I'm giving up on the Librem 5

I read some of those discussions and I did not understand most of the arguments from the GrapheneOS developers. They are simply too technical, unclear for non-professional like me and the developers are often going to personal attacks. On the other hand, @amosbatto’s writing style is pretty clear and he always provides a lot of references to backup his claims. He also accepts it when he’s wrong. I never saw the latter from the GrapheneOS team. By the way, this is not our first discussion on this topic.

You mean that place where almost everyone doesn’t understand how Librem 5 works / delivered, spreads falsehoods about it, searches every tiny opportunity to destroy the image of Purism (even when these are totally misplaced and wrong claims)? All such posts get upvoted, but only people who defend Purism get banned.

By the way, the Pine64 subreddit was also quite hateful they say, so Pine64 created their own official subreddit.

I have no idea how proprietary drivers can be recompiled by the GrapheneOS team, could you provide some details? Even if it’s technically possible, this is irrelevant, because the actually important thing is upstreaming, otherwise support gets impossibly tedious very quickly. Only Purism is doing it on a big scale AFAIK, and soon LIbrem 5 will work on the mainline Linux kernel.

This is a deal breaker for me. I do not want to buy and reconfigure a phone every couple of years. I care about the nature and about my time and freedom to run what I want (e.g. mainline kernel). Also, it’s suspicious to me that GrapheneOS developers come into every Librem 5 discussion with claims that it’s not a secure phone. It’s disingenuous, because it depends on your threat model.

You are certainly entitled to your opinion, but you should tolerate that others have different opinions.

Consider my threat model: I assume that my smartphone’s software might be compromised. I need to attend some private meeting and talk to sensitive people, and I want to be sure that it’s a private talk. I also want to be able to call emergency if needed. With Librem 5, I can just use the kill switches.

I expect to use the smart card to access my email without leaking the password; can I do it on GrapheneOS?

I expect to run the same software as I do on my desktop, without learning or relying on new tools. I want to be sure that the manufacturer of my hardware is on my side, not trying to put me into a walled garden for their profit. You can read more reasons in @amosbatto’s FAQ. I agree with all those points. If you have any arguments against them, I would be interested to see them (and not arguments against @amosbatto).

With GrapheneOS I have to trust the hardware from China or software from Samsung and Google. You should understand that these companies and country have a huge incentive to track me, because this is how they earn their profits. Purism doesn’t. Follow the money.

In summary, my my criteria for the phone are the following: lifetime support, mainline kernel, desktop software, FSF endorsement, control by me, no walled gardens or planned obsolescence and so on.

This is disingenuous. I can’t run GrapheneOS on a Librem 5 because GrapheneOS chose not to support it. I would be fine with less security without IOMMU but with more freedom. Why do I have to follow your own threat model? The GrapheneOS promotes hardware that I cannot trust and intentionally excludes hardware which I prefer. For this reason alone I will never use this OS.

Having said that, I agree with

and I did recommend GrapheneOS to some people whose threat model is more in line with it.

I remember the Watergate hearings. My jaw dropped at the repetition of “I do not recollect.” My thought was that they had “brains of Swiss cheese” rather than a strategic ploy to keep themselves from going to jail – but I recognize now that I was young and naive.

With PureOS on the Librem5 I have to trust the hardware from China and software from Purism, Debian (let’s face it Purism isn’t reviewing every line of all the projects in the Debian repository they pass through), Mozilla, OpenBSD, and countless other developers with varying incentives and goals.

And before the “oh well you can review the source because it’s open and available, you don’t have to trust it” no… I cannot. That is infeasible to learn the skillset and actually review in any meaningful way in my lifetime, I have other time commitments as do most people. We have to trust others, and it’s OK for people to have to trust others including trusting open source OR closed source. Not everyone’s threat model includes samsung/Google as threat actors and some might argue the more entities you have to trust the less they trust it.

