Apart from being FOSS and being good with privacy with HKS and all, what does the phone do specifically to bring security to the device? LUKS decrypt at boot? IOS (or higher) level sandboxing of applications? Would appreciate a comprehensive list of what the phone does for security specifically and points that support both security and privacy at the same time.
This is a good idea: to make a list only from this perspective. With relevant categories added (hw/sw is way too general - good suggestions for this?) to help in analysis it should also help to see which areas are well covered (“onion defence”) and which areas may need users to mitigate risk (this may be usecase and user specific) as in which apps to use or not as well as which activities are possible. Possibly, this list could be made by looking at are these aspects more/enough or less than what we might expect from secure privacy focused modern phone (WWMEfSPFP, which is very difficult to describe), compared to what’s out there. We must remember, security is always relative (you can always be more secure and secure enough, never absolutely) and all aspects need to be covered and balanced so there are no weak(er) spots.
I’ll add to this list to begin with positives:
- Verified/trustable hardware. This may be a bit too all encompassing and has been stated differently. No unknown blobs or processors with uncontrolled activity. Also, with X-ray pics and schematics, hardware can be checked. Also maybe trust in Purism to do what they promise, including keeping an eye on sourcing and production. This makes the foundation that everything else (the trust in our devices security) is built on, is it not.
- 2FA with a key (for those that want to use it) is possible.
And what options I’d like to see in the future or what I see that there is room for improvement (not on par with positives or could offer better than others):
- Login/singin security. Only numbers, although length limit was removed, there doesn’t seem to be a way to use alphabet or symbols or combine with other methods (note: 2FA via key or chip a separate thing).
- Login/singin safety - visual snooping. Only number pad when touchscreen could be anything and that pad is static (always the same - movement of fingers identifiable even if screen not seen).
- Login/singin safety - duress. No duress protocol/options included (also see other possibilities).
2FA? How exactly? Also, I would be amazed if there wouldn’t be an alphanumeric password option so that should be available on release.
I’m pretty sure that this would be on Purism’s radar but that is only speculation on my part.
- via integration with a future Librem Key that can connect to the USB-C port
- via the smart card support (theoretically already there but no idea of whether it is working yet)
True, I may have jumped the gun on using the Librem Key a bit, since it’s untested yet. But I’d still add that to the list.
The chip is more an unknown at this point. Good addition to security in potential.
Plenty of other things to add to the list still…