You can’t really test closed source hardware / firmware / software for exploits.
If you get lucky, you might find one (and then what do you do?). If an evil manufacturer does a good job, you won’t find one.
There are two separate issues here in practice though: the driver for Linux and the firmware for the module.
You certainly aren’t worse off than with an Apple or Android phone, where you have zero assurance of privacy, freedom, security, etc. anywhere within the phone.
Now there’s an understatement. Mobile phone baseband design is INCREDIBLY hard. Intel, one of the mightiest semiconductor outfits on the planet, tried it and threw up their hands in defeat.
Is it possible? Kinda (https://xtrx.io/), but a) it’s too big to fit, b) it’ll empty your battery in about 30 minutes and c) while Osmocom, srsLTE and other suchlike do exist, I have absolutely no idea how much work is necessary to get them usable as mobile station software (as opposed to base station, which is what they are currently useful for).
As a matter of personal praxis, everyone, including Richard Stallman to some degree, lives by that premise. We all use ATM machines, drive cars and ride on airplane that use proprietary software. It is really just a matter of what degree you are willing to inconvenience yourself. Richard Stallman used to use a Lemote and now uses a Thinkpad T400 with Libreboot. Seven years ago, I thought about buying a Lemote and ended up buying a Thinkpad T410 instead, because I didn’t think that I could live with the Lemote’s weak processor, tiny screen and inability to run Wine.
The reality is that pragmatism and convenience has gotten us into a real mess as a society, so we need people like Todd Weaver who are willing to dedicate their lives to changing this situation. The interesting question is whether you have to sometimes compromise in order to keep functioning in society and whether compromising on some aspects helps you achieve the larger goal in the long run. See Weaver’s discussion of how he personally doesn’t use proprietary social media, but Purism as a company does in order to spread the message why we shouldn’t use Facebook, Twitter, Whatsapp, etc.
I think we must be living in different realities! I’ve only heard of one of these services (Whatsapp), and not once have I found myself in a situation where I needed to use it or felt at a disadvantage for never having used it.
I think Anbox is probably the project to keep an eye on if you want Android app compatibility on the Librem 5.
(I convert all my CDs to 320 kbit/sec MP3 and for me that could exceed 32GB but I suspect that with the audio quality and power available on a phone it could be hard to justify that bitrate if outputting sound directly on the phone. The best option may be converting CDs using a lossless codec and then batch converting to additional copies at appropriate bitrates for the target devices. I’m using 320 kbit/sec MP3 as a compromise for a single format and bitrate that gives reasonable results on all my target devices.)
A good strategy. Of course it ALSO makes a difference how much music one has, and some people have staggeringly huge collections; pureman48 might well be one of them.
and whether you feel the need to have it all on your phone. The sound quality just isn’t that good (on any phone). I would much prefer to listen at home on decent equipment. I have my own server so can access all my music from my phone if I wanted to. So that is a different approach too.
Maybe I’m missing the point about the storage capacity, but with the Librem 5 accepting up to a 2TB SDcard what is the big deal? My current Nexus 5X does not have the ability for a microSD card; but my wife has had her galaxy S7 with a microSD card slot for ~3 years with zero issues. I understand an Apple user would seem apprehensive since iPhones are like my Nexus.
Samsung makes the largest microSD card I can find right now and it’s “only” 1TB. With cloud auto backups (i specifically use pCloud) and photos and mp3s being the perfect data to store on a microSD card the Librem 5 offers a crazy amount of storage.
I use my phone to play music through my car stereo, so I tend to keep just about my entire library on it. It also is improved greatly by headphones. The only time I use the little donkeyporker speaker is when I’m playing something for someone else and then, of course, I’d prefer to play something with very little bass in it.
Still, to some extent the same objection applies–crappy sound quality (due, if nothing else, to road noise). But then, you can go to a lower bit rate since it doesn’t matter.
I ultimately dumped my first and only iPhone (G3) after a few years because I couldn’t understand any reason NOT to have an SD card slot except for planned obsolescence, and to force user data onto the cloud, two things I didn’t want to encourage. This was after having a PalmOne where… OMFG you could actually eject the SD card without turning off the phone and having to open the effing back.
I have since never bought an Android without an SD card slot, and never will. I have also never had any lag issues with SD media on Android, but admittedly, only use it for storage of images, music and TWRP backups.
What? That happens literally all the time.
You know, it is funny to watch people getting all tied up in themselves to the point they can’t think any more. I totally agree with the original poster for the following reasons:
If all you are concerned about is having a safer phone then just delete all the apps off of your current device and there you go. No need to build and support another platform that literally no one is going to buy if they know everything about it up front.
32GB of storage being ok is only ok for an idiot these days. I use my phone more for documenting my kids life and taking pictures of all of our adventures than I do for making phone calls. 32GB of memory will be gone within a few months. Also, generally speaking, Linux sucks for taking pictures and I know of zero apps that run on Linux that perform this function even reasonably well.