And the argument that open-source allows for more eyes on it therefore its more secure I find inadequate when you see things like the OpenSSL vulnerability that existed for years basically because nobody bothered to actually look at a section of the code (yes an oversimplification for brevity but not so oversimplified as to invalidate the point). The more accurate viewpoint, from my perspective, is that OpenSource allows for more eyes therefore its more likely an issue will be resolved quickly once announced, but it also invites complacency in that “everyone else already looked at this so I don’t need to”. Just because someone else could doesn’t mean they did so you’re trusting if you’re not actually reviewing it yourself, and most people just don’t have the capability in knowledge to do that review in a meaningful way.

This is a fundamental problem. In theory open source software can be audited. But the difference between theory and practice is always larger in practice than in theory.
Software developers cost a lot of money so I guess quite a lot of stuff in the open source world is not as perfect as in theory just because people had no time and budget to audit as much as needed.

Btw. if I was a state level actor wouldn’t I dedicate time and money to create backdoors precisely in the hardware that is often used by people who try to be more private or anonymous? So Google Pixel would be most likely the number 1 choice for the state to tackle as it is beloved choice for all Android forks. Others are less interesting because of lower numbers.

Yes, you cannot. This has nothing to do with you personally. It’s about the community and scientific method. Any person can independently verify the free software (or pay someone to verify) and ring the bell. Anyone who found a bug can spread the knowledge about it and anyone who has incentive can fix it and distribute the fixed version. In this way you do not have to blindly trust the companies but the whole community is able to verify all relevant claims. This provides no guarantee of perfection but it shifts the trust from one single entity seeking profit by all means to the community in which the members can have completely different incentives, including fame, curiousity and usability/security of their own devices.

Such approach makes it much harder and more dangerous (to the company) to hide backdoors in the hardware or software. See also my other reply to you on a similar topic. Transparency is the key.

Same as above: This hardware has open schematics, which “everyone” can check. Also, you can buy Librem 5 USA if you trust China less than USA.

You are saying this as if trusting FLOSS and proprietary software are the same things. They are completely different trust models. For-profit companies pursue profits, which do not necessarily come from good security or privacy. For this reason, I generally do not trust closed software whenever I have a choice.

I never said otherwise.

There is some logic in it, and I would agree if all else would be equal. However here you ignore that you compare many non-profit entities providing FLOSS and single for-profit entity working in secrecy. Consider Intel as a good example why it does not necessarily lead to a good security.

This is a strawman. Nobody ever said that FLOSS provides perfect security. We say however that hiding backdoors is much harder in FLOSS than in closed software. We still don’t know what every Intel CPU runs with unlimited privileges.

My personal experience with amosbatto is that he seldom accepts when he is wrong.
The underlying issue is that amosbatto inappropriately shifts the burden of proof.
While the burden of proof for an assertion is on him and he should retract if he
can’t back it up, his MO is to keep the misinformation there until a ridiculous amount of
contrary information is provided to him. It’s frustrating, hurtful and wrong.

Your reference to “personal attacks” is simply Micay voicing exactly the issue I’ve
had with amos. He presents misinformation as facts and doesn’t retract/revise even
when he’s told it’s wrong and/or even defamatory.

It’s just not true. You asserted that as a fact, but you’ve offered no proof.
Retract or rephrase. I know of someone (who is on this forum; jay little) who also
has had temp-bans (at least one, probably more) from that subreddit.

Ask yourself why would you assert something as fact when you don’t know it’s a fact.
I’m serious here. I expect you to retract, rephrase, or apologize.

IMO amos was out-of-control when he was banned. I’m glad he was.

I thought that the reason for the pine64official subreddit was due to scams regarding fake-resell of pine64 products and wasn’t due to issues with Purism basing.

What evidence do you have for your assertion?

That’s fine. Of course the Pixel 6 will have 5 years of support. To many people that’s
sufficient.

In terms of reconfiguring: I hope you’re aware that since there are not OTA updates
for PureOS, that you’ll probably being having to wipe+reconfigure your phone when
you update versions anyway.

