long electronic shortage period
• Nobody has received the phone
• Purism doesn’t push upstream improvements to the GNU/Linux ecosystem
• After all it’s just a shitty phone
• Every word said/written by purism is just a dishonest evil plot to seems nice
• GrapheneOS do everything purism claims to do (LOL)

My favorite quote :

So this guy on a crusade to destroy the reputation of purism when he clearly doesn’t have the full story, and shit all over purism from a biased opinion based with only one unhappy “friend”
At least he got it right at 10:40 when he assumes he’s not a good guy (at least on this matter)

Maybe purism sucked about his refund policy and should have been more honest about it, but it doesn’t deserve this hate from an influencer (1.8M suscribers) who is not even a customer
If Purism was a refund shop I would probably be as pissed off as this guy

BUT WHAT DO I KNOW ? I’m just a happy customer who gave my money to the evil purism corporation and got my phone and all the other products I purchased

+1 @2disbetter

This e-mail doesn’t even try to make an excuse; instead it justifies the behavior. It’s very sad in my opinion.

The Librem 5 is a nice product and has really nice developers. I can only support the vision.

But come on, management.

Just an idea for Purism : Maybe Purism should invite the guy to the HQ to show him “the scam”, maybe it could help see him the reality, and turn this into something better, what do you think ?

In general a good idea, BUT it would have to be funded entirely by Rossman. If Purism funds it (air fare, etc.) it would not look good since there are still people in the que for refund that have not been.

Purism is in financial constraints until shipping parity has been reached.

It does not try to make an excuse, but rather it does explain the situation somewhat plausibly, which is better. There’s some unnecessary fluff there too that should have frankly been omitted entirely, but a blog-post explaining matters with research and running over budget should be posted on the official Purism website and I think it would make things more understandable to a lot of people.

I’ll start off by saying I’ve been a fan of Rossmann and his cats for years. He owns up to his mistakes and never says anything he doesn’t mean. He has an armchair and he’s real.

I’ve noticed that he hasn’t been researching much lately, and just picks a headline to react to. It’s disappointing when he takes a strong opinion without knowing the truth of the matter. Usually these lead to followup videos where he either doubles-down or changes his mind with further evidence. That sad letter from the PR genius saying they weren’t a scam predictably did not go over well, Rossmann doesn’t delete videos, he exercises free speech. And I agree when he says “fuck you” to anyone asking him to do it.

In my rolled-back reply to the first video, I addressed the marcan_42 post and how we have USB filtering and no unchecked proprietary mystery blobs etc. Then we got a huge DDoS and my opinion has altered somewhat.

Well, here’s my reply, buried under a thousand angry comments.

You’re attacking a small business which holds many of your values (they even show schematics), and you were responsible for a huge DDoS on their services. I doubt they had extra personnel to deal with that, when they only have one person to answer all their emails.

The secure/privacy phone community is small, and the alternative projects you praise have benefited substantially from the development at purism (components in Trusted Boot etc). You say they don’t deliver, and then mention something they have helped deliver. Open source companies contribute upstream, even tiny little startups with big promises. The fact that you’re still concerned about some obsolete CVE, and shrugging off warnings about baseband driver (kernel level) RCEs means you’ve done no research, it makes you look foolish.

Do you expect a new distro from a burgeoning hardware company to be perfect from the starting line? Do you expect a Pine Phone or GrapheneOS to never have issues? Do you trust proprietary hardware? If I pointed out an exploit on a PinePhone, would that make their company a scam? No, I would expect the problem to be gone with an update or in the next iteration of the phone. Security and privacy are a way of thinking, not a product. You don’t get secure products when your goal is tracking and advertisement, and the vibrator in the Librem isn’t a speaker like in the Pixel, it’s a gyroscope.

If anyone wants an L5 immediately, you can buy unopened phones from customers who aren’t impressed anymore with the 2017 specs (if the forums aren’t being DDoS’d currently). If you’re being patient with your pre-order, you’ll have your phone within a month probably, barring another pandemic and chip shortage.

They said they didn’t have the money, and they made it clear you can either get $800 store credit or wait for the thing you agreed to wait for. You could even sell the coupon code on their forum.

Don’t delete this video, keep your uninformed rants here for the record. I’ll gladly wait for a new apology video when you eventually realize your error.

marcan_42 “security audit” (March 22, 2022)

PureBoot overview (February, 16, 2023)

some contributions
https://review.coreboot.org/#/q/(owner:"Alaoui"+OR+owner:"DeVillier")+status:merged+purism

vibrator isn’t a speaker
https://developer.puri.sm/Librem5/Software_Reference/Sensors/Inertial_Module.html
https://docs.puri.sm/Librem_5/Disassembly.html

SCHEMATICS OR DIE
https://developer.puri.sm/Librem5/Hardware_Reference.html

I agree with some of your points. They all basically boil down to him not being qualified to make some of the statements that he makes.