External storage is fine but is terribly slow and unreliable. Not really a solution.
The hardware in this phone is already so far out of date you’ll be wanting version 2 before you get your hands on version 1.
The phone literally can not be used in the entirety of the United States. As such it should not be leaving these details out and at the same time asking for backers from the US. I would back it just for playing around with it, but after I learned what chips it has in it, decided against it. I would bet most people in the US that are backing it didn’t realize (because it wasn’t disclosed) that they’ll never be able to use the phone.
I don’t use any of the apps the original poster listed but at the same time not even knowing what kind of camera will be in it nor how good the pictures will be if taken on the device is a bit much. You’re seriously releasing the phone in the next few months and you haven’t decided what kind of camera will be in it?
The rest of you get off your high horses acting like we need this phone in order to be secure. If you don’t want apps and you want to be just as secure then an iPhone is your only obvious choice. Buy it, delete all apps and get the cheapest phone available (which is cheaper than this phone btw) and delete everything off it but the phone app. You’ll have a modern device that will last 5 more years, that takes beautiful pictures, has plenty of storage and is secure because you don’t actually use it for much.
Otherwise you’re all crazy in my opinion for getting caught up in this fly trap.
I love the idea btw: I would love to have a linux phone and would even deal with no real apps right out of the box. But it would need hardware respectable enough to last me a few years while I waited (or assisted) in getting the apps I’d want. As it stands the hardware is literally already old and it hasn’t even gotten into your hands yet.
Stop being stupid!
G
A few more points here to get you guys all fired up.
Typical phones today are used for Google or Apple Maps. Unless you plan to write some other version of maps then either of these companies can track your every move. Google is terrible about this. I can also guarantee you that if this phone gets any traction at all they’ll just write a version that runs in Linux and OMG, we have an insecure phone again.
There is absolutely nothing hardware wise here that is more secure than an iPhone or Android. Android is less secure because Google writes it and therefore spies on everything you do whether you install their apps or not. This is why in my opinion an iPhone is your only real option currently.
If messaging is your issue then developing a truly safe and encrypted messaging app would be a ton more doable and reasonable than what we’re doing here. Also, to have a good chat service you’d have to have a ton (and I mean a ton) of hardware and data center resources to deal with it. Who is going to pay for all of this? Even on the phone they are building you won’t solve this problem. Sure they can deal with it now because they won’t have 1000 people using this phone. But what happens when you have a million people wanting to use your chat program? You’d really need a peer to peer system to be truly secure but where is this today?
There are also no guarantees in life. You can not promise me that Purism will continue to support this phone or the OS or the apps. They can’t do what is not in their power to do. When they run out of time and money they will have to stop and all of you will be oh so sad. But it will still stop. Also, if they did develop a truly secure app and facebook walks up and offers them 50 million for it, they WILL sell it. Whatsapp anyone?
Again, I love the idea of what Purism is trying to do here. However, there are lots of wealthy people that do dumb things because they didn’t think it all through. In my opinion this is one of those moments.
Here are the real problems as I see them:
You will honestly need to build a linux kernel that can run on current mobile hardware. This would require a RISC and ARM version as I think RISC may start to enter the market soon but at the immediate front would be ARM. Or help RISC and use that chipset to begin with and make a multi front push.
Now that we have a kernel we next need to develop the very basic software requirements for a human to enjoy using the device. Even if they are like you guys and don’t want apps. These would include at a very minimum: Camera, Photos app, Texting, Phone, Phonebook, Calendar, Notes, Browser, Maps and Mail.
Now we need a bunch of guys and gals to continue supporting all of these apps as well as the ARM based kernel (for free).
NOW we need to start talking about hardware and insuring our kernel continues to get upgraded to support the latest advancements in hardware. I wouldn’t even want to start with hardware until we had some method for dealing with the items in #2 because 5 minutes after you pick a hardware platform it will be out of date.
Choose hardware that matches up closely to what exists for Apple and Android and then get it built.
The problem I see with this entire project is the promise to deliver a finished product based on hardware that is so old. I love the creation of hardware as test platforms for developers. That gets the ball rolling to do all of the steps before we get to hardware. However, it should have stopped there with no promises except to maybe update the hardware test platform as we move forward with development.
I would love to purchase a test platform now to see what could be done with it but they evidently don’t sell it any longer. We need a good proof of concept to work with before spending a butt load of cash to sell phones that NO ONE is going to be happy with except the extreme nut jobs that think their phones are insecure because they have too many apps on them.
