Librem 5 concern


#182

People should stop stating that data collection is a security hole.

Information Security means protecting data from unauthorized access and use, and privacy means ensuring that only authorized people can have access to peoples’ private data. It’s pretty similar.


#183

Not necessarily. The Librem 5 needs to use USB to communicate with the cellular baseband and GNSS in order to get RYF certification, because that is the only way to run them without a binary blob in the Linux kernel. Likewise, the Librem 5 needs to use SDIO to communicate with the Wi-Fi/Bluetooth, if it wants acceptable 802.11n (i.e., not Atheros) and functioning Bluetooth with a free driver in the kernel. Both of these can happen with soldered chips. My original idea was wrong, because I can’t find a chip that combines cellular baseband/GNSS and Wi-Fi/Bluetooth (unless they are all part of the SoC which means binary blobs in the kernel), so two chips are necessary.

Still, three soldered chips (SoC, cellular modem/GNSS, Wi-Fi/Bluetooth) would take up less space than the current configuration of 5 components: SoC, GNSS, Wi-Fi/Bluetooth, M.2 slot, and cellular modem on M.2 card. The M.2 card adds an extra 3 mm of width to the Librem 5 case.

The drawback of a soldered cellular baseband is that there doesn’t seem to be one currently that both runs on a free driver and covers all the LTE bands, so a cheaper and thinner version of the Librem 5 won’t work everywhere and won’t counter planned obsolescence to the same degree.

As I see it, Purism had to include an M.2 slot, because it allows people to use the Librem 5 in places where the only way access the LTE band is to use another cellular modem that requires binary blobs to function. Hopefully, Purism can convince some company to make a cellular modem that covers more LTE bands and doesn’t require binary blobs in the kernel, so the M.2 slot isn’t necessary.


#185

Gripe about Android:

When I install an app that is basically going to want to store some data (config data, for example) on my phone, it seems to need access to my ENTIRE data area.

There’s no way to grant permission to just set up a directory (err…folder) for itself and use that.

Or there IS and those apps are spyware.


#186

Android 9 (“Q”) is introducing scoped storage that prevents apps from accessing any folder except its own folder in the SD card. You can turn it off in version 9 because it will break a lot of apps, but it will probably be mandatory in Android 10.

I hope that Purism will setup AppArmour to make similar restrictions on apps in the PureOS Store.


#187

Not really I expect most of the short comings on initial release to be software based. Those can all be fixed with updates. It’s not planned obsolescence but demands do change over time. I expect at some point the hardware would no longer meet your computing needs and you would want to upgrade. Same with having a 10 year old laptop. Sure you can keep using it and running stuff on it. But eventually the video gets stuttery, things take a long time to load, and the whole experience starts to feel sluggish. It’s not really planned obsolescence just that the demands of modern computing have shifted.


#188

again 'Droid things are non-trust-assurance providing so ANY introduction of features or claims in/with the software itself by the “land-lord” doesn’t constitute proof and COULD be just a smoke screen that’s why i don’t follow proprietary-anythings related change-logs/release-news only the verifiable claiming ones like the free-software/open-source code.


#189

reC, I totally agree with you in distrusting proprietary technology. I just spent this afternoon trying to find a router that doesn’t require any binary blobs to run openwrt. (You don’t appreciate eBay until you live in a place where it doesn’t exist!)

After years of using LineageOS, I will be so happy to say goodbye to Android for good when the Librem 5 arrives. Still, I try to be fair when I criticize companies, and objectively Google has gotten better with Android security and updates. As I see it, the big problem is that Google is based on monetizing user data, and it encourages app developers to do the same. It is hard to trust any company with that business model, whether it be Google, Facebook and now Microsoft with Windows 10.