He was completely wrong about the Librem 5 and its functionality. (I’m writing this response from a Librem 5)

He was not wrong about how Purism choose to keep the truth from its customers, be deceptive with them, and using FOSS ideologies and the greater good as their justification for it. This is the problem. This is the thing that is hurting Purism.

They don’t delete posts that criticize them. All you had to do was briefly look through the thread titles to realize that.

They likely would delete a post that attempted to organize legal action against them here in their own forums… which is their right.

My response to one of the other Rossman threads was deleted, and it was very balanced and not violating any kind of TOS. To say things aren’t getting deleted is simply not true.

This would be ideal but, to be frank, Louis doesn’t care. Like he said in the video, he has no skin in the game and simply despises the way that events had been handled - especially regarding delayed or unrealized returns. I wouldn’t imagine that it is worth his time to go out of his way to prove something to himself or his 1.84M subscribers when he’s already made his opinion about the company blatantly clear.

That was the thread that was posted immediately prior to the DDOS attack. As @francois-techene said, they had to restore an earlier backup of the forums, so all the most recent threads and their comments didn’t come back. So I stand by my comment. One only has to review the thread history as far back as one cares to go to see that all the posts criticizing Purism are still there, except for the ones that didn’t survive the DDOS attack. (Or the posts that were abusive or inciting legal action.)

I support Louis Rossmann’s fight for right to repair, but he left out a huge amount of context in his two videos on Purism, and that context is important in trying to evaluate the actions of Purism as a company. There is a lot of moral complexity that Rossmann totally ignores in his simplistic characterization of Purism as a “scam”. Rossmann doesn’t address the tricky economics of developing mobile Linux and mobile Linux devices and he totally fails to address the good that Purism is doing in the world by developing mobile Linux.

Purism’s refund policy for preorders deserves public criticism, so I have no problem with Rossmann calling out the company. However, I don’t think it is acceptable to criticize the company without acknowledging the dilemma that Purism was in. I appreciate the fact that Rossmann read the text of the email that he received from a Purism employee, because Purism should have publicized that information long ago, but Rossmann totally failed to address the real issues laid out in that email. Instead, he focused on lambasting the spiritual journey of the emailer and how he was presenting himself as a good guy and how Rossmann felt that the emailer was trying to manipulate him into deleting his previous video. Frankly, none of that addresses the real issues at hand.

From what was stated in the email, if Purism had repaid all the refund requests, it would have had to cancel the development of the Librem 5. Based on the fact that Purism changed its refund policy in late February or early March of 2020, Purism had already spent a large amount on the development of the Librem 5 (probably the majority of the roughly $2 to $3 million in preorders), and I’m pretty sure that the company wouldn’t have been able to refund all the preorders for the Librem 5 at that point in time.

Legally, Purism should have kept paying out refunds until it went bankrupt, however, in bankruptcy proceedings, the bankruptcy judge is likely to prioritize employees owed back pay and creditors (and maybe stockholders) before customers, so it is highly likely that most of the people who preordered would not have gotten refunds if Purism had done what Rossmann demands. By delaying the repayment of refunds, Purism was able to continue the software development and ship the hardware, so the majority of its customers would not take a loss.

If Purism had announced publicly that it was having financial problems in early 2020, then it would have guaranteed that orders for its products would have dried up, and the company would have no hope of ever being able to refund the cancelled orders with new orders.

According to the email, Purism is still trying to refund the cancelled orders with money from new orders, which will be a slow process, since Purism is a low-volume business. If that is the case, people who cancelled their pre-orders will eventually get their refunds, but they will have to be prepared to wait a long time for the refund. However, purismRscammers has posted that Purism now won’t let him/her get a refund, and Rossmann’s previous video stated the same.

In my opinion, Purism needs to publicly state what its policy will be for cancelled preorders, because this situation leaves everyone in doubt. If it intends to eventually refund customers when it has the funds available from new orders, then let customers know that that is its policy. If it doesn’t ever intend to refund the cancelled preorders (except with credit to buy other products), then Purism should state that, and explain its financial problems. I can understand if Purism doesn’t want to share its financials, but it can explain losses without stating exact amounts.

