Librem 5 concern

Purism is trying to offer those web services on an ethical and transparent basis where some people who care deeply about privacy, security and freedom will pay and receive extra services, but the rest of society can use a number of these services for free. The majority will chose not to pay, but some will, and those who do pay are basically subsidizing the system so that the majority can use web services for free.

I have no idea whether the Librem One business model will work or not, but I support Purism because it is willing to take the risk and try a different business model for how to provide public web services. Let’s run the experiment and see whether paid web services will work, rather than automatically assuming that it will fail.

One of the things to keep in mind is that the cost to run servers and paying sysadmins to manage those servers falls on a marginal basis as the number of users grows. Purism will pay a lot per user if there are only 5000 users in Librem One, but the cost per user will be tiny if Librem One grows to 50 million users. What this means is that as Librem One grows, the number of free riders can grow for every paying user, and it will still be profitable.

Let’s imagine that currently Librem One needs 1 person willing to pay its $8 per month fee to finance another 10 people who won’t pay to use it. Because a lot of the administration costs are fixed, as Librem One grows, you will probably get to the point that you only need one paying customer for every 100 or 1000 free riders. Because it costs less per capita, Purism will be able to lower its prices over time. For the service that it currently charges $8 per month, it will probably be able to offer the same service for $4 per month in the future, and at lower prices you will have more and more people who are willing to pay for the service.

Renting an online VPS used to be very expensive, but today companies have figured out how to administer VPS for almost nothing, so they can offer them for as low as $3 per month, and I suspect it is similar with administering web services, because a lot of the cost is figuring out how to automate everything so you don’t need much human intervention and one sysadmin can manage thousands of servers.

You shouldn’t be criticizing Purism if you don’t understand the details, because you don’t understand the magnitude of what Purism is sharing with the world. Purism’s SPC charter says that the company will release all source code for the software that it develops and the schematics for the hardware that it designs.

Look at the source files that Purism has published for the Librem 5 dev kit under the GPL 3.0. They published everything except the .gbr (Gerber output files for manufacturing), .drl (drill files) and .pos (position files for automatic insertion machines).

Do you understand how much detail and information Purism is giving the world on day one? Anyone can take their .sch files, load them into KiCAD and start modifying the design. With a little work, you can recreate the .gbr, .drl and .pos files. Purism will allow any company to take its source files and create knock-off copies of the Librem 5 and legally sell them, but they just won’t make it super-easy for them to do so for the next 3-5 years.

There are 1.4 billion PC users in the world and 1.56% of them use Linux (according to StatCounter), so that works out to 22 million Linux users. If you convince 1% of them to buy the Librem 5 per year, that works out to 220,000 phones per year. Add in some more for the tinkerer crowd. Then add in the hard-core Libertarians who use cryptocurrencies and are paranoid about the government. Then, add in the environmentalists who are concerned about planned obsolescence. Purism can be a successful company just selling phones to niche markets.

Now if you look at what percentage of phone users would like to stop sharing their personal data with Google, Facebook, etc., you probably are talking about 2% of the 3 billion smartphone users in the world, or roughly 60 million. If Purism convinces 1% of those to buy the Librem 5 per year, that works out to 600,000 phones. The growth potential for the Librem 5 is enormous.

Do you even understand the free software/hardware movement? Nobody in the movement is against Purism making a profit. People who care about user rights and digital freedom want to Purism to be enormously successful as a company. I can’t speak for everyone who helped crowdfund the Librem 5, but I give Purism my money because I believe in the goals and practices of the company. I wanted to help finance a company which has the mission of fighting for my digital rights, my privacy and my security. Part of Purism’s mission as a company is educating the public about these issues, lobbying the government to change regulations concerning personal data collection, and pushing for hardware that is works with FOSS up the supply chain.

Todd Weaver never claimed that Purism is doing all of this “with no benefit to themselves.” Did you even bother to watch the interview where he explains the Purism business plan?

I respectfully disagree. I believe this phone will be the only smart phone the FOSS community will carry around (with exception to the pinephone). If everything Purism has described and promised comes true I will happily ditch my aging Nexus 5x.

