I'm unsold on spending $2,000 or even $700 on a new phone, but I also care deeply about privacy and security. Is there any strong reason to choose "Librem" over a cheaper Android running LineageOS or GrapheneOS? They can be purchased for a fraction of the cost and have been quite reliable for me.
"First hardware kill switches; first replaceable cellular modem and Wi-Fi/ Bluetooth (on M.2 cards); first smart card reader (for 2FF OpenPGP card); first running 100% free software; only current phone to offer convergence as PC without special hardware"
Not sure why the downvotes, here - it’s incredibly valid that a phone of this price should be able to place a normal phone call - it also should’ve been a priority for the developers.
The down votes are because it can place and receive phone calls, there is just a bug that doesn't allow audio on the call. EDIT: according to someone below, that bug is fixed too.
In addition, the backers getting the phone now were explicitly told that the software isn't polished yet, and that they are getting beta hardware. The backers were offered also to be allowed to wait for a later batch if they wanted to.
It definitely is not ready to be a daily driver, don't get me wrong. But folks who wanted it early knew that.
Please read the other reply to the comment. You'll see where I got the impression then.
Edit: it looks like the person also directly replied to another comment of yours, so I'll add that here:
"
> and of course this "bug" hasn't been fixed
You can hear call audio if you use CI images since a few days ago already. Last rough edges are being sorted out right now before finally packaging it all into PureOS."
The "fix" hasn't been distributed out via an update. You can't expect consumers to go pull images off github. You can't call a problem "fixed" when the alleged "fix" hasn't even been distributed or tested by the public en mass.
It's still, quite plainly, ridiculous that they shipped a "phone" which could not (yet) make telephone calls. Even if they fixed the issue in a later software release, the fact remains that they shipped a product in an incomplete, partially unusable state.
Since you didn't read past the first paragraph, I'll repeat it here:
"In addition, the backers getting the phone now were explicitly told that the software isn't polished yet, and that they are getting beta hardware. The backers were offered also to be allowed to wait for a later batch if they wanted to."
This isn't hyperbole. The speaker used to not work during voice calls:
> The other [problem] is that call audio isn't routed to the speaker. I haven't personally hit this, I'm just using a data-only SIM and can't remember the last time I actually used a phone to make a voice call.
It does not; from the system perspective it's just a USB-on-M.2 peripheral that works perfectly well with free software such as Linux, libqmi, ModemManager, oFono or fsogsmd.
You don't usually say "printing requires non-free software" just because your USB printer runs some non-free firmware inside, even though it's technically true.
Sure, but most people don't and saying that without making sure they know what you mean is at best misleading.
Also, counting the modem as making the whole device non-free would require you to count plenty of other things as well, such as microSD cards, accelerometers, audio codecs, SIM cards, even USB-C cables, as all of those things (and more) contain non-free blobs inside. In my opinion it's not a useful stance to hold if you care about freedom - even FSF doesn't do that.
I agree with you but I think it is better that people realise this and then use the device as ‘as free as we can get without making me a hermit’ instead of just hiding it.
The point is - it is truly 100% free at the level that actually matters: the user controlled operating system. This is the point where I feel completely comfortable with calling it "100% free" without further explanation (especially when the last, and I think the only, smartphone to ever reach that level was GTA02 from 2008), just as I am completely comfortable with saying "I made this cake from scratch" without having invented a universe.
The only other way to do it is to have an SoC with the modem integrated on chip. The issue with that becomes that the firmware and usually drivers force a certain Linux version (my tablet is stick on Linux 3.10, my phone is on 4.19 and I'd be amazed if it was ever upgraded).
With this way, they can mainline the entire set up and not force non-free dependencies.
The PinePhone will likely be preferable to most LineageOS phones, since it will run a closer-to-mainline kernel. It's also expected to be available for a "fraction of the cost" compared to the Librem.
From what I've been seeing, despite the PinePhone having worse specs and not as much privacy focus it's going to absolutely chew up the LibreM 5's marketshare purely because it's more bang-for-buck.
Anbox is a compatibility later that runs Android apps on other Linux distributions. It's not stable yet, but there has been some interest in adding Anbox to mobile Linux distributions like UBports and LuneOS.
I doubt that this would be nearly as useful as you think since so many apps are dependent on Google services these days and even the client libraries for them are proprietary. And then there's the fact that you're constantly playing catch up with what is effectively a closed platform with no real public roadmap that throws the occasional source drop over the wall and says 'good luck!'
It's unlikely today's Google is going to be interested in seeing these efforts succeed. So an Android app runtime would likely only really run software from 5+ years ago well. Better to focus on making a really solid Linux mobile experience, IMO.
How do you know how useful I think it will be and in what ways?
F-Droid exists. People installing APKs exist. In some cases these options are better than literal nothing, and especially if momentum builds around these it's possible that app developers may notice.
For lineage, it is popular to install Google Play anyway. I guess that to be a copyright violation that Google looks the other way for and if a real world competitor did this they would crack down.
Yes, but they are not working hard. Even if they had the runtime, they won't have apps because google won't give the access to the play store, so what is the point of the runtime?
I've seen 3 projects working on the runtime (in 3 different ways with different pros/cons).
Any Linux phone is going to be expensive vs. an Android phone for what you're going to get given the low unit volumes. For some, privacy is worth a premium. For others, the ability to just run Linux will be.
