I'm unsold on spending $2,000 or even $700 on a new phone, but I also care deeply about privacy and security. Is there any strong reason to choose "Librem" over a cheaper Android running LineageOS or GrapheneOS? They can be purchased for a fraction of the cost and have been quite reliable for me.
"First hardware kill switches; first replaceable cellular modem and Wi-Fi/ Bluetooth (on M.2 cards); first smart card reader (for 2FF OpenPGP card); first running 100% free software; only current phone to offer convergence as PC without special hardware"
Not sure why the downvotes, here - it’s incredibly valid that a phone of this price should be able to place a normal phone call - it also should’ve been a priority for the developers.
The down votes are because it can place and receive phone calls, there is just a bug that doesn't allow audio on the call. EDIT: according to someone below, that bug is fixed too.
In addition, the backers getting the phone now were explicitly told that the software isn't polished yet, and that they are getting beta hardware. The backers were offered also to be allowed to wait for a later batch if they wanted to.
It definitely is not ready to be a daily driver, don't get me wrong. But folks who wanted it early knew that.
Please read the other reply to the comment. You'll see where I got the impression then.
Edit: it looks like the person also directly replied to another comment of yours, so I'll add that here:
"
> and of course this "bug" hasn't been fixed
You can hear call audio if you use CI images since a few days ago already. Last rough edges are being sorted out right now before finally packaging it all into PureOS."
The "fix" hasn't been distributed out via an update. You can't expect consumers to go pull images off github. You can't call a problem "fixed" when the alleged "fix" hasn't even been distributed or tested by the public en mass.
It's still, quite plainly, ridiculous that they shipped a "phone" which could not (yet) make telephone calls. Even if they fixed the issue in a later software release, the fact remains that they shipped a product in an incomplete, partially unusable state.
Since you didn't read past the first paragraph, I'll repeat it here:
"In addition, the backers getting the phone now were explicitly told that the software isn't polished yet, and that they are getting beta hardware. The backers were offered also to be allowed to wait for a later batch if they wanted to."
This isn't hyperbole. The speaker used to not work during voice calls:
> The other [problem] is that call audio isn't routed to the speaker. I haven't personally hit this, I'm just using a data-only SIM and can't remember the last time I actually used a phone to make a voice call.
It does not; from the system perspective it's just a USB-on-M.2 peripheral that works perfectly well with free software such as Linux, libqmi, ModemManager, oFono or fsogsmd.
You don't usually say "printing requires non-free software" just because your USB printer runs some non-free firmware inside, even though it's technically true.
Sure, but most people don't and saying that without making sure they know what you mean is at best misleading.
Also, counting the modem as making the whole device non-free would require you to count plenty of other things as well, such as microSD cards, accelerometers, audio codecs, SIM cards, even USB-C cables, as all of those things (and more) contain non-free blobs inside. In my opinion it's not a useful stance to hold if you care about freedom - even FSF doesn't do that.
I agree with you but I think it is better that people realise this and then use the device as ‘as free as we can get without making me a hermit’ instead of just hiding it.
The point is - it is truly 100% free at the level that actually matters: the user controlled operating system. This is the point where I feel completely comfortable with calling it "100% free" without further explanation (especially when the last, and I think the only, smartphone to ever reach that level was GTA02 from 2008), just as I am completely comfortable with saying "I made this cake from scratch" without having invented a universe.
The only other way to do it is to have an SoC with the modem integrated on chip. The issue with that becomes that the firmware and usually drivers force a certain Linux version (my tablet is stick on Linux 3.10, my phone is on 4.19 and I'd be amazed if it was ever upgraded).
With this way, they can mainline the entire set up and not force non-free dependencies.
The PinePhone will likely be preferable to most LineageOS phones, since it will run a closer-to-mainline kernel. It's also expected to be available for a "fraction of the cost" compared to the Librem.
From what I've been seeing, despite the PinePhone having worse specs and not as much privacy focus it's going to absolutely chew up the LibreM 5's marketshare purely because it's more bang-for-buck.
Anbox is a compatibility later that runs Android apps on other Linux distributions. It's not stable yet, but there has been some interest in adding Anbox to mobile Linux distributions like UBports and LuneOS.