My major concern here is this indecisiveness on modems to be installed. So far they have picked 1 and considering another (as additional).
The one they already picked doesn’t support a half of the LTE bands on the major networks in US and lacking important frequencies as well.
If they are really shipping in Q3 , they should know all of the hardware details by now. I mean, if they didn’t figure it out by now and not deceptive w projections, I would have to question their competency. By all standards, they should have a finished product in hands and work on the fine OS tuning till shipments starts.

As I switched back to the most reliable network today (vzw) I figured I’m better off just canceling my pre-order (599). No way they gonna go as far to support all of their bands. And I need the phone to work all the time. I’m not talking CDMA, because Verizon is shutting it down later this year, but their superb LTE spectrum.
As I was gonna send a cancellation request , I hesitated, of course. I really root for their success and still hope they may do more. I just can’t afford a $600 spare phone.

Rumor has it that Purism will be announcing something during the beginning of July (July 1 or July 4), so you might want to wait a week before you make your decision.

You also might want to read this thread to understand the difficulties with getting another cellular modem.

Since the Librem 5 is using a standard-sized 3042 M.2 card, it isn’t that hard to replace the cellular modem and add the driver if you are willing to use binary blobs.

Where does this rumor even come from? I keep seeing people say that. But near as I can tell that just comes from people thinking it would be cool if they announce something on independence day and it’s not based on any inside knowledge or anything. Also the price is going to be bumped up at some point so take that into consideration.

Mainly from staff on Twitter. See this and two following, also taking note who liked it.

Also, it was originally said that the sale will end at end of June. This was now prolonged till end of July, probably to get those on board who see the daily videos and those who wait for final specs etc.
Even if the date turns out to be off a bit, it’s about time for an update.

Thanks I was legit searching and trying to figure that out. I appreciate the insight.

I would like to thank everyone who has contributed here. The discussions nudged me closer to the edge and so I jumped and order a Librem5. I bought the Librem13 after years of running linux on inferior hardware and now cannot imagine running anything else. Why should I discount my experience with the laptop (which has been fantastic) so when it comes to the phone, I hope it will be the same. It will take some change after 11 years of iOS but I went from 18 years of MacOS to linux and would not go back.
Now time has already slowed in anticipation… Psyched.

I work within the industry. Been in the game for 15+ years. Specifically pen-testing and security. Plus I’ve worked previously in project management and budgeting. So I have a basis to sift through the nonsense on this forum and give facts.

Anyone who has called the OP a troll should be ashamed of themselves. Unfortunately, this community is no different than any other forum such as security software forums, investing forums, cryptocurrency forums, or what have you. Anyone that comes along who posts something contrary to the hive mentality is branded a troll, a basher, a hater.

That is just pathetic. It’s also offensive in that it is just plain online forum bigotry. It’s the behavior of people who are emotionally involved, overly sensitive, and intolerant to anyone that does not praise whatever with all “rainbows and unicorns.” Fanbois are classically the ones that get defensive and immediately lash out against posts that they do not like.

Meanwhile, people here routinely bash the choices of others who instead choose Android or iPhone. But that hypocrisy is OK because it is part of the hive agenda. It’s OK to be an online bigot when people come along that don’t agree with every last bit of your “social movement” device and the general attitude here.

Removing apps from a mobile device improves privacy. It also increases security insofar that reduces the removed app attack surface. However, it is false to claim that increased privacy increases security. No it does not.

I find it curious that people are obsessive-compulsive about their devices, yet their data is already out there. Anyone who has a bank account, a credit card, was a student, has a student loan, has gotten medical or dental care, shops online, and so on, has shared their personal data with 2nd, 3rd, 4th parties. And that data resides within many databases on servers that are very often insecure.

Moreover anyone’s data can be compromised when they use their device to communicate (interface and exchange data) with another device via that device being hacked and pwned. So the data you send to another system can be stolen without involving your device in the first place.

Furthermore, the OP and others have stated some very valid points. Usability and convenience are the primary market demand. And those demands are what drive the market.

