Hi @Voyager,
Your question is valid, and worth asking. It is totally legitimate and even necessary to wonder if Purism is doing something useful, if it solves an actual problem, and is heading in the right direction. I can’t speak for others, but I can tell you what I expect from the Librem 5
Libre Software
Basically, I have been a Free Libre Open Source Software user for many years, mostly because I’m more comfortable with knowing/having the possibility to know/having a community of users who can check what the software on my machine does.
The state of mobile today
The Apple case
On the mobile phone side today, there is Apple with its iPhones, which has a reputation for security. But in the end, we simply don’t know what iOS does. In the article below, you can find a discussion between FBI agents about the San Bernardino shooting case, in which Tim Cook stood publicly against the unlocking of the iPhone.
Among other texts:
And what makes me really angry about that Apple thing? The fact that Tim Cook plays such the privacy advocate. Yeah jerky, your entire OS is designed to track me without me even knowing it.
This does not prove anything of course. We still have hints at Apples mindset: it has been compliant with China’s censorship rules. I do believe that Apple is not that committed to privacy, but it’s well engineered marketing.
With closed source, you simply cannot know.
The Google case
On the other hand, you have Android, made by Google. The open source part of Android is getting thinner and thinner every day, and Google ships most of the new features in the closed source Google Play Services. It has been long known spying on its users, even tracking their location while the setting of location tracking was disabled.
The news are plethoric about what google collects. Event a mainstream TV channel in the US lately showed how much data an Android phone on Airplane mode all day and with no SIM card can collect an report to the mothership as soon as it is connected to a Wi-Fi network. They did this by performing a MitM on an AP they set-up.
Plus, they are working on Fushia, another OS we don’t know many things about yet. Android Google Edition is pure spyware, while Android AOSP (somewhat “Google-free”) does not seem to be the good solution in the long run.
The web
Finally, there are all the trackers on the web. There have been numerous scandals about third party javascript on some site that record your every move and every keystroke, including your passwords. These were put intentionnaly by the first party company. Officially those are for analytics (e.g. how long you’ve stayed on a web page), or in order to offer better support. Of course, technically this has been a disaster: sometime the whole session logged is sent over an unencrypted stream, sometimes the passwords are not erased before being showed to the dashboard of that third party solution…
Facebook also has all these “Like” or “Share” buttons everywhere on the web. Yes, those track you too. Everytime you go somewhere and see that button, Facebook knows you have been there. Browser fingerprinting, among other techniques, allows them to track you specifically, even if you logged out, even if you’re in private mode. They also build a “shadow profile”: some information you didn’t give them but they have gotten anyway (by reading all your friends’ contacts, as an example).
So… tinfoil hat?
Basic rule of security: you cannot be protected against everything. If you have a resource to protect, you can only raise the amount of effort it takes for an attacker to get what he wants.
Basic rule of security #2: if a government really wants to spy on you, they do have the resources necessary to do it, even on an Android AOSP up to date with no GCM installed.
What I’m protecting mostly against are companies. I don’t wan’t to have to trust Apple. I want to know they are not tracking me. I don’t want to give all my data to Google. I don’t want Facebook to know anything about me. To put it simply: I don’t want any company to be able to gather massively data about people. The surveilance has to be hard and costly in order for it to be targetted.
Why though? After all I’m just an average Joe like any other. Let’s imagine for a minute my country turns into some sort of totalitarianism. And they want to eradicate people with some opinion. Do I really want a company to be able to give my whole browsing history, habits, location to anyone? Today I’m compliant with the idea the government has of what is acceptable, but who can guarantee that will last?
Purism
Purism is the only company I know with already successfuly selling products, and a credible project to change the game. Their commitment to FLOSS and privacy means a lot to me. We know we can’t trust our devices, so their kill switches are necessary to raise the bar in terms of efforts it takes to spy on you.
I want a mobile device with 100% free software running on it, and with the ability to shut the camera and microphone down. This does not exist today, and this is what Purism is offering to make. Kudos to them for that!
Before anyone points it out: I do know that some research shown that it is possible to track a conversation with the accelerometers on the device. But let’s not get our hands down: every improvement any company can make is welcome! Maybe we’ll have killswitches for the accelerometers on Librem 5v2