Comment by seba_dos1
18 hours ago
The real question is whether it affects me as a user. The RF spectrum used by cellular networks is highly regulated, so I wouldn't be able to use it freely either way. The PC keyboard I type on right now most likely has some kind of microcontroller running some code in it, but it's of little consequence to me whether it's free or not. I do care about what runs on *my* system though, as that has tangible implications, and I care about it the same way whether it's my laptop or my phone.
> that is non-obvious to the majority of users
Yes, and the consequences of that can be seen in TFA - locking things down due to ill-defined security concerns. Why not go a bit further - the most secure device is the one you can't use to do anything at all.
On a side note, app attestation is already unironically getting us there - you have to either accept that you have no control over "your" device or not be able to use it to interface with the world. For me, any platform that allows applications to attest the environment they run in is insecure by design, as it can be exploited against me.
> An important consideration for consumers is that their data is secure if they lose their phone
Well, it's a good thing that PureOS is LUKS-encrypted by default then. It even has a smartcard reader, so key storage can be decoupled from the phone's hardware.
> Why not go a bit further - the most secure device is the one you can't use to do anything at all.
That's not far off a reasonable criticism of Purism's security model, that a device so wholly compromised it requires one to activate all physical kill switches to disable the hardware in order to so much as safely enter one's device PIN (per Purism's own site content), that it's no longer useful.
Everyone has to make their own trade-offs, but for me that's a model so questionable that its utility value rapidly approaches zero.
I have absolutely no idea what you're talking about. You're either misunderstanding something or something really needs to be changed in the docs.
Citing an article [0], a post[1] on the site states, "Security researchers over the years have discovered ways to detect what you are typing on the screen simply by looking at variations in the accelerometer." (Infomercial-esque strikethrough not retained here.)
Purism's solution, apparently, is hardware switches. As I understand it, the accelerometer isn't disabled via hardware switches unless all hardware switches are disabled, as there is no discrete accelerometer switch: "To trigger Lockdown Mode, just switch all three kill switches off. When in Lockdown Mode, in addition to powering off the cameras, microphone, WiFi, Bluetooth and cellular baseband we also cut power to GNSS, IMU, and ambient light and proximity sensors."[1]
[0] https://phys.org/news/2013-10-accelerometer-tracking-potenti...
[1] https://puri.sm/posts/lockdown-mode-on-the-librem-5-beyond-h...
1 reply →
>> An important consideration for consumers is that their data is secure if they lose their phone
> Well, it's a good thing that PureOS is LUKS-encrypted by default then.
My bad, I meant leave their phone unattended. Wherein someone can compromise the device from boot, so that when unlocked, the device is fully compromised.
You don't have to lock things down to solve that either - see the measured boot process with Librem Key for an example.
(that said, this is a completely different threat vector that I doubt the common masses actually care about; and if I really had to choose between openness and evil-maid resistance, I'd choose the former)
I think the common masses just expect it in the first place. If you told someone that leaving their phone unattended could lead them to getting their data stolen, they would probably be surprised. I know this isn't a surprise to the HN crowd, but it is for regular people.
I would also guess that the common masses would choose the opposite as shown by them choosing convenience over openness. It's convenient to not have a separate key to prevent evil-maid attacks.
4 replies →