I'm going to say something that probably will get me down votes:
Why do we have to beg Google to keep Android open? Seriously. So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
A new platform needs to rise that breaks out completely from Google. I've given PostmarketOS a go (with a PinePhone) and while today I can't say it isn't a daily driver for everyone it is certainly the route that needs to be taken.
I'm still unable to use it because is not easy to break away from Android, but is a platform that I think about almost every day, because I do not want to use Android anymore and I'm willing to sacrifice certain aspects to have an open and friendly platform on my hands. And if it is not PostmarketOS then let it be another project.
We need these kind of projects, not kneeling down to a company like Google and begging for Android to be open. Effort needs to be put elsewhere. That's how major projects like Linux, BSDs and open source projects have flourished and taken the world.
Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...).
Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
It's not that a new mobile platform couldn't possibly succeed. It's an open platform that cannot, because aforementioned players don't want it, and without them, mobile devices lose 90%+ of their usefulness, dooming them to become mere gadgets instead of (crappy, toylike) tools for everyday use.
Back in '99 Linux didn't run Excel/Word/Powerpoint or most games, but I ran it anyway. What others call showstoppers are for me inconveniences.
I have a motorolla edge 2024 that I'll load whatever open source phone OS will work well enough to place calls and browse the web. I'll keep another phone for the rare times some corporate/government overlord requires it. Many folks who refuse to use smartphones, similarly own a smartphone they rarely use for systems that require them.
My recommendation is to put as little time and energy into closed, locked down platforms as you can. Feel free to complain, but don't forget you can make choices.
Technology has a ratchet effect at scale - as a solution becomes widely adopted, it switches from being a convenience to being a necessity, because people start building more stuff on top of it. It's as true of to-the-minute accurate clocks as it is of smartphone banking.
You can still run a version of Word from 2004. It's fine, if all you need is to write some thoughts down for yourself. But the moment you need to collaborate with other people via a Word document, you'll find it difficult without the modern version with all its user-hostile aspects - and more importantly, other people will find you difficult to work with.
Same applies to other software, web and smartphones, and to everything else in life - the further you deviate from the mainstream, the costlier it is for you. Deviate too much, and you just become a social outcast.
Social Outcast here... It's pretty good.
[flagged]
This is not a HN worthy comment, be nice.
I am nice, it was an illustration of what a logical position/reply would be towards their position "I am a social outcasts". It's a poor argument "it works for me as a social outcast". It's not normal to be one.
Word from 2004 works better than the office 365 version.
I've used it in the last three years to automate document generation in an enterprise because the latest versions of word:
1). Randomly break during automatic updates you can't really turn off.
2). Automatically upload everything to the cloud even when you tell them no.
This isn't the 90s when closed software was better. We are firmly in the enshitification stage of windows and office. Open source is better and is the only sane choice for enterprise.
Those are not words I thought I'd ever write in 2005 or 2015, but here we are.
Office 365 failed utterly today....
And we must let someone or some crowd dictate what our basic needs are. That crowd is part of our world. If we stick to our bows and arrows they come with canons and horses. Argh!
That worked fine before agricultural revolution. Since then, if you stick to your bows and arrows, you get sidelined and lose access to benefits of society and civilization.
If it forces you to keep running with more and more speed just to stay where you are, I wouldn't call it as "benefits of society and civilization". A lot of what we call as progress is a forced transformation of basic needs for the gains of business and politics not people.
Even the healthcare, which everyone thinks as a "benefit" of the progress, only resulted in having lopsided demographic pyramid with countries full of old people. I can't think of single scientific result benefiting the human race in its evolutionary goals.
Countries aren't full of old people because of healthcare, they're full of old people because birthrates plummeted after one of the largest generations ever was born in the post-war period.
Causality is complicated and probably impossible to untangle, but the vast decreases in both infant/early child and maternal mortality played a huge role here.
If half your children didn't die by age 20 (or 5), it was possible to have much smaller families. Industrialisation and urbanisation made children net liabilities rather than household assets (providing labour even at a very young age). Financialisation of real estate along with the rest of the economy made earning and saving money critical, and made non-cash or low-cash lifestyles highly marginal (self-sufficient existence or providing many goods and services through the home directly). All that in combination with improved adult lifespans meant that the demographic pyramid consolidated at the bottom and expanded at the top. There are still countries where this isn't the case, most notably now in sub-Saharan Africa, particularly where HIV/AIDS remains endemic:
Contrast Tanzania and Italy, for example:
<https://www.indexmundi.com/tanzania/age_structure.html>
<https://www.indexmundi.com/italy/age_structure.html>
Turned out that if you gave people choice they'd rather not have 7 kids! Surprise surprise.
