Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.

And the App Store?

[Captain+Ramage]

The app store for this is?

Re:And the App Store?

[chill]

I'd wager they're going to go with F-Droid to start.

Re:And the App Store?

[ClickOnThis]

You're a bit hasty, expecting an app store for a phone that hasn't even shipped yet. But if you examine the link in TFA, you'll see the following:

- they are offering developer's kits for a donation of $299, to be delivered June 2018
- their PureOS platform will ship initially with basic apps (phone, email, messaging, voice, camera, browsing) with others to follow
- they will offer a secure collection of apps, as part of the Matrix ecosystem
- they have added a stretch-goal to support Android apps in an isolation layer

Re:And the App Store?

[DontBeAMoran]

The app store follows the Linux philosophy. Here's your toolkit: 0, 1. Now go make your own apps!

Re:And the App Store?

The app store for this is?

Given that it's

powered by a GNU/Linux operating system based on Debian GNU/Linux

the "App Store" will probably the Debian software repository.

Re:And the App Store?

[spikenerd]

The app store follows the Linux philosophy. Here's your toolkit: 0, 1. Now go make your own apps!

You are aware, of course, that the success and convenience of Linux package repositories was both the inspiration and proof of concept that caused app stores to exist, right? On an OS built by developers for developers, "go make your own apps" actually works.

Re:And the App Store?

Yup. The Apt Store.

Re:And the App Store?

There's actually quite a bit of demand for such a phone. Ever since the demise for Ubuntu phone (which was due to utter stupidity rather than no demand), this looked promising. Believe it or not, there was quite huge demand for the Ubuntu phone and it went over expectations for the developers. Lack of production of real products destroyed it because they couldn't secure deals for hardware manufacturing, otherwise it would still exist. I hope they don't make the same mistake.

Re: And the App Store?

I'll be the 1st to buy it.

Re: And the App Store?

Of course, because it is open by design vs commercial which is closed by design :)

Re:And the App Store?

[ClickOnThis]

+1000 Awesome.

Re:And the App Store?

There's actually quite a bit of demand for such a phone.

I've been hearing about this "demand" long since before OpenMoko, and yet everyone of these expensive "Open Source" phones up till now has been a complete failure. Why would this one be any different?

Re:And the App Store?

[zedaroca]

Synaptic?
If it runs Debian... That's what I use.

Re:And the App Store?

[slashrio]

You can always buy a Jolla, oops no, an Intex Aquafish, oops no, a Sony Experia X and install Jolla's Sailfish OS.
It's 'a' Debian variant and has an Android VM which runs, well, Android apps.

Re:And the App Store?

According the TFA and the summary, it runs Debian. So that means it has something better than an "app store"; it has a real repository, just like you'd expect on a desktop.

Finally, phones are starting to grow up and maybe suck a little less. (Maybe; we'll see if this really happens.)

Re:And the App Store?

[x_t0ken_407]

11/10

Re:And the App Store?

it does still exist. the ubports folks have taken up the effort.

Re:And the App Store?

5/7 perfection

Re:And the App Store?

[tomxor]

You are aware, of course, that the success and convenience of Linux package repositories was both the inspiration and proof of concept that caused app stores to exist, right? On an OS built by developers for developers, "go make your own apps" actually works.

All closed source commercially controlled software takes queues from open source software, some even just take the software verbatim... that doesn't mean it retains the open and non-commercially controlled aspect of it. The whole point of this phone is not "another phone OS" or "another app store" it's about choice and freedom, if you don't give a crap about that stuff and want maximum choice of utility at this very moment in time at any cost, then this phone is not for you.

Re:And the App Store?

[tomxor]

Oh suck... this is what happens when I dont read the quote, sorry. I read your response from the other side.

GNOME on my PHONE??

Please no!! Call KEVORKIAN!

Good timing

This feels like a well-timed entry. You won't get Android-level market penetration, but the chans, among others, are starting to want smartphones to use as dev machines. This not only makes it possible, but assumes the user will do it. I hope to God they pull it off.

Re:Good timing

[ClickOnThis]

Maybe not Android-level market penetration (at first) but they do have a stretch-goal to support Android apps in an isolation layer.