I doubt that this would be nearly as useful as you think since so many apps are dependent on Google services these days and even the client libraries for them are proprietary. And then there's the fact that you're constantly playing catch up with what is effectively a closed platform with no real public roadmap that throws the occasional source drop over the wall and says 'good luck!'
It's unlikely today's Google is going to be interested in seeing these efforts succeed. So an Android app runtime would likely only really run software from 5+ years ago well. Better to focus on making a really solid Linux mobile experience, IMO.
How do you know how useful I think it will be and in what ways?
F-Droid exists. People installing APKs exist. In some cases these options are better than literal nothing, and especially if momentum builds around these it's possible that app developers may notice.
For lineage, it is popular to install Google Play anyway. I guess that to be a copyright violation that Google looks the other way for and if a real world competitor did this they would crack down.
Yes, but they are not working hard. Even if they had the runtime, they won't have apps because google won't give the access to the play store, so what is the point of the runtime?
I've seen 3 projects working on the runtime (in 3 different ways with different pros/cons).
Any Linux phone is going to be expensive vs. an Android phone for what you're going to get given the low unit volumes. For some, privacy is worth a premium. For others, the ability to just run Linux will be.
That said, I'm probably going to go for the PinePhone as I just don't see the value add of the Librem. $2k is nuts for the dubious value of assembling a device in the U.S. (both because of our current <cough> issues and the fact that the chips, the things you need to be most worried about being compromised, would still be produced elsewhere... so you're paying a lot of money for a placebo) I think the Pine approach makes more sense cost/benefit-wise: just get a Linux phone version 1 built, worry about adding the sun and the moon later. But I can understand that there are those who look at the Pine as being too low-end feature-wise and are willing to pay up for the Librem.
Of course there's the old adage of "Vote with your wallet" by buying a privacy-respecting phone, you're incentivizing manufacturers to make privacy-respecting phones. And $2000 is quite a vote
I value this sentiment and do feel charitable, but $2000 is not a small amount for me - I could buy 10 or more used Android phones for the same price and flash them with open source software to give to friends and family. Wouldn't that maximize my contribution to collective privacy instead?
For two years until the non-replaceable batteries in the used phones wear out, so you'd also have to do it again every two years. Whereas with this, it's expensive because it's uncommon, but the more people who buy one the faster they can cover their development costs or fund further development that makes them more popular and achieve economies of scale, and the sooner it is that they can be making them at commodity prices for everyone.
That's kind of the point. Isn't there some advantage in supporting a venture that could ultimately produce an affordable new phone with all of those things?
At some point the existing stock of phones with the features you want is going to wear out unless somebody makes some new ones.
But that same CTO claims he wasn't interested in the phone project[1]. Evidence of his apparent disinterest-- the phone still doesn't properly route audio for calls.
I'm definitely not saying that guy is wrong about anything he is saying, but take it with a grain of salt. A lot of what he says in his interviews are based on 1+ year old info since he no longer works there and a lot of it sounds like hearsay.
The problem is no matter what custom flavor of Android you run, you are still running an OS made by an ad company designed from the ground up to spy on you.
And crucially, every time you buy an Android phone and flash another OS on it, you just paid for an Android phone, reinforcing the monopoly and generating profit for companies pushing the Android platform.
The correct solution is to refuse to buy a phone that ships with Android.
> The problem is no matter what custom flavor of Android you run, you are still running an OS made by an ad company designed from the ground up to spy on you.
LineageOS and GrapheneOS are based on AOSP, which is an open source project not really "made by an ad company". I agree with your latter point about supporting their hardware and typically buy used phones/computer for that same reason.
AOSP is not an open source project, despite the name. It is an export of the parts of the proprietary Android project which Google sees fit to release to the general public. Android is developed in secret and then the AOSP version is exported out of it. As such, AOSP is definitely still very much "made by an ad company".
AOSP is absolutely open source: the code can be viewed, modified, built and deployed as desired. There's good reason to be skeptical of Google-developed software, but your characterization of AOSP as "not open source" is simply not tenable.
