Librem 5 USA edition

my local bike factory’s proprietor is Chinese and used to rent my house a few years ago … talk about irony :wink:

1 Like

Thank you for talking the time to hear my concerns. I hadn’t known the devkit and the onekey were/became US made, kudos on that. Your Procurement must be ridiculously good.

2 Likes

there is still the option to pay a local shop to x-ray it for you if you don’t trust Purism to do it for YOU inside the “tamper-evident-services”. this way it seems to me that it’s still OK without the full made-in-USA luxury service.

i mean if i can go and pay an “emergency-tax” to my local teeth-x-ray shop and go prepared to my dentist the next morning … why wouldn’t this be viable with the L5 ? all it takes is an expert and the price you would pay for this doesn’t seem like it will reach as high as 2 grand $.

this is for a PRC L5 i mean … still not that big of an issue for most of us …

3 Likes

See also first part of Birch Shipping Email Received

1 Like

2 grand ? Too rich for my blood .

4 Likes

Although this version of the phone is way too expensive for most people, its announcement is good news, because it means that Purism must have some corporate or governmental clients with deep pockets who want a phone made in the USA.

I wondered how Purism had the funds to increase its “Core Team” from 34 to 49 since August 8, but this might explain how Purism has been able to hire so many new employees. More programmers will make the Librem 5 a usable phone much faster, so this is good news for all of us. Todd Weaver commented about making 50k of the Librem 5 in his video with Gardiner Bryant (The Linux Gamer), which makes sense if Purism is getting big special orders.

The obvious buyers of this type of phone would be the US intelligence services and all the private companies that have contracts with them. The US spent $162.8 billion on its Intelligence Community budget in 2019. If the US government is helping to develop the Librem 5, then that would be a much better use of taxpayer money than most of the wasteful and morally-questionable things that the US intelligence services do, like running a giant server farm in Utah to collect the personal data of millions of people. The tech behind Tor and SE Linux were both originally financed by US intelligence services, so this wouldn’t be the first time that the US government has helped create more secure tech that we can use.

My only fear is that Purism might fall under the sway of the US intelligence services if it is getting a large portion of its revenue from them. Almost everything that Purism does in the Librem 5 is verifiable by the user, so this is not likely, but let’s imagine a scenario in a couple years when Purism is getting 50% of its revenue from orders from US intelligence services. Then, it gets an large order to build phones needed by CIA agents who both need hardware kill switches, but also need tracking built into the phone for when something happens to the agent in the field. Purism builds this special order because it has nothing to do with its other sales to the general public. Now Purism is getting 80% of its revenue from US intelligence services and then the NSA figures out that a lot of Librem 5s are being used by Iran, Russia, China, North Korea, etc, and they would love to be able to spy with the phones. It will be hard for Purism to resist the NSA’s “request” to add a hidden spy chip to the Librem 5, when the company depends on the US government for its survival. If the US government pulls all its contracts, then Purism will face bankruptcy.

I wonder if the x-ray images that Purism released are an attempt to prevent exactly this kind of scenario from ever happening. It is Purism telling the US government, “look, we will take your money, but there are certain things that you can’t ever ask us to do, because our users will find out.” All of this is based on a lot of speculation on my part, since Purism could be getting these orders from businesses that have nothing to do with the US government. Still it is worth thinking about these scenarios and ask whether releasing the schematics, x-ray images and software’s source code for the Librem 5 are enough to prevent it from ever happening.

9 Likes

I think it has not been brought up yet, but I also thought that the mere existence of two theoretically identical builds makes it even harder to implement (certain kinds of) backdoors.
Every difference in physical components or behavior (timings) would have to have a reasonable explanation or hint at a unwanted difference.
I don’t know how strong this point is, but to some it could be.

9 Likes

It is always OK to wonder.

2 Likes

This made me laugh and think of what I should do fo most of my posts and replies!

TL:DR Warning | I can speak gibberish latin!

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Vitae turpis massa sed elementum tempus egestas sed sed. Amet mattis vulputate enim nulla aliquet porttitor lacus. Ultricies tristique nulla aliquet enim tortor. Eget gravida cum sociis natoque penatibus et. Et ultrices neque ornare aenean euismod elementum nisi quis eleifend. Diam maecenas ultricies mi eget mauris pharetra. Quis risus sed vulputate odio ut enim blandit volutpat. Aliquam sem fringilla ut morbi tincidunt augue interdum velit. Vitae turpis massa sed elementum. Interdum varius sit amet mattis. Turpis egestas sed tempus urna et pharetra. Sed nisi lacus sed viverra tellus in hac. Eros donec ac odio tempor orci dapibus ultrices in iaculis.

