I was just thinking about a quick way to describe the Librem 5 to others and realized that without an Intel Management Engine and with high high security, the Librem 5 is one of the most secure computers in the world, maybe the most secure retail product available in the world.
The only exceptions that I know about are other Purism products, which are also secure computers. To say that the Librem 5 is “more secure than any PC or Apple computer” (except also including other Purism products) seems to be an accurate statement. Perhaps the government might have more secure computers (if they’ve also disabled the Intel Management Engine). But when it comes to what is available to purchase in the market, which product is more secure? Even the Librem 5 has no management engine that is at best disabled or partially disabled. No hardware or software backdoors are likely to exist, considering that Purism designed everything from the ground up. Where else is equivalent an product to this even for sale anywhere?
Unless I mis-understand the capabilities of the Librem 5, Purism could advertise the Librem 5 as “The Most Secure Computer For Sale Anywhere in the World”. Of course, the user has to use it as such to maintain security. But out of the box, no other retail computer beats the L5 for Security. Even the Pinephone is less secure.
To be honest, any computer that is connected via WiFi, Bluetooth and GESM/LTE is certainly not in the same league as the most privacy secure computer in the world. For a starter, they would have to be offline air-gapped things in a Faraday cage.
PureOS is based on Debian, and Debian is not the most secure operating system. Basically, its security rests on the fact that it is really hard to get malware into the Debian repos, so the software that you install is trustworthy. In contrast, Android and iOS can’t trust the software that gets installed in their systems, so Google and Apple have added a lot of extra hardening to their systems.
Purism will definitely improve the security of PureOS on the Librem 5 in the future with features like full disk encryption, end-to-end encrypted IP calling, more secure bubblewrap configurations for apps, and software support for OpenPGP cards.
However, I think that people who want a security phone/computer should install Ubuntu Touch on the Librem 5, because it gives read-only boot files, secure sandboxing of apps and much better separation of permissions. Unfortunately, it will probably be a long wait until the Ubuntu Touch port is ready, since the porting work is on hold until UBports finishes making all the changes to Ubuntu Touch that are required for the PinePhone and PineTab.
The Librem 5 is using a kernel which is not as hardened as what is found in Android and iOS and it doesn’t have a security team that can address problems like Google or Apple, so it would be wrongheaded to claim the Librem 5 is the most secure phone/computer. Instead, Purism should talk about the advantages of its security model which is user-verifiable and carefully selecting the software in its repositories to keep out most of the bad actors.
It’s a different kind of “security vs. convenience” tradeoff and different level if we talk about secure phones. Are they (or can they be) phones at that point anymore?
That is one leg of security - how the software process works.
Another leg of security is whether the code is actually secure i.e. against unintentional serious software errors. I think it would be unwise to think that the last such error has been fixed. Progress in this area often comes with maturity.
On balance, it depends on whether someone is looking for a marketing claim or a technical claim.
I would prefer to focus on “the most private computer in the world”.
Perhaps the term “most secure computer in the world” is a subjective term. But let’s look more at practical real-life issues instead of the academic issues.
If your definition of “most secure computer in the world” is measured by real world metrics like the list below, the Librem 5 has to be the most secure computer in the world.
1.) No built-in back doors of any kind are left open by design, to Google or Apple or anyone else.
2.) It’s a retail product. As the owner of the computer, you aren’t creating the security for any government agency nor large corporation. You’re just an average person who paid the retail price to purchase the computer/phone for your own use.
3.) You are free to enhance security on your own if you want to because you have root access.
4.) There are no hardware backdoors on your device, such as the Intel management engine.
5.) The primary use of the computer will be to connect with various other networks on a daily basis, with freedom to exchange information with new people in New ways, and to share files. As dangerous as this is, if you want to keep any computer safe, you can always just keep it sealed in the box the manufacturer shipped it to you in, in the back of your closet. That is safe. This can clearly not be that kind of computer. The customer who owns competing products in most cases connects to many networks with near abandonment of security as they go. So how you use the computer has to be considered on an apples to apples basis… The Librem 5 competes for the title of “world’s most secure computer”, under the same or similar conditions. So in this hazardous environment, you have to settle for the best you can find for this kind of use.