Android versions in development are not open to contributions or community participation. Android is developed in secret behind closed doors. The end product AOSP spits out is open source, but to call it an open source project would be an extreme mischaracterization. And it is developed by Google, an ad company, not the community that eventually uses it.
Accepting external contributions is not a requirement of either Open Source or Free Software, and enforcing such a requirement is explicitly contra to the spirit of Free Software. The entire movement is about freedom, which includes the freedom not to accept downstream code.
Does LineageOS & GrapheneOS provides source code for all closed kernel drivers include modems?
How many people they can assign for serious Android security audit (>million lines of code)?
So, better be realistic about resources. Lineage even used Google DNS & Google internet checkers a lot of time, and probably uses it now. And I even don't started talking about general Google Play store apps, sending user data to Chinese servers is "normal" now.
What does any of this have to do with whether or not AOSP is open source? The Play Store isn't even part of AOSP nor Lineage/Graphene, so the point of that tangent is even less clear.
Purism is putting a lot of money into maintainability on the software side. The Librem 5 runs Linux 5.3, and as far as I can tell, have every intention of making sure that their phone runs a mainline kernel.
Any Android phone you get pretty much gets stuck on a version of Linux that will never be upgraded.
The Librem 5 also physically separates out the Radio and WiFi, and allows you to cut power to those, the camera, and the microphone.
I think the idea behind purism is to also choose hardware with minimal or no problem firmware that you don't have insight into. Given how much software out of our control seems to run on the communication hardware (the actual baseband chips), if they can give control over that it's a real benefit over just throwing an open OS on the existing hardware for phones.
My understanding is that's essentially impossible, but they're isolating the cellular modem into a detachable peripheral so it has no deep access into your device.
The FCC approved baseband chips run closed source software and do not have documentation for writing your own.
So you need to reverse engineer the chip, write your own software for it, and reflash it. But after reflashing it will no longer be FCC approved because some of the FCC requirements were implemented in software. So it will need to go through the FCC approval process again which can be very expensive.
The alternative would be to create your own chip from scratch but that is even more expensive.
It's a combination of there not being that many companies that produce one and none of them being particularly open about it, and the carriers not wanting them to be because they're stodgy bureaucracies that don't like to be embarrassed when things make it easier for people to find security vulnerabilities in their networks.
So we're stuck with isolating it instead. At least you can make sure it has no access to your stored data, camera or microphone.
You can't ship it without regulatory approval. That's unlikely to happen for an open baseband, because it facilitates abuse (at least, in the eyes of the regulatory bodies).
You can count the whole world's proprietary implementers of cellular tech on one hand. Compared to the rest of the phone, the rest of the phone is insignificant.
The company practices a lot of shady business. Their "phone" that they are so proudly claiming to be releasing to backers cannot place phone calls, the camera doesn't work, and there is no power management.
> To turn on your Librem 5 disconnect it from a power source and hold down the power button until it turns on. Currently calling is established (e.g. both sides connect fine) but audio is not routed (no voice heard or sent), this will be a few days until the bug is fixed.
They shipped out a "phone" that can't place phone calls.
edit:
The reason why this is significant is because not being able to make phone calls with a phone is not the type of "bug" that slips through the cracks. The company released the phone despite it not being able to make phone calls, and if this was simply a bug that could be fixed "in a few days", all logic and reasoning suggests that they would have fixed the problem and then shipped the phones to preserve the integrity of their brand and prevent negative brand perception.
The fact that they shipped out a phone that can't place phone calls is highly suggestive that there is a bigger issue with the phone and that they are under a time crunch to show the backers that they have accomplished something with all the funding that they have received.
Seems like it can be fixed with a software update, though. A few days of waiting doesn't seem like that big of a deal. It's not like the phone is going to be forever unusable.
> It's not like the phone is going to be forever unusable.
It’s also not like there are any guarantees for when it will be usable — and that is also true for other features and other apps.
I’m all for people supporting projects/ideas that represent their values and the ideals behind the Librem 5 are nice — but this is an extremely ambitious project from a company that has very little capital and lots and lots of work. Anyone spending actual money should be doing so with the understanding that nothing is guaranteed.
