back to article The App Gap and supply chains: Purism CEO on what's ahead for the Librem 5 USA

In June, Purism began shipping a privacy-focused smartphone called Librem 5 USA that runs on a version of Linux called PureOS rather than Android or iOS. As the name suggests, it's made in America – all the electronics are assembled in its Carlsbad, California facility, using as many US-fabricated parts as possible. While past …

  1. thejoelr

    3GB a day huh?

    I really hate it when companies push 'facts' that are obviously wrong. Anyone on a metered data plan is quickly going to notice 3GB a day, or 900GB a month of your data being sent back to Apple/Google. When the peddle such obvious lies in things I can quickly check it makes me question everything else they say. The tethering thing is easily avoided on Android phones, and it usually a violation of the TOS and can get your account suspended. They also talk up where the CPU is made, but a quick search shows the modem supplier is Broadmobi Shanghai. The facts are that with that price they have a tiny market when much cheaper alternatives exist.

    1. Paul Crawford Silver badge

      Re: 3GB a day huh?

      What of wifi traffic, as most phones will be far more chatty on that sort of a connection?

      But the volume is not the issue, it is the fact iOS and Android are always passing on information about the phone and its "location" (even if just nearby SSID or Bluetooth MAC) even if you don't want it to.

      If you don't mind that sort of surveillance then obviously paying a lot for a special phone like this makes no sense, but I can see some folks who want or need this level of isolation. Also it helps draw attention to what Google & Apple are up to.

      1. thejoelr

        Re: 3GB a day huh?

        I realize that they pass this information, but was there a real need to say it was 3GB? It is obviously untrue. The math on how much that is per hour/minute does not add up to anything close to reality. I expect people selling me technical products--especially security ones--to not be loose about such things for the sake of sales.

      2. doublelayer Silver badge

        Re: 3GB a day huh?

        If my IOS devices sent 90 GB per month, I'd see that in my WiFi stats. They don't. They track, and it's really important, and it's an issue that needs solving. Had they just stated the fact of tracking, they'd have been fine. When they decided to state a number, they did something wrong, because it led to this discussion about whether they're accurate while leaving it out would have prevented it.

        1. Falmari Silver badge

          Re: 3GB a day huh?

          @doublelayer "When they decided to state a number, they did something wrong, because it led to this discussion about whether they're accurate while leaving it out would have prevented it.

          You are right he should have not said "probably about three gigabytes of data". It has led to a pointless discussion on the figure 3GB being accurate. Pointless because 3GB without a period unit of measure cannot be judged for accuracy.

          There was no mention of 3GB a day, or over any other time period hour/week/month/etc.

  2. elsergiovolador Silver badge

    Asterisk

    Most distributors are based in the US with the exception of large integrated circuits that are made in a variety of countries where those companies do fabrication (US, Taiwan, South Korea, Japan); an example is the NXP CPU we use from their fabrication in South Korea.

    So much for Made in USA then, huh?

    1. Sandtitz Silver badge

      Re: Asterisk @sergio

      "So much for Made in USA then, huh?"

      ...are we reading the same article?

      'The main printed circuit board assembly (PCBA) is made by Purism in the US, and its microprocessor, from Dutch semiconductor maker NXP, is also made stateside.'

      1. elsergiovolador Silver badge

        Re: Asterisk @sergio

        Yes, this is misleading. Board assembly is not as important as what kind of parts are being assembled. If they focus on the PCB which is literally a laminated sandwich structure of conductive and insulating layers, rather than what is being soldered onto it, that's a red flag. If they dump components from around the world on it, they could as well have just assembled it in China - it makes no difference.

        Or if they make case for assembly in the US then they don't say if they have any Chinese or Russian employees at the production lines, which is probably just as important (so for instance CPC can't tell an employee to slip in compromised chips onto a tray that goes into pick and place machine).

        If you go to their website:

        Librem 5 USA and look at Table of Origin section, it literally says what I pasted above.

