I think given how total the surveillance and control is in China (and totalitarian regimes generally, but particularly China), it’s safe to assume that anything manufactured in China contains government spyware and backdoors routinely. You can’t even illegally cross a road in China without cameras detecting that and automatically recognizing your face and debiting your social score account, or post a social media post without government surveillance bots monitoring it immediately and deleting it, also immediately, if it is not of the approved variety. It is an entirely and totally controlled society, it’s not like in the U.S. where security services reserve the right to do this and that and supposedly do it whenever there is a good reason but more or less often abuse those powers … over there, it’s just total control, everywhere and all the time.
You are completely wrong there. Due to the thorough scrutiny of all exported components from China (and China is aware of that fact) no backdoor is put in those devices. Even the car electronics is free of any backdoor, none found so far. This in contrast to USA communication equipment where backdoors are often found (e.g. CISCO routers).
I therefore propose to a privacy conscious company as purism to exclusively use China components.
Or, you know, give customers the choice and customers can decide which of these narratives to run with.
The reality of manufacturing today is that neither edition of the Librem 5 is exclusively components from one country.
Just as the post to which you were replying is a bit extreme in its claims, so is yours.
You can’t possibly know this. Noone can. China exports a zillion components per second.
For components with embedded firmware or software, it would be very difficult to verify whether there is or is not any kind of backdoor or other malicious functionality intentionally put there. It may not even be possible to access the firmware or software.
You sound like a naive Westerner who has grown up in a normal country and has never known anything else. I don’t blame you, this relaxed attitude is fairly universal in the West. The evil that communism is is impossible to comprehend unless you have actually lived it. I spent several decades of my life behind the Iron Curtain and I have experienced directly how it works. Unfortunately, this attitude is also the reason why China is taking over the world unimpeded and will do so completely once they take over Taiwan. I won’t bother responding to Jan2 because he’s either a troll or a Chinese shill.
Every Chinese component has a back door which the CCP can exploit. China has 1.5 billion people and their average IQ is 105. The USA has 300 million people with an average IQ of 98. Assuming both have a standard deviations of 15, that means that at IQ of 170, there are 40 Chinese for every American, more as you go higher. All the smartest people in China have the choice of either working for the government if so ordered, which they are, or having their organs harvested and being put 6ft under. All the smartest people in America become entrepreneurs and make billions. The government only employs morons. Western intelligence agencies are full of woke soft lefties who either got in on a racial or a gay or a trans quota and are incompetent or they are just plain Chinese agents. Fact. Western intelligence agencies are completely infiltrated by communist spies, and have been for decades. First mainly KGB, now mainly CCP. They may employ some smart people but they can’t get anything done because their woke dumb commie-sympathizing bosses outnumber, outrank and overrule them. It may even be true that no backdoors have been found in Chinese hardware (I somehow doubt it) but that doesn’t say a lot. Even so, the said Western intelligence agencies have banned Huawei equipment from mobile networks. Do you think they’d do that if it were true that “Due to the thorough scrutiny of all exported components from China (and China is aware of that fact) no backdoor is put in those devices.” and they were confident of this fact?
Well, um, you are replying to me but quoting something that I didn’t write, in fact with which I more or less explicitly disagreed.
It’s best not to speculate on what someone else’s life experience has been.
This topic is probably going a bit off the rails for the category that it is in (Librem 5). Round Table maybe …
If I may, could you please all substantiate extreme claims when you make them? Threads like that inevitably go off the rails otherwise, with sides speaking past each other. So please apply some brakes and either post sources, or don’t post anything at all.
In particular, I mean generalizations like:
Oh, and insults are forbidden by the rules. This is the second time I’m asking to please follow the forum rules, for they are meant to foster good discussion.
Next time you’re getting a time out.
tl;dr: sources or bust. Also, no insults.
This is complicated. See what I wrote in the community FAQ: https://source.puri.sm/Librem5/community-wiki/-/wikis/Frequently-Asked-Questions#86-where-are-the-librem-5-and-librem-5-usa-assembled-and-where-are-their-components-made
source?
Here are the vulnerabilities associated with Pegasus, according to Wikipedia:
- CVE-2016-4655: Information leak in kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing them to calculate the kernel’s location in memory.
- CVE-2016-4656: Kernel memory corruption leads to jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to secretly jailbreak the device and install surveillance software – details in reference.[64]
- CVE-2016-4657: Memory corruption in the webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.
At this point, all the major phone makers are dependent on China in one way or another. Samsung is the only major phone maker left that still does the majority of its own assembly, and Samsung now outsources 20% of its phones to Chinese ODMs. All the significant phone ODMs and design houses (Wingtech, Huaquin, Longcheer, TINNO, Chino/OnTim, Haipai, Huiye, Ragentek and FIH Mobile) are Chinese companies. FIH Mobile, which is a subsidiary of Foxconn, is technically Taiwanese, but the majority of its workers and operations are in China. At this point, probably the only phones that have no Chinese labor or parts are Galaxy S-series, but a tiny phone maker like Purism can’t make half the parts in its phones like Samsung does. It is hard for small phone makers to avoid Shenzhen, since most of the mobile parts industry and design services are centered there.
