I'd be super uncomfortable to tie my account recoveries and stuff to a SIM technically subscribed to by another entity... But if I wanted a phone for leaking or whistleblowing, it's hard to imagine a better choice of service.
I would worry that since this service would be of such limited appeal, as you mention, that it might make these users more likely targets of spying and counterintelligence operations (I assume you're talking about government leaks and whistleblowing).
From their last major newsletter they are planning cable service rollout eventually, probably on Rogers. It's active in some low-income housing already I think.
The stopper for Bell Fiber FTTH is Bell blocking resale of service on their pure fiber lines to 3rd parties. I don't remember any specific dates but the CRTC is bound to hopefully force their hand one day.
I am too hoping they one day offer it, I love NCF.
Hello fellow NCF user! I love their network and customer services.
The price is higher than other 3rd parties but everything else about them is perfect for an ISP. Painless, accessible, simple signup with excellent, stable service.
Well I think the idea is that you are simply exposing your identity to a different entity, not another one, since your identity isn't passed down the chain.
Given that it's (probably?) impossible to use cellular internet without handing over your ID to at least one entity, the target audience of this plan is probably one that would prefer that entity to be one for which privacy is a primary concern.
(This is why I always wished Apple would become a cellular provider.)
I live in the US and I've definitely bought sim cards and activated phones without sharing an ID.
I even proceeded to (unknowingly) break the law with one of the phones I bought from target. (apparently you're not supposed to use prepaid phones for balloon tracking.)
Not that it matters, they can still subpoena the place you got the phone from and now they have a video of you.
While one can still buy a prepaid SIM card without ID in the USA (though I don’t expect that to remain the case for long), there are plenty of OPSEC slipups: if you top up your account with a bank card in your own name, the mobile provider will associate your identity with the SIM card. If you leave the phone with that card turned on overnight at your own home, it is trivial for the mobile provider or authorities to link that SIM to your own identity, etc.
But I believe these are scrutinized pretty heavily. I saw an article Woz wrote and you have to call someone before they are activated - I guess that might be a 6dof thing to identify your habits.
Sorry to be blunt, but you have no idea how "Targeting" works on Advertising/Telephone co.
When Verizon/Att/Tmo/etc sells your information to Advertising companies, they will "infer" your identity. They do not care if phone SIM have your ID associated. That ID is built from traffic.
If they see DNS requests to real state sites, they may put you in a bucket that says "high income", if they see searches (via DNS hijack to when you search by your addressbar like tmo does) for things like fastfood breakfast delivery, up in the "low income" bucket you go. Also, it will always have your Phone number.
Then those Advertising companies "enrich" this data with data from google or others, and can pin point you by email plus all the correlated data. Happy that you have facebook two factor auth to your SMS now?
It shocks me that people in this forum are completely oblivious to Tracking and think that the aborted "think of the children" law that requires you present an ID to buy a phone line has any importance...
So, to conclude, the traffic here is observed by the proxing entity, by the tel co, etc.
No, it's a financial blind: from the telco's point of view, the only subscriber is Purism. From your point of view, your telco is Purism.
Nevertheless, once you start spending 8 hours/day in the same spot for days on end, it will be pretty easy to link you from tower records to traffic, and then to your real world identity.
Those like me who dislike cell carriers selling our location data are best off using cellular data sparingly and not consistently at fixed locations when there is available wifi.
Combining this with financial blinding and you can likely use LTE at a protest in an oppressive country without much chance you get pinned down there and arrested later.
In the USA, of you want to use all the features, the IRS and many banks _require_ an cell phone registered in your name to prove your ID.
Assumedly, this number will not work for that...
EDIT:Bi previously said that the irs required you to have a phone in your name. That was incorrect.
I meant to refer to the full secure online access: You can verify by phone or mail, and they disabled mail option during covid a while ago.
Young people think they are clued into privacy, but it's all the old geezers who don't want to learn to use electronics who create demand for the the paper option. I wonder what will happen after they have died off.
None of the banking I have ever done has involved a phone number other than confirming that the phone I am calling from matches the number I entered in online banking, and receiving 2FA codes to that number.
When I opened the account in person, I needed a photo ID (driver license) and social security card (proof of SSN). Online, I surprisingly did not need the driver license at all, just had to provide SSN and e-sign a thousand forms. Phone number was not required and was not checked beyond confirming it was mine with a text code.
