This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China) [1]. Also, I preordered it for $600 a long time ago, and sometimes you can buy from resellers for a similar price [2].
>>This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China)
I suppose that helps a little. I seem to have incorrectly assumed that the USA model was intended for use in the USA, not simply assembled there. Still crazy expensive. For that price I'd expect it to come with a keyboard and mouse and replace my Thinkpad altogether.
The only problem I'm seeing is this is all Gnome and I'm a big Mate desktop guy. I wouldn't really have a desktop replacement unless I could get the traditional desktop back. Still this situation is a much better one than I originally feared. I'll be watching this closely. Thanks for educating me.
Well if you really want a phone that's secure and private, prove it by paying for it. Mass production and the ability to sell your data to advertisers means the stuff that does that will always be cheaper.
How does the Librem 5 support verified boot? What about user data encryption? Those are the first, most basic security features I am expecting from a smartphone. How about app sandboxes and strict MAC policies?
Correct me if I'm wrong, but the way FDE is implemented in Librem 5 means that it is only effective when the phone is turned off? The disk is decrypted when you type in your LUKS passphrase and after that, it stays decrypted until you completely power it off or reboot. That makes it pretty much useless on a phone that you carry around.
The linked source has a lot of stuff that is done "in the future" and basically all of those "in the future" suggestions, are inferior to what AOSP has had for years.
The document lists some of the drawbacks of Librem 5, such as the use of memory-unsafe languages, and then blames Android for also relying on the same memory-unsafe languages and even some Android-specific components written in memory-unsafe languages. The fact is that Android has tons of mitigations specifically for this problem, which Librem 5 completely lacks. They're not comparable in that way. Librem 5 basically exposes the entire Linux kernel attack surface, whereas Android has multiple layers of protection between userspace and the Linux kernel. Apps written in memory safe language, proper app sandboxes, hardened memory allocator, extremely strict SELinux policies, CFI, PAC, ShadowCallStack, etc.
The only nice thing Librem 5 has, are the killswitches, but do those really matter at this point?
Beats me, I dunno if it does. But if it actually has no ad network tracking, that's more than any other platform, and could easily be worth the extra cost if you actually care about that.
Lots and lots of people say they don't want to be tracked by ad companies. But how many are willing to open their wallets to make it happen? I'd say you can judge how sincere their commitment is by that.
You can block some of their access but it's hard from airtight.