#190

for me it’s not that it wouldn’t be possible to trust Google or any other big tech out there. it’s really not about how big or what brand they choose - for me it’s the FACT that they will not grant any of us trust-assurance which is why i’m constantly nagging and beeing very specific. i don’t hate Snoople (like someone has claimed above) or any other big tech out there but i do hate this non-trust-assurance thing they got going for so many years now and it looks like they rather just throw dust in our faces rather than change their business practices that’s all there is to it.

it’s not hard it’s IMPOSSIBLE in this circumstances to have trust in big tech (which is bad for EVERYONE)


#191

I am awaiting my L5 with the expectation and excitement of a child on Christmas Eve, however progress announcements give rise to the possibility of a development problem that has not been shared with the community. I am happy to wait longer - I would just like to know :slight_smile:


#192

Just a quick post regarding ARM architecture. Somewhere in this long thread there was a mention that “Linux apps” are not optimized for ARM. This is not the case. Debian has been shipping ARM applications for over a decade and Linaro (the ARM Holdings Linux porting company) has been re-using Debian and Yocto for further kernel and middleware optimization. This includes the ARM hardfloat as well as ARM v8. In short GNU/Linux is highly optimized for the iMX8 quad which is the CPU of the Librem 5.


#193

…and how many apps really need to be “optimized for ARM”? As long as the compiler is written to properly use the ARM architecture, most applications won’t care.

I keep reading comments about a great many things needing to be “ported to ARM”, and I scratch my head in puzzlement.


#194

Agreed, in general there should not be much to optimize in an app. That should mostly happen in libraries.
And yet, when porting an app to RPi, I had to override a default setting to enable faster rendering and replace a hashing Implementation with handmade inline asm to utilize a dedicated CPU instruction for decent performance - obviously because the used library did not yet provide that optimization.
So yes, it happens.
But I guess some people who never did that just assume you have go over millions of lines of code and analyze how make it faster on $platform. :sunglasses:


#195

How about the times you accidentally touch something on your 'droid and the it comes up with a plain white screen that says "Listening … " ? You also tap the backup button a dozen times and it still doesn’t go away? (Solved with a hard power-down.)

Or Yesterday’s story about Google contractors listening to Belgian and Dutch Google Home recordings?


#196

I think most of the time “porting to ARM” just means “recompiling for ARM”, in case the app has only been compiled for x64


#197

I was referring (obviously not clearly) to the comments that make it sound like a big effort.


#198

The first half of this thread is brutal, which is admittedly all the further I read.

Who got the idea that the Librem 5 won’t work on US carriers? Was it because it doesn’t support the train wreck that is 5G? Neither does my $900 iPhone, and I’m glad it doesn’t. I take it lack of 5G is also the “old and out-dated” comments? 5G hasn’t been deployed yet.

While Apple has a better privacy record than Google (although I think anyone outside of Silicon Valley is better than Google on this), we don’t know what or how much Apple tracks and collects. We can think that by keeping iCloud signed out, we’re plugging a big data leak, but how do we verify? We can’t.

Also, forget putting ANY apps on an iPhone without an account. At least Android has this possibility once you knock down the walls Google and the phone manufacturers put into place.

Bad OS update? iOS and Android leave you to deal with it. Forget rolling back. We can’t even take security updates without them being bundled to UI changes. C’mon, even Microsoft had this down with the exception of Windows 10. Linux has this, although Linux updates tend to be solid as long as you’re not cutting edge.

If Purism fails as a company, the software will live on. New phones will likely cease to be made, but the software can continue to be maintained by other developers.

As far as not having spy apps, it’s true that you can do the same with existing phones. What we have little to no choice in is OS level, or even hardware-level, tracking and data collection. The Librem 5 gives you control in knowing that when you flip the switch to kill GPS, that chip has no power and can’t function. Same for cellular, same for the cameras, and same for the sensors (why should a phone know if I’m sitting or standing when it’s in my pocket? What benefit does that even provide?).

As for traffic data in maps, you guys know that’s all done through data collection from cell phones, right? That’s what the routing and traffic toggle does in the data collection settings. That’s why my phone gets way better than average battery life…all those toggles are off in my settings.


#199

Apple collects a lot more than people think (especially tracking your location history)
It’s been revealed in a book released / supported by Electronic Frontier Foundation.
I’ll try to find the file.


#200

i’d be nice to get an official rated number of aproximate on-off switching life on those (like rate million of mouse clicks)


#201

Once we have the final specs list you should be able to look up the data sheet for that part and they might have a rating there. that is really on the manufacturer of the switch not purism.


#202

Purism with a Starcraft Adjutant voice: “Not enough minerals !”