Comment by aeturnum
6 years ago
I mean, I like Purism, but that risks still exists with this phone. With any phone. The promise not to snoop is central to their business model and I have no reason to believe they would snoop, but certainly the capability is there.
As always, it boils down to trust. Which phone would you trust more for ssh-ing into your office computer? An Android phone filled with adware, which you don't even completely own? Or a phone that was designed for privacy and for which all important components are open source / open hardware?
Office computer? Definitely Android.
Google is like a feudal lord. In exchange for owning you, they'll protect you from everyone weaker than they are. Google doesn't want to break into your office computer as long as they can shovel ads down your throat. And their reputation for security is much higher than a small startup regardless of the startup's competence and intentions. See e.g. Project Zero or Chrome vulnerabilities vs Firefox.
> And their reputation for security is much higher than a small startup regardless of the startup's competence and intentions.
Not all security mind you, Android runs on ancient kernel and it won't be changing for a long time even though Google announced plans for moving to mainline linux.
Since everything is open, you could probably run your own builds and use your own update server. Or you can use their code as a starting point and port whatever Linux distribution you want to it, which is a lot easier than a locked down Android or iOS device. And since it's so easy to replace everything, they need to maintain the community's trust since everything is in the open.
The best part is that I don't really need to trust Purism, I can choose to trust the community instead to whistleblow if Purism breaks the community's trust. Their target demographic is exactly the type that will be watching over their shoulder to make sure nothing fishy is going on.