Further to my comments on address book: It is plausible that a person uses an address book to hold more than just phone numbers e.g. names, street addresses, email addresses, notes, birthdays, alternative phone numbers, … Hence the leakage of memory is much more than can be gleaned by observing the metadata of actual calls placed.
Also, LUKS encryption key (or similar) - assuming that disk encryption is in use.
That’s indeed something to be aware of, but that scenario is not a phone design problem. 
It’s the abuse of the third party that is the problem.
Can you avoid it? I don’t think so, but one can make it as hard as possible to them.
Vice versa is also true: If someone has illegal access to your laptop or network, then your environment is compromised and all devices (included USB devices) within it.
Of course it is. Lack of separation of the modem from the OS makes it much easier for the modem to compromise your whole system and attack any devices connected via USB. Librem 5 makes it much harder.
No, it’s not. You should always minimize any trust in any third (or second) party by technical means. Trust should be minimal for your security. For example, on Qubes OS I do not care if any (or all) of my USB devices are compromised, since they are isolated into a dedicated VM.
You are missing the point I’m trying to make. My bad.
I was merely stating that nobody should try to break into your device. The fact that they still try to do so cannot be the fault of the device. It’s the person who is trespassing or snooping you should blame. A good lock can help, but it is just a lock (or separated modem) that can be cracked sooner or later.
You just cannot rely on law enforcement in the Internet, i.e., you should not hope that nobody will break into your device. Serious security that makes a compromise impossible or very hard is a must. Although it’s mostly a fault of the intruders, every company should know about this problem and take users’ security seriously.
I would go further: You should assume that somebody will attempt to break into your device.
I monitor my logs (at home). I know for a fact that people are attempting to break in all the time. I would not therefore assume that a phone is any different other than that it is common for phones to be behind CGNAT thus shielding them (inadvertently) from some attacks but of course also reducing functionality.
Do people think that they can obtain more privacy using a dumb phone? A dumb phone will take away the smart phone features for the phone owner. But your location and identity will still be tracked, most likely even when the phone is turned off. So the phone is only dumb to you, not to the spy machine that stalks you.
Not in my experience 
This is true even for smartphones.
Yes I do, unless you have a wifi-only smartphone. Do you? If not then you have all the privacy issues a dumbphone has plus the ones which come from the smartphone.
(As stated in the previous post, that is a given for any use of a mobile phone, all other things being equal.)
However it depends on your threat model. If your threat model is primarily around the government then, yes, a dumbphone solves nothing, all other things being equal.
But it is obvious that there are many other privacy threats that arise out of the applications that you run on the phone, over and above the ever-present threat of the mobile network itself. The dumbphone strips out those application threats and, yes, it does so via a trade-off: less features, less tracking.
I don’t personally think that Purism will make a dumbphone but if they did then I would “insist” on a killswitch for the modem, in which case that would actually make a pretty damn good threat defence: no application threats and you get to control when and where you can be tracked via the mobile network.
This…
I don’t see a reasonable trade-off here. If you care about app tracking, don’t install suspicious apps on your Librem 5 and use exclusively free software with code you verify yourself. However few apps this will yield, it will be better than a dumbphone without any apps at all.
Those dumb phones traditionally have ZERO privacy/security features…BUT, yes, let’s do it…only with all the good things we need to stay safer than the average guy.
I guess one way in which my suggestion benefits the user is that the user cannot be coerced into installing suspicious apps. If you admit that you have a smartphone, you can always be pressured e.g. denied access to internet banking until you install the bank’s 2FA app because 2FA is best practice (and it is!). If you plead “dumbphone” or “no phone”, you suddenly get better options.
Along similar lines, the user cannot be tempted. The temptation can take the form of financial incentive from a service provider*, or the temptation can be reflective of the user’s poor self-control i.e. addiction, detox (as mentioned in the OP) etc…
It may be that neither of these apply here because the Librem 5 can’t run the app exactly anyway, at this time. However I am taking this discussion as more general i.e. about an alleged trend towards dumbphones, and what the benefits are of dumbphones, as the starting point of a hypothetical discussion over whether Purism should develop the Librem 5 Dumb Edition. .
Again, understanding that this is a very hypothetical discussion, a phone without WiFi and a phone without the ability to run any apps, and reduced to the hardware needed to meet those requirements, but otherwise having some of the core benefits of the Librem 5, might well be physically smaller, lighter, and cheaper, and use less power (better time between charges).
Would the Librem 5 Dumb Edition suit me personally? Very likely not. And I suspect that the participants in this forum would have a large selection bias against said hypothetical phone.
* I repeatedly receive an email from one of the two main supermarkets here basically saying that they will give me cash if I install their app. They don’t know that a) the amount of money that they would have to offer would need to be many orders of magnitude higher and that that would then make it financially illogical for them, and b) their stupid app isn’t going to work on the Librem 5 anyway at the current time.
WARNING: OFF TOPIC
Using internetbanking is no matter of choice anymore.
Where I live, a bank only offer Internet-banking as a service.
At my place there is nearly no possibility left to go to a bank-office and deal face to face with them.
Recently I tried to open a new account but they do no longer offer this possibility except online.
For security reasons (they say) you need to make a selfie video along with a copy of your ID, upload it to their server before they decide if you may open a new account.
Next they send a third party with a tablet to your home address and at the front door you need to sign a on that tablet with a blank screen stating that you agree to their rules.
No possibility to check if what you sign is indeed the agreement you think you are signing.
All this is maybe secure for the bank, but if you point to them that for you this is a far to risky route and too much privacy invading, their reply is “Goodbye”.
Long story short: 2FA is a somewhat safer technical solution for the opposite site (who want to know if it’s really you), but not for you.
The most simple and safest solution is talking face to face, but that option is no longer possible.
Our society is only open to technical solutions (with all its limitations), human solutions are a “no go”.
END (OFF TOPIC)
In what country do you live? I have no such issues here (except I want to use an online-only bank, but I don’t know what’s the process here to activate an account).
And can’t you get a TAN-generator where you just put in your bank card? It’s the much better 2FA option, because they need physical access (and not just compromise your device) while you don’t even need such suspicious proprietary app that does only work on Android and iOS.
Something worth mentioning
Even if such a dumb device will have to have VoLTE, in case of an attack via VoLTE, the attacker won’t find much information on it and no location (since there will be no gps).
VoLTE misconfigurations can leak other subscriber information: during a VoLTE call, it’s possible to obtain details such as the caller’s phone model, the device’s firmware version, and even the caller’s location via Cell-ID.
I think this is a genuine challenge to what the specifications of this hypothetical dumbphone are.
At the pointy end, yep, they require their app. You are stuffed.
But let’s assume a better bank that uses TOTP. Then there are a few challenges:
Bear in mind that a cellular modem may have built-in GPS. So care is needed in either selection or design or both.
[quote] In what country do you live?
[/quote]
In a country near yours.
I have successfully opened a bank account in your country. Just made an appointment and went. Talked to a nice lady who explained everything and welcomed me as a new customer. I got a identifyer from the bank and all paperwork etc.
What a huge difference from my country.
We do not need this kind of solutions in a dumb phone.
Just an identifyer or some kind of hardware token (provided by your bank) is a far better option instead of TFA.