Lol, no it just means it’s not mainstream device, I.e. a riskier investment if your bought one. If you think being concerned with privacy elitist then I know for sure that we cannot have a rational discussion.
I don’t like your phrasing — so I will mirror it so you might understand why I might object. Blanket statements about a group is a bad look and is tribal.
Purism fans just refuse to remember that the Librem 5 also depends on closed source
firmware:
The firmware for the cellular modem is proprietary.
The firmware for the Librem 5 wifi card is proprietary.
Purism fans just refuse to remember that they don’t have a monopoly on knowledge about HW, firmware, drivers, OS’s, and the Free software landscape?
I noted above: The firmware for the WiFi in the Librem 5 is proprietary. Don’t confuse the open source driver with the proprietary firmware.
Also: If you remove the cellular modem, you’ve taken away some phone features — you basically just have a tablet. Temporary removal is only temporary.
Also: In the later Pixels the IOMMU can completely isolate the cellular modem. Maybe read the Graphene FAQ. https://grapheneos.org/faq . There are lots of interesting parts.
For example:
Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device.
Where GrapheneOS is different is that they only support devices with good IOMMU support for isolating components. The lack of such support is why Graphene does not
support the Librem 5 ( https://grapheneos.org/faq ):
Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there’s not much that the OS can do to provide an alternative.
This is dumbfounding.
I was very precise what I mean.
The modem and WiFi of Librem 5 can be removed or disconnected from the power supply.
The modem and WiFi of Google Pixel is integrated system on a chip.
You can’t deny this.
You are free to like Google Pixel with Graphene OS. But you can’t expect that everybody shares your enthusiasm.
Especially this is a Purism forum. Not a Graphene/Pixel forum.
We do remember that. This is about the control. The firmware you listed does not affect the running PureOS. It by design cannot interfere with my RAM or browsing. I can treat it as a part of (already untrusted) cellular / WiFi network. I have an opportunity to replace it later without replacing the whole device (possibly by replacing the M.2 card, when it’s available, or reflashing).
Android does indeed have a lot of free software. But the nonfree software which it runs, removes the control from the user: you can no longer upgrade your Linux kernel, you can no longer be sure that your operations on the device are safe. It has access to everything you do; your only choice is to trust it or throw away your phone.
Yes, but which other companies advance the mobile GNU/Linux as much as Purism? Everyone could do it, but no one is doing it.
Which tablets can run exclusively free software and latest Linux kernel?
This is a software operation. If you do not trust your software (and I do not trust proprietary software from Google or Samsung!), you cannot be sure that “airplane mode will fully disable the cellular radio transmit and receive capabilities”.
On the other hand, I am sure that the hardware kill switch switches off the modem on Librem 5, even if it’s infected with malware.
This is a completely different threat model. I understand people who choose to follow it, but you should not expect that everyone does. I do not trust Google’s firmware, full stop. I prefer to have “less security” but be able to run fully free software. Why can’t I run GrapheneOS on Librem 5? To me it looks suspicious: GrapheneOS effectively promotes Google control over users.
If I don’t trust the Librem 5 modem I can remove it and use WiFi.
The implication is that you trust the WiFi and its proprietary firmware.
I can’t deny it. But I can force you to tell me why I should care. Or did you not read
that I already showed that this wasn’t a problem. On certain phones (e.g. Pixel 6), the
Wifi and cellular modem can be fully isolated using the IOMMU. Did you read anything I wrote? If you trust GrapheneOS (which is open source) and that the HW (IOMMU) is functioning as documented then one can be assured the cellular modem and wifi can be isolated.
No. But I can expect that they understand their arguments against Graphene+Pixel security and isolation don’t hold water.
Sure. But when you criticize something, it seems fair to respond, right? When
people spout that the Librem 5 is the only choice … it seems it’s my duty to
point out alternatives. Or would you prefer an echo chamber?
I’m curious why you are expending so much effort in a Purism forum to troll people that ACTUALLY have a vested interest in the project, when as you stated you do not. Like literally the definition of a troll. I don’t get it, please enlighten us.