Free??? NOT!!!

This phone is not free. The minimum offering that includes a phone is $600. Even the developer kit is $300. Why does everyone expect all software to be free? Why should the hardware people get paid for their work and the programmers get zero?

Re:Free??? NOT!!!

[ClickOnThis]

Calm the f*** down. "Free" has two meanings: (1) no cost, and (2) no restrictions. "Freedom" (in the latter sense) is not "free" (in the former sense.)

Re:Free??? NOT!!!

[BessBeysanmak]

votre article est magnifique. Merci de visite notre article via ce lien moule pour parpaing

i.MX 6?

[viperidaenz]

No thanks, that's a seriously old SoC.
i.MX 8, sure 2x A73 + 4x A53.
i.MX 8M. which is their goal... average. 4x A53 @ 1.5GHz is a low to mid range phone.

Re:i.MX 6?

It might be old, doesn't mean that it's not capable. Android is horribly bloated and slow due to all those layers of Java. Nokia's Windows Phones, even though they used much less capable hardware, ran smoother than Android devices because the interface was coded in C/C++.

not likely to happen.

1.5 million is not much money. It's too bad there are no figures about the amount spent by Canonical to build the Ubuntu phone, but it is known that at least 80 persons left or were let go when they axed their phone along with a few more of their projects. They probably spent more than that on salaries, and they were trying to build only the OS. Looking at the website of Librem, it seems like they plan to build the phone too. While it is true that there were serious issues with the effort of Canonical, this project seems unlikely to work out before it is even started (assuming that Librem is not going to put some of its own funds into the project).

"Believe it or not..."

[Nutria]

Sure I believe it's been crowd-funded. What I'm skeptical of is whether it'll ship.

Paranoia

I have a tendency to stay away from products billed as privacy / security first.

It may seem childish or foolish yet I automatically assume the endeavor will fail due to insufficient interest, become coopted or start off that way... or most likely just plain suck.

I'm tired of reading about all of these fancy decentralized schemes made to magically and automatically secure conversations. I looked through the home page on the matrix went through the FAQ and I still have no fucking idea what it's about other than a bunch of gibberish about cryptographic ratchets and notary servers. Federated but not really because some global coordination is required. Not once anywhere in the text did they ever talk in non-technical human terms about the only thing that matters in any secure system TRUST.

How it is created, managed and maintained between participants? What are the users responsibilities? What assurances and limitations exist?

Is this yet another magically secure system with a little glowing red light with the word "secure" printed on it? I really don't mean to disparage people who obviously put a lot of time and effort into what they are doing but for the love of god speak at least some English or whatever your native language is.

Re: Paranoia

The default O.S. for the phone will be Debian-based (Ubuntu is also based on Debian). Debian has been around for nearly 20 years and it's main features is security. They audit and review all packages for security before releasing them to users in their stable release.

A lot of the staff working on the Librem 5 are actually experienced core Debian developers, and the former Debian Project Leader, Stefano Zacchiroli is working with Purism as well.

The security credentials for this phone are quite strong. And in case of any potential hack or issue, the phone will have physical hardware switches for the camera, microphone, baseband, WiFi and bluetooth. So even if any software is compromised, a hacker wouldn't be able to access your microphone or camera at all, which is the best insurance in my view

Re: Paranoia

As to my knowledge, the IP-based calls and messaging is a next level feature in call and text security, since it will add encryption from end to end, which would prevent your cell carrier from being able to record or listen to your calls/texts.. the Librem 5 phone still allows regular calls and texts like any other phone, but comes with the in-built feature to make encrypted communication if you wish to

apps, apps, apps

[markdavis]

If we have learned one thing about all the failed phone attempts out there, it should be one lesson:

1) You must have apps people want.

There are other lessons, but that one is primary. Of course, there is a niche market that will exist for this Librem phone/platform. But if people can't play the games, or use the utilities they want, it will never get beyond niche. We are all dependent on quality maps, notification magic, multi-device syncing, advanced texting options, etc.

An obvious goal will be the necessity to somehow support Android/Google apps. And an emulation/isolation layer to do so is certainly technologically possible. It is even exciting to think about a device that might run quality non-Android Linux apps AND run Android apps in an isolated environment, denying it access to personal stuff, and/or feeding it fake data when wanted. But there are a lot of legal and monopolistic minefields in trying to do so. And trying to keep it compatible over time would be a big, big hurdle; especially on a tight budget with little resources.

Fingers crossed....

Re:apps, apps, apps

1) You must have apps people want.

It runs Debian.

$ apt-cache search . | wc -l
52383

That is a lot of "apps".

Seriously, this phone isn't geared toward folks who care about an android/ios "app store" full of spyware and other malware. It will be a niche thing like the n900 and Maemo was. And, that is fine.

I wish I could afford one.

Re:apps, apps, apps

[ClickOnThis]

Fingers crossed with you. But to address the points you raised:

1) You must have apps people want.

They are addressing that. From another post I made on this story:

- they are offering developer's kits for a donation of $299, to be delivered June 2018
- their PureOS platform will ship initially with basic apps (phone, email, messaging, voice, camera, browsing) with others to follow
- they will offer a secure collection of apps, as part of the Matrix ecosystem
- they have added a stretch-goal to support Android apps in an isolation layer

An obvious goal will be the necessity to somehow support Android/Google apps. And an emulation/isolation layer to do so is certainly technologically possible.

See above re "stretch" goals.

It is even exciting to think about a device that might run quality non-Android Linux apps AND run Android apps in an isolated environment, denying it access to personal stuff, and/or feeding it fake data when wanted.

Check. Again, see above. Per the link in TFS, the phone "[r]uns PureOS by default, can run most GNU+Linux distributions." The openness in the dev environment ensures that the kind of privacy and security you're talking about can be baked in.

But there are a lot of legal and monopolistic minefields in trying to do so.

Such as?

And trying to keep it compatible over time would be a big, big hurdle; especially on a tight budget with little resources.

Well, Gnu/Linux has fared rather well under similar circumstances.

Re:apps, apps, apps

[iggymanz]

er, no Linux has fared well with multi-billion dollar corporations contributing, the top kernel contributors are:

1.Intel
2. Red Hat
3. Linaro
4. Samsung
5. SUSE
6. IBM

Re:apps, apps, apps

[markdavis]

>"It runs Debian. $ apt-cache search . | wc -l 52383
>That is a lot of "apps"."

Those are not "apps", they are shell scripts, X programs, text programs, services, fonts, etc, etc, etc. I doubt this phone is going to have X11, and text programs aren't helpful. Even with X, few if any native Linux GUI apps are designed for small touch-screens.

Re:apps, apps, apps

[ClickOnThis]

All of them came to the Gnu/Linux party after the OS had established itself as a viable competitor in the market -- with the possible exception of Red Hat and SuSE, which started small and grew along side Gnu/Linux. But one can argue that they have benefited more from the Linux movement than the other way around (not to begrudge their success.)

Bob Young, the founder of Red Hat, was once asked (around the time of their IPO) whether he wanted to make Red Hat as big as Microsoft. His reply: "No, I want to make Microsoft as small as Red Hat." Of course, Red Hat got bigger, but not as big as Microsoft. But IMHO, not as "big" as Gnu/Linux either.

Re:apps, apps, apps

[b0bby]

- they will offer a secure collection of apps, as part of the Matrix ecosystem

Hmm, the fact that the matrix webpage has this prominently displayed makes me wonder about their long term viability:

Matrix Needs Your Support!
UPDATE: The situation has changed and our need is more urgent even than before.
Matrix needs you! We are facing a funding crisis.

Re:apps, apps, apps

[iggymanz]

the point remains, Linux has enterprise level features (mostly thanks to IBM and HP) because of multi-billion dollar corporations and is now a product of multi-billion dollar corporations.

Anything with just phone and maps?

Over time, I've realized that my critical smart phone apps are:

1. Phone calls and messaging
2. Maps and directions

Is there any phone where I can get just #1 and #2, and as long a battery life as possible?

Re:Anything with just phone and maps?

Not at all. Custom ROM or Lineage OS I guess, with the smallest "opengapps" package that includes Google Maps if you want or need Google Maps specifically, then delete/hide icons you don't need, disable bluetooth and wifi permanently..