At this point, Purism has stated that it will not be using crowdfunding any more to develop new products, so Purism should issue a guarantee to ship orders or return customer’s money for all future orders to reestablish the credibility of the business. I would recommend that Purism issue a surety bond, to reassure customers that new orders will be shipped, because if they aren’t shipped, then customers will get their money from the bond. Some people will never order another Purism product based on the bad publicity from this event, but I think that a lot of customers are willing to keep buying from Purism if they have a strong guarantee that they won’t take a loss when ordering new products from Purism.

Another thing that I recommend is that Purism publicize how much it has invested in the development of mobile Linux, so Rossmann can’t make the ignorant argument that preordering the Librem 5 is like Rossmann Group receiving an order for parts or a Macbook to be fixed. The only other company doing serious dev work for mobile Linux is Jolla, and its Sailfish OS will never be widely adopted by the community due to its proprietary Silica interface and the proprietary Alien Dalvik virtual machine to run Android apps. Give Jolla credit for maintaining components like the libhybris Android driver compatibility layer, oFono telephony and the Maliit keyboard, but libhybris and oFono are no longer important now that Plasma Mobile has abandoned the Halium framework. At this point, Purism’s work on Phosh is far more important for the future of mobile Linux, considering that Phosh is the most popular mobile Linux interface according to Pine64’s poll and libadwaita has become a standard part of GNOME to make it adaptive and touch friendly. Almost all the major Linux distros now include Phosh, which is probably why Juno used Phosh when showing off its new Juno Tab 2 tablet to get preorders.

I count 344k lines of code in the software projects that Purism created for the Librem 5:

Lines of code in Purism's projects for the Librem 5:
	libhandy: 48016
	libadwaita: 89530
	calls: 29332
	chatty: 46170
	squeekboard: 22109
	libcall-ui: 4688
	phoc: 23882
	phosh: 66779
	feedbackd: 7065
	feedbackd-device-themes: 370
	gtherm: 1734
	haegtesse: 2081
	wys: 2401
Total lines of code: 344157

In addition, Purism has made about 200 commits to the Linux kernel and added code to roughly 20 GNOME apps to make them adaptive, plus all the work on Coreboot, Pureboot, Librem-EC and Laniakea. If we look at the amount of code that has been created by the other small Linux hardware vendors (System76, TUXEDO Computers, PINE64, FydeOS, Juno Computers, Slimbook, Vikings, Ubuntushop.eu, RetroFreedom, Entroware, StarLabs, laptop-with-linux.com, MALIBAL, Libiquity, CompuLab, ODROID, Lemote, Raspberry Pi, Seeed, etc), I doubt that all of them added together have contributed as much code to FOSS projects, and most of their code is only for their specific hardware, rather than hardware-agnostic code for GTK/GNOME which can be used by many distros.

Rossmann seems to be largely clueless about mobile Linux, and to have no idea what happened to previous attempts to create mobile Linux devices. The sad reality is that there have been 20 previous attempts at commercial mobile Linux before Purism tried it. Sharp, Wind River, Montevista, Panasonic/NEC, Nokia, Motorola, Intel, Mozilla, Canonical, Jolla, Samsung and Palm->HP->LG all failed trying to bring mobile Linux devices to market. This history has taught all the Linux hardware vendors that they should do as little software development as possible except code to make their hardware work and some distro maintenance.

Does Rossmann want the Librem 5 to end up like all the junked Firefox OS devices, which stopped getting software updates from Mozilla Foundation after 2015? Does he want the development of Phosh to end up like Ubuntu Touch’s Lomiri, which has only had 7 commits in the last year because Canonical dumped the code on the community? Does he want the Librem 5 to end up like the Jolla C tablet, where the company went through bankruptcy and the people who preordered lost their money? Does he want Purism to go bankrupt like the company behind the JingPad, where the users got their hardware, but the software was abandoned? The first Juno Pad will probably never have a working back camera, and the PinePhone Pro and PineNote are still unusable. Does Rossmann really think that mobile Linux is going to be successful without having paid software developers?

As far as I can tell from Rossmann’s comments in his two videos about Purism, he doesn’t seem to care a wit about mobile Linux. His advocacy of an AOSP derivative like GrapheneOS shows no awareness of how dependent AOSP is upon Google. If Google ever perceives AOSP as a threat to its market share, it will stop releasing new versions of AOSP and effectively kill all the derivatives like LineageOS, GrapheneOS, Calyx OS, etc., because old versions of AOSP won’t be able to run with the proprietary drivers for future chips from Qualcomm, MediaTek, etc.