As I mentioned at the start, but I’ll underscore now. The only reason that I used the phraseology of “Purism fans refuse to remember” is that the OP used the phrase “Graphene OS fans just refuse to remember”. I find that assumption offensive and I wanted to demonstrate how one could be offended by using it "in kind*. Of course I assume that most Purism fans do know those things about the Librem 5.
The link you provided is a link to an FAQ written by amosbatto. I’m not at all a fan of
amosbatto. The Graphene OS dev has repeatedly told amosbatto that he was incorrect about some/many of those assertions in regard to GrapheneOS. amos reacted poorly IMO and in the moderator’s opinion and got a one month ban from the Purism subreddit.
Specifically the assertion that “you can no longer upgrade your Linux kernel” is not
necessarily true. The GrapheneOS dev asserted that the drivers could absolutely be recompiled to support another kernel —> that said, he also indicated that Graphene would not want to do the work to do so (they want to work on Graphene features and not provided
long term support).
My point was different. It was the same point as the intro. I absolutely hate it when
Purism fans assume that non-fans don’t understand HW, Software, firmware, Free Software and such. I’ve been using Linux since late 1994 and became aware of Free
Software around the mid-to-late 80’s. I can understand Purism and dislike them even
though they are FOSS friendly.
My point was that if you take out the cellular modem, you have a tablet and not
a phone.
That said, there are tons of tablets that can run exclusively free software (modulo firmware
and maybe the wifi driver). De-googled android ones are plentiful, but you can also
find GNU/Linux one’s too. Duck-duck-go it.
Yes. Which is why you would want to use an Open Source OS like Graphene, right?
If you’re talking about cellular modem and wifi, I can use a faraday bag.
If you’re talking about trusting software, currently the security of PureOS is much lower than the security of GrapheneOS on a Pixel6. It’s not even close.
You can’t run GrapheneOS on a Librem 5 because GrapheneOS requires specific
IOMMU support. The Librem 5 does not have that support.
Yes I gave an example with the WiFi because I wanted to show the principle and not to strip every possible attack vector.
I don’t agree that the arguments against the isolation in Graphene OS don’t hold water.
I just don’t trust the hardware. That’s it. I can trust Graphene OS, but I don’t trust the hardware below it.
I don’t trust that a Google pixel is really offline when I want it to be offline. It might be. It might be not.
My first point sounded offending precisely because as we see you don’t accept that I would just never accept a Google Pixel with Graphene OS as the solution. No matter how many words are written.
I will always accept and praise its merits. It is a great solution for many people. But not my product.
If you put Graphene OS on a modern Sony Xperia, I would buy it.
(It would still not offer the option to throw away the modem, but at least it will not be made by Google in China).
P.S. I would recommend Graphene OS to other people who seek alternative to Android and iOS but would not be satisfied with Librem 5.
You don’t trust that the IOMMU functions as specified? We’re not talking about a software-controlled-power-switch here. We’re talking about an IOMMU which is made be a different company (Samsung) and it controls interaction between each device and the DMA bus (the IOMMU has an open source driver xynos-iommu.c). You’re aware that this IOMMU is used in other devices and that, perhaps, those device makers have tested it?
That’s fine if you understand what you’re saying. I’m just trying to see if you’re going that far and you know what that means, because that seems way out there to me.
Seriously, why are you here? You’re shilling other Foss phones in a purism forum and you have stated that you will not be getting a librem 5. What are you hoping to achieve?
I read some of those discussions and I did not understand most of the arguments from the GrapheneOS developers. They are simply too technical, unclear for non-professional like me and the developers are often going to personal attacks. On the other hand, @amosbatto’s writing style is pretty clear and he always provides a lot of references to backup his claims. He also accepts it when he’s wrong. I never saw the latter from the GrapheneOS team. By the way, this is not our first discussion on this topic.