In terms of security: There is a dependence on a threat model, but that doesn’t mean anyone was being disingenuous. Thankfully, as I’ve already linked, they specified exactly what their security concerns are: https://madaidans-insecurities.github.io/linux-phones.html

I only come in and comment like this when I think people are spreading misinformation and/or insults. Echo chambers are ugly.

Perhaps I’m misinterpreting the assertions of the GrapheneOS dev. Here is part of that from the dev themself: https://news.ycombinator.com/item?id=30761693

GrapheneOS and AOSP are Linux-based and there are no closed source kernel modules.

Of course you are involved in that thread, so you’ve certainly read it. Maybe some other points to underscore that he made in the follow up:

As stated earlier, there are no closed source kernel drivers for AOSP, GrapheneOS or even most mainstream Android devices running the stock OS.

The reason for using an LTS kernel branch with 6 years of support from kernel.org is stability. Porting forward the drivers to each new kernel release is entirely possible and isn’t a lot of work when it’s done incrementally. Not that many changes are even required. The issue is that there are substantial regressions in each Linux kernel release and it takes at least 4 months or more to get a production quality kernel for a specific hardware target with nothing break, the massive CTS/ITS/VTS passing, etc. Pixel 6 uses the Linux 5.10 kernel branch which was the latest at the time, and those LTS branches have 6 years of support from kernel.org and expanded support with more bug fixes / security enhancements / other improvements via the AOSP common/generic kernel. It’s entirely possible to move to a newer LTS branch. There are no closed source kernel drivers.

…

There are already people who have gotten the mainline 5.15 kernel working with the Pixel 6, but from 5.10 to 5.15 there are a lot of regressions, and there’s a lot of new attack surface. There’s a reason that ONLY the Pixel 6 among the Pixel family has been vulnerable to several serious core Linux kernel vulnerabilities disclosed in the past few months including the branded dirty pipe vulnerability. There are both advantages and disadvantages to using a newer LTS branch.

Can you refute him? It seems he should know what he’s talking about, right? Certainly more than amosbatto. Do you think that amosbatto won’t still make blanket statements
to the contrary???

You love the word “disingenuous”. It’s accusatory and confrontational. Knock it off.

Perhaps I should have simply said: “I can’t speak for them, ask them” or “Google it”. My impression was that they they don’t support GrapheneOS on a Librem 5 because it doesn’t have proper IOMMU support. Instead, I’ll point you to where a GrapheneOS dev answered that question ( https://www.reddit.com/r/Purism/comments/pcos2x/would_it_be_possible_to_put_grapheneos_on_the/halzhkb/ )

See https://www.reddit.com/r/Purism/comments/pcos2x/would_it_be_possible_to_put_grapheneos_on_the/halurxk/?utm_source=reddit&utm_medium=web2x&context=3. It’s anything but secure hardware and firmware. That’s the main reason it won’t be officially supported. People are welcome to make an unofficial port of GrapheneOS. It won’t be able to offer proper firmware security updates, verified boot, hardware attestation, A/B updates (missing support for A/B firmware updates and firmware support for the OS updates), the usual hardware encryption support, Wi-Fi anonymity, proper IOMMU isolation for all components, etc. The OS can be ported, and the hardening could be ported to a kernel for supporting it, with all drivers similarly built into it with LTO + Clang type-based CFI and so on. However, not much can be done about lacking full firmware updates, firmware that can’t be updated, lack of hardware/firmware security and lots of missing functionality.

People don’t need our approval to make an unofficial port. It just has to be clear that it’s unofficial and what’s lacking about it if it’s not complete.

Shill:

1. a person who poses as a customer in order to decoy others into participating, as at a gambling house, auction, confidence game, etc
2. a person who publicizes or praises something or someone for reasons of self-interest, personal profit, or friendship or loyalty.

To be clear: I am not posing as a customer of anything. I don’t own a Librem 5 a pinephone or use GrapheneOS (or Sailfish). I have no connection to any of those projects.

I am not a shill and would appreciate it if you would stop accusing me of that. I brought up pine64 and GrapheneOS when people asserted that there were no other options. If I knew more about the fairphone I would have brought it up.

