Unlike most people in this thread, I actually find that the article raises many legitimate points.
As a security engineer myself, I’ve always found it fairly obvious that the Librem 5 compromised on security in the name of freedom. This isn’t necessarily a bad thing, it’s just how the phone is. Purism also does not have the 100k+ employees like Apple and Google, which enables them to hire hundreds of full-time security engineers to tackle issues like this. Really, this is to be expected.
That said, I am also kind of appalled by this community’s attacks on the author and not the actual content of the article. Calling people trolls, shills, etc is not acceptable, especially not when these people have done much more for security than yourself (the author in question has contributed code to Qubes, IIRC), and when you haven’t actually engaged the points mentioned.
The author’s minor, inconsequential inaccuracies about have been overblown in this thread, the actual security meat of the discussion (outlined below) passed over by people rushing to point out how the author mustn’t know anything.
In the end, either you address the concrete security issues raised in the article, or you don’t. I have neither seen an acknowledgement or refutation of the fact that the Librem 5
- Doesn’t have a robust secure boot chain
- Doesn’t have a hardware-backed keystore
- Seems to be missing many of the OS hardening features added over the years in https://source.android.com/security/enhancements
- Won’t let you update firmware, which is a security nightmare if (when) a vulnerability is discovered in the firmware
All of these are fairly critical and I haven’t seen a point-by-point refutation of all of these.
If you believe the issues exist, what is the plan to fix them going forwards? If there is no plan to fix them, why? (@Kyle_Rankin)
If you do not believe the issues exist, why?
Will I still buy a Librem 5? Sure. But I think shortcomings must be acknowledged, and mass denial will not help you in the real world where people can and will exploit the shortcomings you’ve chosen to ignore.