Interesting to consider this thread with regards to the Amish. They noped off the tech treadmill but it requires a highly cohesive religiously centered society to maintain the necessary critical mass.
It's a lot harder to make an insular society which is self sufficient just to the degree necessary to create an open source smartphone :-p
Technology brings tradeoffs. Conformity in some regards, but it also opens up many new and varied ways of living.
Which is why we need to ban together. Libreoffice isn't dominate, but it has enough market share that it can't be completely ignored. Also if you are using it you are not alone - you are an annoying deviation, but there are enough of you that many cannot ignore you. The more people who also use libreoffice the more power we have. If we can get to just 5% market share we cannot be ignored. (it need not be libreoffice, there are other choices that support that file format well enough which is what we care about.)
LibreOffice's best guess is that they had 200M MAUs in 2019.
I personally find that hard to believe and they don't explain their methodology to arrive at that number (presumably they looked at the downloads and picked a number of users based on feelings).
But, if that number is true, then I suppose you're not only right, but LibreOffice is already near 5% market share.
>but it has enough market share that it can't be completely ignored.
This is the Hacker News bubble in action. Most of the world, most of America, most of China, India, etc. haven't even heard of it. They ignore it and they thrive. Maybe you need to pay attention if you're dealing with certain European governments these days - I'm not sure because I completely ignore it and haven't paid attention since there was just OpenOffice and LibreOffice didn't even exist yet.
> Maybe you need to pay attention if you're dealing with certain European governments these day
Open document formats have been the UK standard for things like .gov.uk for many years. About a decade IIRC. Ignored by some people (notably the Office of National Statistics, of whatever its called these days).
> Most of the world, most of America, most of China, India, etc. haven't even heard of it.
I have come across quite a few non-tech people who use Libre Office.
It has great (some people say better than MS Word with itself between version) compatibility with MS office formats.
I fixed a computer for some old people once who weren't the least bit technical, but they had LibreOffice installed. My guess is they found it searching "microsoft word free" or similar. A bit like how some kids end up finding Minetest/Luanti by searching "free Minecraft".
Source on most of China/India not having heard of libreoffice?
Kingsoft recently announced that WPS Office has 620M MAU users, the bulk of which is in China. Microsoft has even more Office users in China
https://finance.yahoo.com/news/chinas-microsoft-office-rival...
So if China has heard of LibreOffice, they clearly didn't like what they've heard...
It's the product of a government owned company... in China. What do you expect?
Moreover, what you write is monitored, and you may loose documents based on what you write [1].
[1] https://www.wsj.com/articles/a-frozen-document-in-china-unle...
> Moreover, what you write is monitored
So just like MS Word then
So, because competitors have traction nobody has heard of libre office? That's not a logical statement.
You can't prove a negative. Usage numbers tell the real story. Either people haven't heard of it, or, worse for proponents, they have heard of it and have decided it's not good enough.
> Feel free to complain, but don't forget you can make choices.
Of course. I can make a choice. When the choice is between being able to login to secure services with my SIM embedded e-signature, use mobile banking and conduct official business and not being able to do any of these things, making choices are easy.
Running Linux on desktop is easy mode when compared to phones, and yes, I started using Linux on desktop in 1999 too with SuSE 6.0. Phones are way more interconnected and central to our lives now when compared to a general purpose computer running your $FAVORITE_OS.
I booted Slackware from a pile of floppies back then. I thought the Germans had a pretty good offering with SuSE at the time.
Look I get it, even back then, most folks felt Windows was the obvious choice (and still do) for their jobs and so on. Sometimes you have to make do with with the unappealing choice in front of you.
For a little more context, my cracked screen iPhone can still do banking or whatever, but I chose not to pony up $800-$1200 for a new iPhone and bought the cheaper $350 Motorolla. It works for me and I think I'm not entirely alone. There are probably some cracked phones, some handme down phones that folks could use for those situations where you really need to use the closed platform, but otherwise are free to use something more open.