Plus, it’s always a bad idea to spend money based on the future promises of a device — it’s not always avoidable, but it’s still not a good idea.
If it was an issue that could be fixed "in a few days" why wouldn't they simply fix the issue and then release the phone? Or are you suggesting that not being able to make phone calls on a phone is something that slipped through their testing? It has been a "few days" since their announcement and of course this "bug" hasn't been fixed. It seems less like a bug and more like a major design flaw/hurdle.
> why wouldn't they simply fix the issue and then release the phone?
Hadn't they pushed the release date many times already? I think making progress more palpable was important. Isn't it better to ship something flawed and continue improving while already in the hands of people than to ship nothing at all and appear more and more like vaporware?
> Isn't it better to ship something flawed and continue improving while already in the hands of people than to ship nothing at all and appear more and more like vaporware?
If you position it purely as a hobbyist project and do not guarantee it for day to day use, I think that’s fine. This is fine for a dev kit.
I think taking preorders and trying to sell it as a privacy-focused phone that can be a real alternative to the main steel options when you don’t have basic things, like making audio calls, figured out, is problematic.
I get the company needs money from preorders to fund development and production, but at the same time, as a consumer, their lack of funding for development/business plan isn’t my problem.
I’m generally fine when things like this are kickstarted and the risk is clear. I’m less comfortable when after the crowdfunding, the company does direct to consumer sales/pre-orders, when the stuff just isn’t done and that isn’t well articulated to anyone clicking that pre-order button.
None of the pre-ordered (after the campaign) devices shipped yet, those are early batches sent to early backers who were given a choice to either get them now, or wait for mass produced version.
You can hear call audio if you use CI images since a few days ago already. Last rough edges are being sorted out right now before finally packaging it all into PureOS.
The issue is that you can neither hear call audio nor transmit any audio, and it'll be fixed when the fix is in the hands of the customers that got the device.
Yes, that's the issue I'm talking about. It already works both ways on CI images, which every customer can grab and install themselves - it simply has packages taken directly from git, as opposed to explicit releases from regular images.
I have said that because of:
>It seems less like a bug and more like a major design flaw/hurdle.
That's a link to Jenkins. I was hoping for step by step of how to apply the newly built images and get the phone audio working so that people can make phone calls.
It looks like it's just `dd`, and there are hundreds of tutorials online diving into how `dd` works if you're curious about learning more.
Not sure if there's a more complicated practice for flashing directly to the phone's internal storage itself, but it can't possibly be more complicated than installing a custom ROM on an Android phone.
They have been upfront about that from what I can tell. They are only shipping phones to those who are either working on making it work, or those who have indicated willingness to accept the flaws to be first. There is every reason to believe it will work.
There are things to not like about the company, but releasing like this is not one.
No, it doesn't. The question wasn't whether this phone at one point after receiving it becomes a fully functional phone, it was explicitly asked if it's a fully functional phone when they receive it. And Putism's answer was yes.
Purism also wrote in earlier blog posts that the phone in its current state of course can make phone calls. For example they wrote more than one month before anyone outside of Purism got their phone:
> In the Wild: People have been using their Librem 5 while traveling, working and relaxing to connect to WiFi hotspots, browse the internet, use social media, play games and yes… to call and send text messages.
They explicitly tried very hard to not make it sound like the device in its current state is basically completely unusable as a mobile device or phone. If someone actually expected a device which has no standby mode, lasts less than an hour on battery, has a smaller battery capacity than advertised, can't be charged reliably while turned on, can't make phone calls, can't send/receive messages reliably, ... then that's because they listened to the so called haters and trolls, not Purism.
>They shipped out a "phone" that can't place phone calls.
They also shipped a devkit, whose screen did not work. But a software update made it work. Same here. This is the only phone, where updates make it better, not worse.
> This is the only phone, where updates make it better, not worse.
I don't know how you can even begin to support this claim. My phone updates apply a bunch of security patches, which by definition make the phone better and more secure.
This is certainly the only "phone" that literally can't place phone calls. If this was a minor issue that could be addressed by a simple software patch in a timely manner, they would have all the reasons to do that and ship the phone after fixing such a glaring flaw.
If that would be the only reason holding up the shipment, I'd definitely want to receive my early device (that I explicitely opted in for) before it's fixed.
Q: If I receive the Librem 5 from one of the first batches, will I have a fully functional phone?
A: Yes! Even the very earliest batches will be capable smartphone, including a modern web browser and core cell phone functionality.
The expectation is that you'd receive a "fully functional phone". Until an update has been released with a fix to the not being able to place calls problem, this expectation is not met.
Judging from all the opinions from actual owners I've seen so far, I definitely wouldn't be.
As I said in another thread, that point still stands. Birch will be a fully usable device. Shipping announcement explicitly stated that there will be only a basic, initial release of software that doesn't include everything and that it will improve in time.
> Q: If I receive the Librem 5 from one of the first batches, will I have a fully functional phone?
> A: Yes! Even the very earliest batches will be capable smartphone, including a modern web browser and core cell phone functionality.
The FAQ says that the earliest batches will be capable smartphones and will have core cell phone functionality.
Purism says that phones from "one of the first batches" will be capable smartphones will all core cell phone functionality.
There is no way you can try and do mental gymnastics to justify your apparent belief that purism delivered on this. There is a huge difference between a device requiring some polish and finishing touches and delivering a phone:
1. That can't make phone calls
2. Has no power management so the battery lasts less than an hour
3. Doesn't have working cameras
4. Can't be charged while powered on
The device, far from being a "capable smartphone" is wholly unusable in its current state.
Simply contradicting the facts and providing no additional context or reasoning does not an argument make.
The FAQ says that the earliest batches will be capable smartphones and will have core cell phone functionality. Purism says that phones from "one of the first batches" will be capable smartphones will all core cell phone functionality.
Those sentences are true. There's nothing preventing that hardware to become a perfectly capable smartphone in near future.
...plus bunch of comments made by phone owners in various places, like Reddit or Hacker News, or directly via mail. I haven't seen anyone expressing any kind of regret that they got their phones too soon.
> There's nothing preventing that hardware to become a perfectly capable smartphone in near future.
That's dishonest, misleading, and you know it. You are trying to do linguistic gymnastics to justify/hand wave away the fact that the "phone" is far from what is promised. The FAQ didn't say that the phones will be capable smartphones "in near future". The FAQ said that the phones will be shipped in that state.
> Right now I am not releasing a video of calling working, because it exposes the number of the caller. The only other phone I have available is my fiancees, so frankly I am not posting that on Reddit.
> Update: you know what? I'm done. The fact that some of you think I'm a shill...that's why no one else with a phone now isn't here.
People are accusing this poster of being a shill, because he/she made it sound as if calling is working even though everyone knows that it's not. People are really destroying the phone in that thread, so I am not sure if that was the best example to post.
I am a little surprised you publicly shared these reviews, because if these are the good reviews, I can't imagine what the bad ones would be like. The cognitive dissonance of having spent hundreds of dollars on what effectively amounts to a brick is really palpable.
Review starts off with 3 paragraphs of expectation management and apologist statements softening the reader up for what follows.
> Power management is basically unimplemented.
> The battery dies quickly and (because the power goes straight to the CPU) takes a long time to charge.
> The other is that call audio isn't routed to the speaker
> The cameras don't seem to be enabled yet. Installing & opening up Cheese, I just get a message saying "No device found".
> The phone is chonky.
> The data connection seems to be rather slow. fast.com says I'm getting 130 Kbps
> I can't change the "network mode", every time I try I get an "Access Denied" message, so I'm not sure it's actually using 4G.
> It takes 10-12 seconds of holding the power button before it gives any indication that's it turning on.
> In the settings of the Librem 5, I can set multiple alarm clocks, and specify how to repeat and on which days of the week. So far so good, this is on par with most phones. Problem is, when the time comes, no sound emits from the device, and not even a reminder is visible on the screen.
> The first impression when unpacking was, that it is thick and heavy. In fact it is so thick that my kids make fun of me.
> The on-off button doesn't always work reliably
> When I can't get it to start with the on/off button, I usually open the device, and remove the battery for a moment.
> Unfortunately the phone froze during the initial setup when trying to connect to the office wifi
> The bluetooth configuration doesn't work at all.
> But that I didn't receive regular text messages is bothering me. A friend sent some to me for testing, and none arrived.
> Even before I wanted to place a call, I read in the forum that there is a problem with audio routing. I didn't even get that far. I cannot initiate a call, because below the dial buttons there is a message warning me that there is no voice-capable modem.
> For the first three days, after every reboot, the system date was reverted to February 2019.
> In the settings of the Librem 5, I can set multiple alarm clocks, and specify how to repeat and on which days of the week. So far so good, this is on par with most phones. Problem is, when the time comes, no sound emits from the device, and not even a reminder is visible on the screen.
> Whether the screen is on or off doesn't seem to make a difference. The device gets very, very hot. It is no surprise that the battery doesn't last very long. It doesn't even last an hour.
> But when it is turned on, I don't really know if it is slowly charging or slowly discharging.
> When I plug in the phone to my notebook, the notebook often looses internet connectivity.
> As a test I installed my favorite desktop Bitcoin wallet: Electrum. Unfortunately it didn't start.
> I hate to say it, but at the current state, this phone is even less usable than both my previous linux phones in their initial condition.
Dunno what you want to achieve by copying sentences straight out of posts I have linked to. I've read them, everyone else can too, and they sound quite positive and hopeful (yeah, aside of comments from people who... don't own the phone ;]). Some of these things were expected to be missing at this point from the very beginning, some others are just small bugs with big consequences that need to be eradicated one after another, some others come from lack of experience (like the Electrum one, as you simply need to install QtWayland for it to work). I've used plenty of open mobile platforms in the past, even contributed to some of them. I know what to expect from an early pre-release, and these early owners seem to know it as well. Otherwise I doubt they would opt into receiving an early batch months before actual mass produced one.
Do you have a vested interest in purism? Because you seem hell bent on simply denying facts, which is the PR policy of Purism.
> I know what to expect from an early pre-release, and these early owners seem to know it as well. Otherwise I doubt they would opt into receiving an early batch months before actual mass produced one.
There is another possibility, that you seem to simply discard but without presenting any reasons as to why. And that is, that Purism mislead, lied, and under delivered. Your own source says
> I hate to say it, but at the current state, this phone is even less usable than both my previous linux phones in their initial condition. Maybe I am too optimistic in wanting to use the Librem 5 as my main and only phone from the start.
Even though Purism literally said that people would receive fully functional phones even in one of the first batches:
> Q: If I receive the Librem 5 from one of the first batches, will I have a fully functional phone?
> A: Yes! Even the very earliest batches will be capable smartphone, including a modern web browser and core cell phone functionality.
This is a list of things wrong with the phone off your own sources. Can you point out what this brick can actually even do? Browse web at 130 Kbps for an hour before the battery dies? How do you justify the brick being anything but completely unusable in its current state?
How do you justify the total lack of power management as a "minor bug"? Or any of the problems below as a matter of fact.
> Power management is basically unimplemented.
> The battery dies quickly and (because the power goes straight to the CPU) takes a long time to charge.
> The other is that call audio isn't routed to the speaker
> The cameras don't seem to be enabled yet. Installing & opening up Cheese, I just get a message saying "No device found".
> The phone is chonky.
> The data connection seems to be rather slow. fast.com says I'm getting 130 Kbps
> I can't change the "network mode", every time I try I get an "Access Denied" message, so I'm not sure it's actually using 4G.
> It takes 10-12 seconds of holding the power button before it gives any indication that's it turning on.
> In the settings of the Librem 5, I can set multiple alarm clocks, and specify how to repeat and on which days of the week. So far so good, this is on par with most phones. Problem is, when the time comes, no sound emits from the device, and not even a reminder is visible on the screen.
> The first impression when unpacking was, that it is thick and heavy. In fact it is so thick that my kids make fun of me.
> The on-off button doesn't always work reliably
> When I can't get it to start with the on/off button, I usually open the device, and remove the battery for a moment.
> Unfortunately the phone froze during the initial setup when trying to connect to the office wifi
> The bluetooth configuration doesn't work at all.