Update: I guess I spoke to soon--just received a notice about the following being added to the ToS for my brokerage account:
> “You also authorize your wireless carrier (AT&T, Sprint, T-Mobile, US Cellular, Verizon, or any other branded wireless operator) to disclose information about your wireless account, such as your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifi ers (IMSI and IMEI) and other sub-scriber status, subscriber method and device details, if available, to support identity verifi cation, fraud avoidance, and other uses in support of trans-actions for the duration of your business relationship with us . This information may also be shared with other companies to support your transactions with us and for identity verifi cation and fraud avoidance purposes . See our Privacy Policy for how we treat your data .”
I use Visible (a Verizon MVNO), which doesn't participate in these systems. Recently I had to verify with the IRS. While I couldn't use my phone to instantly verify, I was still able to be verified by them sending me a postcard. Annoying, but certainly not required.
StraightTalk allows upto 10GB of tethering on non-AT&T sim cards with the "unlimited" plan. On AT&T sim cards with a limited-data plan, they don't care if you tether.
I hadn't heard of this carrier before and it made me curious what the rest of their privacy was like, and whether this part of a overall policy. I didn't see explicit mention of opting out of the systems you mentioned. Is that stated anywhere officially, or is it just unofficial?
Their privacy stance overall looks just ok, maybe somewhat above average.
It does make me wonder how strong of a privacy stance Purism will take, or will be able to take as a service provider.
Some emphasis added, and some info trimmed (noted with ellipses ...)
...
I. COLLECTION OF INFORMATION
We collect information when you use our service.
This includes information about the calls you make and receive, text messages you send and receive, ___websites you visit, mobile applications you use___, and wireless network and device information, including location, Internet protocol (IP) address and connection speed, mobile telephone number, ___device and advertising identifiers___, browser type, and operating system. Some Visible devices include Verizon-provided system applications that collect information about network and device conditions, which is used to secure and improve our network and services.
...
II. USE OF INFORMATION
...
* Determine products and services that may interest you and market them to you, including on Visible sites and apps and on others’ sites, services, apps and devices as described in Section V below
...
III. DISCLOSURE OF INFORMATION
* Authorized service providers and partners. We share your information with service providers and partners that help us with a variety of things, including development and delivery of our sites, apps and service. ...
...
* Aggregated and De-identified Information. We may aggregate or otherwise de-identify information and use it for our own purposes or share it with third parties for their own purposes.
...
...
Your Right to Say “Do Not Sell”
The CCPA gives you the right to say no to the sale of personal information.
We do not sell information that personally identifies you such as your name, telephone number, mailing address or email address.. We allow Verizon Media and third-party advertising companies to collect information about your activity on our website and in our app, for example through cookies and similar technologies, mobile ad identifiers, pixels, web beacons and social network plugins. These ad entities use information they collect to help us provide more relevant Visible advertisements and for other advertising purposes. This activity may be considered a sale under the CCPA. Visit the Digital Advertising Alliance's Consumer Choices page to learn more about how you can limit this type of advertising. App users can opt out by using your device settings to “Limit Ad Tracking” (for iOS devices) or “Opt out of Ads Personalization” (on Android devices)
...
I’m not sure why it’s being downvoted, in the UK a phone account in your name is one of the most common forms of ID there is no universal government issued ID, not everyone has a drivers license or a passport and if you are living in a flat share or student accommodations you won’t have utility bills in your name.
As a few others have pointed out I'm not sure I buy the privacy argument here (although there is very little to go on on the linked page..)
Having your phone radio on at all (even without a SIM, e.g. E911 calls) is inherently privacy violating. If you must have connectivity on the go, any prepaid SIM + always on VPN will do the trick. Use Twilio if you want multiple numbers.
$99/mo is ludicrous, even if this actually works, which I have doubts about given the history of purism.
I asked them to elaborate on the privacy angle, and they answered (https://forums.puri.sm/t/announcing-librem-awesim-a-privacy-...) that a key point is that the SIM is registered in Purism name instead of the end user one. That would shield you from some id based tracking.
It wouldn't be hard for someone to resell SIMs (even pre-activated SIMs for a premium) to have less data on you recorded at time of said secondary transaction?
But the reseller still has to have their ID on file so they will constantly get deposed in cases where a sim card they sold was used and now the police are trying to identify the buyer. It would be a huge pain for them and I don't see it actually protecting the buyer much.
I'm not a US citizen so I'm not familiar with mobile plan prices there but T-Mobile Germany (our AT&T) has an unlimited data plan for 83€/month. So that's actually pretty close to the 99$. And seeing as they have the overhead as a relatively small company it seems okay to me.
Also they have their Librem One offering that includes a VPN. So it very much fits that use case. It's just not included.
Just so you have a reference for US prices, I'm with T-Mobile here in the US and pay ~$120 a month for 3 phones iwth unlimited data plans (although my speeds are throttled if I use my phone as a hotspot). Purism is definitely charging a premium for (potential?) privacy. Other MVNOs usually charge around $40-50 per month if you get a single line
we pay anywhere between $64-$80 a month (depending how many lines use over 2GB of data) for 3 lines of service on t-mobile that are unlimited all 3 ways (with the normal deprioritization that probably happens with this as well if going over 50GB a month, which we don't).
basically, I don't buy the significant value in their privacy mode (perhaps it has value to others, but not so much to me). I can see the value in supporting the development of the phone, but its a very significant delta in cost.
We’re paying $12/line/month + $10/GB over 500MB, but the data never expires. I’ve only had to pay for an extra GB a few times in the last few years, so it’s ~$14/month/line.
The sms and voice limits are high enough not to matter.
Is there anything more to it than a bit of billing indirection ? Hard to see any privacy benefits of that. How is it better than buying a prepaid sim ?
Down towards the bottom it seems like it's only presently available in the US, and they're simply using `.sm` as a clever domain name hack/gccTLD (e.g. .io domains, .ly domains, etc)
> We register your phone number in our name on your behalf and keep your personal and financial data private and out of the hands of companies who would sell it to others.
Presumably they have the information and will respond to a warrant but won't tell the carrier they're MVNO'ing who you are. This isn't that weird; for "work phones" companies often get a pool of SIMs registered to them which they then pass out to employees, and AT&T or whoever doesn't need to know who's in possession of each one at every moment.
No technical details in the technical details section. Talks about privacy and then uses the least privacy-respecting carrier: AT&T? Ok cool, so the customer bill says Librem... when this gets piped to the NSA with the location data, I'm sure they can't handle putting a name to it. When it gets sold to location brokers with current location information, I'm sure it won't have the unique phone number tied to it. Might as well wave and put a target on your head saying "please de-anonymize me".
No clear definition of where deprioritization limits kick in or how it is to be enforced. Who cares though! The Librem 5 ships with a cat3 LTE modem. That is only just LTE on a single carrier, no LTE Advanced, no carrier aggregation. Forget talking about 5G, we don't even have a modem that supports full 4G operating speeds. Stop hyping something you aren't close to.
Now I get it, I'm sounding very harsh but understand that this is a company that's selling a packaged virtue signal (sorta like Virtu used to) and is consistently over-promising and under-delivering. Making phones is hard, making them in the US is next to impossible. I'd rather have a piece of working/shipping Chinesium (Pinephone) for a fifth of the price and use a sim card paid in cash from a prepaid carrier that I can load whatever to it and isn't going to be gone in a year, if I cared to attempt anonymity.
> A phone number registered & operated under Purism
> Help fund additional developmental services offered from Purism
?
I don’t think anyone’s arguing that everyone wants this, but I think it (including “privacy as a service” as part of point №1) is ⅔ of the value proposition.
99 USD in Canada will buy you 50GB of data and unlimited calls to Canadian numbers only. Why are you judging a US phone plan based on how it compares to UK plans?
Comparing a dense urbanized island to the vastness of the US isn't really a fair comparison.
I'm not suggesting that $99 isn't too much, just that to expect price parity when the average subscribers per square mile is vastly different isn't realistic.
It's running on existing T-mobile or ATT networks (MVNO), so they're not competing on building towers or anything. https://www.t-mobile.com/cell-phone-plans claims that tmo will give you unlimited everything for $70/mo for a single line. So what's Purism giving you?
EDIT: rereading it, it looks like the extra cost is giving you some privacy benefits and helping fund them.
Yeah I had exactly the same question. I'm unable to tell from their page. I tried to follow the flow to buy the SIM to see if more details would pop up, but I eventually got stuck in an infinite loop clicking on "Sign Up Now".
If I could do dual-SIM on one account for 99 bucks and get both AT&T and T-Mobile backends, that would be killer. The only thing more killer than that would be swapping one of them for Verizon.
Sorry I am late replying. I was in the market for a phone, not an OS. I have no interest in learning and maintaining the skillset needed to change the OS on my phone.
I need a phone with robust support and good warranty. At the time I bought my iPhone 10S, it was a good choice, and I could even buy it locally to me. I was unaware of any option that would offer those things, was generally available, and didn't run Android (with Google Apps) or iOS.
iOS is a closed platform, but this is the only obvious negative thing about it, privacy-wise. You can opt out of every single cloud thing that ships with the phone, and most are even opt-in (for example, iCloud and Apple accounts in general). The phone ships with a robust suite of productivity apps, a modern web browser that is kept up to date, and many privacy options. And usually, opting out of something doesn't break some other random other feature on the phone for no reason. (I recently saw a recording of how you cannot have Google search installed on Android and refuse to share your call logs with it. Why? There are no such restrictions on anything on iOS, as far as I have found.)
The UI layer is closed source in Sailfish OS, so not better than iPhone in this case.
For Android, if getting a Lineage OS in phone, the first problem is Lineage OS still does not have automatic update without manually reboot into recovery mode, and need for user invention. Let's be honest I don't bother to update because of requiring human intervention in update until I find the time to do it. Not a good practice but hey...
Secondly, any phone could be dropped support by Lineage OS if the developer of that model just starts using another phone and cannot find another to continue supporting the phone.
The best option for privacy seems to be using GrapheneOS with Pixel phones, but GrapheneOS only supports as long as the support cycle of a pixel phone, so it is 3 years before end-of-life minus the time to develop GrapheneOS ROM for a new pixel phone. If you are going to value your privacy so much then this is the best, but a quite expensive route and not really environmental friendly.
An iPhone can receive update as long as Apple the company is not bankrupted. Well, you get a worse performance after update but at least it is an option to continue to use.
Devices with official LineageOS support will get OTA updates. Newer devices with A/B partitions will even get seamless updates like stock, where the update is applied in the background and the user just needs to reboot to use the new version.
Yes, but official LineageOS can be dropped without notice. And even if optimistically a popular device will not drop support until it's too old, the blob is still not updated and the linux kernel is not usually mainlined. Many exploit on that. And let's not talk about the blobs are not open source. That's why there is a demand on Linux phone which the kernel is mainlined and up-to-date.
Again, ignore the fact that iPhone is closed source, it does provide a infinite software update until it's broken, which is better service than most Android phone, even if considering installing ROM.
While support can be dropped without warning it's unlikely to happen once a phone gets ported to a LOS version. Usually it s just that the phone gets dropped when LOS drops that version. Hence the key thing to watch out is whether the developer is porting the phone to newer versions of LOS when they become available.
P.S. If/When they do and you use LOS be sure to tip LOS and the developer ;)
This is probably off-topic but on a very broad level, from a privacy point of view I think it is important to separate 'service provider' (controlling the instance of your data) from 'software' developer / 'hardware' maker (controlling the mechanisms of your data privacy), no matter who and how open-source they are.
I'm not sure this instinct applies much to this situation, but it immediately came to mind. Vertical integration is where user privacy (from service providers) starts to erode.
Ideally, we should have competing but inter-operable service providers on common platforms and protocols which have nothing to do with the service providers.
The normal version (not made in USA) is $750, which is more reasonable. It's not that cheap, but it's still an acceptable tradeoff for getting a full Linux distro on your phone. (Although there is the PinePhone at $149, its performance and hardware/software integration leaves much to be desired.)
pretty sure this'd be illegal in the EU where all simcard holders are required to tie the card to their ID documents by law, and there's a yearly checkup on these data
I think ~$840 of that is for dialtone, data, texts, etc. The other ~$360 is for PaaS and to be a Purism booster. It's up to you how much of is about being a booster and how much is about PaaS.
Perhaps you object more to the $840 than the $360? Did you see the price of the phone?
> This is just another desperate attempt to get some cash flow, I don't think they've even managed to ship the gen1 phone to all the backers yet.
This is not a desperate attempt, it is another service offering to align with their privacy focused hardware and software products.
They have been very open and honest about any delays in the shipping of the phones. Evergreen batches are nearly a month away. So they haven’t “managed” that yet because the process has not completed yet.
I signed on for their LibremOne family plan, and gave them 18 months to pull it together. They were unable to keep a Matrix homeserver operating correctly. I gave up.
I discovered privacytools.io operating services, and recently debian.social. And bought a PinePhone.
I too have issues with the quality of their matrix server. For example server errors out if you try to change a room's notification settings (and the request fails).
I wrote to Purism about that more than a month ago. They are running an old version of Synapse that needs to be restarted periodically so as not to exhibit this bug. Evidently they still have not updated, and they have not even arranged to restart it periodically.
They said Element is asking too much money for consulting on how to keep your Synapse server up, and have no one on staff equipped to do it. So, whatever the status of Librem 5 the phone, LibremOne the service is not a priority.
I use such a service for home internet in Ottawa, Canada (https://ncf.ca) and it’s been working great - with much better customer service.