        If you look at the recent Product Change Notice of the MIMX8MQ6DVAJZAA CPU (assuming this is the same model), it also says it is made in South Korea.

        1. Yet Another Anonymous coward Silver badge

          Re: Asterisk @sergio

          Worse it uses a British designed CPU and a Finnish OS.

          Suppose it secretly logs any comments made about the Queen or saunas

          1. Clausewitz4.0
            Devil

            Re: Asterisk @sergio

            Is that really important that members of the British Parliament sometimes might frequent gay saunas? Nowadays you can't blackmail them with that anyway... because it's so common...

        2. Sandtitz Silver badge
          Thumb Up

          Re: Asterisk @sergio

          That's some good sleuthing there, thank you!

        3. jmch Silver badge

          Re: Asterisk @sergio

          They say up front - as many components as possible, not all.

          Obviously better to start somewhere rather than have to wait for 100% of teh supply chain to be in place before starting to deliver.

          1. doublelayer Silver badge

            Re: Asterisk @sergio

            Well, sort of, but it depends why you value the USA-based assembly. If you think that it helps you with the security of the components, then having important components made elsewhere (the CPU probably being the most obvious) isn't great for that use case. If a Korean-made CPU is satisfactory, maybe they should try making the whole thing there. This all depends on whether you consider a US-assembled device to have advantages, because if you don't, it doesn't matter much.

  3. VoiceOfTruth

    Turn this statement around

    -> the national security implications of foreign-made tech

    In which case, no country should trust American tech.

  4. steviebuk Silver badge

    Didn't see any mention

    Of right to repair. Thats one issue they should address if its easy to repair the device. Do they provide parts and schematics?

    1. The Man Who Fell To Earth Silver badge
      Black Helicopters

      Re: Didn't see any mention

      Did I miss where they talked about carrier compatibility?

  5. Anonymous Coward
    Anonymous Coward

    World too small

    I was involved in the design of a product that, in order to minimise exposure to a) idiotic US sanctions against random countries and b) idiotic random country sanctions against China (PRC), tried to minimise use of parts and proprietary tech from either country.

    It was a complete and utter failure. You simply cannot do it. At least we had the decency to admit it.

    PS: the concern with that product was exactly the opposite from jingoistic; the idea was to make the product as widely available to everyone and help reduce the tech gap, while simplifying import / export formalities.

  6. Manu T

    SoC to old-skool

    So basicly we've gone from System-on-Chip devices to old-skool phones under the disguise of privacy. Mean time promoting the "made in the USA" label while the whole privacy crap was started in the USA itself. Great. Yeah, I'm gonna trust these guys, sure... it's "made in the USA" right? >:->

    1. Clausewitz4.0
      Devil

      Re: SoC to old-skool

      You cannot trust anything "made in USA", because of their security agencies and the secret subpoenas industry.

  7. Clausewitz4.0
    Devil

    The App GAP

    A way to stop the App GAP is to pay coders to use the web version of the most common apps and to automate the command line version of those.

    As an example, Signal has a desktop version, that, with some voodoo, allows you to use the command line to register, and then to talk, message over the web app. Others might work also this way.

    1. teknopaul Silver badge

      Re: The App GAP

      There are whole bunch of services that I wish were just websites

  8. mark l 2 Silver badge

    While it seems a interesting concept, at nearly $2000 its only going to appeal to those who really need a super private phone and is never going to gain mass market appeal, so therefore the app developers won't have much desire to port their apps to it.

    As for the tethering situation the last time i tried on Android it was super easy, barely an inconvenience to get around those restrictions. There were several work arounds and apps you could download to let you tether when the T&Cs said you couldn't.

    1. Zolko Silver badge
      Big Brother

      ...appeal to those who really need a super private phone

      made in the USA ? Did you think that one through ? If you really need a super private phone, then buy a used cheap Indian-made throw-away phone and a Brazilian contract. Yes, you'll pay roaming fees, but with 2000$ you have plenty to go.

