Anyway, a warrant canary is useless against a malware or a zero day exploit used by US autorities without warning Purism or by a others contries.
It’s usefull only Purism is forced by US autorities to collaborate.
In theory though, there shouldn’t be anything that Purism knows about the phone that isn’t already in the public domain and audited by the community. But that would only apply to the phone as shipped. A criminal organization could always come along and use Purism’s hardware and put their own OS and criminal apps on to the phone using Purism’s open-source software as a platform so they don’t need to re-invent everything. In a free society, I don’t think that can be prevented. But we can’t (or at least shouldn’t) put totalitarian controls on to every phone as a means to stop crime either. It appears that although Purism might be a catalyst that elevates the issue, what they are doing needs be be done to preserve our freedoms. The core issues are going to be surfacing more and more everywhere within a few years anyway.
Automobile manufacturers all have a black box in your car that tracks everything your car does and that can often be used to determine driver fault in collisions. I think it’s illegal to disable that part of your vehicle, even if you can figure out how to do it. Everything we access tracks us to some degree these days. Locked firmware and compiled software are all around us and are very aware. The only way to completely unhook yourself is to live like the Amish or the Mennonites. We can probably get some degree of freedom using Purism products. That is certainly a good start.
1 Like
Todd Weaver made the point in one of his video interviews (sorry I don’t recall which one) to say that Purism doesn’t hold the encryption keys, so they can’t help the government get into your phone. He said that Apple still owns their phones, which is why the government is pressuring Apple to get access to the iPhone, but Purism is designing the Librem 5 so the customer is the true owner of his/her phone.
The default for LUKS disk encryption is SHA-256, which takes a huge amount of resources to decrypt using a brute force attack. As I said in my previous post, the NSA is unlikely to bother when there are 5k-10k users of the Librem 5, and the high-value targets that the NSA wants to track are not early adopters who are going to tolerate recharging twice per day, cameras not working, bug reporting, frequent software updates, etc. Maybe in a couple years we have to start worrying when the Librem 5 and PureOS Store start to become a viable alternative to Android/iOS and Google Play Store/Apple Store.
In the meantime, governments that want to track someone using a Librem 5 will simply demand records from cellular network and internet service providers.
If the NSA really cared, it could hack the XMPP server that Purism sets as the default in the PureOS/Phosh installation. I don’t know how XMPP servers handle encryption and whether the XMPP server even has access to the keys to decrypt the messages, but I suspect that it just a dumb pipe that sends on encrypted traffic, so the government might be able to obtain the recipients of XMPP messages but not their contents. (That is my guess without doing any investigation.) At any rate, it isn’t difficult to change to a different XMPP server, and most people who are paranoid will do this.
Another vector of attack is for the NSA to hack Purism’s servers to change the compiled code of GNOME Calls and Chatty and their checksums. This seems pretty risky because there is high probability that someone will catch the NSA. Librem 5 customers are likely to monitor the network traffic from their phones, so the NSA will have to disguise any remote reporting to look like normal network traffic.
There are all kinds of hypotheticals, but I honestly think that all of this is very unlikely, except for the government looking at traffic passing through the pipes of cellular networks and internet service providers and demanding their records.
4 Likes
I think its more likely they’d do what they did to Mozilla’s file sharing and pressure it to shut down or switch to some easier-to-monitor alternative.
1 Like
I also totally disagree with the idea that there could be a back door. Seriously? Defeats one of the purposes of the exercise. And please don’t trot out the old “if you’ve got nothing to hide…”
It’s useful when forced by any government - or indeed any other type of entity - to collaborate.
(Some of the language in the canary is specific to the US. Some of it is not.)
I don’t even predict that this will be the case any time soon. As a post says above … let’s not overstate the importance of some thousands of phones in an ocean of almost 5 billion phones.
Say what now? That’s a good thing for some users. No working camera means that no damned FISA court can order the camera be compromised and switched on secretly and remotely. 
Perhaps the NSA would like to fund Purism to get the camera working. LOL.
I would certainly like a working camera, eventually.
Or, as they say, “it’s not that I have anything to hide, it’s that I have nothing I want to show you”.
2 Likes
more accurately - IOTs … in this day-n-age even “dumb” phones aren’t no longer “dumb”
whoever said you HAVE a choice to REMAIN “dumb” , clearly was full of it … 
if it’s fully free-software and they wanted to FORCE that on people they’d first have to be legally compelled to TELL you WHERE EXACTLY that particular code is located and what it does … and ONLY after that they’d have a legal excuse to FORCE you to NOT remove it yourself …
however by the time we got to that point …
Generally they want the surveillance to be secret, so they aren’t that interested in forcing you not to remove it. However if they did do that, they might
a) find it hard to force you to use the compromised device, and
b) find it hard to distinguish between the compromised device reporting on you and the compromised device reporting on a VM within the device where the VM is deliberately harmless (so, for example, your secure messages to your mother go in the harmless VM while your secure messages to your, um, customers go in the secure VM).