I am here because this forum sometimes becomes an echo chamber of misinformation/disinformation. I think the world would be a better place if misinformation was more openly confronted.

So you’re here arguing with people who have spent money on this project out of altruistic reasons? Don’t you have anything better to do?

If there are other options or not purely depends on the individual criteria of the individual customer.
You can always set the selection criteria in such manner that Librem 5 is the only option.
I can speak for myself that for me Pixel, PinePhone, and Fairphone are not an option.
And I perfectly realize that for other people it can be different.

For example I try to avoid made in PRC as much as possible and this already eliminates the 3 options you give even when we don’t consider other factors.
Obviously made in PRC is not completely avoidable, but I try to at least reduce it in my consumption. So I recommend Sony Xperia for people who don’t want a Librem 5 USA and Librem 5 USA for people who are appropriate for this product.
This is actually the only reason why I have not ordered Librem Mini or Librem 14. I am very curious to try PureBoot with Librem Key, but I don’t want to buy a Chineese Notebook/PC when there is Fujitsu on the market (I even found in Germany a PC Fujitsu Made in Germany).

And when I add also other factors that you don’t accept as arguments (like the removable components like modem and WiFi card) then the Librem 5 USA is the best option on the market for ME. It is always an individual choice in an individual context.

Why are you here? Don’t you have anything better to do?

Correct, this is a strawman, I did not say anything about perfect security only more security as is implied by statements like

Edit: to clarify I disagree with this assertion on 2 fronts.

1. It is easier for someone to maliciously submit code to a floss project than a closed source project.

2. Just because the project is open source doesn’t mean there are actually more eyes looking for malicious code and with closed source projects there’s a financial incentive to find and remove malicious code.

It really depends on what is trying to be hidden from whom and isn’t just a binary situation.

The Sony Xperia line is interesting due to their “Open Devices” program ( https://developer.sony.com/develop/open-devices/ ). I don’t buy some of that story, but I think it’s a good first step by a HW manufacturer to advertise that feature. That is why the Sony Xperia is the preferred platform for SailfishOS (which, while not 100% FOSS, is certainly a reasonable Android alternative). I am not sure about the insides of the Sony Xperia --> isn’t it just as PRC-parted as the Pixels?

To be clear: I’m not complaining about your choice. I’m complaining about people (not you) telling others that it’s the only choice or presuming “Graphene OS fans” are missing something and/or don’t know what they are talking about (it’s presumptuous and rude).

Brilliant retort.

I guess every manufacturer uses Chinese parts to some degree.
Sony Xperia are made in Thailand or Japan (all Sony Xperia I have seen in Europe are declared as made in Thailand, maybe in other markets one could find Japaneese made).
I was also very curious about Sailfish OS several months ago. But later I learned that the russian state was a major stakeholder into the Sailfish OS project in the past. This does not necessarily mean that the project is compromised, but it brings some doubt into the equation and could be a factor for some people.

Interesting. I googled around and couldn’t find a clear statment. It does seem that most are made in Thailand … but it looks like it depends on the version. I saw one report that the Xperia 10 iv is made in China.

While looking around, I noted that the Pixel 7 is built by Foxconn in Vietnam and that Google shifted production from China (Pixel 6) specifically because of consumer concerns (https://en.wikipedia.org/wiki/Pixel_7).

I knew that a Russian telecom added Sailfish phones to their platform and knew they were a major consumer. I had missed that they were a stakeholder. It is a bit dismaying to note they own 45% of Jolla.

Thanks.

Sure you did. I bought one in 2006 replacing my American one … and still recall 31. September of 2020 as very sad day in Augsburg. It was very sad day indeed …

This is a positive recent development.
(Vietnam is not really a democracy, but it is at least a diversification).

The OP is a hit and run, and meanwhile his topic has been massively hijacked. SNAFU.

And the U.S. Navy makes port visits there now, and their flag officers get rides on our aircraft carriers.