The last that I heard, the L5USA was still shipping with the same Chinese-made BroadMobi BM818 modems used in the L5. Judging from what little I can find searching in source.puri.sm, it will probably be a while before Purism can offer the German-made PLS8 modems. Purism says that it will offer the PLS8 modem cards as an option that people can buy for the L5, although it will cost more than the BM818.
It’s worth pointing out that both the BM818 and PLS8 are using Qualcomm modems, (which were probably designed in California), and the BM818 chip was probably fabbed in Taiwan or S. Korea like most contracted fab work, although its M.2 card was likely assembled in China (probably not by BroadMobi, which appears to outsource its manufacturing).
If that were true, then we should be able to find many examples of that meddling, but there has been remarkably little evidence presented of hardware/firmware/driver tampering by the Chinese government. The best evidence that we have is the Bloomberg story about inserted spychips in Supermicro servers, and that was reportedly targeted for servers used by specific companies (Elemental, Apple, etc.). Serious questions have been raised about the credibility of the Bloomberg article, since pictures of the putative spychips were never produced, Supermicro continues to deny that it ever happened, and other news agencies have not been able to validate (or at least haven’t published anything to validate) the Bloomberg story. In contrast, we have multiple sources and news agencies which have corroborated that the NSA was intercepting Cisco routing equipment in the shipping to tamper with it so it could be used for spying.
The kind of surveillance that China does of its own citizens doesn’t require hardware/firmware/driver tampering, and the political risks to the CCP of tampering with hardware for export are very large, since solid evidence of this happening would cause many tech companies to pull out of China. Given the risk of losing millions of jobs and billions of dollars in exports, the CCP has a strong incentive to not meddle with hardware for export. Remember that the political power of the CCP is no longer based on Marxist ideology, but is now based on its ability to keep delivering jobs and economic growth for the Chinese people, and staying in power is its central aim. If the CCP were going to risk tampering with hardware for export, it has every reason to be very selective in who it targets, in order to limit the possibilities of getting caught.
Yes, the BM818 is a black box and it is possible that the CCP might order BroadMobi to alter it for spying or may have operatives inserting spychips in the assembly plant, but it strikes me as very risky for the CCP to target the L5, and I doubt that many high-value targets are using the phone which is only partly functional at this point. Of all the targets that the CCP could choose for conducting covert surveillance, it seems foolhardy for the CCP to select the one phone in the world with free/open source schematics and 100% FOSS drivers and software, which is made by a company which overtly opposes government surveillance (see Purism’s warrant canary) and is used by a community which is paranoid about surveillance and has tech skills to investigate it.
I ordered the L5 in 2019, still not arrived. I got an email in October saying I’ll get another email in a few weeks, ha!
Not worried about Chinese components however. Thankfully Beijing Telecom is not a service in the U.S. If I get Chinese ads, maybe I’ll worry.
This is not an extreme claim. And you’re obviously not serious when you say something like this should be substantiated. The Western security services (those that are honest, at least, which is an ever dwindling number) would love to be able to find out, document, and counter, all the backdoors inserted by the CCP, but obviously to do any of this requires resources beyond even those they have. None of us in the public domain can possibly provide absolute proof of this. However, we know the nature of the Chinese regime.
Or, let me put it this way. You’re selling your (non-existent, I might add) phone on the promise that it offers privacy, alleging at least implicitly that every other phone does not. Why don’t you substantiate this “extreme claim”? This claim is at least as “extreme” as the one I made. So presumably you will enumerate specific deliberately inserted backdoors for every model of mobile phone made by every manufacturer and every point version of operating system that runs on it, and all that without access to their hardware designs and operating system source code. That would be the equivalent requirement of me “substantiating” my “extreme claims”. If my claims are extreme, so are the - at least implicit - claims Purism is making about your phones and your competitors, which are the very essence of your company and your business model.
I’m not sure why you are quoting that line specifically in connection to your remark about insults. I sincerely apologize to all the morons out there?
I don’t even want to be here. I never would have been here had you delivered the phone when you said you would. Just deliver the damn phone? Or give me a refund?
And I passed the entrance exam ;^)
It absolutely is, as was also mentioned by irvinewade.
That will not help you avoid the consequences though.
A simple spot check would have revealed your extreme claim. Take a random sample of 100 pieces and at least a some would be found. As @amosbatto so nicely explains: none are found and/or documented.