Libre products appeal to a microcosm of all users. What I’ve observed within the industry across years is that niche, boutique products that appeal only to geeks, techies, and security enthusiasts rarely become widely adopted. The economic model and reality is that such products will always be only marginally successful, if at all, over the long term.

Just FYI, your message landed in a moderation queue. I would have asked you to tone down some of the language - “hive agenda” and “online bigot”, for instance - but I don’t think the admin interface gives me the option to ask you to edit your message. It gave me the option to edit it, but I don’t want to get into that.

Lots of people have made valid points in this discussion, and also thrown around quite a few invalid points, too. However, when the OP complained about things that go against the goals of the project, then I think it’s understandable that others feel that they’re being trolled. Especially since this isn’t the only thread that covers what people feel are shortcomings in the Librem 5 as they perceive it at the moment.

Anyway, I think this discussion seems to have run its course, so perhaps we can avoid fanning the flames and going over everything once more. I’m sure someone will start another topic along similar lines, so we should all save our strength for that.

One of the forum’s golden rules is to treat others with respect. However, a bunch of people violated that rule here. Now I am calling out what happened in this thread for what it is - which was a forum mob attacking others that they didn’t like. You’re telling me to tone-down my language. The language I am using is not offensive. The language I’ve used very accurately describes what happened in this thread.

The OP has that right to ask. It was he who started the thread. People here didn’t like what he posted, so they immediately ganged-up and attacked him for no justifiable reason.

And anyone has the right to disagree or make comments that are contrary to the goals of the project without being attacked and called a troll and other derogatory remarks.

The shortcomings of the Librem5 are not just perception - they are a reality. Anyone who points out the issues and wants to discuss them should be able to do so freely and openly without retaliation from other forum members. I have observed time and again here where discussing the plain, obvious facts results in people being labeled trolls or otherwise mis-treated.

The OP might have been uniformed, but he wasn’t trolling. The hive mentality is that if someone comes along and posts something that the hive doesn’t like, then call the poster a troll and attack them. That’s exactly what was allowed to happen here.

You should promote people respectfully disagreeing instead of justifying their intolerance and online bigotry - because that is exactly what it is.

What I see in this thread is that some people immediately became defensive and lashed out against both @pureman48 and @cybercrypt13. It’s inappropriate, childish behavior and most definitely should not be tolerated nor condoned by the forum moderators.

However, like I said… it’s OK for the hive to attack the OP and others here, but it isn’t OK when those that are offended by the insults push back. It’s utter hypocrisy.

Unfortunately, I see this kind of behavior in forums across the web. It’s regrettable that over-sensitivity and intolerance prevail.

In post #10, about 14 people (mostly frequent posters here and waiting for the phone) signified that they don’t think @pureman48 is a troll. If you see the need to create an account just to show your support, this would have been a good place.
The overreaction, IMO, was triggered by some real trolling experienced shortly before. In general, most people here prefer a civil discussion and I hope we as a community can get even better at that.

This is true, every app has increased security vulnerability and removing apps removed potential security holes. However, you’ve missed a large potential security hole. If the OS itself is designed to track you you cannot remove that threat. Please see:
Google tracks everything.

Sure. This is correct. However, an OS that tracks you is not a security threat. It is an invasion of privacy. People should stop stating that data collection is a security hole.

Even the most privacy-focused OS is still full of vulnerabilities that could result in a system pwn and data theft. This is true of any Purism product.

Google might be the most aggressive data harvester, however Chrome OS is one of the most secure operating systems out there as long as you do not use Android Apps on it.

I work as a professional pen-tester. The claims of vastly increased security on Linux and Purism devices just ain’t true for the reasons I posted previously.

What Linux and Purism devices give you are security by obscurity. That means that they are running OSes and applications that are targeted by a tiny number of malcoders. Malware and attacks are for financial gain. And that means you have to target the most widely distributed and popular software and OSes. This is Windows, Microsoft Office, Adobe products, Oracle products, etc. This methodology provides the attacker with the greatest probabilities of success.

What is much more likely to happen than a security breach with your personal Linux device is that some 2nd, 3rd, 4th, 5th,… party systems will be hacked and your personal data will be stolen from there.