So my advice if I were king: 1) I would develop a hardware kit using a RISC chip and work with the RISC foundation in doing so. I’d then sell that kit for developers to get behind and I would continue to support it going forward. 2) I would help manage the projects to insure everything kept moving forward and that people learned about the project and could participate. Communication is key to something like this succeeding. 3) Once the developers were able to start using their phones and no longer needed to carry Android or iOS around with them, then we could start thinking about going public with the phones.
Another issue with this entire measure is that Verizon, AT&T, Sprint and others don’t block the phones from their network. I don’t know what guarantee you’d have that this would not happen. If Apple and Google put enough pressure on the phone companies might this happen? We would need to answer this question before I’d even start step 1.
Sadly though, we’re about to go to market with a phone that all of you have already purchased and NONE of these issues have been addressed.
G
Messaging: In addition to basic SMS messaging (insecure, but there for convenience), the phone will utilize E2E via OMEMO on launch, with Matrix-based communication as a backup. Eventually E2E in Matrix will be supported. Messaging is already solved, though it will require people creating accounts to use via the Matrix protocol, so yes, you do have to combat the network effect.
Additionally, as a Social Purpose Company, Purism is legally obligated to serve social good over taking bigger profits, so they would be sued out of existence the moment they sold anything to Facebook. Not gonna happen.
Given that everything is open-source, anyone can take a look and figure out how to run and modify things. Purism doesn’t need to support it for it to continue existing in some form. GNOME exists as a separate organization, KDE exists as a separate organization, the Linux Foundation exists as a separate organization. There are many communities with interests in this phone.
The phone uses ARM. Linux already exists on ARM. They already have the devkit (and you can see videos of software running on the devkit being posted daily now at https://social.librem.one/@purism ). Purism does hope to switch to RISC-V once it becomes more viable.
The devkit has a functioning camera. Linux has a plethora of photo apps. The devkit has functional texting and functional phone calls. Linux already supports contacts, calendars, notes, browsers, and mail. This all already works on devkit (or can be made to work with relatively little effort at this point). Maps is bigger challenge, but Open Street Map exists, and open source navigation apps exist and work which utilize Open Street Map. Traffic data is missing, though, which is admittedly a shame.
Anything that runs on Linux will run on this phone, barring performance concerns and potential display issues by not fitting the mobile screen. But GTK and Qt have libraries which will auto-adapt windows to work on mobile screens, so existing Linux programs just need to pull in those libraries (if they are GTK-based or Qt-based) to work reasonably well on the mobile form factor.
Hardware is what is it - you can’t get top of the line specs at a reasonable price without being as large as Apple, Samsung, or the others. If you have many millions or billions to throw Purism’s way, I’m sure they’ll take it to leverage some better hardware.
It seems to me that most of your issues are actually solved. The hardware will suffice, even if it doesn’t have everything you want.
Maybe it is overhyped as a security phone and maybe not, but there’s no other phone that will give you this level of control over your hardware and software, and there’s currently no other viable Linux phone. Yes, I know things like the Pinephone have popped up since the Librem 5 was announced, but from what I can tell, Purism has made significant contributions upstream to enable Linux phones in general. Plus, I for one strongly appreciate their commitment to open-source as much as possible. I would buy this phone just for being a Linux phone, even if it didn’t have the killswitches. Do I think I will be able to fully replace my phone with it on day 1? No, or at least not without compromising the fully FLOSS nature of it. But this one needs to succeed for there to even be future versions that get better.
Dear @cybercrypt13,
Please please stop calling people idiots. Beside that, I’d like to comment about this:
This plan is unfeasible. You can’t delete all but phone app from the iPhone, without rooting it first.
I’d rather spend my free time making my favorite indispensable app working on Librem 5. If I do that, I’ll get plenty of support from Purism, whereas with iPhone I’d have to fight against the vendor. Giving Apple money and then fighting against them is, to say the least, inconsistent.
So, for all you other people commenting on the original posters point. This is how you respond. This was much more thought out and I don’t disagree with much of it. A few points though:
The matrix protocol is nothing more than a way for all chat programs to send messages between each other. It says or does nothing about security on either end. And obviously, it only takes one end being monitored and both ends are read.
Them being a social company is not a legal thing and I seriously doubt anyone would sue them over having to sell the company because they run out of funds.
I have watched videos (recent ones) on the progress of the dev kit and people can barely make a phone call. They openly say there is no calendar or photos app or very much anything else. Again, I love the idea and would buy the phone as well just because it is Linux. However, there is zero information from Purism about supporting the US market or about any of the US companies allowing it on their network. Maybe that isn’t an issue but it should at least be spoken to in my opinion.
I realize there are apps in linux that do some of what I spoke to, however, There are no apps I’m aware of currently optimized for an ARM version of the OS. Most linux apps are sub par when compared to their ios or android counterparts and lack many of the features most people have come to expect.