Rossmann spends a lot of time in his YouTube channel talking about the right to repair and the fact that we need access to the schematics and the software tools in order to fix devices. The Librem 5/USA/Liberty is the first phone with free/open source schematics since the Golden Delicious GTA4 in 2014, and as far as I know, the GTA4 didn’t release a board view/wire drawing of its circuit boards like the Librem 5, so it would have been very hard to do the kind of board-level repair that Rossmann advocates. The PinePhone and PinePhone Pro are the only other phones on the market today which publicly release their schematics (although they are proprietary), but PINE64 doesn’t publicly release board views/wire drawings to do repair of the circuit boards. By attacking Purism, Rossman is attacking the only phone on the market with publicly accessible board views/wire drawings. He also is attacking the only phone on the market that allows the cellular modem and Wi-Fi to be easily exchanged.

By advocating that people use GrapheneOS, Rossmann is basically telling people that they should buy Google Pixel phones, because GrapheneOS only officially supports the Pixel 4 - 7. In other words, Rossmann is advocating that people should buy hardware which is only good for a couple years and use an OS that stops supporting the hardware the moment that Google decides to stops releasing security updates for that hardware.

How exactly is Rossmann advocating for the right to repair with this position on Purism? If Rossmann truly believed in the principals that he claims, he would be telling people to support the development of mobile Linux, because it will allow people to use their mobile devices indefinitely and still receive software updates, and he should be telling people to support Purism, because Purism releases schematics and board views and designs phones so critical parts can be easily replaced.

Rossmann mocks people who believe that they are doing good. While he is right that some people use their belief in their own goodness to justify their evil actions, he makes no attempt to weight the benefits and detriments of Purism’s actions, and try to make a judgment call about whether Purism is actually promoting good in the world or not. I would have more respect for his position if he weighed the good vs the bad, and decided that Purism’s actions caused more harm than good in the world, but he utterly ignores what Purism is trying to do and makes no attempt to judge whether the software dev work and the production of the Librem 5 has any positive benefit for the world. Rossman makes no effort to evaluate what effect a Purism bankruptcy would have. He doesn’t ask the difficult question where mobile Linux will be without the dev work on Phosh and whether Plasma Mobile with 100% volunteer development is the best route to advance user freedom in the world, in the face of the Android/iOS duopoly.

As I pointed out in the community FAQ, there are areas where Android and iOS do offer better security than the Librem 5 with PureOS (such as kernel hardening and user space protection), but Rossmann focused on areas which frankly make no sense. The Synopsys DDR4 memory initialization blob in the Librem 5 may violate the spirit of the FSF’s RYF requirements, but I don’t see much evidence that it is a security threat. It isn’t hard to verify that the four proprietary files from Synopsys stored on the Winbond W25Q16JVUXIM TR SPI NOR Flash chip are the same as the standard ones distributed by NXP, so you can verify that they haven’t been tampered with. At the point in the bootup sequence when those four files are executed by the separate ArcCore processor, almost nothing on the device is functional and those 4 files only contain 55KB, so it would be nearly impossible to do something malicious like bring up the cellular modem and load a TCP/IP stack or try to write a file in the Flash memory.

Rossmann claimed that the Librem 5’s kill switches can’t stop a vibrating device being used as a microphone. He clarified in the comments of his first video that he was talking about this theoretical exploit using a gyroscope. However, activating the three kill switches in the Librem 5 does turn off the gyroscope, so Rossmann is wrong. Moreover, I can’t find any example of this exploit in the real world, and critics have pointed out that the vibration in a gyroscope probably isn’t strong enough to actually record a normal conversation, so this isn’t a real security threat as far as I can tell.

The third thing that Rossmann cites is that the USB ports in the Librem 5 are unsafe, and Rossmann linked to this thread on YCombinator where marcan_42 says that the Librem 5 has no description filtering for the USB connection used by the cellular modem. I don’t know where to check this, so marcan_42 may be right about this point, but it is worth pointing out that Debian does close the USB description filtering security vulnerabilities when they are reported and the USB 2.0 used by the cellular baseband and the USB 3.0 port on the bottom of the Librem 5 don’t support direct memory access.

They should link to your post Amos, and then make their statements on crowdfunding refunds, etc. underneath.

Either way they need to take this seriously. Because every second there is no official response it makes them look even worse. Don’t let people wonder about this stuff! Confront it and tell the true story. Control the narrative instead of the wild imaginations of your customers.

Edit: the only thing I think that can’t be justified with your response is the need to lie to keep things alive.

Thanks for this excellent, well-balanced, and well-informed post! Very read-worthy.

Great post, @amosbatto !

Minor nitpick:

He does not seem to advocate it anymore, I’d think: