Anyone looked and/or considering buying a Librem_5 mobile phone ?
Interested to hear comments, complaints, theories......etc regarding the soon to be released Librem_5 mobile phone; which claims to be 'crowd-sourced' more secure hardware running more secure OS ; ("PureOS"seems to be a Debian variant ) https://puri.sm/products/librem-5/ regards Rohan McLeod
Rohan McLeod via luv-talk wrote:
Interested to hear [about] Librem_5 mobile phone; which claims to be 'crowd-sourced' more secure hardware running more secure OS ; ("PureOS" seems to be a Debian variant) https://puri.sm/products/librem-5/
I have been watching on the sidelines while some friends considered them. IIUC the short version is: 1. you can't build a smartphone that's safe for paranoid people. 2. you should use physically separate devices for "LTE radio" (untrusted) and "computer" (trusted). i.e. something like getting a dumb phone and putting it into "wifi hotspot mode", except over a cable instead of wifi. Then, obviously, do all your crypto and tunnelling from the computer, so the phone is like an untrusted ADSL modem in "bridge mode". 3. purism is the best choice of integrated phone+computer device, if you're not prepared to do #2.
On 24/1/19 11:44 am, Trent W. Buck via luv-talk wrote:
Rohan McLeod via luv-talk wrote:
Interested to hear [about] Librem_5 mobile phone; which claims to be 'crowd-sourced' more secure hardware running more secure OS ; ("PureOS" seems to be a Debian variant) https://puri.sm/products/librem-5/
I have been watching on the sidelines while some friends considered them. IIUC the short version is:
1. you can't build a smartphone that's safe for paranoid people.
I think the same for ANY hardware these days..... The crazy 5 eyes are having their play against Huawei, but they've got the same deal with Intel and likely other areas. No hardware can be truly safe and secure for the most paranoid unless you make it yourself from raw materials and no one person could do that today. Cheers A.
Andrew McGlashan via luv-talk wrote:
On 24/1/19 11:44 am, Trent W. Buck via luv-talk wrote:
Rohan McLeod via luv-talk wrote:
Interested to hear [about] Librem_5 mobile phone; which claims to be 'crowd-sourced' more secure hardware running more secure OS ; ("PureOS" seems to be a Debian variant) https://puri.sm/products/librem-5/
I have been watching on the sidelines while some friends considered them. IIUC the short version is:
1. you can't build a smartphone that's safe for paranoid people.
I think the same for ANY hardware these days.....
Further reading: https://libreboot.org/faq.html#will-the-purism-laptops-be-supported https://libreboot.org/faq.html#intel https://libreboot.org/faq.html#amd https://libreboot.org/faq.html#what-about-arm The last two links don't say, but ARM TrustZone is mandatory in AArch64 (ARMv8/ARM64) systems, and present on some ARMv7 systems. TrustZone is basically ARM's equivalent of Intel Management Engine. Likewise AMD systems have an equivalent of IME, which is an ARM core, so ironically there is a backdoor in their backdoor. In a smartphone, the OS on the radio (the "phone" in "smartphone") has backdoors into e.g. all RAM, *as well as* the same as TrustZone backdoors as regular computers have.
Trent W. Buck via luv-talk wrote:
Andrew McGlashan via luv-talk wrote:
On 24/1/19 11:44 am, Trent W. Buck via luv-talk wrote:
Rohan McLeod via luv-talk wrote:
Interested to hear [about] Librem_5 mobile phone; which claims to be 'crowd-sourced' more secure hardware running more secure OS ; ("PureOS" seems to be a Debian variant) https://puri.sm/products/librem-5/ I have been watching on the sidelines while some friends considered them. IIUC the short version is:
1. you can't build a smartphone that's safe for paranoid people.
Trent I'm not sure that one must be [Oxford concise] " suffering from mental derangement, especially when marked by delusions of grandeur, persecution etc" to want anonymity except; when the social, commercial or legal situation demands something less. After all that is the defacto norm ; apparently everywhere except the internet! As for security we mostly settle for "more secure" rather than secure. Who is about to live without locks on their front doors; just because there exist people with the equipment and skills to crack tumbler door locks ? Thus I see it as perfectly sane to look for a mobile-phone, whose hardware and software is "safer" and hopefully much less annoying than iPhones and Android phones regards Rohan McLeod
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 25/1/19 7:12 pm, Rohan McLeod via luv-talk wrote:
I'm not sure that one must be [Oxford concise] " suffering from mental derangement, especially when marked by delusions of grandeur, persecution etc" to want anonymity except; when the social, commercial or legal situation demands something less. After all that is the defacto norm ; apparently everywhere except the internet! As for security we mostly settle for "more secure" rather than secure. Who is about to live without locks on their front doors; just because there exist people with the equipment and skills to crack tumbler door locks ? Thus I see it as perfectly sane to look for a mobile-phone, whose hardware and software is "safer" and hopefully much less annoying than iPhones and Android phones
Yes, but it's a damn pity we have to "settle" for that... :( A. -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXErVIwAKCRCoFmvLt+/i ++8TAP4qcqDik0gavrSlyOqSOhwES9UrY1O9+HdAWf5s8BE40wEAkA6V4El26+o0 ow5eaTgArYjDvc4UQb2kgtJiUa+PP9Y= =PSnk -----END PGP SIGNATURE-----
participants (3)
-
Andrew McGlashan -
Rohan McLeod -
Trent W. Buck