Thoughts on the Librem 5 Linux-based privacy-centered telephone
I was asked to write up my thoughts on the Purism Librem product range, see https://puri.sm/. I'll start with the telephone - Librem 5 - and possibly I'll follow up with another post on their laptops. Since I haven't tested the Librem 5 (yet), much of what I write below is speculation. If you have any experience with it, please share in the comments section!
I'm an Android user, but I did have a break for some years from my Android life - I did buy a Jolla phone while it was still possible. Unfortunately it got submerged in salty water. I was very pleased with my next phone, an Intex Aquafish also running SailfishOS (despite the troubles buying it), but eventually it was lost in Korketrekkeren. I ordered my Librem 5 in January 2018, saw that "expected delivery date" was in January, but failed to see that it was Janary 2019 ... so I had to buy an android in the meanwhile. I ordered my Librem with lots of extra equipment - external keyboard and big external monitor, paid it using crypto currency. With the bitcoin prices back then I could afford that. 2019 came, phone was delayed, I realized the monitor and keyboard was quite much overpriced, I needed the money so I cancelled my order. I will probably go order that Librem 5 soon anyway, but without the extra stuff, just need to know that I have control of my economy first.
I strongly want "proper" Linux on my telephone, with full root access. This is mostly my personal preference - for one thing, I strongly prefer open source, I want to have full control of my own equipment, I'm a bit worried about the amount of personal data collected by Google ... I could probably devote a long post for my reasons, but that's a digression. Oh, and I also really dislike monopolies, duopolies, oligopolies etc. There are unfortunately no real competitors to Android and iPhone at the moment, except some few proprietary "dumb-phones". Huawei is coming with their own OS soon, but it's also going to be proprietary if I understand it right. Lots of projects have been in the pipeline, but none has succeeded - as far as I know (please correct me in the comments if I'm wrong) Librem 5 is the only "ready-to-use" smartphone outside the duopol.
Living without Google
I was using gmail for a while - and my employer at that point also gave up fighting spam and eventually bought supported accounts for all the employees. It worked great - all until it didn't. My gmail was blocked for technical reasons for half a year. I was unable to log in. I was unable to search my mail archive. People sending me emails got a bounce message that the account was disabled - like if my employee status had been suspended. We had also started using Google Docs, I was also unable to access that. We paid for support, but didn't get any real support. I guess there were some 99% SLA, so "email works well for 99/100 employees" was within the SLA. It was a turning point, after that I've tried to get as independent as possible from Google and similar services.
One doesn't really have to give up all of Google even if choosing a non-Android telephone. The very most of the Google services works well from the browser. Indeed, I was using Google Maps from the browser on my Sailfish devices, worked as a charm.
Living without android apps
There is almost nothing that can be done in an app that cannot be done in a html5-application. I really hate this trend where even the kiosk at the corner wants you to install some app in order to get discount on the coffee. Yet, it's a very real problem. By now I cannot even buy my lunch in the canteen without having an android app available. That's the biggest hurdle for me (I'm considering to complain), food is important!
It was possible to install and use android apps from the Jolla telephone, although some hurdles - like, one had to go through quite some hoops to install Google Play store, and quite some apps can only be installed through Google Play. I think paid apps on Google Play in general didn't work. Also, eventually, lots of newer apps didn't want to work with the Jolla.
As for now, it seems like the Librem 5 does not support running android apps. Perhaps at some point in the future it will be possible. It does run linux desktop applications natively - unfortunately that won't help me paying for the canteen food.
For an ordinary pragmatically-oriented person trying to live a normal life in Norway in 2020, it would be madness to give up running android/iphone apps. I hate it, it's a bad circle, people have come to expect that there exists apps in both of those two ecosystems for nearly anything one wants to do, and businesses and even governmental bodies feel obliged to provide those apps, and expects everyone to be able to run those apps.
I think foresaking android apps could work for me ... if it wasn't for the canteen app, dammit, just thinking of forsaking the canteen makes me hungry!
I'm not much into hardware, so I have no idea if the specs shown are good compared to the price or not - but I think it's important that the battery can be taken out and replaced. Also, it's nice that the phone is actually designed to allow the end user to open it up and repair it. Quite some phones nowadays are intentionally designed so that it's impossible to do simple things like replacing a broken glass.
The phone has hardware kill switches - which is good, flip a physical switch, and one can trust the phone to become radio-silent. We've all heard about phones that keep spying on the owner even when it's turned off? I would trust the Librem not to do so. (Or, can I? Perhaps the device is made by the powers to be, just to spy on those folks thinking they have something to hide? Even if the software is open so
urce, the hardware is not ... but I digress, conspiracy theories is outside the scope of this post)
I haven't tried PureOS, but as far as I've understood it they aim to have a unified user experience based on Gnome across the desktop and phone.
Ubuntu was trying to go in this direction when they were developing on the Ubuntu phone. In some releases, their desktop environment was getting optimized for the telephone environment. Users were not happy. The desktop environment and telephone environment is very different kind of beasts, for an optimal work flow the user interface needs to be optimized differently for the mobile and the cellphone. One obvious thing is the size of the display, one can fit much more information (and buttons) on a desktop screen than on a cellphone. The keyboard - in a desktop environment it's possible to do a lot of navigation through keyboard shortcuts, I work almost exclusively through the command line. On the telephone, the "soft keyboard" can easily eat up half of the screen, and it's not quite as comfortable working with. Mouse with three or more buttons and quite good precision on the position of the mouse cursor vs one clumsy thumb. Swipes vs left-click, etc.
Unless the user interface is different on Librem 5 and Librem 13/15, my bet is that it's going to be uncomfortable both on the telephone and on the desktop.
If anyone has tested PureOS, then please tell about it in the comments.
"Peace of mind with a phone that does not track you" it says. Well, that's in the best case a half-truth. Yes, an ordinary android phone with GPS and dozens upon dozens of apps running is constantly "leaking" position data and lots of other personal information to a bunch of companies. A Librem 5 will probably "leak" very little private information to very few companies - but still, there is always some communication between the phone and the nearest base stations. Telecom companies will know what base stations the telephone has been connected to, and from that they can deduct where the telephone has been.
That's enough to kill you. Our national broadcaster had a long article (Norwegian) on how meta data from the telecom companies, combined with statistic methods have been utilized in Iraq and Afghanistan to direct drone attacks. This is of course a very extreme example - we're living in a peaceful corner of the world in a peaceful time.
The Librem 5 is probably better than most phones. For one thing, it has an "IP first"-policy, meaning that messages and voice calls probably will be sent over the Internet as much as possible - though, I'm curious on the details. I guess it requires both ends to be connected to the matrix network.
I already mentioned some few positive points in the hardware section, but there is more.
Previous summer there was quite some circus in the Norwegian national media as our minister of fisheries had gone for a private trip to Iran, bringing his work telephone along, and without consulting the IT security people. Simply by visiting Iran, his phone could have been compromised by Iranian govt we could read in the newspapers, and the damage was not restricted to the time he spent in Iran, his phone could still be infected by some trojan horse when coming home. He was quite uniformly critizised by Norwegian media. For me this was a big WTF. Can a telephone be compromised simply by checking into an untrusted base station? That's really, really bad. Back in 2014, Aftenposten reported that they had observed lots of fake base stations in the area around our parliament. There is no need to go to Iran to get the telephone compromised, it can even happen during a parliamentary session.
Purism promises that the CPU is separated from the Cellular Baseband. I take it that with Librem 5, such attacks should be impossible.
How is the security in PureOS handled? Some ten years ago, I would boast that Linux is secure by design. Well, I've come to think that this mostly applies to the server side. One would typically use some kind of isolation at the server side, different users for different applications, containers are becoming more and more popular, with systems like SELinux it's possible to regulate permissions for each application with very precise granularity. On an ordinary Linux desktop - not so much. Every application you run typically has all the same permissions. One will typically run some browser software and some number of other applications, and any bug in any of the software components can expose all of your secrets on the system. Even Android is marginally better, as it asks the user for each and every application what kind of permissions it should have.
There is not a lot of details to be found on PureOS, but I suspect it has that same problem.
There are lots of tricks one can do to improve the security, everything that works in the server space should theoretically also work in the desktop space, but for the ordinary user it's non-trivial to design, set up and implement proper security. It may be worth looking into Qubes OS if one wants "a reasonably secure operating system" on the desktop.