I agree that it is far from perfect that there is still a massive attack surface left. But wouldn't you agree that there is a big difference to current hardware where the stuff is arranged in a way that detection of malicious activity is not even in principle detectable.

I mean it is very important to point this things out, like you did so it can be addressed. Because with the librem5 this can actually be addressed.

I agree that the advertisement is a bit over the top. But the criticism is on an incredible high level if you compare the librem 5 with any other smartphone where the malware is basically built in and where people think that installing some app makes it secure. Didn't even Snowden recommend Signal or something.. This project is some serious progress in the right direction and while there are issues left they are not as big as some of the libre people try to make it look like in my opinion (which does not mean that pointing them out is not important).

And apart from all the security and privacy stuff which is of course important, there is also the fact that there currently is no modern smartphone with native GNU/Linux support out there. And this is even more important to me than the privacy stuff. Because if it can run an upstream kernel and a default distro there will never be a problem with updates as long as the hardware functions. Because there is really a bigger thread here than 3 letter agencies and that is malware, which Android like all open platforms which use the model where you don't have a maintainer between the dev and the user has a serious issue. Having a standard distro with applications from a maintainer will solve the update and the malware issue in my opinion.

The fact that there's still a lot of work that needs to be done to achieve what the developers claim they want to do is precisely the reason why all of this needs to be pointed out. From a security standpoint there's really nothing worse than a user who thinks they're completely secure but aren't the same way people treating Autopilot as a full self-driving feature are a danger to themselves and other road users.

The point I was trying to make is that while this allows for a lot of the issues to be addressed, actually addressing the major things like how the linux kernel is literally built to blindly trust the hardware is well beyond the scope of this project. People need to understand that if they're going to be using this device because of it's security features.

As I said, the fact that this is being sold on it's security means that security needs to be analyzed in detail. The fact that this is FOSS is all fine and dandy, but that doesn't mean that it's somehow excused from criticism. Running a mainline kernel and all round FOSS software (if you don't count the binary blobs for the wireless and probably also the GPU) may make long term support for security a bit easier, but as I already said, it doesn't mean you shouldn't look at it critically.