Slackware always brings out the inner teen in me. I feel giddy like in the old days. I need to install and maintain it somewhere some time, just for kicks.
I support FOSS wholeheartedly, and believe that it's possible to have a device which is completely Free (not Open but, Free) from hardware design to firmware and software.
On the other hand, there are some nasty realities which bring hard questions.
For example, radios. Radio firmware is something nasty. Give people freedom and you can't believe what you can do with it (Flipper Zero is revolutionary, but even that's a tongue in cheek device). Muck with your airspace and you create a lot of problems. The problem is not technology, but physics. So, unless you prevent things from happening, you can't keep that airspace fair to everybody.
Similar problems are present in pipelines where you need to carry information in a trusted way. In some cases open technology can guarantee this upto a certain point. To cross that point, you need to give your back to hardware. I don't believe there are many hardware security devices with open firmware.
I use MacBooks and iPhones mostly because of the hardware they bring in to the table. I got in these ecosystems knowing what I'm buying into, but I have my personal fleet of Linux desktops and servers, and all the things I develop and publish are Free Software.
I also use Apple devices because I don't want to manage another server esp. in my pocket (because I also manage lots of servers at work, so I want some piece of mind), yet using these devices doesn't change my mind into not supporting Free Software.
At the end, as I commented down there the problem is not the technology itself, but the mindset behind these. We need to change the minds and requirements. The technical changes will follow.
Luckily not everyone agrees with Richard Stallman's hard-line take on proprietary chips.
IMO, if the radio chip just acts as a radio, and passes packets as requested, and any needed firmware blobs are freely distributable, it's fine. It's not ideal, but it's good enough to make a libre-phone.
We all know the network is spying on us anyway, and the radio should be treated as being part of the network, on the other side of the security boundary from the main processor - and since we don't trust it, we don't have to demand that it helps us verify our trust in it!
For radios, the general idea of building radios to a spec and having them certified to be sold in country works pretty well most of the time. It might be nice to have a phone with plenty of flexibility on the radio, but I think most folks would be happy just to connect and send work-a-day packets OTA unencumbered by additional restrictions.
It seems like a hardware security device could act similarly to the radio in that the general OS can ask for service (e.g. a signature), but not have access to the internals of the MCU. I don't see why these systems need to be opaque either, in fact it'd be nice to know what is running on the security enclave or LTE radio, even if folks aren't generally meant to access/modify the internals.
It'll be interesting to see how things develop. In my case, I am looking for more experimentation with the smartphone form factor. I'd like to see better options in the market.
I don't think open source and not allowing people to break laws with impunity are at odds. Because there are laws governing airwaves. I think there would need to be some sort of legal entity (foundation?) that would need to steward open firmware + enable it to be locked down so regulations can be followed, but I don't think the two are somehow irreconcilable. The first example that comes to mind is how all the linuxes work with "secure boot" (all of its ridiculousness aside). I think it would be a more effort than that but I truly believe that it is possible to have trust and openness and following regulation. The idea that only a proprietary company can follow the law and comply with regulations is in my opinion strictly false.
That's a big part of the problem: enforcement doesn't scale. It's cheaper to restrict people by legal and technological means, than to let them use judgement and prosecute occasional abusers.
It’s fairly unappealing to carry around two devices also.
What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
We're headed down a very slippery slope and the destination is a very dystopian reality where those in power can prevent someone from participating in society on a whim. I believe the destination has previously been described as the beast system or New World Order.
We are all definitely going to have to make a choice. That much is certain.
> What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
In some cases, it already is.
We're already far on the path you described, and there is no choice to make on it, not for individuals. To stop this, we need to somehow make these technologies socially unacceptable. We need to walk back on cybersecurity quite a bit, and it starts with population-wide understanding that there is such thing as too much security, especially when the questions of who is being secured and who is the threat remain conveniently unanswered.
The US is not nearly as far down that path as is, for example, China. But two forces are at play here: 1. Near-term concern: F-Droid is getting too popular for Google's comfort and Android revenue ambitions 2. Longer term goal: Control. Much of Chinas's social credit scoring is mediated by their phones. Not an issue yet here in the US but assuredly, if not explicitly on the current's government's list of aspirations. A completely managed device with no freedoms (like f-Droid et al,) is antithetical to a more restricted (managed) device.