This assumption does not seem accurate to me.
Considering it would need a multi-billion(!) HW+SW-tool to read and analyse the entire world populations Android phones makes me think of NSA.
This trillion dollar tool already is in operation, as Snowden has shown in detail.
We should just use encryption where ever possible and feasible and be aware: Your data lives forever and it can be falsified and aggregated and can become stolen in whatever way.
Without notice, with full consequences.
I do not subscribe to security by obscurity. (although I sometimes live it)
I save money for the Librem 5. (although I use SailfishOS or KaiOS phones on daily basis)
Digital data is an interesting cultural thing. It is a change in paradigms all of us can comprehend at most in a cognitive way. It is not part of our evolution based mindset. We have a few hundred years ahead to incorporate this in our evolution (in case some survive climate catastrophe / extinction).
2 Likes
I remember a story from the time of the fall of the Iron Curtain. It used to be soooo… difficult to get a phone in Rumania and so FEW people had a phone. The wait times were tremendious. After the fall, it was discovered there was a tape recorder on EVERY phone line in the country 24/7.
Does it make you wonder why Evergreen has taken so long?
1 Like
you mean to say Romania don’t you ? 
speaking of tape recorders … i found a modern documentary about domestic surveillance in the US. it is narrated from the perspective of a Muslim community.
what fall ? before 89’ the color was red and now it’s blue with some stars (EU) …
1 Like
Tomaeto, tomahto.
BT
NNNN
Hey, he spelled it perfectly … in Spanish (and in dozens of Latin American indigenous languages like Quechua and Aymara). Stop oppressing poor tracy with your Anglo-centric linguistic domination! 
5 Likes
I must have picked it up from my wife’s side, she speaks Spanish and her mom knows a little Quechua too.
3 Likes
I think its not more a target as any other device out there. However if you have something to hide… only a Librem 5 will not help. Everyone of us use many devices and we are surrounded by Family and Friends with unsecure devices. This devices are an easy target. However the most Information leaking by Big Companies or in China the dripping through the Network by design.
So no. Just a phone will not help you. Because your Smart TV or your Car snitches you too. However, i think this i ok. its like you are not anonym in public.
But i need a good Phone/or Computer to have a chance for some private room. Its like a space where ads can not be personalized. And i have some space to think about stuff and to practice for my skills without adds. Just a place without stage.
This is luxurious in the 202x Century.
5 Likes
and the price reflects this as well (2k dollahs for the USA edition - ouch !)
to be honest this price tag is sending a bad message to the less financially fortunate people out there (the majority last time i checked )
it’s like saying “only the middle class and the upper classes have access to a nice free-software/open-hardware smart-phone”
just to put it into perspective - if you have a capital of 200k US dollahs and you decide you want to spread the love to some (oh, lets say 100 people - that’s not even that many) you will quickly find out that you will be left with 0 in your “pocket”.
It’s the same for every new technologies / products. It’s very expensive at first then, if it’s commercially successful, prices drop very quickly with the competition.
First i think it is important that every pupil can effort privacy and some phone like this… however. Its like “new Computers” are expansive in the first time. I hope we have soon more Hardware and Components we can mix…
Right now its not the case, Puri.sm is not the first pioneer but it remembered me in the 1980th with Home or Desktop Computers, just right now with phones.
However its not luxurious in the 202x Century, because of the phone or the price. It is luxurious because of the missing Big Data river your leaking during usage. A Company which gain plus X Dollar more, from surveillance every day. It will have a edge in competition, because you can sell it cheaper, or give it away for small crumbs.
You have a higher resistor to run without being watched, analyzed and got nudged in the right direction.
That is the kind of luxury i think about. You have to choose products with higher price tags, but you know what you will get and it will give you more possibilities. Like complex computers and a high learning curve.
Like for the most kids out there today its nearly impossible to have privacy. The price tag is not issue. Its time, knowledge and that nobody offer some alternative without tracking or selling your information. To use software that not fits perfectly to your thoughts… hurts on some kind. But it will keep you away form progress, freedom and be yourself.
In the end of the year, its cheeper to have a Librem5. I can effort a phone for 700 Bucks, because i do not need every three years a new. I do not need a subscription here, or there and buy not so much stuff because the Social Media tell my friends or me, to do so. I am happy with a low carbon foodprint. With phone, without. Maybe with a pinephone or a raspberry pi Linux… Computers are just tools. And i love to repair it by myself, hardware and software. Because of that it all works like a charm and i do not need to spend so much money like my sisters, brothers and friends in really bad, and mostly unsupported Hardware.
1 Like