> But that I didn't receive regular text messages is bothering me. A friend sent some to me for testing, and none arrived.
> Even before I wanted to place a call, I read in the forum that there is a problem with audio routing. I didn't even get that far. I cannot initiate a call, because below the dial buttons there is a message warning me that there is no voice-capable modem.
> For the first three days, after every reboot, the system date was reverted to February 2019.
> In the settings of the Librem 5, I can set multiple alarm clocks, and specify how to repeat and on which days of the week. So far so good, this is on par with most phones. Problem is, when the time comes, no sound emits from the device, and not even a reminder is visible on the screen.
> Whether the screen is on or off doesn't seem to make a difference. The device gets very, very hot. It is no surprise that the battery doesn't last very long. It doesn't even last an hour.
> But when it is turned on, I don't really know if it is slowly charging or slowly discharging. > When I plug in the phone to my notebook, the notebook often looses internet connectivity.
> As a test I installed my favorite desktop Bitcoin wallet: Electrum. Unfortunately it didn't start.
> I hate to say it, but at the current state, this phone is even less usable than both my previous linux phones in their initial condition.
First, not all of the parts are necessarily produced in the USA - the PCBA is produced there, and the parts are assembled there, but the parts themselves are likely procured elsewhere. Even still, this greatly complicates the kind of supply chain attack this is meant to prevent, because you have to compromise individual components that you hope will end up in the device you're targeting.
Second, they already had these facilities in place in the US for prototyping purposes. Thus, the up-front cost investment for setting up a facility in the US is much lower than usual, so they can set a lower price than others might be able to offer.
Third, there is probably a capacity constraint at that facility; the price chosen was likely selected to suppress demand below that threshold, not purely based on relative production cost.
Finally, although I have only limited experience (n=2) with cross-shopping electronics manufacturing between the US and China, a 3x overhead is actually substantially lower than I would expect; we were seeing ~6-10x increases for manufacturing and assembly. This could be because their production facility (which, again, already exists) would otherwise be sitting idle.
I can't speak to the health of their business (a sibling comment suggested this was a "money grab"), but the numbers seem pretty reasonable for what you're getting, overall. Note that this is not targeting the same crowd who buys "Made in USA" t-shirts to support the local economy; the audience is more likely to be security wonks who are already concerned about supply chain attacks.
I think the real target is - or should be - CIA, and NSA. People who have security needs that China will never agree to. The hardware switches help play into their needs: shut the chips off in situations where they are a concern.
Pursim should have a standing offer: we will make your phone on a day scheduled well in advance and allow your auditors in the factory to watch over the process. At an extra cost of course, but I think this is something they could offer easily enough and it would be very helpful to those most paranoid about security.
Dealing with government contracts isn't easy though.
Compromising the PCBA is not reasonable attack, if you trust the company you're buying the hardware from. Their engineers will review the delivered hardware and ensure that the delivered design is identical to the one ordered. Realistically, the kind of bad actor this is marketed to prevent have no trouble getting into a chip fab in China (where the chips going onto the PCBA are produced) and inserting hardware backdoors there, which couldn't necessarily be detected by the engineers.
Low volume is a constant across their existing offering and this "made in usa" offering, which if you've been following the librem 5 story at all you'd already know is unnecessarily overpriced.
There's no need for them to limit demand of the USA model with a higher price, the demand for this phone is very low in general considering it's not even usable as a phone.
Edit:
"Librems are heavily overpriced but that is because Purism seemingly never tried to get better deal and the South San Francisco partner abused this so that is why Purism Librems are double the price they should be." - Zlatan Todoric former Purism CTO [0]
While I love the idea, that price is totally insane. I don't see how anyone would be willing to pay that much for what is essentially a beta device. It seems that it is quite difficult to manufacture these devices, at a reasonable cost, without help from the big names :(
On the other hand, many people probably think the same about the "standard" Librem 5 price.
The people getting them already do so because they want the idea to have a chance, not because they're cheap or directly good value for money. Some might say "it's double than what I'd spend on an Android, but that's worth it" about the normal price, wouldn't be surprised if for others the reference frame is "2x iPhone" instead.