> Near-term concern: F-Droid is getting too popular for Google's comfort and Android revenue ambitions
That's good to hear.
I'm entirely on F-Droid, with no Google account.
Well put. Most SWEs on this very site probably require a smartphone for id verification for work. Acting like that is a personal choice is not useful
We're already there. Attestation is not in your phone, but in your ID card. European passports and ID cards carry biometric data of your face, so you can be computationally verified.
I'm aware of this slippery slope for a very long time, esp. with AI (check my comments if you prefer). On the other hand, I believe that we need to choose our battles wisely.
We believe that technology is the cause of these things, it's not. Remember:
The governments believe that this is the "necessity", so the technologies are developed and deployed. We need to change the beliefs, not the technology.The same dystopian digital ID allows me to verify my identity to my bank while I'm having my breakfast saving everyone time. That e-sig allows me to have a practical PKI based security in my phone for sensitive things.
Nothing prevents these things from turning against me, except the ideas and beliefs of the people managing these things.
We need to change minds. Not the technology.
> We need to change minds. Not the technology.
I totally agree that changing the hivemind's mind is the only way to preserve these freedoms.
Is anyone making any progress on this? Beyond the FSF, noyb, and hn lurkers?
I feel better having a physical token like an ID than it being on my phone, however.
Sure, but the bank feels better about forcing you to interact with their app on a daily basis, because this gives them a direct upsell channel for their financial services. They don't actually want you to us a physical token. Security is only an excuse.
Yup, right on target.
When that security model is based around SIM swappable hardware, this sounds at least questionable. Mobile security seems like a contradiction in itself. I would say this is also why Google is so eager to also lock down the last degree of freedom. So the joke is on you when you use it for online banking
Your comment makes a lot of assumptions, and all of them are wrong.
Exactly - if I don't have the Monzo banking app on my phone, I can't do _any_ banking.
Thinking about that now... That's not great.
I refuse to use a bank that does not have a website.
I do have one credit card that requires an app if you want to do thing online - otherwise its paper statements only. I use it a lot less as a result.
> Feel free to complain, but don't forget you can make choices.
Except, this not really a choice or a reasonable work around.
Phones are still somewhat expensive, not to mention a time-sink to maintain. Try explaining to your parents or even close relatives that they need to abandon the phone they either spent $$$($) on our spend a $$ monthly on that they should really buy another $$$($) phone and use their "official" device like a company card.
Bingo, this right here. Linux desktop wasn’t a daily driver until one day it was.
Although the only problem with this strategy is that Linux got that way because of a lot of private companies that actually wanted that. Valve didn’t want to be locked in with Microsoft. Many of Microsoft’s direct competitors also don’t want to be locked in. IBM famously switched to Mac, Google has been using Mac and Linux workstations for a long time as well.
Also, web technologies like Electron made porting applications to small user bases Linux easier. If that never happened, I wouldn’t be able to use my commercial apps on Linux. This concept might be a little more of a challenge for the mobile app ecosystem, which is a mix of native wrappers like react native and native apps, and there is a high amount of dependency on native APIs for the extra sensors and hardware features phones have the laptops and desktops don’t have.
E.g., For Linux on mobile to work react native can’t be an incomplete implementation like the status quo.
It's a transient state. Food for thought: how much of Linux being a daily driver depends on you having a modern Android or iOS smartphone?
If you need a locked down phone that passes remote attestation to authenticate yourself to a remote service, then whatever you use to access the service UI doesn't really matter: the only device that's necessary to have to use the service is the one you don't fully control, and which gets to control your patterns of use.
An intuition pump I like: imagine you want to put a widget on your desktop that always shows you the current balance of your bank account. You want it to just work ~forever after initial authentication (or at least a couple weeks between any reauth), and otherwise not require any manual interaction. See how hard it is (if it's even possible), and you'll know how badly you're being disempowered already.
Interesting thought. I’d say a low to medium amount but you’re making a good point here.
Most services offer simple SMS two factor, and then if they offer an upgrade to Authenticator or passkey then I have no iOS/Android dependency.
My bank’s website works almost the same as the phone app, I think the only difference is the lack of mobile check deposit (but nobody’s writing checks anymore).
Some services like Venmo are most popular on apps but still have a website.
My remaining hooks are:
- iCloud shared photo libraries with my family. I can use those on iCloud.com but it’s a bit more of a pain. My paid iCloud storage has been migrated to more open alternatives.