All of the commenters on this thread were acting like Apps were bad and insecure and that was the entire problem which was what I was commenting to. I wish I could get my hands on a development phone now to play around with because like I said, I love the concept. Just think going public with phones in a couple months is a mistake. It should be kept in development hands until 90% of the basic apps I mentioned are optimized and work similar to other phones before you dump it on people.
They may spend $700 for a phone with a cool idea but once they realize it sucks it will take a while for them to come back if ever. And the fact that the hardware is out of date on day one means if they do want to come back they will likely have to purchase a newer hardware platform and spend even more money.
Thanks for your logical reply though. At least some people here have brains. 
G
You miss my point entirely. I hate Apple and would love to use something like this. In fact I came here to purchase the phone until I realized it won’t work in the US and nothing is actually decided on. If I had a phone that could read email, make phone calls and take great photos and videos like an iphone or android does I’d be mostly happy. But at this point I don’t see that this phone does any of this and yet costs more than a basic iphone with more modern features.
Also, my comments to the idiots were not personal, only covering the responses the poor guy that posted the original comments was having to listen to. Just because someone doesn’t agree with you doesn’t give you the right to call them trolls and therefore ignore their points. If you go back and read this thread every one of the commenters were making points that were ridiculous. “apps are unsafe and we don’t need them”.
Also, grow a back bone for gods sake. This is the problem with the world today. Everyone has turned into women and no one can offend anyone any longer without their feelings being hurt. Life sucks, people suck and nothing is easy. Deal with it.
Also, no one has commented here on the human factor which is this: If this phone takes off (which I hope it does) then Facebook and Google and the rest are going to write apps for linux to deal with their services. When they do, people are going to install them and when that happens you’ve accomplished nothing at all.
Of course, the difference here is that I don’t have to install them on my phone but then you don’t have to install any of those on your iPhone either. There is another (worse) problem on this phone though. People are generally speaking are always out to get something for nothing. As soon as they realize there is NO monitoring process to prevent them from writing apps that run on the phone and can do almost anything, they will. This is currently on display just looking at the difference between Apple and Google. Apple monitors and therefore keeps the app store clean and for the most part free of bad players. Google is (was) totally open and has the absolute worst secure phone in existence.
Has anyone even had that conversation with respect to this linux phone? how will you trust what you install?
Consider though that on a phone you just pull it up and see just the app you were looking for that hasn’t been reviewed by anyone yet. Who will be the first person to download and test :-)? Not me.
G
It is a legal thing. Please inform yourself better, lest you end up telling lies. You may start at wikipedia over there.
The first part of the claim - apps are unsafe - is up for debate. And I personally am inclined to say that, yes, the apps in general are hastily written and therefore unsafe, but for few exceptions.
The secend part - we don’t need them - is a matter of choice. You need them, and perhaps that is why it is ridiculous to you, when we say that we do not. I don’t need from a phone anything but calls, text, and mail. If I need something else, I’ll make it happen, as the phone is open, I have some skills, and Purism supports and encourages this.
This is no excuse for ditching all the manners.
(quote is actually from cybercrypt13, not sure how it got credited to Dwaff)
I know that I at least was referencing the laundry list of apps the poster cited–basically the very apps that do the most spying on the user; I wasn’t referring to ALL apps by any means. That was the context of my response, and it shouldn’t be dropped when evaluating my reply.
A few things there: 1) I would bet money you have a mobile phone and do more than just make calls on it. If that is the case get a flip phone as you don’t need a smart phone. 2) You can buy a cheaper model iPhone and don’t login to iCloud or create an apple account and use it for making phone calls. If that is all you think you need then why have you ever been looking for a new phone.
Again, I love the concept of a linux phone and would buy one that works in a minute. I don’t care much about all the apps either. What I do care about though is people misleading the general public about the capabilities of a phone that just are not there. Claiming security for the sake of the claim with nothing to back it up other than to say apps are unsafe and therefore you don’t need them.
And again, go back to the top of the thread and explain manors to me when everyone was putting down the original poster and claiming he was not being honest and instead was trolling the site instead of simply addressing his concerns. I get sick of people trying to stand on a high horse when the crap they were dishing out comes back at them.
If you guys were so honestly nice and sweet I wouldn’t have even bothered responding on this thread. I just got sick of listening to you all putting down the other guy and not a single one of you were backing up any of his points. If I am offensive to you then you should consider what you are to me. I am not a mean person and if I am being harsh there is a very good reason.
Also, for the record, telling someone to be nice to you because they might be hurting your feelings is not ever going to work. A better way is to just earn their respect to being with by having a respectful back and forth. Not calling them a Troll just because you’re not making good arguments and they call you out on it.
And funny thing is I didn’t see many of you telling the other people to stop calling him a Troll and to be nice. But I state (and can backup) the fact that those participating in the beating were acting like idiots and you want to try to preach to me. Stop trying and lets just debate the issue at hand. I will be respectful as long as you guys are.
G