Aliquet porttitor lacus luctus accumsan tortor posuere ac ut consequat. Nisl nisi scelerisque eu ultrices vitae auctor eu augue ut. Tristique risus nec feugiat in fermentum posuere urna nec. Augue mauris augue neque gravida in fermentum. Ornare lectus sit amet est placerat in egestas erat imperdiet. Egestas purus viverra accumsan in nisl. Lectus magna fringilla urna porttitor rhoncus dolor purus non. At tellus at urna condimentum. Suspendisse ultrices gravida dictum fusce ut placerat. Et tortor consequat id porta. Vitae auctor eu augue ut lectus arcu bibendum. Volutpat commodo sed egestas egestas fringilla phasellus faucibus scelerisque. Rhoncus dolor purus non enim praesent elementum facilisis.

Sed vulputate odio ut enim blandit volutpat maecenas volutpat. Dolor purus non enim praesent elementum facilisis leo. Neque volutpat ac tincidunt vitae semper quis. Nunc mattis enim ut tellus elementum. Eu consequat ac felis donec et odio. Malesuada pellentesque elit eget gravida. Ultrices tincidunt arcu non sodales neque sodales ut etiam. Quam nulla porttitor massa id neque aliquam vestibulum morbi blandit. Ultrices tincidunt arcu non sodales neque sodales. Dolor sed viverra ipsum nunc aliquet bibendum enim facilisis. Cursus risus at ultrices mi tempus imperdiet. Faucibus in ornare quam viverra orci. Sed cras ornare arcu dui vivamus. Augue mauris augue neque gravida in fermentum. A diam maecenas sed enim.

Molestie ac feugiat sed lectus. Habitant morbi tristique senectus et. Tortor at auctor urna nunc id cursus metus aliquam eleifend. Sed velit dignissim sodales ut eu sem integer. Auctor elit sed vulputate mi sit amet mauris commodo quis. In pellentesque massa placerat duis ultricies. Non curabitur gravida arcu ac tortor dignissim convallis. Euismod lacinia at quis risus sed vulputate odio ut. Facilisis mauris sit amet massa vitae. Nam aliquam sem et tortor consequat id porta nibh. Id venenatis a condimentum vitae sapien pellentesque habitant morbi tristique. Volutpat sed cras ornare arcu.

Massa massa ultricies mi quis hendrerit dolor magna eget est. Mauris vitae ultricies leo integer malesuada nunc vel risus. Imperdiet dui accumsan sit amet nulla facilisi. Sit amet aliquam id diam. Sapien eget mi proin sed. Ultrices dui sapien eget mi proin sed. In iaculis nunc sed augue. Egestas fringilla phasellus faucibus scelerisque eleifend. Pretium lectus quam id leo in vitae turpis massa. Eu tincidunt tortor aliquam nulla facilisi cras. Feugiat in fermentum posuere urna nec tincidunt praesent semper feugiat. Neque ornare aenean euismod elementum nisi quis eleifend. Felis imperdiet proin fermentum leo vel orci. Ultrices gravida dictum fusce ut placerat orci. In metus vulputate eu scelerisque felis imperdiet. Nunc lobortis mattis aliquam faucibus purus.

The market for IC chips is global and pricing is closely the same everywhere. A pick-and-place machine can install the electronic components with the same speed and lack of human labor everywhere. Why not order the unpopulated PCB boards from China? You can’t sneak spy chips in, on unpopulated boards. So the price for assembled phones made in the USA should not be altogether different than phones made in china. If people want to donate money to Purism, that is fine. But the market value of a phone made in the USA is not $2000.00.

1 Like

Yes, you can… Pretty standard on multi-layer PCBs. E.g.

https://www.electronicdesign.com/embedded/use-embedded-components-improve-pcb-performance-and-reduce-size

3 Likes

That will show up on the X-ray of the PCB, but unless you X-ray all the boards, some could slip through altered.

2 Likes

Fully agreed, I just wanted to dispel the myth that an ‘empty’ PCB cannot be manipulated.

3 Likes

i think the point was - pcbs are not etched by crowd fo chinese people vs american people, components are not laid by tweezers by the same crowd and not soldered with a solder gun. All pcb manufacturing is long ago fully automated cycle as with current level of miniaturisation human being has very little to do there except sit in awe and wonder. So it’s just about mass pre-fabrication vs on-demand printing+laying+flowing.
But then there’s assembly line where all needs to be put together - chassis, screen, frame, pcbs, connectors. That’s where the labour counts and that’s where you have high chance to place some rigged component, down to flat ribbon cable with mitm controller on it

3 Likes

Sure? What other phones fabricated in the USA, with GNU/Linux instead of Android and iOS, switchable and separate baseband and killswitches can you buy for less than 2k$?

I am not aware of another phone. So if at least one person is willing to pay 2k$ for that phone that’s it’s price right?

6 Likes

The Librem 5 USA is for corporate and government clients that need extra levels of privacy and security, and when you get into that market, $1999 is not too expensive. Special order phones have very high prices.

If you were thinking of buying this phone for yourself, then I can understand your disappointment at the price. However, if you think about this as a way for Purism to make a lot of profit that will be reinvested in paying for extra programmers for the Librem 5, then the high prices for the Librem 5 USA will be paying for the software development for the normal Librem 5.