- AirTags and Find My. There just isn’t a competitor that’s anywhere near as good. It’s thankfully not a very necessary product.
- Apple Watch. (AirPods actually work great on Linux, btw, even if they are missing some functionality)
- Apple Home. I could migrate this to Home Assistant.
- Apple Wallet. This is mostly convenience. Most things that use it have some kind of alternative, like printed boarding passes. But there’s…
- Ticketmaster. The mobile website tells me I must download the app or add to mobile wallet. Barcodes are dynamic and screenshots don't work. I think the only alternative is to go to the box office before the event which can be very annoying.
My daily driver is Rocky 10, but my control plane is a Pixel 6 on the ATT network but I control almost nothing on that layer. It is why I have been moving most of my core workloads off SaaS and back to local.
My daily driver has been debian and ubuntu since Potato 25 years ago. My bank has been online only since 2006 and has worked with Konqueror and later Firefox all that time.
2FA is either a standard TOTP generator or an SMS.
Now I do have a smart phone, because I'm not a complete luddite, but I can't think of anything other than perhaps some forms of entertainment (apple tv, paramount, disney perhaps) which might not work on my laptop. I shun things like notifications of my bank balance, is that an essential thing? How did people in the 90s cope without a per-minute balance?
Account balance is a litmus test. If you can't liberate even that information, you've lost control over the banking and your own device.
> 2FA is either a standard TOTP generator or an SMS.
For now. Be grateful while you have it. Most banks everywhere are moving to 2FA through push notifications to their proprietary app, and are deprecating other channels. TOTP is becoming unusual in a bank; where I live, I haven't seen it in use in banking in over a decade (though I'm not counting SMS here; they're technically kind of like TOTP, but they're generated by the service, not on your end).
Between that and a web-wide push for passkeys, having a locked down smartphone is already becoming a soft requirement for doing anything on the web.
"lost control" seems odd, before 1999 I got a bank balance by phoning up a number and putting a ton of other numbers in, so I'm not sure when I ever had control
I guess I could automate my browser or write something, but the lack of a published API doesn't mean I don't have theoretical control over my device (in practice I rely on a linux distribution and firefox/mozilla to create/maintain the browser engine)
Sure in the future they could hypothetically enforce non-free methods to access my bank, and hypothetically all banks could do this, but that's certainly not the case now.
Personally I wouldn’t want to have an account with any bank that allowed permanently open api’s - an attacker gets one auth and then can see my balance forever? No thanks.
And that would give the attacker exactly what?
Yes, I can come up with scenarios where this gives an attacker exactly what they need to time some scam (or mugging) perfectly. I can just as easily come up with scenarios where the same attacker uses already available (or inferrable) information for the same purpose.
Look, many banks are perfectly fine with letting you opt into showing the account balance on their app before log-in step[0]. So why not let someone opt-in to direct access to that information? Or even opt-in to allow the app to expose this information somehow. Even in a body of a goddamn notification[1] (not disabling screenshots is too much to ask, I know, surely everyone will get hacked if this is enabled).
Paranoid mentality about cybersec is a big part of the problem - in itself, but also because it legitimizes the excuses app vendors provide to force users into their monetization funnels.
--
[0] - It's not a very useful feature, since you still need to open the app - and at that point, it's faster to log in via PIN or biometrics than to "swipe down to reveal account balance" or whatever bullshit interaction they gate access through in lieu of just showing the damn thing.
[1] - The increasingly common pattern of "let's notify user that something happened, but do not say what happened in the body of the notification" is getting infuriating. It's another way to force users to "engage" with the app, and it happens to also deny one of the few remaining ways of getting useful data from the app for purposes of end-user automation.
It would give them my balance, something extremely private to me. Not sure what you’re not getting about that.
There’s good reasons you can’t do this, and sure, maybe you don’t care about those reasons, but you’d be in the minority.
Bitcoin :D
All fun and games until you want to exchange it to traditional fiat - at which point regular banking suddenly feels like FSF heaven in comparison :).
Lots of private companies do not want to be forced to pay Apple and Google a hefty chunk of their earnings either. That's what drove Epic Games and Spotify to fight Apple.