That said, I'm probably going to go for the PinePhone as I just don't see the value add of the Librem. $2k is nuts for the dubious value of assembling a device in the U.S. (both because of our current <cough> issues and the fact that the chips, the things you need to be most worried about being compromised, would still be produced elsewhere... so you're paying a lot of money for a placebo) I think the Pine approach makes more sense cost/benefit-wise: just get a Linux phone version 1 built, worry about adding the sun and the moon later. But I can understand that there are those who look at the Pine as being too low-end feature-wise and are willing to pay up for the Librem.
Of course there's the old adage of "Vote with your wallet" by buying a privacy-respecting phone, you're incentivizing manufacturers to make privacy-respecting phones. And $2000 is quite a vote
I value this sentiment and do feel charitable, but $2000 is not a small amount for me - I could buy 10 or more used Android phones for the same price and flash them with open source software to give to friends and family. Wouldn't that maximize my contribution to collective privacy instead?
For two years until the non-replaceable batteries in the used phones wear out, so you'd also have to do it again every two years. Whereas with this, it's expensive because it's uncommon, but the more people who buy one the faster they can cover their development costs or fund further development that makes them more popular and achieve economies of scale, and the sooner it is that they can be making them at commodity prices for everyone.
That's kind of the point. Isn't there some advantage in supporting a venture that could ultimately produce an affordable new phone with all of those things?
At some point the existing stock of phones with the features you want is going to wear out unless somebody makes some new ones.
But that same CTO claims he wasn't interested in the phone project[1]. Evidence of his apparent disinterest-- the phone still doesn't properly route audio for calls.
I'm definitely not saying that guy is wrong about anything he is saying, but take it with a grain of salt. A lot of what he says in his interviews are based on 1+ year old info since he no longer works there and a lot of it sounds like hearsay.
The problem is no matter what custom flavor of Android you run, you are still running an OS made by an ad company designed from the ground up to spy on you.
And crucially, every time you buy an Android phone and flash another OS on it, you just paid for an Android phone, reinforcing the monopoly and generating profit for companies pushing the Android platform.
The correct solution is to refuse to buy a phone that ships with Android.
> The problem is no matter what custom flavor of Android you run, you are still running an OS made by an ad company designed from the ground up to spy on you.
LineageOS and GrapheneOS are based on AOSP, which is an open source project not really "made by an ad company". I agree with your latter point about supporting their hardware and typically buy used phones/computer for that same reason.
AOSP is not an open source project, despite the name. It is an export of the parts of the proprietary Android project which Google sees fit to release to the general public. Android is developed in secret and then the AOSP version is exported out of it. As such, AOSP is definitely still very much "made by an ad company".
AOSP is absolutely open source: the code can be viewed, modified, built and deployed as desired. There's good reason to be skeptical of Google-developed software, but your characterization of AOSP as "not open source" is simply not tenable.
Android versions in development are not open to contributions or community participation. Android is developed in secret behind closed doors. The end product AOSP spits out is open source, but to call it an open source project would be an extreme mischaracterization. And it is developed by Google, an ad company, not the community that eventually uses it.
Accepting external contributions is not a requirement of either Open Source or Free Software, and enforcing such a requirement is explicitly contra to the spirit of Free Software. The entire movement is about freedom, which includes the freedom not to accept downstream code.
Does LineageOS & GrapheneOS provides source code for all closed kernel drivers include modems?
How many people they can assign for serious Android security audit (>million lines of code)?
So, better be realistic about resources. Lineage even used Google DNS & Google internet checkers a lot of time, and probably uses it now. And I even don't started talking about general Google Play store apps, sending user data to Chinese servers is "normal" now.
What does any of this have to do with whether or not AOSP is open source? The Play Store isn't even part of AOSP nor Lineage/Graphene, so the point of that tangent is even less clear.
Purism is putting a lot of money into maintainability on the software side. The Librem 5 runs Linux 5.3, and as far as I can tell, have every intention of making sure that their phone runs a mainline kernel.
Any Android phone you get pretty much gets stuck on a version of Linux that will never be upgraded.
The Librem 5 also physically separates out the Radio and WiFi, and allows you to cut power to those, the camera, and the microphone.
I think the idea behind purism is to also choose hardware with minimal or no problem firmware that you don't have insight into. Given how much software out of our control seems to run on the communication hardware (the actual baseband chips), if they can give control over that it's a real benefit over just throwing an open OS on the existing hardware for phones.
My understanding is that's essentially impossible, but they're isolating the cellular modem into a detachable peripheral so it has no deep access into your device.
The FCC approved baseband chips run closed source software and do not have documentation for writing your own.
So you need to reverse engineer the chip, write your own software for it, and reflash it. But after reflashing it will no longer be FCC approved because some of the FCC requirements were implemented in software. So it will need to go through the FCC approval process again which can be very expensive.
The alternative would be to create your own chip from scratch but that is even more expensive.
It's a combination of there not being that many companies that produce one and none of them being particularly open about it, and the carriers not wanting them to be because they're stodgy bureaucracies that don't like to be embarrassed when things make it easier for people to find security vulnerabilities in their networks.
So we're stuck with isolating it instead. At least you can make sure it has no access to your stored data, camera or microphone.
You can't ship it without regulatory approval. That's unlikely to happen for an open baseband, because it facilitates abuse (at least, in the eyes of the regulatory bodies).
You can count the whole world's proprietary implementers of cellular tech on one hand. Compared to the rest of the phone, the rest of the phone is insignificant.