And it also depends if by "messaging" you mean SMS or also need messaging "apps" that use the Internet and might depend on Google Play.
Simplest would be a voice-only carrier plan to do phone and SMS, and a "maps" application found on F-Droid that uses off-line maps for your entire country, stored on the phone.
Had to look it up for the weird name, the recommended maps application is "OsmAnd" and so I'd recommend to try it out if you haven't.

Or simply pay attention to the hardware specs? 720p rather than 1080p, 3000mAh and up rather than 2100 mAh and below, midrange SoC rather than high end, but all with enough popularity or support for LineageOS or custom ROM.
If you're like me, you might not care about "fast charge" very much. There still are new phones coming with micro USB if you'd like that better.

I used to yearn for alternate OS (Firefox, Ubuntu or whatever), but we lost. There is only Android, like there are some netbooks where you should just run Win 7 32bit with the right drivers and no crap running in the background (unless you want to use it as a server I guess)

If Librem 5 works, you will have a non Android option, in the future.

Why do we need an Open Source smartphone?

I believe that the Librem 5 at its current stage and with these proposed specifications doesn't stand a chance against iOS or Android. but still, I think that we need it as a third option.
I have written a piece on why do we need an Open Source smartphone. Here's the link http://www.consumeit.io/librem-5/31005

Re:Thank Goodness

Frankly, I'm not impressed with either of the top two posts in this thread. I'm not sure why you feel the need to call out only
one of them.

And BTW, have you actually looked up the word liberal in a dictionary? It doesn't mean what you desperately want it to mean.

Security

[tero]

For being a "security focused" phone, they didn't really mention anything about security on their site. Perhaps I'm wrong, but this sounded awfully lot like smoke and mirrors type of pitch.

Am I actually supposed to just believe "It runs GNU/Linux kernel, it's secure" or do they actually plan to audit the kernel and components they're including for real? Because that kind of effort costs a helluva lot of money.

I'm guessing they're not and they're just referring to the "many eyes, shallow bugs"-mantra here, but c'mon now... seriously?

Target: Fully opensource

[DrYak]

Their target is to make a phone that can run 100% on exclusively free/libre opensource code.

That severly limits which SoC they can choose :
- they need a chipset WITHOUT built-in modem, so the modem and its mandatory blob can be pushed out of the main system into an isolated box that only talks a standard protocol (so it doesn't have direct access to RAM. Unlike Qualcomm's chipset, where sometime the modem serves as the northbridge)
- they need a chipset with opensource drivers supported by upstream linux kernel.

Currently, only Freescale i.MX6 fits the bill (Vivante GPU supported by Etnaviv driver), and the Freescale i.MX 8 is their best hope of next chip to be similarly supported.

Yes, it's an old SoC, with low to mid perf, but it's about the only one that fits the bill.

(It might have also been possible with some of the Nvidia Tegra chipsets that are supported by nouveau, but they don't fit the power envelope.
Intel's is fully opensourced officially, but doesn't produce anything currently targeting the tablet/smartphone form factor.
Qualcomm is completely out of question : even if some are supported by Freedreno, the integrated modem running untrusted proprietary binary firmware, while having full access to RAM is problematic)

Re:Target: Fully opensource

[viperidaenz]

i.MX 6 is not low to mid performance, it's low to extra low.
i.MX 8M is midrange
i.MX 8 is decent.

Most of their advertising is saying "i.MX 8", which is a really good 6 core A73/A53 chip. What they're actually targeting is the i.MX 8M, which is an average quad core A53. The 8 has a better GPU compared to the 8M as well.
It's a little misleading.

There is one key point though, as you said about Intel not targeting tablet/smartphone form factor, the i.MX8 range also do not target that form factor. They're designed for automotive use. NXP don't have anything designed for use in a phone.

Due to MX8 being so new it's hard to find more detailed information, but going by the i.MX6's, NXP won't be offering a PMIC designed for battery power use either. Infotainment unit's don't have batteries. Car dashboards don't have batteries. There isn't a single use case for the i.MX8 series where the SoC is the biggest consumer of power in the system.

Chipset

[DrYak]

Their main arguments are around the chipset :

Most of the current smartphone use chipset (mainly Qualcomm) that have the modem integrated into the SoC.
That modem (for radio licensing reason) must run a closed proprietary blob, while having full access to the SoC's RAM.
Thus you're only an OTA live update away (not even installing an Android upgrade, just sending new bits to your modem to execute), before wire taping law get applied to you and your data start getting siphoned away.

Purism want to make a phone with most of the sensitive part shut away in separate boxes that only speak a standard protocol. i.e.: modem in a separate chip, that only speaks a standard protocol (e.g.: showing up as an ethernet network) with no access RAM. No matter what rogue firmware it runs, such a modem cannot see your data, only sees an ethernet connection (and you're encrypting what goes through that one anyway, unless you stupidly trust the entire internet to be secure).

Thus, for all you concerns, 100% of your system runs opensource auditable code. It's not guaranteed to be secure *yet*, but can eventually be reviewed and secured.

Re:Chipset

All of that only works if all the data sent to the modem is already encrypted by the main system.

Re:Chipset

Then do so.

I think the big point they're trying to make is that with this phone, you can, unlike all the other phones on the market, which simply can't be secured, no matter how much the users or developers want to. (Because hostile modem firmware is able to access the plaintext even though you only want to give it access to ciphertext.)

The security feature that I want is to be able lie

[Alain+Williams]

If this 'phone is successful then many apps will be developed that people will want to install. Today many such apps demand all sorts of permissions that are then abused by the app vendor. Refuse to give the permission most apps will not work.

I want to regain control by: giving each app a different contacts database; a different call history; a different GPS location; ... Running each app in its own Linux kernel container should do the job.

Re:The security feature that I want is to be able

Running each app in its own Linux kernel container is insane overkill.

TFTFY

Re:Thank Goodness

[BlueStrat]

And BTW, have you actually looked up the word liberal in a dictionary? It doesn't mean what you desperately want it to mean.

For at least the past 6 decades in the US, the term "liberal" has had a radically-different meaning to the old traditional "liberal" as in "libertarian" meaning.

In the US a "Liberal" is about as "liberal"-as-in-libertarian as the DPRK is democratic. US "liberals" are mostly "Progressives" who hijacked the term after their collectivist policies totally failed both in practice and in winning any significant support at the voting booths in the early-1900s, and leadership is mainly composed of a mix of socialists and communists by either their own declarations or their actions.

Strat

Re:The security feature that I want is to be able

[Alain+Williams]

I can take your insult, but why do you think so ?

Just like the others...

After raising more than a million for a crowdfunded project, what are the chances that this would close down without a single phone being shipped out? I have read more than a dozen stories like this. Not new.

App store (cont.)

[messymerry]

There is an awful lot of talk on this thread about the necessity of some gargantuan "app store". I don't think this is all that big a deal. I'm guessing many if not most of the users of these phones are not going to be all that interested in playing angry birds or for that matter most of the other spy/crap ware floating around in the Apple and Google ecosystems. I don't see the lack of 5 million crappy apps to be that big a problem.

Re:App store (cont.)

There is "that one app" though. Want to be an Uber driver? Terrible specific example, but I doubt you can without an Uber app on Google/Apple.
On the long/mid term (and on the short term too) we will need open source "apps" for jobs like this, food deliveries and what not. Or a sandboxed Android runtime to run only "that one app" and nothing else. Esp. if this is the reason you need a smartphone for in the first place.

Otherwise I would agree with you a million times.

Re:Thank Goodness

[serviscope_minor]

leadership is mainly composed of a mix of socialists and communists by either their own declarations or their actions.

Darn commernists. I'll bet they'll start fluoridating your water any day now.

I bet they're a bunch of preverts too.

Re:Thank Goodness

[ClickOnThis]

For at least the past 6 decades in the US, the term "liberal" has had a radically-different meaning to the old traditional "liberal" as in "libertarian" meaning.

Only in the fantasies of right-wingers who strive to redefine anything to the left of them to be double-plus ungood. Attempting to change what people think words mean is the first step in mind-control.

It's clear from your sig that you have an obsession with this very topic. You need to get out more.

