For the sake of improving security and usability for everyone, I thought I would post a wishlist of the features that would most likely make me, as a paranoid individual, purchase a Librem. I realize that these individual items would be better discussed in their own threads, but I didn’t want to spam the forum. It’s fine if someone else wants to do that.
Here they are, in order from extremely high priority to merely high priority:
-
Polymorphic IMEI. It’s OK if I need to power cycle to get a new one. Two modes would be nice to choose from: (a) random (generates an IMEI which complies with standards, but is otherwise unpredictable) and (b) camoflage (generates an IMEI which mimics those most consistent with existing phones or phones sold at the last known phone location, or whatever would otherwise blend in with the environment).
-
Ability to pick up the phone as close to the point of manufacturing as possible. No shipping antics allowed. I assume by default that your manufacturing is compromised on a transistor level or perhaps even a device firmware level, but so is everyone else’s, most likely, so I don’t regard that as a (relative) negative. Ann Arbor, Baby!
-
Ability to run Signal Private Messenger, ideally, or some equivalently open-source messenger program that all my nonparanoid friends can also install on their Androids and EyePhones.
-
Fake permissions. This means that when, say, an app wants to use the camera, I get a dialog that says “Choose one of the following. You can change your choice later by going to such-and-such setup menu.” The choices are (a) allow, (b) deny, © fake. “Fake” means to fake out the device. So if this app really insists on camera access, it can get access to a fake video stream that provides it with entertaining blackness all day long. Unfortunately, it’s not good enough just to cover the camera physically, as I might be running some other app at the same time or intermittantly which I want to provide with real camera access. Fake permissions are a big selling point because it means I can install all the bad apps I want, and they can’t actually exfiltrate anything unless I’m dumb enough to allow that. It also makes your task of porting apps a lot easier, potentially, because you don’t need to worry about so many security threats.
-
Network permissions per-app (allow, deny, or fake). In fake mode, this permission means that the app can send all the packets it wants to whatever IP it wants, and it’s told that the send succeeded. And then… nothing happens. In deny mode, it gets notified that it has no network access. Again, this is on the app level, not the system level.
-
One-shot wifi option in the settings. Wifi connections are forgotton as soon as you disconnect, or the signal is lost due to distance. This prevents the very common mistake of forgetting to turn off wifi when you leave home. It also effectively disables Wifi Pinapple attacks, for instance those which look at the history of old SSIDs that you broadcast as you walk down the street, providing the attacker with a wealth of information about your travels.
-
Google Translate (as a downloadable app, not a forced install), because the world is too small and many of us need this. (Open source would be better, but I don’t think anything comes close to the quality as of yet.) We can keep it in fake permissions prison after initial installation, so it can provide its useful functionality in offline mode. Or for those who trust it, fully online.
Attractive features unrelated to security:
-
High resolution camera with option to save photos in some lossless format. Video at 4K 60 FPS, which is basically industry standard for outdoor action videography at this point.
-
Some degree of waterproofness, or at least the option to purchase a case for the same.