Purism website privacy


#1

1.When I visit https://puri.sm , the website loads fonts from https://ajax.googleapis.com ,https://fonts.googleapis.com ,https://fonts.gstatic.com (owned by Google), https://objects.dreamhost.com
Won’t this affect my privacy.
2.When I visit https://downloads.puri.sm from firefox esr 45.4 it says the website is encrypted with AES 128 ,but when I visit
https://wiki.lxde.org from firefox esr 45.4 it says the website is encrypted with AES 256


#2

Hi there!

I’ve replied to your email, but it doesn’t hurt to write again:

  1. This is probably our new theme’s fault. I’ll check this out.

  2. From my side everything looks okay. Could you try with more up-to-date browser?


#3

I sent you some screenshots .You can see that https://downloads.puri.sm is said to be encrypted with AES128 with firefox esr 45.4.0 . I recommend to encrypt all puri.sm websites with AES256 .That would solve the problem.


#4

How is point 1 going?


#5

Hi,
I was about to order a Librem 5.
Unfortunately, the ordering page requests script permissions for:

I do not think this is a good starting point for privacy.

Unless you discard that stuff from the ordering page, I refuse to commit.

Regards


#6

are you sure? the only script i have on the librem 5 page is from puri.sm and when i go to order it add just stripe.com and nothing else


#7

Stripe, Google Ajax, and Google Fonts snooping on mine


#8

I have NoScript running all the time - On this website I just have puri.sm and stripe for order - same as mentioned above. I haven’t personally seen any Google scripts in the many months that I’ve been following Purism.


#9

i go deeper on this and i noticed NoScript do not found anything else, where ublock origin found also the other stuff, seems strange to me, but i noticed also in other site, i don’t know how is it possible


#10

I run NoScript (NS) and RequestPolicy (RP) on my Firefox setup. I did notice from RP’s status icon that requests to Google stuff across various parts of this website were caught and blocked. NS saw nothing, but that might well be because RP already stopped it.

Nevertheless, I do agree with the OP’s points. Google is one of the antonyms of privacy.


#11

All, this is something that we are aware of, our website/website theme links to jquery and fonts hosted on Google servers. This is usually nothing to worry about, but yes, we also do not like this. We agreed previously to move all the needed stuff to our own server, but the lack of time and manpower has prevented us from doing so. We have plans for this in the future, and we will do something about it soon.


#12

any updates on this?


#13

There is a website redesign undergoing, by the very same person who designed https://pureos.net
No release date have been given yet

As you can see, PureOS.net does not sport any tracker. There is much to bet puri.sm won’t :slight_smile: