September 24, 2017 5 min. read

Why supporting the Librem Phone crowdfunding campaign helps postmarketOS (and friends)

Proprietary components make smartphones insecure for the masses

Whenever you buy any smartphone, you get a device full of proprietary components. These are integrated so deeply with each other that they can access everything on your phone, such as the camera, microphone, browser history and chat messages. Since these components are proprietary, they've been designed to make it impossible for anyone but the vendor to modify, and they can only be understood by others through immense efforts.

Oftentimes, when people succeed in analyzing them, they find security holes and sometimes even backdoors. Since these devices are only supported for short periods of time by manufacturers and vendors, they refuse to close newly discovered security holes when the support period has run out. The relatively small number of people who are aware of this issue are forced to buy new devices every few years. Meanwhile the unsuspecting general public doesn't realize how insecure their devices are, thus lowering security for everyone. What good is it when you have a protected phone, but most other people you meet and communicate with might as well be carrying around spying devices?

postmarketOS tries to fix existing devices

Our solution is to replace the entire operating systems of these devices with an alternative one, that uses free and open source software wherever feasible. In order to do that, we're bending the security-focused Alpine Linux (you may know it from Docker, but it is much older) to work on all kinds of existing mobile devices. In the spirit of real Linux distributions, there is a package manager and as much freedom for the user as possible. We aim for a 10 year life-cycle for smartphones and, although we're in pre-alpha state, we have made quite some progress and have lots of documentation available. Ideally we fix all security issues from the outdated vendor OS by using up-to-date software (e.g. the Linux kernel).

Librem 5 phone does it right, by design

The people from Purism provide another way to reach the same goal: They bend Debian GNU/Linux for one specific phone, which they will create from scratch, the Librem 5. It will have as few proprietary components as necessary, and these will be isolated in hardware from the rest of the system. That means, even if someone hacks them through a security hole, those components will be unable to access other components storing or capturing other data (e.g. chat messages.)

Planned hardware kill-switches for camera, microphone, wifi, bluetooth and cellular modem will allow you to turn on certain components, which are highly likely to be proprietary, only when needed. Imagine flipping the microphone switch before and after each phone call - that way you could be sure that it can not listen to any private conversations you are having from person to person while carrying your phone around.

It will be possible to exchange the battery and extend the amount of available storage space with a microSD slot, two important characteristics that increase the lifetime of a phone.

Common ground

The Librem 5 is privacy and security focused, so we expect it to have full disk encryption. Full disk encryption safeguards the data on your device by requiring a password on when the device is started before any of the data on it is accessible. And without that password, someone else is not able to find out which data is stored on the device, or which programs are installed. In order to type in this password on a PC you would normally use a physical keyboard, but on a phone you will need an on-screen touch keyboard. We have put some research into this topic already and, as there was no existing Linux program just for that purpose, we created our own program: osk-sdl. That is one example where the Purism could use a component started by the postmarketOS community and make it a shared component we develop and improve with joined forces.

User interfaces are another example: Purism will either use KDE's plasma-mobile or Gnome, while postmarketOS is interested in all kinds of mobile-friendly user interfaces. We have done early work on plasma-mobile already, and Gnome is directly provided by our upstream friends. So no matter which one will they decide to run on the Librem 5, we will benefit from them making sure it is ready for daily usage on mobile phones.

We were happy to learn that the Purism has teamed up with Matrix to provide the native dialer and messaging program. Despite not involving red or blue pills and an illusion of reality like the famous movie, Matrix is a decentralized open source protocol for real-time communication with state-of-the-art end-to-end encryption. It is a big win for privacy and security, and Librem users will be able to use it by default. Traditional, unencrypted telephony and SMS are also available for use when necessary. The best part for us is of course, that we could package the resulting applications for postmarketOS, bringing them to a wide range of old devices!

All or nothing

There is a pattern here: Once the Librem 5 development takes off, everything that gets built for it (by Purism or by the wider community) and that is not strictly tied to Debian, can be used by postmarketOS and friends.

One Librem Phone costs $599, but it is possible to support the campaign with other amounts of cash (starting from $20). While the price tag for the Librem 5 is high compared to cheap Android phones, keep in mind that it is for a device giving you freedom, privacy, security and, considering how active and time-proven the Debian community is, it will likely get updates until it physically breaks. The estimated delivery date is January 2019.

No matter which Linux distribution, phone, desktop environment, messenger, init system or libc you prefer: A successful Librem 5 campaign will rapidly improve the situation for all Linux distributions on phones. But it's an all or nothing campaign. If our Purism friends don't reach their funding goal, none of these awesome features will be implemented by them and the Librem 5 will not see the light of day.

So let's make sure that it succeeds.

Comments