Let’s imagine that Purism makes $500 in profit on each Librem 5 USA and $50 in profit on each Librem 5, so you get 10 times the profit per phone. Those extra profits mean that Purism can hire more programmers and engineers, but can also repay any debts it might have incurred and avoid costly Kickfurther campaigns. Once the software support gets better for the Librem 5, then you get more demand, which means larger scale manufacturing and lower costs per phone, which in turn means either better specs (more RAM, more Flash memory, better image sensors) or lower prices to be more competitive with other phones. More profits also means more money to develop other types of RYF hardware, like tablets and routers, and more money to go into projects like Librem One and Libre RISC-V.

6 Likes

There are charity auctions that take place where people pay large amounts of money for things that are not anywhere near in value what the bidded-up prices are that are paid. Typically, the money goes to a good cause which is the main point anyway. The same can be true any time people willingly pay above market rates for some thing that has a much lower instrinsic value than what is paid for them. I think that for the purposes of community oversight, we should focus on the real values in this case and let people donate to the social purpose directly if that is what they want to do. A competitively-made low-volume American-made good will typically cost more, but not nearly three times the price of a low-volume foreign made good. Maybe 1.5x the price is accurate. The Walmart affect happened because any time Walmart could cut a few percentage points off of the cost of something by doing business in volume, they did it. The smaller brick and mortar businesses then lost enough business that they had to raise prices to pay their fixed expenses, which drove more customers away from them, requiring yet higher pricing to keep their doors open. So their prices doubled and tripled as more and more people were driven away and their fixed costs remained the same. Then Amazon did the same thing to Walmart. Why would I choose to buy an $18 phone car charger at Walmart when I can get the same thing on Amazon for $6? I think that until Purism starts shipping in mass (fulfilling their commitments in mass) they should be kept on a short (metaphoric) leash. If they were more open and communicative, maybe then, not so much. Clearly they are getting money from somewhere else these days. Any donor should demand more accountability than we customers here are seeing. In the meantime, there should be clear boundaries and accountabilities made and kept here. A competatively-made American good is worth roughly 1.5x what would cost to make it overseas. Exceptions are found in mass-produced, mass-shipped commodities.

2 Likes

When it comes to paying extra to have a product made in the US for privacy-respect reasons, there is some legitimate value to be found in paranoia. But just how paranoid we need to be is the question. To embed an unpacked integrated circuit in-between layers of a PCB would require a board re-design. Yes, the schematic is open. But would anyone re-design and re-lay out the Librem 5 just to spy on us some open-source proponents in low volume? My employer has many high-value integrated circuit designs that are fabricated in Taiwan at very high volume. They don’t seem overly concerned about this issue. The manufacturer is even trusted to possess the mask set. If you pick the right manufacturer, the manufacturer has a reputation and some very large contracts they want to protect. They can’t put everything on the line just to spy on a few open-source proponents of a low-volume design that is open to the public anyway because they want to know our web browsing habits. Once everything has been fabricated and purchased, how much can it cost to assemble the phone by hand? Pay me $100 per phone and I’ll do it. I live in America so it would still be American made. I just don’t think that everyone should be throwing money at Purism without more accountability from Purism. I’ll invest $700 as a customer. If they want more from me, I want to see in to their financial books. Poor accountability and just throwing money at something leads to bad things, often bankruptcy.

3 Likes

If Purism tried to ask for charitable donations to do the extra software development needed in the Librem 5, I doubt that it would be successful. Maybe it could get some grants, but I doubt that it would raise that much money and the money wouldn’t sustaining, so you would have to keep applying for grant money and it is hard to attract the best programmers when they don’t know if they will have a job next year when the grant runs out.
Corporations and governments are not likely to donate to the development of the Librem 5, but they are likely to pay $1999 for security phones. If you are a national security contractor, then the Librem 5 USA is a business expense, but I doubt that any national security contractors are willing to make donations to Purism, if it became a non-profit with greater transparency and open books.

Let’s say you are a national security contractor that wants to order 200 secure phones made in the US. Most of the secure phone market is covered by Blackberry, but those phones are designed and made by TCL, which is a Chinese company. You can go to Apple or Google, but their phones are made by the Taiwanese companies Foxconn and HTC in China. They might be willing to make those same phones in India for you, but good luck getting Foxconn and HTC to set up an assembly factory in the US. If you only need 200 phones, nobody is going to even listen to you, so from that perspective, $1999 is a very reasonable price to pay for these phones.

If you want 10k of phones, then you might be able to find some company which is willing to assemble the phones in the US for you for $1000 per phone, but that company will just slap standard Android in the phone and they can’t really support the phone on the software side. If you want the complete package of both hardware assembled in the US and a secure operating system with many years of guaranteed software support, then the Librem 5 USA is probably the best option that you can find on the market. If you calculate a 5 year lifespan for the Librem 5 USA, then it is only $400 per year, whereas an Android phone will only give you 3 years of security updates.

6 Likes

I agree with everything you say. Additionally I think if you would order 10k phones you would probably call Todd and will get the phones for less than 2k$ each :wink:

4 Likes