it wasn’t a point because i didn’t care to elaborate/explain but merely a phrase that is easy for people to agree with 
1 Like
It is LAW to have a backdoor built in and it is the law to not allow people to know. Hardware switches seem to be a legal loophole. But I think as soon as you go online, all screen recordings and tracking is sent anyway.
And if you connect to a 4G cell and are on the “list”, evetything is intercepted anyway. That is the way the industry had to build 4G and causes latency, because everything needs to be checked first. Watch the CCC video about 5G for proof.
Being a US company, Purism is forced to as anyone else over there.
1 Like
but it is not YET law to FORCE people to use malware … unless the pressure is already so great that people feel powerless … nice loop-hole they’ve engineered ! 
I think the “We aren’t at 100%” was in response to: Did you reach the goal of reproducible builds?
That is a rather less ambitious goal than “100% safety”.
When you say “it is law” you should clarify which country. I’m assuming you mean “US”. It does make a difference.
That is the point of the Purism warrant canary. The point is not that Purism as a US company can avoid being subject to secret FISA proceedings in the US. The point is not that Purism would be allowed to make public the existence of, let alone the details of, such proceedings. The point is that under current interpretations of US law Purism cannot be forced to make a public statement (in this case a document claiming that all is good when all is not good, otherwise known as a ‘warrant canary’).
In other words, forced silence does not imply forced speech.
2 Likes
Also countries in the EU have already been caught using a “Bundestroyan” f.ex. Germany and Austria. Even though courts did not aprove it and it is not yet an act of parliament. And those cases are the tip of the iceberg.
Even FOSS is no guarantee (f.ex. the curved bezier, the … developing for coreboot, hidden google tracking code in chromium…). Who checks 100000s pages of code.
I do not want to paint it black: We need do start somewhere and everyone supporting privacy actively, should be supported.
4 Likes
i know it would be a daunting task … IF done manually and by a single person
if done in teams and with specialized automatic verified tools … can be an OpenAi project or simply clever programs that sniff out-bound traffic or other types of local-malware then it IS possible …
i’m pretty sure that companies that do business in this field are very up-to-date on HOW this is done …
point is it sucks that we’ve reached this point …
2 Likes
This is my biggest concern with librem 5, is the inherent distrust of the united states and its orwellian surveillance and ability to force the hand of any company under in its borders.
That being said, im more interested in taking power away from corporations than worried about government spying, in the best case scenario the governments of the world can still find out what they want to find out by traffic interception and decryption, quantum computing if it hasn’t already will soon render any encryption that we think keeps us safe entirely useless.
In my humble opinion, this is a violation of the 4th Amendment, and periodically I will be sending out very highly encrypted random text files, classics, and other things so THEY waste computer resources trying to de-crypt them. I want them to seek a real, Constitutional, search warrant and I will gladly show them the files. I will not quietly go into a “1984” or “Brazil” future. F’em.
3 Likes
Love that. Back in the pre-internet, BBS days, we used to worry about the NSA snooping our FidoNet email. We would setup custom signature blocks to append to all of our email. The blocks consisted of a couple of kilobytes of words intended to trip their filters and make THEM actually look at a thousands of emails discussing the finer points of C=64 hacking or BBS administration. 
2 Likes
LOL. I just send out random data. Not encrypted random data. Just random data. They can suck that into their data center and spend a zillion years to decrypt that.
1 Like
while doing what you’re saying might be fun for YOU … i would like to point out that cracking an encryption in a data-center or attempting to - at least - is a highly computational task which consumes a lot o power.
this power is not magically produced (unless it’s 100% green energy) … this might be a reason to consider if you’re worried about global warming what would happen if we all did that ? 
wait … i’ll answer that … we would cook ourselves alive just to preserve privacy ?
1 Like
At least I am not consuming energy at my end to encrypt my random data.
3 Likes
I am far more worried about solar output variation and the impending magnetic pole flip than power used by data centers or industry. 
you should be concerned about EVERYTHING because we have reached this point over a period of a few thousand years of unbridled ignorance and laziness … everything no matter how small adds up over time if it overcomes the natural-habitat’s ability to maintain balance …
1 Like
Thanks much for your answer.
Can anyone explain to me how a phone that is turned off can be turned on remotely?
I can. Your phone has both a CPU and a baseband processor, which most keep running after you’ve “powered off” the phone. Details of baseband processors are trade secrets and are proprietary. Essentially they remain on trickle charge and power up every minute or so to see what is what.
These are what law enforcement will “ping” when attempting to locate a phone. This is the component of the phone that registers with the cell towers so they know how to route calls, etc. It is also how they get wide area location by triangulation to towers. Phone register with their IMEI, which is unique to the device and can’t be changed.
The baseband is the modem, plus a simple CPU. You can actually use the good, old-fashioned AT command set to control it via a serial interface. Remember Hayes? All phones are set up where there is a bidirection channel between the CPU and the baseband processor. They do have to communicate, after all. Most, simply because this is the way they’re made by Qualcomm and the others, are fairly robust. There are commands that can be sent over the air to your baseband that tell it to power on the main phone. In older phones basic information can be read from the phone’s storage. This is still possible if the storage is unencrypted. In all cases the baseband can read whatever is stored on the SIM, including call history, basic contact list (if saved to SIM), and other metadata.
In short, if your battery is not 100% flat drained of power, the baseband is in deep sleep mode and wakes up periodically to check for messages and possibly register with the network. Most have commands that can be received over the cell network to access data from the main phone storage and power on the phone.
I say this after spending 3 years as a telecom engineer specializing in CALEA.
2 Likes
Thanks for that excellent and disturbing info ( to me anyway). Does removing the battery stop this behaviour (please don’t laugh if that’s a silly question. These phones are smarter than me)!
Yes, assuming you have a phone with a removable battery. This is why you see that in movies and TV – someone making a big deal about removing the battery and not just shutting a phone off.
I figured so. Makes the L5 look even better in this light.
1 Like
Another thing you can do after “powering down” a phone that does NOT have a removable battery is to wrap it in a Faraday cage. A few years ago we did a little test with a couple of Android phones. We were surprised to discover that 1 wrap of aluminum foil (the kind that comes in a roll for kitchen use) did NOT shield the phone and it rang when called. So we wrapped it with a second layer and that did the trick. Had to read about the physics of shielding materials as a function of frequency to understand what happened.
Bottom line: bring 2 or 3 layers of aluminum foil to wrap your non-Librem 5 phone, but test it first.
2 Likes