I fully agree with @dcz that this topic easily derails based on different political (non technical) views and are prepared to swallow all my words as soon as some believable evidence is provided from a neutral source. Proving that something doesn’t exist is virtual impossible (as Saddam H. found out 
)
I agree with @dr_t that I want to see Purism paying refunds. The company should have the funds to pay out refunds, since it recently raised over $7 million in capital, or I would like to see the company provide information about how it is planning on using those funds. I think this would calm many of the complaints, and actually help the company generate new orders, since many people are reluctant to pre-order Purism products with the current refund policy.
All the major phone makers also use closed-source software. All the major phone makers’ phones also have back doors. All the major phone makers also spy on you.
Who should be able to do this? You? Me? Well-resourced entities like the NSA? Do you think the latter would publish such results, or even publicly acknowledge they know about such exploits if they did?
That’s not accurate, though, is it. Just do a few Google searches and you’ll find plenty of stories of the CCP inserting malware into their products. I just found this one:
and this one:
And plenty more. We all know about Chinese government shills crashing other people’s Zoom calls. It’s obviously a lot harder to find backdoors inserted into hardware or firmware than it is those inserted into software products, but that doesn’t mean they’re not there.
Big tech companies don’t even pull out of China despite (a) China openly committing genocide of the Uyghurs in Xinjian, (b) China persecuting Falung Gong practitioners, locking them and Uyghurs up in concentration camps and harvesting their organs to supply their burgeoing organ transplant trade, ( c) China regularly disappearing its own citizens, imprisoning and murdering political dissidents, (d) the widespread use of slave labour in China, including by those very same tech companies, (e) China literally stealing ARM’s IP (https://semianalysis.com/the-semiconductor-heist-of-the-century-arm-china-has-gone-completely-rogue-operating-as-an-independent-company-with-their-own-ip/). If these tech companies won’t even pull out for these reasons, I can’t see there being any risk of them pulling out for the reasons you give. Not to mention that both most American corporate moguls and politicians are deeply in debt to and compromised by, the CCP.
Sorry, I totally disagree with this. The CCP is totally based on Marxism and their power is totally based on the same principles that were used by Stalin, Mao, Hitler, Pol Pot etc. Things may (or may not) have been a bit different under Deng Xiaoping, but Xi strives to be another Mao, and will arguably be remembered by history as being even more brutal.
Or rather harvesting their organs, enslaving them in slave labour concentration camps or putting them 6ft under. The government never delivers any jobs or economic growth, and this is especially true of communist governments.
Sure, and always has been.
I think what’s become totally obvious is that Purism, while professing to deliver a “privacy” phone is actually an apologist for the very worst violator of privacy and human rights in the world, the CCP. Any dissident in China would be mad to rely on Purism to keep safe.
I don’t really want to be a part of this discussion, but it has been useful as it has revealed - at least to me - that Purism’s claims that your claim can provide privacy (and therefore safety) is extremely unlikely to hold any water. I’m sure you disagree, but the bottom line is I don’t trust your product, or your claims, so can I please have a refund?
There’s a big difference though: none of the reasons listed by you affect their ability to sell to overseas markets, whereas China tampering with hardware does. If you accept that the prime goal of big tech companies is earning money rather than human rights, it follows that they care about tampering, not whatever China does to internal markets/humans.
This is dubious:
It is still a matter of considerable controversy whether that post-Maoist doctrine, in any sense, is Marxist in content or aspiration.
I’m glad that you try to provide some sources, but you could be more thorough and applied them to a larger portion of your claims. I’m not going to be your reviewer, I’m just going to close the thread if you don’t.
Seriously, you don’t think ARM’s sales are impacted by the Chinese IP heist? Or that the same couldn’t happen to any other company operating in China?
I’m not going to respond to your “headmistress attitude” taunts and attempts merely to annoy. Just give me a refund. I’ve given you plenty of latitude, and have already made it clear that I can’t be bothered to fight you as I have better things to do, unless of course you go out of your way to annoy me, in which case you also know what I can do, will do and that you have no leg to stand on. And, communism = nazism = socialism = fascism = Maoism = Marxism = Leninism = Stalinism = … Your splitting of hairs on this issue just confirms that Purism’s claims that you’re developing privacy-enhancing products to protect against Big Brother spying have no credibility.
This is tasteless (not to mention groundless). You accept your own inference and hypotheses as fact and debase anyone who doesn’t see things the same way you do. There’s no logical discussion here, just an obnoxious rant. A little open-mindedness would do wonders.
I think you’re getting attached too much to me as a Purism representative. I did my best to make it clear that I’m staying within my boundaries of a moderator here, or at most a nitpicker, but you somehow take it as an official Purism position. I don’t think this thread will go anywhere if you continue in that belief, and also you seem to be trying to bait nitpickers with statements like
I think this thead has nowhere to go from here. Closing.