E/os new idea/wiping data on mobile

Just to add to this, we don’t have an automated way to swap user personas today, but due to the simplicity of Linux users and the fact that sensitive data and settings tends to live under your home directory, it would be easy to do this manually:

  1. Use the GUI Backup app to backup your home directory somewhere (microSD card, network storage, etc)
  2. Erase the contents of /home/purism completely and reboot.
  3. Start with no personal settings and set up your new travel persona with saved accounts/passwords/files/app settings you need.
  4. Back that up as your travel persona, erase /home/purism again, and restore your original /home/purism persona.
  5. To swap between personas, just erase/restore /home/purism.

If no one beats me to it, this seems like a relatively simple GUI project to script up with yad using deja dup behind the scenes, if I find some time.

2 Likes

Does this mean … leave the /home/purism directory itself present but remove all the files from that directory?

I don’t think I’ll be rushing to test this procedure. :rofl:

Fortunately crossing borders is not something that people can really do at the moment anyway.

Yes. You’d erase all the files (including hidden files that start with ‘.’) underneath /home/purism but leave /home/purism intact. I double-checked with others on the team and because all of the settings you set at first boot ultimately get stored there, it should just reset you back to your first boot state (at least in terms of user settings, any system-level apps or packages you installed previously would still be there).

[Edited to add] I should note that this is essentially what I’ve documented in my backup and restore article and perform each time I’ve migrated my settings and files from one Librem 5 phone to another. The main difference is I backup and restore a few additional things from like my openvpn configs from /etc and my user crontab, as well as restore any uninstalled apps (as I assume I’m starting from a blank, new image).

2 Likes

It looks as if shred is installed by default on the Librem 5. Tick. However there isn’t really any foolproof way of erasing content on a solid state device.

With switchable personae, what do you do about, for instance, email/call/chat connectivity and history, and contacts, which are things that would be of definite interest if your phone is being targeted at international borders? (And things you wouldn’t want to be without while traveling.)

All of that would be erased if you switched to a different persona. So you would set up the travel persona only with the contacts you need while traveling (perhaps hotels/restaurants/etc and people you are traveling with, credit card contact numbers and perhaps an emergency contact if you need it).

For example, see here for call history: Sound on Librem5

On the other hand, you can’t erase the copy that the government is storing. :wink:

And I guess you would have to use only web-based email (inconvenient), delete any chats, and not store any passwords on the device.

It is assumed that all of that is buried somewhere in ~purism but you ought to audit that if you are seriously concerned.

It really all depends on your threat. You’d travel with what you were willing to lose. We have a lot of folks that show up in our forum who have given themselves a threat model of an international spy, so those people should be well-acquainted with the idea of compartmentalizing identities and already have all of that set up ahead of time.

For everyone else, the prevalence of free online accounts these days means it’s relatively simple to create travel persona accounts on the various websites you’d need to access. So to take this all the way, you’d set up a travel webmail account somewhere trustworthy and use it for your travel arrangements. That’s a good practice in general anyway as if you start getting spammed on that account you can tear it down and start again.

It’s similar to telling people who want to contact you while traveling the new local # you will get with your prepaid SIM you buy on arrival (if you do that).

Other people may just be concerned with border crossings in their threat model, and not with losing their data once they are traveling within a region. In that case I suppose they could restore a persona from the Internet once they cross the border, then perform the same swap when they cross back.

You adapt the general principles in play to your particular threats.

1 Like

Maybe one of the codes after the pin code could cause a direct short circuit of the Lithium ION battery. So BOOM! the phone catches on fire. After they put the fire out, all that’s left of your L5 is melted plastic, oozing toxic chemicals, and third degree burns on the guy who tried to get to your data. So the data isn’t the only thing that’s gone. The whole phone is gone. Then you tell the authorities “Wow, you just can’t trust those Samsung phones. I thought they solved those battery problems years ago”.

3 Likes

For the international spies among us … would another option be to mount something on the uSD card as /home/purism and that way persona equates to uSD card? You swap personas by swapping uSD cards.

So as you leave your house at the start of the mission, you take the specific required passport and the matching uSD card is inserted into the phone.

Downsides that I can see are:
a) if uSD card is borked then phone may become unusable, and
b) it is readily obvious that you have set it up this way (but I tend to think, as a hypothetical, that if “they” are taking that level of interest in you then you are probably stuffed already)

1 Like

Thanks for link to your article on personas.

When I eventually get to pick a modem for my L5 will I have an option to buy another modem so as to change the IMEI if I want to as per your article?

If so, what is the price of modems?

You mean another modem from Purism as part of the purchase? i.e. accessorizing?

Yes most definitely.

Modems are on the Purism shop already.

Each of three variants of the BM818 is US$49. I would suppose that you can buy as many of them as you want - if you have the spare cash!!

That however is a can of worms. If you mean change the IMEI by changing out the modem for another one, I would suppose that you can do that, as often as you want, using any modem that you have.

Don’t forget though that

a) the IMSI won’t change as you do that
b) the modem antenna may not be rated for doing this an unusually high number of times.

It’s unnecessary to take the context to spies and extremes. The login with pin is not at par with the rest of the device security and using numpad as is, is a bit dated, as other features could be added. In that regards, the L5 seems to be the first that could actually do something special that Android and IOS just can’t. The threat profiles vary and more options should be given - the users can then decide what to do with them. And as I tried to point out in the examples, there are other functions that can be used instead of the extreme lock/destroy ones, as well as other possibilities than the example implementation.

Yes, you could do that easily already. If you format the uSD card with ext4 and mount with the nofail option over your /home directory, you’d also have a failsafe that would fall back to the empty /home directory in the case the uSD card failed or was missing. For many people it would be a much simpler approach than backup/restore.

Yes, I touch on this in my article in more detail I believe, but essentially one of the great things about the Librem 5 is that all of the items that might constitute your identity are removable/replaceable:

  • MicroSD card (in particular if you use it as your home directory)
  • OpenPGP smart card (so you can store GPG secrets tied to a particular persona securely)
  • Cellular Modem (IMEI)
  • SIM card (IMSI)
  • WiFi card (WiFi MAC)

Since all of these are modular, you could create sets of all of the above that constitute a particular identity (persona) and easily swap between them.

3 Likes

This reminds me; I’ve been meaning to suggest that Purism eventually redesign the SIM/mSD tray to allow extraction with just your fingernail, rather than having to find a pin or paperclip, etc. Some kind of notch would be much more convenient.

edit: You could even $ell the redesigned tray in the Store. :slightly_smiling_face:

2 Likes

Not that I would intend to swap this a lot (if at all with current travel restrictions etc) but this quote suggests that there may be a limit to the number of times a modem is removed and replaced? Anybody able to expand on this?

Thanks for the reply Kyle. I will most likely get a spare modem when I order.

It’s more that it’s a tiny, delicate connector attached to a tiny wire. It does take a bit of practice to get good at connecting/disconnecting them properly, and if you aren’t careful (using too much force, for instance) you can damage the connector on the antenna wire. Even then you could replace the antenna connector, you’d just have to get a replacement wire and take the Librem 5 apart further, to connect your new wire to the PCB.

3 Likes

Ah. Now I see. Makes sense. Thanks.