eSIM on Librem 5

I read one article that said that physical SIM cards are going to be phased out. Eventually, the use of a physical SIM card will be more for niche’ applications only. These days with the rapid growth of technology, “eventually" could be next year. Some authorities see physical SIM cards much like spending cash. The government can’t control nor track it reliably. They want to get rid of it.

How will Purism adapt? So let’s say that an e-Sim implementation is written for the Librem 5. The network operators might just say “we don’t accept opensource software to authenticate an e-SIM because we want e-SIM authentication methods to be kept secret and controlled by us”. Then the next thing they say is what most mobile network operators are already saying “we won’t allow the Librem 5 on our network". So I can’t then give them my old Samsung Note 9 IMEI to activate a SIM and then switch that SIM in to my Librem 5. You just have to accept the “no" meaning that you either use the AwSim service or there is no possible way to activate your Librem 5 on any network.

Contact Purism.

The Librem 5 can’t be the only workable phone model that lacks an eSIM?

Hence, in my guess, “eventually” could only be next year if carriers are prepared to trash lots of phones.

As cynical as I too am, this isn’t the only consideration. Carriers like eSIMs because it saves the administrative hassle of stuffing around with pieces of plastic and posting them out, and it reduces the amount of time between purchase decision and fulfillment.

That isn’t typically the way it works but, yes, if there is remote attestation or something else such that it is not possible to have an open source software or hardware eSIM implementation then this will be unhelpful to us.

All it would mean though would be that a Purism phone would have to include an acceptable blackbox eSIM chip - which wouldn’t really be worse than the current SIM card, which is already a blackbox computer.

I guess it is slightly worse because if a serious security flaw were found in a SIM card (and there have been problems found in SIM cards), you have the option of removing the SIM card. eSIMs don’t offer that mitigation.

Note that there is probably no way to retrofit the Librem 5 with an eSIM chip. So in the worst case (i.e. that carriers just decide to trash all phones that don’t have an eSIM chip), the Librem 5 can’t be used any more.

However note also: New, from Soprani.ca/JMP Chat: an eSIM adapter (assuming of course that carriers allow that eSIM implementation).

This is generally considered to be poor security. If your security relies on keeping the method itself a secret then it is broken. If your method doesn’t rely on keeping the method itself a secret but the method is nevertheless kept secret then it means that the method has not had wide public review, which means it is more likely to be faulty - and if it is faulty, it is more likely to remain faulty.

That’s right. eSIM makes it difficult or impossible to play games where you activate a SIM in one phone and then move it to another phone. However that doesn’t make a material difference. A carrier can already trivially detect the change of IMEI even with a physical SIM. They could already stop you doing that if they wanted to.

In my opinion there are two solutions:

1. e-sim implemented in Librem 5 v.2

2. buy and use a very basic and simple eSIM phone in tethering mode and use L5 with WiFi. I know it isn’t the best to carry two devices but that’s a reasonable solution if/till eSIM isn’t implemented into L5 and “hiding” it behind WiFi (maybe using VPN) it’d be a better way than be direct connected to the world throw eSIM and also solving some trouble that we’re having now like using proprietary sw (eg: WhatsApp, Facebook, banking app, IoT apps,..) on one and Pure sw on L5

Last: if eSIM directly implemented into L5 would be privacy and/or security violation I would prefer 2) solution

…or get an external eUICC, put it in the SIM slot and install your eSIMs on it.

The whole Microsoft Windows ecosystem lacks public review. Most of the code in your Android or Apple phone can not be reviewed by the public. Regardless of what offers the best or worst security, if the industry wants to keep something a secret, they will do that, regardless of what we say about that decision and how good or bad their decision is from a Security perspective. That choice keeps you and I out, and forcibly within compliance to their whims. When was the last time you reviewed the source code for your bank’s banking app? When was the last time you reviewed the firmware blob code in the Qualcomm chip in your phone? If the industry wants to do something secret, they just do it.

If the phone manufacturers want to get rid of physical SIM cards within a year, they will just do that. The life cycle of a phone in the consumer market is less than a year anyway. The phone manufacturers can just stop producing cell phones with SIM card trays. Then give it a year for all of the existing phones that can accept SIM cards to sell out of the market. Then wait another year after that before the carriers stop issuing new SIM cards and then during that same year, they only issue SIM cards to purchasers of the older new phones that need SIM cards as those older new phones are sold. So Purism could easily be less than two years away from their new Librem 5 users not being able to activate a new Librem 5 phone. No one considers what you or I say or think. They just do it.

Our ops manager had previously informed me that eSIM is supported (not enabled by default) for AweSIM but not supported on the BM818 modem due to a lack of eUICC. I had updated the documentation accordingly. I have not personally tested this out.

I’m afraid I don’t understand the purpose of this topic. You have already identified the only viable FOSS-compatible solution to your hypothetical where SIMs and eSIM adapters are somehow banned from all networks and MVNOs: operate your own MVNO, which Purism already does.

Carriers could also just ban non-Google/Apple devices from their networks, governments could ban the sale of privacy phones or start requiring backdoors in hardware devices, etc etc. Yes all of this could happen, but so far it hasn’t, and Purism isn’t a regulator or government body that can push back in these (somewhat far fetched) scenarios. They currently provide a workaround for your hypothetical scenario, and that’s about all they can do.

An attempt to solicit a response from Purism using the community forums instead of official communication channels.

Most of us post here to either learn from others, what they know or think about a topic. Each post is from a person who learns something here from others. Then there are some people who can read the whole chain of posts and remain ignorant, or claim to be ignorant because they don’t like the topic. Worse yet, they may trivialize, distort, or belittle what has been said. Perhaps the claim of being ignorant is more polite than admitting to rudeness. Because not many people are quite that ignorant. But for those who are that ignorant, most of us here own an expensive phone that may not work any longer, sometime in the near future. For those who under the topic in detail, the threat to the Librem 5 is real. This is where that issue is discussed.

Have you made any attempt to contact Purism directly since the start of this topic three days ago?

JCS has at least responded in this topic. So it (this forum topic / the subject area in general) is receiving some kind of attention from Purism.

I would not necessarily equate JCS’s participation on the community forums as confirmation of Purism giving any attention to user inquiries.

Purism is tracking eSIM compatibility using 3rd party adapters for use with the Librem 5 v1, and is considering native eSIM support for Librem 5 v2.