Despite the noble claims and goals of the project, there rest of the infrastructure that everyone uses daily has to operate at the same level of security for all of it to provide a significant increase in overall security. That just isn’t true of networking and the vast majority of devices and software that Purism devices will interface with. Networking and devices\applications were never designed nor implemented with security as a primary consideration. So even with a Purism device you are participating digitally within a flawed, insecure larger system. That is the greater security “hole” that no device can overcome as it is beyond the control of the device.

People feed true trolls by reacting in the first place.

There is no justification for lashing out. Ever. Most importantly when the person is a true troll. Because all that troll really wants is to see others upset and displaying their anger and hurt feelings in publicly. Once anyone responds to a troll, that troll has won. The person responding to the troll just beat themselves.

People need to control their emotions and learn to ignore things that they do not like.

People who cannot control themselves are just as much of a problem, if not more so, than the troll itself.

In the pen-testing sense (security issues per lines of code) I guess I agree with you, and I always felt the privacy aspect to be stronger than the security aspect. However, I think you can look at security from other perspectives, too: One is, not being able to update after a CVE because the vendor doesn’t bother (and of course, no source code), another that it’s harder (not impossible) to hide backdoors in free software. Also, a modem that does not have full access to memory should be much harder to remote-exploit. But ultimately, many privacy issues can become (personal) security issues, depending in which part of the world you live.

If a person is targeted, and the attacker has the will, the skill, and the patience… then it is just a matter of time before the attacker breaches the target system(s) and gets what they want.

Like I said previously, being obsessive-compulsive about privacy on one’s personal devices is more about “feeling” safe than actually being more secure given the fact that virtually everyone’s most valuable, personal data is already out there in the hackable ether void. A person has virtually no control over their data on systems which they do not own. Without that control one cannot secure the data. Furthermore, you cannot trust others to protect your data. That is a time-proven fact.

Can’t speak for everybody, but I think most people are aware that free software and as-free-as-possible hardware are not a silver bullet.
Just like using passwords with more than 8 characters is not a silver bullet.

The aspects and motivations to be excited about the phone vary.
Increased privacy is part of it, but the joy of having a real Linux system without corporate-imposed restrictions would probably already win most of us over.
Contributing to free software and open hardware by buying a phone is also a win.
You don’t need to agree. That’s a philosophical thing. Nobody brainwashed us to want this thing. We were waiting for this.

From what I see here, there are enough mis-understandings about “security” that people are over-estimating the security benefits. Sure, Linux is more secure via its obscurity factor.

I am not so enamored with open source as I know from experience that it really doesn’t offer that much in the way of increased physical device security over other platforms. As far as security is concerned, open source is not the answer to security to the same extent that anti-malware products are not the answer.

I don’t disagree with the philosophy. In fact, I find the economic and ownership parts of that philosophy appealing. Android’s 2 to 3 year lifespan is nothing but a scam while Apple’s offerings are over-priced to the extent that even at their maximum possible lifespan they’re a scam too.

My concerns are the use of obsolete hardware, carrier limitations, and lack of apps. If I’m going to sink $650 into a phone, it better have a hardware lifespan beyond 5 years. And I better damn well be able to use it everywhere I use any other mobile device - including domestic and international roaming, and I better be able to get apps that provide functionality that I rely upon at a level of reliability and usability that I get from Android or iOS.

People who have such concerns are just not the target group. Seriously.
If you say ‘obsolete’ because a rather new chip is not on par with current flagships, okay. You do you
I’m currently on a Galaxy S3, which is 7 year old technology. I’m content.
The Librem 5 has sufficient apps for me. I’m content.
The modem can be changed / upgraded, no need to throw it away if some bands are missing. And I don’t care the slightest about 5G. I’m content.
And if the performance is good enough for me now, why would it not be good enough in 5 years?

Maybe it will, maybe it won’t. This is v1. Who invests in it, is certainly aware that v2 will be better, but won’t come along without v1. It is totally fine if it is not good enough for you.
Come back in a few years and see if we helped create something that you might enjoy