Secure Smartphone?

What does Holla Forums think about this:

puri.sm/shop/librem-5/

Discuss

Other urls found in this thread:

stallman.org/rms-lifestyle.html
reddit.com/r/linux/comments/3gt6r1/richard_stallman_is_right/
twitter.com/NSFWRedditGif

All Purism products look like a cheap ripoff, chinese ODM cases with logo slapped on.
Librem laptops are not open hardware, you can not have their schematics. "Hardware" kill switches for radios are not actually hardware, but rather routed through the embedded controller, like on Thinkpads. They ship their laptops with "Pure[spolier]t[/spoiler] OS", yet another Ubuntu gnomeshit reskin. They even failed to port coreboot with ME cleaner themselves and asked Google engineer from Chromebook team to do it for them.
What I think of this phone:
It will not have libre kernel as there are currently no 4G baseband processors that have libre drivers.
It looks hideous, they try to make a normie-friendly design and it turns out completely bland.
All projects that tried to bring GNU userland to mobile phones are currently dead or frozen, what OS and what apps will they ship this phone with?
oh yeah
kek
I bet you 99 shekels that whatever systemd+gtk they'll put on it will be slower than latest Android with million abstractions of memory-safe javascript virtual machines on average pajeetphone.
Hardware switches are cool, but they are mostly placebo, especially on systems that supposed to run free software. If your system is compromised, pictures of you wanking on front camera would be the last thing most attackers would be interested in.
Bad, give people an option of Lineage or AOSP and subvert them later.
Can IMEI be changed? If not, then can BSP be easily swapped? If not, then what's the point of all this freedom larping?

/thread

Yeah they kinda do.

Name one laptop that you CAN have the schematics for.

Pure OS is based on Debian, not Ubuntu. It is libre.

Really? That's a bit concerning, but as long as this coreboot is no more botnet than the one you would flash onto a Thinkpad or Elitebook, then I guess it's ok

Yes it will

I believe they found a way around this, by separating it from the main processor in some way.

It's Debian with GNOME. They could install anything that's in the repos.

That's a good thing. no Management Engine

Wait, now you WANT the botnet?

Fundraising just surpassed 1 million dollars
Still not 100% sure if I want to get one, but having a phone that runs GNU would be pretty cool.

pick one

Also
HOLY FUCK, MY SIDES

No, he doesn't want a botnet. He wants something he can turn into a non-botnet.
Having a compromised baseband modem is shit i.e keeping the modem seperated from the proccessor like the purism people want.
Jewgle it. It exists.

If the hardware can't fully run on replicant or one of the free/libre FSF distribution then it's botnet.

Why go through all that trouble? Why not just have it not be botnet in the first place?
Explain a method through which the creator of a phone could have a non-compromised baseband. No, seriously. I want to know.
Are you referring to that EOMA68 shit? Would you use it?
Literally the only distro I can think of that does not use any of these components is Void. A distro that you could probably install on this phone.

I'm seriously wondering whether yall are actually Jewgle shills trying to shit on this project and get people back on to (((Android)))

I think I saw that Purism might be trying to get Pure OS Stallman-approved.

Can't it just not have support for 4G until the free implementation is done?

OY VEY WHY THE GOYIM DISOBEYING US


what good goyim! please buy more intel

...

The firmware is set in ROM, so I guess you'll just have to keep the hardware kill switch in the off position.

Simple, FOSS the translation layer that communicates with the kernel. Or make the modem like the old style wifi cards which required you to upload firmware to them on boot i.e FOSS in this case. It won't be secure but it will be "non-compromised" in the sense of no intentional backdoors. Or able to be uncompromised in the sense of taking that firmware away before boot/uploading of it.
Because it doesn't exist and alphabet agencies would shoah it should it come into existence. Hence making it "backdoored" by default to throw them off when you create the phone. If it can be made un-backdoored in software your golden. But with hardware backdoors like the purism phone it's useless i.e proccessor and modem. Especially since purism owners will be a easy target to make a hardware based backdoor for and to re-use it often for high value targets. Assuming kikezone isn't already easily compromised.

Yes but normies don't like that kind of thing. Along with it being illegal in the USA and europe to have a open firmware wireless modem sold by manufacturers. Read the above for how to do it with closed firmware then allow people to fix it later.

