> that users of the Librem 5 phone are objectively harmed in three ways

That's not true though.

First: things that were done in order to move the blobs out of PureOS weren't hidden in any way, to the contrary - they were loudly announced as "steps towards RYF certification", describing exactly how that's supposed to work in public blog posts[0]. I can't see how that counts as "[users] unaware of the existence of the blobs".

Second: the blobs are perfectly accessible to anyone who wants to study them - not only you can download them from repositories online, but you can even access the flash where they're stored on your device; you can also read and modify the code that loads them. What's more - you can even bypass that loading mechanism and load them directly by yourself from the main CPU if you don't care about keeping the blobs out of your rootfs (and some alternative OSes do that already). Which gets us to...

Third: users do have the ability to replace the blobs. Not only can they run an OS that loads the blobs directly - they can even reflash the storage where the blobs are being stored. And no, no disassembling, special tools or weird hardware tricks are necessary - you can just lift the read-only lock purely in software (it's a one-line change to the device tree), which is there mostly to prevent you from accidentally shooting yourself in the foot than anything else.

You may disagree whether the additional effort that went into creating these solutions was worth it - and that's a valid opinion to have, but nothing's artificially locked out from the user, so nobody is "objectively harmed" by it. That part is just false.

Disclaimer: I work for Purism on the Librem 5.

[0] https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...

How much engineering effort went in to this, instead of other improvements like reducing power consumption / increasing battery life?

I would have bought a Librem 5 but haven't only beceause of the power issues (which is same reason I didn't get a Pinephone).

Compared to other areas, I'd say "negligible" - but I wasn't involved personally (only joined the team later on), so take it with a grain of salt as it's not impossible that I'm missing something.

The M4 core was already there in the SoC sitting unused, it's not like it was added just for firmware loading ;)

The problem of course is that Purism markets the phone for security conscious people.

Not hackers who have the skills and impulse to mess around with binary blobs and microcode.

That’s dishonest.

Go take a look at the Purism’s website about the Libre yourself: “Security”, “peace of mind”, “digital privacy”.

You’re openly marketing the phone to regular people and businesses who care about privacy.

Nowhere on the site does it say: “BTW: We’re selling you a crippled phone because we wanted to get a fanatics approval. But if you study computer science you can fix that yourself!”

> Nowhere on the site does it say: “BTW: We’re selling you a crippled phone because we wanted to get a fanatics approval. But if you study computer science you can fix that yourself!”

Which is good, because it's not "crippled" in any way no matter how technical you are, and having a clear boundary between user's operating system and the hardware with potentially nonfree firmware can be useful even when you're not a "fanatic". Thanks to this boundary, whatever you download from PureOS repositories on the phone is known to provide you the four freedoms, with no exceptions.

Of course not everyone needs to value that, but at least that's the value proposition Purism is offering with PureOS.

I referred to that when I mentioned "loopholes."

It's a contradiction for sure, but either you have a "libre" device with non-free components isolated over a serial interface, or you have a less capable device.

Disingenuous, maybe.

I have sometimes thought of ditching my phone plan and getting a wifi hotspot, just to stop the phone carrier from messing with the software in my phone through OTA updates and whatnot. All communication would be through TCP and that would stop the phone carrier from talking to the mobile baseband processor, which could be completely disabled or removed. It would even allow ditching the whole phone and using a wifi-only tablet instead. Both sides (the wifi box and the phone) are hard to make entirely free, but by isolating them from each other, some higher control can be achieved.

Another HN user, tptacek, has made comments going back years now that point out how modern Android (at least Pixels) and iPhones all isolate the baseband behind a serial/USB peripheral interface. I'm not sure you would gain anything at all by going with your surmised setup above.

Many carriers do OTA config stuff when you insert their SIM,

cooperated with by your carrier.