Your Own Personal Enclave: The Smart Card Reader on the Librem 5

As a speed cuber myself, I can vouch that some speed cubes work great for microSD storage but not all have enough room so buyer beware.

1 Like

as a third point to your first two you already gave a few posts up

  1. you’ve just had your first “anti-virus” vaccine in q3 2020 and you suspect that your blood stream might now contain a huge number of near-invisible nano-bots that can be used to extract secrets and more accurately determine if a person is lying or not
1 Like

Not necessarily easy to achieve.

https://en.wikipedia.org/wiki/Deniable_encryption#Forms_of_deniable_encryption (first paragraph)

If you do really mean a “custom algorithm” then there is also some risk that if you are not a qualified and skilled cryptographer, your custom algorithm will be easily breakable. Even many “official” widely used algorithms have over time been found to contain chinks in their armor. So are you confident that yours will be as good or better?

I’ve said it before in this forum but my own personal stance (not binding on anyone else!) is … don’t take your phone across borders.

If your phone contains sensitive data, leave it at home.

Buy a second Librem 5 for travel use. :wink:

1 Like

That may be of interest to some but I’d like to point out that that scenario is not the only one and should not be the reference point for good and encompassing safety and security measures. Duress measures for example could be reasonable for someone in a bad personal or social relationship. There are probably many possible variations on all levels of interaction between that low level and anything that involves countries and their various organizations.

Although a possible example, it should not become the onlyone guiding actions. There are many other scenarios in other countries, in other systems that are more daily. It is be better to give more options to choose from (of which the smart card is one good one, but just one). This will allow to have more depth in defence, more versatility to cover different use cases (non-threats) and keeps possible baddies guessing (stegano plays into this but it’s not for all). It’s not just governmental authorities (or commercial - or other organized/international crime) but often just locally criminal.

Just because there is one good sounding solution, it does not cover all. Sec&safety measures should not only have depth per se, but they should also be at the same or similar level (at least more or less - and there is absolute and relative levels). Balanced, in a sense. To exaggerate, it doesn’t work if one component or aspect is state of the art, if the others are weak(est link) - those can be exploited. And it’s not just technical: https://xkcd.com/538/

I’d also like to add that L5 has the potential to have a very unique combination of features and sec&safety enhancing aspects. The killswitces are good. Known HW and bloblessness a trustable foundation. Linux is nice. The card is one. But to me, the xkcd example for instance has not been addressed (related: using video to catch login). And user still needs to add appropriate messaging, backups, services, VPNs etc.

1 Like

a crypto nerds’ imagination stops when hurting other people is involved. only the “pigs” imagination “transcends” that boundary … :unlock:

1 Like

I am not saying that Purism should make devices with the intent to circumvent the laws of any country. And as an average law abiding person I really don’t have anything that needs to be hidden anyway. But if any government were to routinely and randomly search people’s homes to assure that no one is breaking the law, that society would have problems. We should be able to lock our doors and privacy should always be the default.

1 Like

… or worse, if it is to assure other things - and we assume in the former case that the law in question is even just.

However this ties in with the point I was making above.

There is “mass surveillance” and we absolutely should do everything in our power to push back against that - including supporting products and services that work towards that goal.

And then there is “one guy” who gets pulled out of the line while crossing a border. If someone thinks that his or her smarts and technology is going to win against a government in that situation then that is very likely to be optimistic, given how the system is weighted in favor of the government.

2 Likes

perhaps that has something to do with the fact that we are so MANY :slight_smile:

Taiwan is currently saying that it is illegal for people under quarantine to prevent the authorities from tracking them via the cellular modem in their phones. If you put your phone in airplane mode or turn it off, the police will show up at your door and tell you to turn it back on. I wonder if we will ever see countries banning the sale of phones like the Librem 5 because they might be used to subvert the government’s ability to conduct surveillance.