Unless you are going for perfect security. It's enough to reduce you from low hanging fruit to mission critical only target.

And all we wanted was to play vidya. Ugh.

Isn't this what they said they were going to do? Making a FOSS kernel module for it.

Yes but then the firmware on the modem is still a blackbox. That's why the old way of firmware uploaded on use is better. Especialliy if it's FOSS you can fix.

FYI you can download leaked schematics for most laptops "from russian FTPs". That's not really a problem for any mainstream computer. But when it comes to some little project that claims to be open hardware and does not deliver schematics, it sounds very slippery-sloppery.
You either have libre driver or proprietary in-kernel driver-firmware. Sure, you can physically turn off a BSP that runs unknown code on your main processor, but it's the same as argumenting that you can turn off your Windows computer and escape the botnet when you don't need it.
Uhm, ok.
Stop being Captain Obvious.
Neither AOSP or Linage are botnets, they are free software versions of Android with libre userland, but since most smartphones' hardware require proprietary drivers, kernels remain closed-sorce. In this situation, as they claim their kernel would be libre, they can offer libre Android versions from start too.

WHY BSP IS NOT REMOVABLE? HOW AM I SUPPOSED TO CHANGE MY IMEI IN ORDER TO STOP CIA NIGGERS TRACKING ME

Runs PureOS by default, can run most GNU+Linux distributions
CPU separate from Baseband < this is important since all snapdragon CPUs have the baseband integrated. Pretty much no modern baseband is open source. If the baseband OS has access to the main system, then it does not matter which ROM you are running, "they" can still take over your phone. Therefore Nearly every cell phone has a universal back door that allows remote conversion into a listening device. (See Murder in Samarkand, by Craig Murray, for an example.) This is as nasty as a device can get.
Hardware Kill Switches for Camera, Microphone, WiFi/Bluetooth, and Baseband
World’s first ever IP-native mobile handset
End-to-end encrypted decentralized communications via Matrix
5″ screen
Security focused by design
Privacy protection by default
Works with 2G/3G/4G, GSM, UMTS, and LTE networks

Search "phone" on the following page.
stallman.org/rms-lifestyle.html
Search "baseband" in the following thread:
reddit.com/r/linux/comments/3gt6r1/richard_stallman_is_right/

Afaik it depends on your SoC
Most mediatek chipsets are able to modify IMEI
Current Marshmallow-Nougats are able to generate random yet working IMEI after wiping partitions that contain IMEI or after a full format (nvram, depends though)

Maybe if you have contact with 10x chinese reverse engineers/programmers you'll surely get yourself one or if you lurk on their websites (pretty sure it's indexed by chink SE somewhere like how bunny found infos to hack into sd cards)

AFAIK the only best choice so far is an ungoogled 4.2 AOSP mediatek phone with su and few privacy apps and of course a firewalled kernel although it wouldn't be as failsafe as a real hardened OS (none exist otherwise they're way too expensive/targeted towards black marketers).

Ungoogled AOSP 4.2? But thats too old. What's wrong with LineageOS? It has nice security features out of the box, like the Privacy Guard.

LineageOS has propritary firmware installed by default. The building of the ROM uses the same toolkits that android does which means precompiled stage 2 buildtools from (((jewgle))). During the building of the ROM propriatary libraries are used that you can't see the source for. All ontop of not having a hardened kernel or userland outside of the normal android stuff for DMCA apps alone.
It's shit for security.
Atleast base your build off of replicant so that the stage 2 build tools are built by you instead of backdoored by jewgle. Along with the propriatary libraries being replaced by FOSS ones.