Having just come from seeing Black Friday sales: is it actually 2k, or is it “2k” with regular sales making it the actual price (which we will see before Christmas)?
Sure, but there is a significant increase in costs to produce everything in the US. I've been shocked by how certain production processes are simply super difficult to find in the US. Even things as simple as injection molding can cost 2-3x as much. Add on shipping costs, etc. within the US and you can easily add several hundred dollars or more to the cost of this product. That's especially true given the low volume.
Right, it's obvious, $2k per sucker for something they don't have to make until Q3 2020. Sounds like an interest-free loan to me.
I suspect they don't have the cash on hand for manufacturing the pending existing librem 5 orders, which unless I'm mistaken requires some redesign work to fix the thermal issues.
digression: christ, what font are they using? the undersized letter 't' in that text hurts my head just looking at it, barely making the text readable. i couldn't even finish a post and get the gist from the comments here.
comment: doesn't it reflect poorly on librem to even offer this option? for a hw company whose sole market shtick is to offer hw/sw privacy they're now implying that the majority of their hw can be compromised and if you really want the uncompromising security you should get the 4x more expensive option made in the USA?
either they should completely eliminate the made in china option or they really should try to spin this a different way, because it reflects absolutely horribly on them.
I find Baskerville pretty readable. Is it the same font you're seeing on the page? I wonder if something caused your browser to show a fallback instead.
I think it reflects that all phones made in China have the potential to be compromised by malicious actors. That risk shouldn't be in most people's threat model, and if you're comparing the Librem to a standard Android phone you're still getting a substantial privacy bump just from hardware kill switches alone.
If you have a very specific threat model, Purism is now one of the few companies that offers made-in-US phones, which (in theory) fills an underserved niche. But most people who want a Librem 5 should get the normal phone.
If you have control over the entire assembly process, that eliminates a class of security risks that otherwise need to be addressed with tamper-evident firmware or by checking for bugs and extra components after the phone is assembled. But that drives costs up substantially, so nobody assembles phones in the US -- not even companies like Apple.
Remember that security isn't binary. Different segments even within the privacy community need different levels of security.
why shouldn't, in this case, security be binary? either there is a threat or there isn't. if someone in china is adding additional monitoring malware to librem's phones then isn't the whole privacy/security thing out the window?
either they believe in their chinese supply chain or they don't. and it's not like their usa manufacturing is done in-house by librem so they still don't have 'control over the entire assembly process" because they depend on a 3rd party to make their boards for them.
They have a nonbinary degree of confidence in the Chinese supply chain, while keeping in mind that the risk is slightly higher than it would be if it was assembled closer to them within an imperfect, but at least less openly hostile government that has less access to directly control business operations.
The likelihood of China compromising the Librem 5 is very low, and there are safeguards in place to prevent that. But no safeguard is absolute. Even manufacturing in the US isn't absolute security -- it's just a bit less dangerous than China.
Whether that reduced risk is important enough to be worth $1300... I tend to think it's not, but I assume there are a few people who will care enough to pay that.
The same situation applies to companies like Apple, Samsung, etc... the only difference is that those companies have judged that the potential market benefits of catering to people who have extremely strict privacy requirements is too low to justify starting up US operations.
The hardware switches are also a good example of what I'm talking about here. There is a small risk of malicious firmware or a bug in software allowing a camera to be turned on without your knowledge. Does this mean the iPhone is insecure? There's not a yes or no answer. It means there is a specific subset of users who would be served by a stricter (but still imperfect) extra security control -- a physical kill switch.
An even safer policy would be to remove the camera entirely -- then you could be certain that the physical hardware isn't defective and allowing the camera to be flipped back on. But even that wouldn't be binary security. There is no such thing as binary security.
For those downvoting, I suspect the point is that we've had leaks demonstrating that the US government is capable of compromising hardware devices (e.g. networking equipment).
Which makes their concerns about Huawei all the more understandable. They know the risks because they've performed the attacks themselves.
There are many countries where I would expect a conscientious citizen to make the public aware of such a compromise. The United States is among them; Lavabit's actions provide precedent.
