May be similar to: Privacy versus Freedom
Most likely. I’m certainly not in a position to tell you how many there are but only a brave person would bet on 0.
The theoretical upside is that PureOS is based on the Linux codebase, which itself is mature. It has experienced a share of 0-days and those (the ones we by definition know about) have of course been fixed. So 0-days for the Librem 5 presumably fall into two categories:
- generic Linux 0-days that have never come to public light
- specific or unique 0-days that aren’t applicable to most devices or configurations but happen to apply to the Librem 5 (and I guess this includes any ARM microarchitectural bugs - like all the Intel ones we know about - but the Librem 5 is slightly protected here by having a ‘simpler’ ARM CPU)
I’m sure (so-called) intelligence services everywhere are stockpiling 0-days (both for Linux and for Windows etc.).
However the use of a 0-day will often result in the 0-day getting detected and fixed, and so the 0-day becomes worthless - it could effectively be “use once”. So the question for the stockpiler is: what is a sensible use of a 0-day? I suspect that attacking your phone or my phone or the phone of any forum participant would not be sensible because we are not high value targets (except if someone is 
).
As a further observation, half the purpose of a killswitch is to confound a 0-day. Even if your operating system is hopelessly compromised by the worst Linux 0-day ever known to mankind, the killswitch can still protect you. (The other half of the purpose of a killswitch, applying to the two radio cards, is that you can’t trust the two radio cards since they run embedded blackbox firmware. So it is good to be able to kill them stone dead when needed.)
Yes. I mean 1% marketshare (while it would be significant for Purism) is peanuts. If I am some rando hacker or cybercriminal, I’m still more sensible to target the 99% - because actually they aren’t targeting anybody, it is simply a scattergun approach and the more they hit, the more they win.
In addition to the killswitches, Purism should probably be looking at software hardening. Compromise is not a binary thing so hardening matters. (For example, there was a recent user post about how to break the nexus between the screen unlock PIN and the purism password, which of course also accesses sudo and hence also completely compromises your device if the PIN is exposed.) I think Purism intends to get to hardening but it probably hasn’t had a lot of attention as yet.