2 Likes

but if you want to make a standard unecrypted voice call or send a plain text sms message not even the L5 will help much there. at this point for them is just showing off since they control the global telecom infrastructure … like building 5G radio masts while everybody else is under lockdown and calling it “essential-labor”

what is 4G suddenly not good enough anymore ?

and to the point of surveillance - i believe even Snowden said that should be allowed to happen if they do it ONLY localised and contained to key targets … but doing that everywhere and with no warrant is absolutely Orwellian and beyond 1984 …

IMO, it will be part of certificate (ACMA, CE, FAC, FCC, MIC, SRRC, etc.). This might easily be just concern/thought without any real-world basis (please read/see this as truth) while without concurring no sale nor gift for whatever this might be and while:

As (example for CE RED) everyone within EU moving/staying/living around (within) particular region/country might easily and already receive (even with simple Symbian device) an SMS directly from 112 if and when situation demands. And, IMHO, Librem 5 will not be excluded, if having cellular modem HKS :iphone:️ and not :no_mobile_phones:️. Please find (on last page) this sentence if someone bothers what I’m broadly selling here (info): “Public warnings shall be easy for end-users to receive.” Fully regulated framework/implementation of this is already surrounding us, as @amosbatto confirmed, or, for sure, just around the corner, as “for them is just showing off” time (and money).

If the cell tower queries your phone’s GPS to find your location, it seems that you could spoof that system quite easily. Just write a program to tell your phone to lie to the cell system about where you are. If they triangulate your location, you’ll need kill switches to escape surveilance. Here in the US, I doubt they’ll ever be able to compel the average non-criminal citizen to allow location tracking through any lawful means. They’ll try. But they won’t succeed. The best they’re going to get is what Google is doing now, as opposed to enforcing statutes. And obviously we don’t like that and are building non-trackable phones.

2 Likes

Using cell towers, the cell phone company can tell roughly where you are, even if your GPS is turned off. However, if the GPS is turned off, Android doesn’t have that information and can’t pass it to Google’s servers.

Even if the GPS is turned off, Google has often mapped the wireless networks in an area and can tell where you are located based on the wireless networks that it sees, so WiFi has to also be turned off. Fox News reported in November 2018 that Android continued to collect your geolocation data even when the phone was in airplane mode and then sent that data to Google servers when the phone reestablished an internet connection. It is unclear from the Fox News report, whether Android was gathering the location data from the GPS, WiFi networks or both, but airplane mode didn’t turn off all wireless communications like it was supposed to. This makes sense to me, because airplane regulations in the US used to demand that you turn off the device and not simply put it in airplane mode, so they must have observed that devices in airplane mode were still using wireless communications.

Where can i buy the SIM card which stores the private keys? Or does it come with a Librem mobile?

1 Like

As far as I understand it an OpenPGP card should work. Keep in mind I don’t have a Librem 5 so I don’t know for sure.
The OpenPGP cards can be ordered here:
https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3?number=654020&c=41

1 Like

that does raise a good point. we should be able to put in our online-shopping-cart everything we need when we visit the Purism online shop web-page …

That’s complicated though. If the cellular modem has built-in GPS (not uncommon) then “writing a program” or “spoofing that system” won’t necessarily work at all. The cellular modem betrays you, without your knowledge or control.

If the cellular modem does not have built-in GPS then you have the option of “spoofing” or indeed just “lying” and saying that you can’t get a GPS fix. However as a later post said, any “spoofing” has to pass the laugh test, based on the fact that the tower knows where it is and knows you are associated with it.

If I recall correctly, the Librem 5 falls into the latter category - therefore, while the cellular modem can still betray you, it can’t do so by reporting your GPS location without your consent.

I think the main point of airplane mode is to disable all wireless transmissions. You can be in that mode while still receiving WiFi beacon frames and while still receiving GPS signals - and hence continuously getting the best possible location fix - for transmission to your Google overlord once you come out of airplane mode.

SIM card is different from the Smart Card. Two different cards and your phone could have both. (Both of them technically have private keys but the SIM card has keys for using the mobile phone network, rather than general purpose keys that you yourself put there.)

:+1:

Not possible for initial backers (way too late) but, yes, people ordering a Librem 5 now ought to be able to order a compatible smart card with the phone at the time of ordering the phone.

3 Likes

The FLOSS Shop in Germany was the only seller of OpenPGP cards that I found in a web search that will fit in the Librem 5 (mini-SIM size, also called 2FF or ID000). Hopefully Purism will also sell the cards from its web site, because buying a blank card and creating an OpenPGP card is complicated and costs more than simply buying one.

Here is a good tutorial on using OpenPGP cards:

4 Likes

Just to add to locations/locating: there are also databases that know from the IP the general location. So it’s like steps in accuracy of automatic location, when this data is shared with services: GNSS(GPS) -> cell tower triangualtion (by active measurements) -> Wifi-hotspot map/db -> single cell tower vicinity map/db -> IP-location map/dp -> metadata (language settings, timezone, SIM-registration, etc.).

3 Likes

Now you can buy!
https://shop.puri.sm/shop/purism-openpgp-card/

6 Likes