    2. doublelayer Silver badge

      Because it's running a mobile Linux distribution, it can be compatible with apps being written for others. The standard distro problem exists where an app may be written for a different mobile Linux in an incompatible way, but many will work. There are devices like the PinePhone that can be used by developers to port their app to a cheaper device. That doesn't give you U.S. assembly, so if you care about that you're stuck with the higher bill to buy this one, but if a developer writes for one of those, it can probably be used on this too.

  9. Anonymous Coward
    Anonymous Coward

    Still waiting...

    Ordered mine about three years ago .. After two and a bit years of being fobbed off with "two weeks away from shipping" I asked for a refund. They declined and literally went and rewrote their t&cs to make refunds before shipping date impossible (go check out the way back machine to see for yourself). Visa disagreed with them and gave me a charge back.

    1. The Travelling Dangleberries
      Happy

      Re: Still waiting...

      I wondered about delivery when I looked at the Librem 5 a couple of years ago. I ended up plumping for a PinePhone which was a fraction of the price. Running Mobian/Phosh most features work as they should albeit in a relaxed manner. It makes me smile a lot of the time using a "smartphone" running linux.

  10. James 51
    Go

    Anyone give them fairpone's number?

    Combine the modular construction and sustainability of fairphone with the privacy protections of this phone and you'd have one hell (of an expensive) phone.

    1. jmch Silver badge

      Re: Anyone give them fairpone's number?

      IIRC you can get a Fairphone with e/OS. It might not be completely silent about your location but getting a lot of Googly crud out of the way surely helps.

  11. F0ulRaven

    The sales patter is good - just wondering where the holes are.

    We have had a generation who have been brought up on the idea that if they are the product, the hardware is going to be cheaper, so $2k for a device that doesn't make money off my data, sounds like a truly honest approach.

    However, how true is it, really?

    There is always going to be a backdoor in any device, where there is a chance a bad guy is trying to outsmart the government.

    You only have to look at how the secure phones for criminals, EncroPhone, was not secure to see that in action.

    I am only interested in privacy from the ideological perspective, but I am yet to be convinced this is the ground braking device it claims to be.

    1. doublelayer Silver badge

      Re: The sales patter is good - just wondering where the holes are.

      I think the encrypted phones you're talking about were either things like An0m which were created by law enforcement, or Encrochat which was compromised by them. In both cases, those were mostly comms services, not hardware manufacturers. There is always a chance that someone set up Librem as a front, but if they did, they'd have made better hardware that didn't take five years to get to this buggy state. You can also review the code and designs that go into the device. Nothing can give you perfect guarantees, but those make it unlikely to be compromised.

  12. Anonymous Coward
    Anonymous Coward

    marketing garbage

    looks like a way to try to sell overpriced out of date junk to paranoid fuckwits.

    1. Claverhouse Silver badge

      Re: marketing garbage

      How dare you suggest our Glorious Ally's 3-Letter Agencies are composed of paranoid fuckwits !

  13. Anonymous Coward
    Anonymous Coward

    A chain is only as strong as its weakest link

    Any phone with a SIM card installed is leaking info anyway, at a minimum to cell towers providing location data. Furthermore any internet access - even through a VPN - is potentially leaking URL content data . If you are "purist" willing to pay 2K, that potential leakage should not be acceptable.

    I see a new business opportunity for Gwyneth Paltrow - expensive inert silicon eggs that can be inserted into the body and nobody will know except your friends who you tell and Gwyneth.

    1. doublelayer Silver badge

      Re: A chain is only as strong as its weakest link

      So Librem are responsible for fixing the internet now? Yes, there's leakage when you use systems. You don't want the leakage, can't use the systems. ESNI will eventually deal with the URL leakage problem. Nothing short of improving the mobile operators will fix their leakage problems. In neither case will the device at the endpoint be able to make massive networks stop using protocols with privacy risks on its own.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022