Yes, because they, sadly, don't have the resources to make them better.
"Open hardware" doesn't really exist in a way that's user-firendly. Plus, they've never claimed to use open hardware.
Yet you can open, modify and replace everything inside of them. They're even easier to repair than Thinkpads.
Bullshit. They literally sever the circuit of the camera/microphone/radios, which is why you must reboot if you wish to re-enable them (thanks to Linux' lack of proper plug-n-play support.)
It's based on Debian, not Ubuntu, and doesn't contain any nonfree software by default.
This is not a valid criticism. They have Coreboot, which is the important thing.
That's not for sure.
Is it bland or hideous? Make up your mind.
And?
A Debian-based OS with GNOME's or KDE's "apps" plus some other made by Purism and Matrix.
Nope.
What did he mean by this?
Please gib, because your average Debian distro runs better on a Raspberry Pi than Android.
Except for the part where you can literally shut down the radio antennas without losing all the functionality. Or the part were the radio-related drivers cannot access all the system with root privileges. Or the part were you can safely shut down cameras/microphones when not needed.
For what purpose?
Ask them yourself, double nigger.
Wow, what a sad life you must live. To go into anonymous forums nitpicking at other people just to complain.

Why are blatant shilling threads allowed?
The CEO of purism is a sociopath/businessman who preys on the fears of people and sells them empty promises to enrich himself.

[Citation needed]

The most private phone you can get is a basic flip/feature phone that can only call and text. Of course phone service is de facto compromised, but nobody is going to try to crack your phone if there's nothing on it in the first place.

You don't understand. If you want a device to be bug-free and secure, the last thing you should do is install a large, complex modern OS with a thousand different moving parts in it. Write a simple piece of bare-minimum firmware which can be proven or at least demonstrated to have a sound design. Modern software is just too complex for Linux to be effective here.

What the fuck do you have a PC for then?

Nahhhhhh, this is the same price point as name brands.
I strictly buy phones with the specs but none of the gimmick features or brands.
Spend 120~ tops.

so that's fucking useless. nobody will use those switches because of that.
they should of use windows, it supports plug and play unlike linux.

who said I was using a PC?
Less electricity used means less power leaking and makes it easier to control the computer. So if you could make a low powered and semi-secure phone then it would be easy to jail. Monitoring it then would be easy since a botnet would suck the battery life right out of it. Or you could replace it easily if they are made cheaply ala samsung galaxy 2 with replicant.

That and I want good battery life. I don't think there is a phone made today that uses a newer arm proccessor and doesn't have six gorrilion uneccessary battery sucking features like a huge screen or a gyroscope. I read about a UK made phone that had a supposed month long idle battery life but it was made in botnet central. So just fuck my shit up.

What are you stupid? Most unix based OS's support hotplugging of usb, pci*e*, firewire, and proccessors. Just build the *bsd or *nix kernel with said support.

The funding goal has now reached 100%. What will happen next?

archive.fo/qncqj

I am thinking of purchasing one but this thread has some nice FUD, so I may reconsider. Is it not an improvement over previous FOSS phone attempts?

Purism are kikes whose sole purpose is to mislead people who are green to the GNU/Linux world and free software into thinking what they are getting is freedom respecting. They used dodgy, buzzwordy language with their laptops and acted all shifty when people called them out on it.

The best most libre you can do with a mobile phone is a Galaxy S3 with Replicant, which I think still needs propietary firmware for cellular modem, and needs an adapter for WiFi too. Unless Purism's phone has a free BIOS it might as well just be a chinkshit phone with a riced out operating system.

Next you want us to question Alphabet Inc.

they sell out

test

Placebo

Calm down friendo, everybody is a jew.

Placebo

Not bad though imo
sometimes you gotta fake it and others will try to make it.
We're just waiting for a high performance open source hardware to ship.

Purism = Purim + s

...

I've ordered one phone from purism :^)

1) ZRTP can be used over normal mobile voice calls.
2) Librem 5 is focusing on IP communication. 2G/3G/4G module works like a modem.

It's because of how the network is designed. A steeming pile of hacked together crap stuck in 70's
Calls go in plaintext, but even if they were encrypted, since all phone lines are controlled by government actors, you still wouldn't have metadata privacy.
Depending on technology and how modem is interfaced, but yes, E-911 and ping SMS exist.
t. pulled this argument out of my crusty foot
hint: turn off unattended updates
If Purism goys do it right, their phone will both have hardware switch for modem and microphone. No more spooks listening you fapping to doujins in silence.
Normies gonna norm. I personally don't waste my life on texting and social networks Who am I crapping here, I waste it on imageboards :D.
Someone tell the old man about voice recognition and city cameras.

Smartphones are backdoored unless proven otherwise, that's just like turning off telemetry in Windows 10.