Oh, and you trust that?
I thought you were the one who is suspicious.
You certainly know that your baseband is never truly (reliably) off, unless you remove the battery.
Sure. Um… and why would that be a problem? So the baseband knows everything my carrier knows. And then? It sends this “secret knowledge” to the carrier, where the NSA collects it and… wait… why don’t they just keep tapping the ISP, like they always did?
As a bonus, from the ISP they (usually) also get my Name, address, etc. pp.
All the important data MUST already be encrypted when it passes the baseband. Why would you even think trusting (plain) SMS is a sane thing to do?
(Of course, applications exist that encrypt a SMS message before sending, but the meta data (timestamp, sender, receiver) is of course always there.)
The problem with other basebands (which are usually integrated in the with the CPU/SOC), is that you cannot reliably turn them off and can therefore always be tracked. Also, they usually have full access to the system (e.g. shared memory). Thus, if compromised, it can do basically everything with your phone.
I mean, isn’t that just the perfect crime: The payload resides only in memory and is installed every time you go online (but not if you’re a known security researcher).
Think of the baseband in the Librem 5 like a VirtualMachine vs. a device driver. You control the former, the latter can do as it pleases. Do we know about exploits to escape the sandbox? Sure. Yet, nobody would say sandboxing is just marketing.
I would be surprised if Purism would claim such a stupid thing.
Can’t argue with that 