Let me rattle up the hive for a bit. The topic has probably been raised before, but not recently (?) so let’s revisit it. I check Graphene OS development from time to time and really you could follow Android OS development to get the same general idea: lots of CVEs, many critical, get fixed in each new release and security patch. There are really a lot considering the maturity of the codebase as a whole. I’ve been thinking about it for quite some time and I think we might be trading security for freedom here. I’m all but certain that our mobile distros all contain bugs galore with not enough people to test for those. There’s not enough demand, not enough interest, not enough people. Suppose Librem 5 grabs 1% marketshare tomorrow, you can be certain that there will be zero-days rivaling the classic Windows 95 ones. The collection probably already exists somewhere. That much is probably obvious, but the question is more - is it possible to live through that? Is it possible to live with that? And where is this middle ground? Shower me with your critical insights.
Thinking about security without free software is just ridiculous.
But as we all know, Linux, aka Open Source, do believe in security without free software(blackboxes), as a example Android(grapheneOS) Fedora and the rest opensources oses.
I mean the changelog from a blackbox is not valid or security for user.
May be similar to: Privacy versus Freedom
Most likely. I’m certainly not in a position to tell you how many there are but only a brave person would bet on 0.
The theoretical upside is that PureOS is based on the Linux codebase, which itself is mature. It has experienced a share of 0-days and those (the ones we by definition know about) have of course been fixed. So 0-days for the Librem 5 presumably fall into two categories:
- generic Linux 0-days that have never come to public light
- specific or unique 0-days that aren’t applicable to most devices or configurations but happen to apply to the Librem 5 (and I guess this includes any ARM microarchitectural bugs - like all the Intel ones we know about - but the Librem 5 is slightly protected here by having a ‘simpler’ ARM CPU)
I’m sure (so-called) intelligence services everywhere are stockpiling 0-days (both for Linux and for Windows etc.).
However the use of a 0-day will often result in the 0-day getting detected and fixed, and so the 0-day becomes worthless - it could effectively be “use once”. So the question for the stockpiler is: what is a sensible use of a 0-day? I suspect that attacking your phone or my phone or the phone of any forum participant would not be sensible because we are not high value targets (except if someone is 
).
As a further observation, half the purpose of a killswitch is to confound a 0-day. Even if your operating system is hopelessly compromised by the worst Linux 0-day ever known to mankind, the killswitch can still protect you. (The other half of the purpose of a killswitch, applying to the two radio cards, is that you can’t trust the two radio cards since they run embedded blackbox firmware. So it is good to be able to kill them stone dead when needed.)
Yes. I mean 1% marketshare (while it would be significant for Purism) is peanuts. If I am some rando hacker or cybercriminal, I’m still more sensible to target the 99% - because actually they aren’t targeting anybody, it is simply a scattergun approach and the more they hit, the more they win.
In addition to the killswitches, Purism should probably be looking at software hardening. Compromise is not a binary thing so hardening matters. (For example, there was a recent user post about how to break the nexus between the screen unlock PIN and the purism password, which of course also accesses sudo and hence also completely compromises your device if the PIN is exposed.) I think Purism intends to get to hardening but it probably hasn’t had a lot of attention as yet.
I say we’re doomed. Between Android that Google will take away sooner rather than later, black boxes that are iOS and the underfunded and understaffed various Linux projects (and Sailfish)… there’s nothing. All the time the world at large keeps pushing for more dependency on all things mobile. US doesn’t have the financial incentive to care, Europe is extremely slow to react as usual, China has its interests lying elsewhere, that’s pretty much that.
My point was that common sense dictates that you pick Librem 5 and not Xiaomi primarily not because you believe in “freedom of software” but for practical reasons, which is security first and foremost. The vulnerabilities will be present not in Linux kernel, but in every kind of binary that surrounds it. SMS, Gallery, Browser, all that… The attack surface is unimaginably huge and it gets larger every day as we try to not be outrunned by the established actors chasing new features. Given that software nowadays is a permanent beta, it’s running forever, there is no goal, no destination. Sailfish caught a lot of flak for stalling to update their Firefox ESR to the new version, consequently many sites decided they didn’t want to work in a version that was maybe only a couple years behind.
If that is all true, then it’s logical to assume we must plan for a non-connected, non-mobile future which is what I personally am trying to do now.
Or to use Librem 5 with some trusted Linux (PureOS, PostmarketOS, Mobian OS,..)
I’m trying with all my efforts to leave/abandon iPhone for Librem 5 daily driver