You mean that place where almost everyone doesn’t understand how Librem 5 works / delivered, spreads falsehoods about it, searches every tiny opportunity to destroy the image of Purism (even when these are totallymisplaced and wrong claims)? All such posts getupvoted, but only people who defend Purism get banned.
By the way, the Pine64 subreddit was also quite hateful they say, so Pine64 created their own official subreddit.
I have no idea how proprietary drivers can be recompiled by the GrapheneOS team, could you provide some details? Even if it’s technically possible, this is irrelevant, because the actually important thing is upstreaming, otherwise support gets impossibly tedious very quickly. Only Purism is doing it on a big scale AFAIK, and soon LIbrem 5 will work on the mainline Linux kernel.
This is a deal breaker for me. I do not want to buy and reconfigure a phone every couple of years. I care about the nature and about my time and freedom to run what I want (e.g. mainline kernel). Also, it’s suspicious to me that GrapheneOS developers come into every Librem 5 discussion with claims that it’s not a secure phone. It’s disingenuous, because it depends on your threat model.
You are certainly entitled to your opinion, but you should tolerate that others have different opinions.
Consider my threat model: I assume that my smartphone’s software might be compromised. I need to attend some private meeting and talk to sensitive people, and I want to be sure that it’s a private talk. I also want to be able to call emergency if needed. With Librem 5, I can just use the kill switches.
I expect to use the smart card to access my email without leaking the password; can I do it on GrapheneOS?
I expect to run the same software as I do on my desktop, without learning or relying on new tools. I want to be sure that the manufacturer of my hardware is on my side, not trying to put me into a walled garden for their profit. You can read more reasons in @amosbatto’s FAQ. I agree with all those points. If you have any arguments against them, I would be interested to see them (and not arguments against @amosbatto).
With GrapheneOS I have to trust the hardware from China or software from Samsung and Google. You should understand that these companies and country have a huge incentive to track me, because this is how they earn their profits. Purism doesn’t. Follow the money.
In summary, my my criteria for the phone are the following: lifetime support, mainline kernel, desktop software, FSF endorsement, control by me, no walled gardens or planned obsolescence and so on.
This is disingenuous. I can’t run GrapheneOS on a Librem 5 because GrapheneOS chose not to support it. I would be fine with less security without IOMMU but with more freedom. Why do I have to follow your own threat model? The GrapheneOS promotes hardware that I cannot trust and intentionally excludes hardware which I prefer. For this reason alone I will never use this OS.
Having said that, I agree with
and I did recommend GrapheneOS to some people whose threat model is more in line with it.
I remember the Watergate hearings. My jaw dropped at the repetition of “I do not recollect.” My thought was that they had “brains of Swiss cheese” rather than a strategic ploy to keep themselves from going to jail – but I recognize now that I was young and naive.
With PureOS on the Librem5 I have to trust the hardware from China and software from Purism, Debian (let’s face it Purism isn’t reviewing every line of all the projects in the Debian repository they pass through), Mozilla, OpenBSD, and countless other developers with varying incentives and goals.
And before the “oh well you can review the source because it’s open and available, you don’t have to trust it” no… I cannot. That is infeasible to learn the skillset and actually review in any meaningful way in my lifetime, I have other time commitments as do most people. We have to trust others, and it’s OK for people to have to trust others including trusting open source OR closed source. Not everyone’s threat model includes samsung/Google as threat actors and some might argue the more entities you have to trust the less they trust it.
And the argument that open-source allows for more eyes on it therefore its more secure I find inadequate when you see things like the OpenSSL vulnerability that existed for years basically because nobody bothered to actually look at a section of the code (yes an oversimplification for brevity but not so oversimplified as to invalidate the point). The more accurate viewpoint, from my perspective, is that OpenSource allows for more eyes therefore its more likely an issue will be resolved quickly once announced, but it also invites complacency in that “everyone else already looked at this so I don’t need to”. Just because someone else could doesn’t mean they did so you’re trusting if you’re not actually reviewing it yourself, and most people just don’t have the capability in knowledge to do that review in a meaningful way.