Here is the story of Encrochat, a compagny a company that sells so-called secure smartphones (camera, gps and mic physically disabled, dual OS, end-to-end encrypted messaging, etc.).
The network was the target of sophisticate hack from French police and malware were installed on terminal to read messages before encryption indiscriminately.
As Purism will offer the same kind of devices and services (with Matrix and later SIM based connexion), will the company’s servers for software update and communication be hacked by governments without considering whether the use is legal or not?
Won’t this be even less safe than using a classic android smartphone which, for most people, will never be targeted by expensive and complex custom malware?
I’m sure Purism is not targeting the criminal market. Of coarse their is this risk (some say certainty) of criminals using secure comm devices. Could be a boom in selling L5’s . The only thing that may rescue save phones is truly open source. (unless governments forbid open source …)
There is some risk of that. Note that there is no guarantee even from the warrant canary that some server hasn’t been compromised or similar. That said, verifying the hardware is doable, if tedious. This is, however, why I plan to put gentoo on it. Some minor risk of a trusted trust attack, but I do have plans to mitigate that too.
Already, other encrypted phone companies are trying to fill the void left by Encrochat. A company called Omerta has been advertising directly to Encrochat’s old customers.
I think you are missing the fact that this company was targeted because of illegal activity. It was suggested in reports that over 90% of the users on the network were criminals. Considering the network had only 60k users, I don’t think this being described as a government take down is accurate.
There was cause, was there not?
I don’t see how the Librem 5 would cause the governments anywhere I’ve lived to even care. Of course my point aluminum hat is not very pointy.
The 90% is according to the French police, nobody really knows.
Moreover, even if it is correct, it was calculated from the millions of messages intercepted without any distinction. This is only an a posteriori justification.
There are bound to be people who will use Purism’s services for illegal activities. This is the case for all existing communication services.
Where is the line that justifies spying on everyone? 90%? 50%? 10%? Only one user?
The Snowden case shows that there is really no limit, it’s only a question of financial and technical means.
Perhaps Purism should act pre-emptively to discourage criminals from using their products before Purism products start being adopted by criminals. I personally wouldn’t mind if Purism responded to subpoenas for specific information in criminal cases, while still renewing the warrant canary as usual to prevent the criminals from being alerted. Perhaps Purism should announce an intention on their part to do this. If the government really wants my personal information, they’re going to get it anyway. And if they want it that badly, I don’t care if they have it. The main thing is to prevent searches without probable cause and to maintain records of who was searched and when for future oversight. But I think that as long as private interests are kept out of my private data, there should be a legitimate path for government to access our personal data under certain conditions. But it is a slippery slope.
If Purism wanted to, they could update their Warrant Canary policies to protect their mission while fully cooperating with various police agencies to keep criminals from taking advantage of Purism’s product offerings. And I think that’s what they should do.
That is already the case, mostly. A subpoena or warrant is supposed to create a public record (not of the details of what was found, but of the request itself). It’s supposed to be signed by a judge with jurisdiction over the involved parties. The US general government has decided that its officers can sign their own search warrants, or those of their fellows, which is reviewed only after the fact, and totally in secret. In fact, if you tell your attorney you got such a warrant, they’ll throw you in jail. Purism’s warrant canary is against such illegal warrants, not against ones properly signed by a judge and recorded in public records.
I think this is a bigger problem for Librem One, than the Librem 5.
The NSA could target the Purism server for sending you code updates or the server used for XMPP messaging. It won’t be hard to change to a different XMPP server in the Librem 5.
They would have to change the checksums to make everything look kosher if they want to insert spy code in programs that people are downloading. I can see the NSA developing Spyware for Android and iOS, but I doubt that the 5k-10k of people who will use Phosh are worth the trouble and the probability of getting detected is high with Linux users.
This is a nightmare for the NSA, because Linux has so many different systems (UBports, KDE Plasma Mobile, GTK/Phosh, LuneOS, Maemo Leste, etc.). If Linux phones ever become important enough for serious targets to start using them, then I predict that the NSA will target something that is universal to all the mobile OSes, which probably means something low-level which is harder to do, than a normal app.
Mozilla has suspended their file sharing service under pressure from law enforcement because of rampant use by criminals. They say they will bring it back, but that when they do, it will be for registered users only.
Well we don’t know of course but it is worth noting that the Encrochat service is (AIUI - not a customer myself - LOL) a combined leased device and service. That means it has a single point of failure, in the sense that a hacker can target one place and get all customers.
By contrast, were Purism to offer an E2EE communication service, it is likely that it would not lock out users of non-Purism hardware (it would not really be in the spirit of things to do so and in any case the client has to be open source which means it can be ported to blackbox environments by any motivated customer).
So that means that even if 90% of the customers of the communication service are criminals, they won’t all necessarily be using Purism hardware, which means they can’t all be targeted by hacking the software distribution channel of Purism.
Fairly clearly Purism is not marketing its products in secret, solely on the dark web.
However, as you imply, governments don’t care about collateral damage.
Which ‘side’ of the Encrochat phone was hacked anyway? The vanilla Android side? The dedicated Encrochat side? Something at a lower level that is in common between the two? The article does not say. (The point of my question is that it might have been the vanilla Android side that was used as the way in.)
Yes, but PureOS repo is also a single point of failure.
Also, has anyone ever managed to get a reproducible build on purism-specific software (not those from Debian)? The last time I looked, it was no.
Until last week, Ecrochat had a classic website, in several languages, promoting their services and allowing people to get in touch to buy their smartphone and the associated subscription.
The Encrochat side, to record encrypted conversation directly on the screen.
i would imagine that depends on how HIGHT the PERCEIVED level of threat by the authorities is before they make any decision in this regard … i would wager that it depends more on the QUALITY of the LEVEL of threat than the NUMBER of people that pose a threat …
when it comes to THREAT LEVEL i believe that it’s always a totality that decides the overall escalation of response …
the bible gives us the example of what CAN happen if a 100% level of criminality is reached and it DOES ALSO give us a whiff of that criminality quality level … not a very pleasant story …
The article gives a different overall impression of the company though.
the firm is highly secretive, and does not operate like a normal technology company
Buying an Encrochat device is not always as simple as walking into a store. […] explained how they bought a phone from a specific contact recommended to them. “He does have a legit shop but I didn’t meet him there. I met him down a side street and it looked like a drug deal”
Of course but my question was probing more than that. The Android side could have been used as the way in (some kind of root attack) and then that breach was used to attack the firmware for the Encrochat side.
Ultimately of course you are right. It is pointless unless you have compromised the Encrochat side - because only there can you get plaintext.
It would not make Purism’s warrants worthless and untrustworthy if they let law enforcement in under some conditions. So if a government agency says “we want in to all of your phones so that we can scan all Librem 5’s looking for anything illegal. Here is the court order and here is the order to not let anyone know what we’re doing”, then the warrant canary wouldn’t be renewed by Purism. But if the government agency said “Your customer John Doe is suspected of a specific crime and we want in to his phone”, then Purism could say "here are the back door keys to John Doe’s phone so that you can spy on John Doe and prosecute him if you find evidence of that crime. Then they also renew the warrant canary and no one ever needs to know.
This is the sticking point. Government, any government, would be inclined to say that not renewing the warrant canary would precisely be letting people know. If Purism honored the canary, in spite of government orders to the contrary, they would have my backing to deliver user info, but only when presented an actual, specific warrant, signed by a judge.
. The only thing that may rescue save phones is truly open source. (unless governments forbid open source …)