Re: Thank Goodness

[haliburns]

Weak

Already some answers

If there is already a VM that will run google android apts, then it or something similar could be incorporated into this phone.
Possibly the best answer would be a Wine program to be created that could run android programs on Linux. I suggest
calling it Southern Comfort.

There is one thing that causes me to doubt their using Debian. I can't trust systemd.

Re: Can I replace the battery?

Sure, it'll require a typical 35AH car battery to run KDE or gnome.

Re:Thank Goodness

[BlueStrat]

For at least the past 6 decades in the US, the term "liberal" has had a radically-different meaning to the old traditional "liberal" as in "libertarian" meaning.

Only in the fantasies of right-wingers who strive to redefine anything to the left of them to be double-plus ungood.

So current-day US "liberals" believe in Libertarian principles of small central government and minimal regulation and interference in general by the government?

#IDon'tThinkSo

Better check the date on those definitions of yours, that one is about 60 years past it's 'best used by' date.

Strat

Re:Thank Goodness

Cite a legitimate, widely-recognized and US-sourced dictionary that defines liberal the way you insist it should be defined. One will do.

[Still ClickOnThis here. Can't be bothered to log in for this.]

Price?

[Rick+Schumann]

I've been adamantly against smartphones in general for a number of reasons but security (and the lack thereof) has always been at the top of that list; this potentially changes that. However, what will this device cost? I've seen nothing about that.

Re:Price?

Yet another $600+ device I think?
This is why I was a fan of Firefox OS, they went their way to make $50 to $100 phones, try to sell a lot of them, both with internet retailing and carriers (they failed miserably though, forgot to get a flagship through the door. Cortex A53, 1GB RAM and 5" IPS 854x480 would have been enough)

If this device is hugely successful despite a $600 tag maybe there could be a $150 free phone and eventually $100 or less.

Run Tor on this smartphone?

[Rick+Schumann]

Question: Do you think Tor would work on a phone like this? Or would wireless companies block Tor?

Re:Run Tor on this smartphone?

[therealspacebug]

It will work like any GNU/Linux computer but a really small one.
And yes it will work with Tor as Tor works with GNU/Linux.


Tor also works for Android in case you are currently using that.
Check out Orbot and Orweb. (In F-droid "appstore")

Re:Thank Goodness

Well "liberal" about means "capitalist" in Europe and in the US means "capitalist, and fuck in the ass is permitted". European liberals also permit fuck in the ass, but it's typically more about economics and thus we have what are perceived as right-wing liberals. But we also have left-wing and centrist capitalists that are liberals. So, when most are liberals there's no much fuss about liberals, unless you're denouncing capitalism or the free trade agreements, ECB, World Bank, IMF, EU etc.

Nice

[XSportSeeker]

A key problem with the Linux phone is figuring out timing.

Personally, I have no doubts that not only there's demand for a device like that these days, but it'll only increase as more and more people gets their identity stolen, their private content thrawled through, and their personal security ravaged overtime.
It's the direction we're walking to, and we're currently only seeing the tip of the iceberg.

But a private Linux phone only has chances of keep going when there's enough money and interest into it to keep projects going. Kickstarting a project is one thing, delivering on time is another, but the important part here is a stream of development and the upgrade path.

Don't get me wrong, I'm very glad that this was backed, but I really don't want to see yet another privacy oriented project dying off because of lack of support.

In vehicle power

[DrYak]

Infotainment unit's don't have batteries. Car dashboards don't have batteries.

Technically they all run out of 12v lead batteries (internal combustion engine) or massive lithium battery stacks (electrical vehicle). But...

There isn't a single use case for the i.MX8 series where the SoC is the biggest consumer of power in the system.

...yes indeed, the infotainement basically just feeds out of the 12v instrument bus.

It's the job of other completely different devices to manage the power, and any way the consumption of the infotainment is dwarfed by that of the spark plugs and starter (ICE) or the electric motor (EV), and in both case the battery can be charged using the same electrical motor (respectively by the alternator / by regenerative braking).

At that scale, the power to the infotainment basically comes "for free".

Re:In vehicle power

You sure did use a lot of words to say nothing.