IMO, it will be part of certificate (ACMA, CE, FAC, FCC, MIC, SRRC, etc.). This might easily be just concern/thought without any real-world basis (please read/see this as truth) while without concurring no sale nor gift for whatever this might be and while:
As (example for CE RED) everyone within EU moving/staying/living around (within) particular region/country might easily and already receive (even with simple Symbian device) an SMS directly from 112 if and when situation demands. And, IMHO, Librem 5 will not be excluded, if having cellular modem HKS ️ and not ️. Please find (on last page) this sentence if someone bothers what I’m broadly selling here (info): “Public warnings shall be easy for end-users to receive.” Fully regulated framework/implementation of this is already surrounding us, as @amosbatto confirmed, or, for sure, just around the corner, as “for them is just showing off” time (and money).
If the cell tower queries your phone’s GPS to find your location, it seems that you could spoof that system quite easily. Just write a program to tell your phone to lie to the cell system about where you are. If they triangulate your location, you’ll need kill switches to escape surveilance. Here in the US, I doubt they’ll ever be able to compel the average non-criminal citizen to allow location tracking through any lawful means. They’ll try. But they won’t succeed. The best they’re going to get is what Google is doing now, as opposed to enforcing statutes. And obviously we don’t like that and are building non-trackable phones.
Using cell towers, the cell phone company can tell roughly where you are, even if your GPS is turned off. However, if the GPS is turned off, Android doesn’t have that information and can’t pass it to Google’s servers.
Even if the GPS is turned off, Google has often mapped the wireless networks in an area and can tell where you are located based on the wireless networks that it sees, so WiFi has to also be turned off. Fox News reported in November 2018 that Android continued to collect your geolocation data even when the phone was in airplane mode and then sent that data to Google servers when the phone reestablished an internet connection. It is unclear from the Fox News report, whether Android was gathering the location data from the GPS, WiFi networks or both, but airplane mode didn’t turn off all wireless communications like it was supposed to. This makes sense to me, because airplane regulations in the US used to demand that you turn off the device and not simply put it in airplane mode, so they must have observed that devices in airplane mode were still using wireless communications.
That’s complicated though. If the cellular modem has built-in GPS (not uncommon) then “writing a program” or “spoofing that system” won’t necessarily work at all. The cellular modem betrays you, without your knowledge or control.
If the cellular modem does not have built-in GPS then you have the option of “spoofing” or indeed just “lying” and saying that you can’t get a GPS fix. However as a later post said, any “spoofing” has to pass the laugh test, based on the fact that the tower knows where it is and knows you are associated with it.
If I recall correctly, the Librem 5 falls into the latter category - therefore, while the cellular modem can still betray you, it can’t do so by reporting your GPS location without your consent.
I think the main point of airplane mode is to disable all wireless transmissions. You can be in that mode while still receiving WiFi beacon frames and while still receiving GPS signals - and hence continuously getting the best possible location fix - for transmission to your Google overlord once you come out of airplane mode.
SIM card is different from the Smart Card. Two different cards and your phone could have both. (Both of them technically have private keys but the SIM card has keys for using the mobile phone network, rather than general purpose keys that you yourself put there.)
Not possible for initial backers (way too late) but, yes, people ordering a Librem 5 now ought to be able to order a compatible smart card with the phone at the time of ordering the phone.
The FLOSS Shop in Germany was the only seller of OpenPGP cards that I found in a web search that will fit in the Librem 5 (mini-SIM size, also called 2FF or ID000). Hopefully Purism will also sell the cards from its web site, because buying a blank card and creating an OpenPGP card is complicated and costs more than simply buying one.
Just to add to locations/locating: there are also databases that know from the IP the general location. So it’s like steps in accuracy of automatic location, when this data is shared with services: GNSS(GPS) -> cell tower triangualtion (by active measurements) -> Wifi-hotspot map/db -> single cell tower vicinity map/db -> IP-location map/dp -> metadata (language settings, timezone, SIM-registration, etc.).
I followed the instructions and now I can see the device. Before I try to use it, I see on the desktop a new app appeared called Gscriptor. It has no icon (so it shows a question mark) and the command of the app says “Send commands to smart cards”.
Is this the app to manage the openpgp card? It there a howto somewhere or I have to use the command line?
I have successfully installed my gpg private key in the opengpg L5 card following shtrom’s wiki as suggested by @amosbatto Now the gpg --card-status shows the installed key as Encryption key.
The fields
Signature key and Authentication key still say [none]. In the wiki I do not see how to load my key for signing too. I do sign Emails using Thunderbird on my desktop. I do not know if Geary supports this yet but in the future I would like to have this possibility.
You would just use the same toggle -> key N -> keytocard procedure that you used for your encryption key (where key N is the key number for your signing key) and choosing “(1) Signature key” when prompted to select where to store the key.
If you are also planning to use a GPG authentication key for SSH, the section of the wiki you are referencing on forwarding GPG keys for SSH seems way more involved than it needs be for the Librem 5. Although, I may be wrong as I didn’t read it in any real detail, I merely skimmed it.
gpg --edit-key D113634BEB67EEA2
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa4096/D113634BEB67EEA2
created: 2021-03-15 expires: never usage: SC
trust: unknown validity: unknown
ssb rsa4096/DC0801BFD59CE524
created: 2021-03-15 expires: never usage: E
card-no: 0005 0000A731
[ unknown] (1). ANTONIS TSOLOMITIS <atsol@aegean.gr>
gpg> key 1
sec rsa4096/D113634BEB67EEA2
created: 2021-03-15 expires: never usage: SC
trust: unknown validity: unknown
ssb* rsa4096/DC0801BFD59CE524
created: 2021-03-15 expires: never usage: E
card-no: 0005 0000A731
[ unknown] (1). ANTONIS TSOLOMITIS <atsol@aegean.gr>
gpg> toggle
sec rsa4096/D113634BEB67EEA2
created: 2021-03-15 expires: never usage: SC
trust: unknown validity: unknown
ssb* rsa4096/DC0801BFD59CE524
created: 2021-03-15 expires: never usage: E
card-no: 0005 0000A731
[ unknown] (1). ANTONIS TSOLOMITIS <atsol@aegean.gr>
gpg> keytocard
Please select where to store the key:
(2) Encryption key
Your selection?
So I do not get the choice to Signature key. Nothing changes if I issue the toggle command.
What do I do wrong? I can sign emails with thunderbird and this key on desktop. What does toggling do? I expected to switch the * to sec. No?
️ and not 
️. Please find (on last page) this sentence if someone bothers what I’m broadly selling here (info): “Public warnings shall be easy for end-users to receive.” Fully regulated framework/implementation of this is already surrounding us, as @amosbatto confirmed, or, for sure, just around the corner, as “for them is just showing off” time (and money).