
Lockdown Mode on the Librem 5: Beyond Hardware Kill Switches - NotYourAvgJoe
https://puri.sm/posts/lockdown-mode-on-the-librem-5-beyond-hardware-kill-switches/
======
johnchristopher
I am glad physical switches are making a come-back in computers and phones but
I wish it had happened sooner and because it's more convenient and practical
than a stupid piece of unreliable integrated flaky software rather than for
privacy concerns (meaning: why did we convert hardware knobs to software ?).

~~~
robocat
> why did we convert hardware knobs to software ?

Reliability.

Switches fail, and make devices less waterproof.

I have had plenty of modern devices fail due to broken on/off or volume
switches (and failed sensors, and failed plugs or sockets).

~~~
java-man
And the software "switches" fail too: I had wifi on my iphone 4 disabled after
an update. Who knows why.

------
black_puppydog
This really reminds me of Doctorow's Walkaway. Not exactly my favourite book,
but it has its merit. Among others "Lockdown mode" is mentioned right in the
beginning as being something crucial to get right. Glad to see at last someone
is actually trying. :)

------
JohnFen
That's pretty nice. I wish more devices came with hardware kill switches,
especially on laptops -- I always disable the camera and microphone on my
laptops, and it would be so much easier just to throw a physical switch (as in
a switch that actually breaks electrical contacts to the camera and
microphone).

------
nickpsecurity
Id like No 1 and 2 to be separated. I stay on Wifi a lot but rarely use
Bluetooth. Far as mic vs camera, I also use the camera separately from the
phone. Keeping video off by default can block privacy invasions that can
happen, by attackers or _buggy apps_.

On covering tablet/laptop camera threads, a few people not worried about
spying said some video app came on broadcasting to coworkers. One was in bed
half-naked with spouse. Another on toilet in office. So, they cover cameras or
kill video apps by default to prevent that stuff from happening again.

~~~
wurst_case
You can always turn off Bluetooth via software to save on battery if that's
what you mean.

------
jancsika
I wish they had gone with a single kill switch. The most common use case is
probably "Nothing gets in or out right now." But instead of flipping one
switch one direction, the user must now flip three switches the same direction
to get that common behavior.

Also, what's the use case for switches flipped in _different_ directions that
wouldn't be covered by software buttons? We can't possibly be talking about
targeted attacks-- in those cases you're screwed no matter what.

That only leaves indiscriminate software attacks. Now take the hardware switch
setting where baseband=off and wifi=on. I guess it's nice that evil software
cannot pretend that baseband is off when it's actually on. But evil software
attempting to "get out" is probably going to use a high level call out to the
net. So who cares that it must now leave through the wifi radio instead of the
baseband radio?

~~~
TACIXAT
I'm happy about multiple switches. I don't really understand how cell
basebands work and if I can trust a software kill. My biggest issue with my
phone is cell phone companies selling real time location data, so I will
mainly have that switch off while using wifi for communication. If the
software kill means the baseband transmits no data, great, I'd be fine with
just that. If it means the basebands transmits no data from the phone, but
still beacons out to cell towers, I absolutely will want to kill it while
remaining on wifi.

~~~
mike-cardwell
I also expect to have the baseband switched off most of the time and wifi on
most of the time.

I basically want a pocket computer. Access to the cell network is a useful
feature, but one I don't need most of the time, so why be connected to it all
the time, with all the privacy concerns that comes with.

~~~
blacksmith_tb
It will be interesting to see how carriers react to the option, though. As it
stands, they are happy to help themselves to your location and usage data
(much like ISPs do), having a handset that could turn that money-making flow
on and off might cause at least some to refuse to take you on as a customer.

~~~
kop316
There's plenty that are "bring your own device". From a carriers standpoint,
switching off the basband is the same as turning it off, so I would rralpy
doubt they could figure out the difference, much less do anything about it.

------
sevensor
I have mixed feelings about a phone that might lull me into thinking it's not
a computer controlled by a hostile entity. Carrying a cheap android, I _know_
I have an attacker in my pocket. On the other hand, I like the idea of being
able to mitigate the danger further than I can already.

~~~
mattnewport
I like this approach but I don't think you take it far enough. I like to
scatter broken glass around my apartment so I don't lull myself into a false
sense of security that it's safe to walk to the bathroom in the dark. I also
have my girlfriend poison some of my meals at random so I don't get complacent
about food being safe to eat.

~~~
sevensor
Look, if you want to attack my point with a house analogy, you're doing it
wrong. A better attack by analogy would be, "I don't want a lock on my front
door, because locks make you complacent."

~~~
mattnewport
If you think your analogy makes my point better than mine then you haven't
understood my point. I might also have mentioned how I only befriend convicted
criminals to avoid falling into the trap of thinking I can trust my friends,
or how I only hire accountants who have been convicted of defrauding their
clients so I don't get complacent about checking they are not stealing money
from me.

------
Zelmor
I am yet to see actual images of this phone. Sounds like something I would
buy, especially if I can install just a plain Debian release on it.

~~~
stagger87
Is there any reason to think it would run anything other than PureOS? Wouldn't
you lose all the functionality they are talking about in the post if you
installed another OS?

~~~
miloignis
Yeah, they say "Does not use Android or iOS. The Librem 5 comes with the
mobile version of our FSF-endorsed operating system PureOS by default, and is
expected to be able to run most GNU+Linux distributions." under "Security
focused by design" on the product page
([https://puri.sm/products/librem-5/](https://puri.sm/products/librem-5/)).

Myself, I really want to get NixOS running on it.

~~~
colemickens
_> Myself, I really want to get NixOS running on it._

Let's start a working group, stat! What a cool story it would be if we could
say that we built images for the thing before it ever even shipped and had a
one liner to emit new NixOS-based images for a Librem 5.

There is so much potential for experimenting with update models, read-only
secondary secure OS partitions (combined with Nix's reproducability starts
getting pretty compelling, in my opinion).

I go by the same name and am persistently in the Nix(OS) related IRC channels.
Cheers.