So tell me: under these conditions, is the Librem 5 not the most “privacy secure computer in the world”?
How do you know this? I don’t say there is a Backdoor. I just don’t claim, because I don’t know.
“The most secure computer in the world.” Is an even bigger claim. I don’t see any reasons to do such claims. At a later point in time someone might proof me wrong. I would rather describe the L5s attributes and let the people judge on their own.
For internet service providers or cellular services, most of them still do collect data in their traffic between computers of any kinds to wherever that use their services and most of them still do sell your data coming in and out of their traffic to third parties. So the question is how to communicate or connect with non-Librem users/devices/services without giving away your data to other services they use like AT&T, T-Mobile, and Verizon regardless how secured your computer or mobile is. Also have to think twice about giving away your connection details to anyone, even relatives, who are hooked to Google, Microsoft, Facebook, Apple, etc.
I would add these qualifiers: “The most private and secure computer which has full connectivity and functionality and the user controls the security.”
After the NSA/Israelis penetrated them, I bet that the computers running the Iranian nuclear centrifuges are now extremely secure, but I bet nothing electronic ever gets within 30 meters of them and they don’t ever connect to anything, so you don’t get “full connectivity”. The sel4 and Verve operating systems are probably a lot more secure than Linux, but good luck running useful software on them. The Precursor will probably be extremely secure as well, but you wont ever do a single thing with it but send encrypted text messages, so it loses “full functionality”. Frankly, iOS and Android are better designed for security than PureOS, but you don’t control their security.
In other words, it is the most private and secure phone/computer that you actually want to use.
I think it’s pretty sure to say that there are no backdoors in the Librem 5. But do I know that for sure? No. Actually none of us knows anything for sure. The government could have hidden microphones in my house before I bought it and I would never know. But we work with likelihood factors in everything we do. Purism is working mighty hard and for little profit because Todd has a dream to fulfill. There are better ways to make money than to make the promises that Purism makes, while secretly being another Google in disguise. There is no way Purism could win on that path or anything close to it. So we go with what is most likely. Theoretically, one person with access to Iran’s nuclear centerfuges could introduce a virus in to that system. Anything is possible. Security is based on more than just technology.
One thing to consider also is that PureOS is currently in its infancy stages compared to what it might be ten years from now, after millions of people are using it every day, as we see with Apple and Android. If we consider the past, present, and possible future as fixed (wherever things end up going), the higher potential of PureOS compared to the proprietary walled-garden model of Apple and Android, points to an eventual much more secure OS in PureOS… increasingly more-so moving forward. The foundation is superior, despite its possibly juvenile development stage at the current time. I base this assumption on human nature and the past role played by open-source development in the past. The Berlin wall fell. So will the walled gardens that exploit the average user. And even in this moment, the Librem 5 is more secure (for the user) than any incumbent, despite its recent introduction in to a most brutal and competitive market.
iOS sends all your data constantly to Google / Apple. Measure security and privacy any way you wish, but eliminate iOS devices from even consideration. Then we can talk.
Don’t forget the planet Logopolis, the last few episodes of the Fourth Doctor, (Tom Baker).
The instead of a computer, the the planet uses mathematicians who perform computations in their heads in private cubicles of stone and data entry on benches in rooms. They started screwing things up when the planet’s leader brings in a computer.
P.S. The code said out loud in the script was in hex.
I trust Puri.sm not to put one in there. But hey, perhaps puri.sm is just a frontcover for the NSA, it would not be the first time that these agencies do that: “[Swiss] Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies” (https://en.wikipedia.org/wiki/Crypto_AG).
Incidentally NIST also pushed algorithms that were then widely used which were weak on purpose so the NSA could decrypt them (https://en.wikipedia.org/wiki/Dual_EC_DRBG). And these are only SOME of the well known examples, we don’t know how many open source hackers the NSA and other spy agencies pay.
So a strong statement “it is pretty sure to say that there are no backdoors” is one that I would use only VERY VERY carefully :-). Anyway, I’ll pull out of this discussion, there are bigger fish to fry :-), like testing voLTE a little more…