I have a lot of use cases for general purpose computers. If I am operating an event, "inconveniences" are literal showstoppers. When I'm running sound at a performance, switching audio inputs needs to work instantly and with essentially perfect reliability.
Another use case which Linux has a lot of trouble with is operating as a replacement for a pen-and-paper notepad. When I set a computer down for a day, I should be able to turn it on instantly and see the notes that I wrote 3 weeks ago. There are a variety of reasons this doesn't work on Linux. You say "that's an inconvenience" but there are circumstances in which being able to read those notes without needing to wait 30 minutes for the laptop to get enough charge and boot up could be a matter of life or death.
If these kinds of issues are mere inconveniences, that means the computer is a toy rather than a tool.
> I'll keep another phone for the rare times some corporate/government overlord requires it.
Not having to do that is the whole point (especially as those are not rare to most of us).
This reminds me of a Woz interview in the early days of the iphone, and his solution to it not supporting multitask was also to run two phones.
The problem is as aforementioned players pressure users and government, they can make certain aspects of the economy entirely inaccessible to unapproved platforms. Netflix and co can simply refuse to support streaming on devices which aren't hardware locked. Banks can refuse to do business. Sure banks have in person locations, but they've become fewer and more backed up.
One certain thresholds are reached, little can be done even for the committed outcast.
How about you don't forget about the majority of users out there who are unable to do the techy thing to circumvent technical issues?
It is a constant trope in technical forums.
We are a minority. Solutions which might be "inconveniences" for you, might be unsolvable issues for the rest of the planet.
> Back in '99 Linux didn't run Excel/Word/Powerpoint
It still doesn't btw.
It can via Chrome.
https://www.microsoft.com/en-us/microsoft-365/free-office-on...
Well it's true that there's a web option, but it's not the same. It's way more annoying to use IMO (it feels like all your files have to be "in the cloud" ?), and it struggles with big files. On top of that it's less responsive than the desktop version.
> Back in '99 Linux didn't run Excel/Word/Powerpoint or most games, but I ran it anyway. What others call showstoppers are for me inconveniences.
It didn't ran on computer of people that wanted Excel/Word/Powerpoint or most games. I don't think the market of people wanting to use their phone only as a server is big enough for a competitive OS to arise, but I may be mistaken
What's an inconvenience for you is a no-go for many others. I'm willing to put up with certain things... others aren't.
You can't buy a new less than $400 that can be google free.
This.
Most of us do not want to carry two phones around. The reality is that there is strong utility for those non-open apps and they will never be replaced by open ones.
In some parts of the world, WhatsApp is as necessary as the phone itself. Official business is conducted via it.
Communication is the main issue - If you've got whatsapp/telegram/whatever,and a couple others you can handle your own life differently without human interaction being affected.
The rest is a personal choice, I'm happy to have a bit higher friction to check my bank's balance for example. Maps is an issue but it can be overcome.
Accessibility is a big issue. The accessibility some of the apps like banking provide are compelling. - not totally unlike the difference between stairs and a ramp.
> I'm happy to have a bit higher friction to check my bank's balance for example.
I find this to actually be a great litmus test for the overall problem. Bank account balance is a basic piece of information that's about me, and that I need to keep track of to effectively live in our modern times. I should be able to access that information non-interactively at any time. But I can't.
Ask many banks, you'll get as many reasons for why they can't just allow me to cURL this number off an endpoint with some pre-shared credentials. Most of those reasons are bogus[0]. Now, it's not hard to identify several points where I could observe that information in-flight. There's an API that powers the app. The app itself has UI that could be queried or scrapped; some apps will even communicate this data to other apps when requested.
But good luck getting access to any of that non-interactively.
This is what all those technologies add up to. The bank says I can't have this information unless my eyeballs are physically looking at the screen displaying it - and the whole tech stack conspires to make sure I can't get it otherwise.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
EDIT: Accessibility tools are often the only remaining workaround here, because those are uniquely hard for services to close. And as expected, accessibility became its special privilege category on modern devices, and is increasingly heavily scrutinized and limited by device vendors.
--
[0] - They're usually some kind of security or stability point, that's just a fig leaf to cover the actual reason: this is the way they can force you to interact with their app or website daily, creating an extremely valuable marketing channel for their financial products.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
I hate to risk sounding like I'm beating a dead horse, but when I hear this I flash back to Attack Surface by Cory Doctorow. I interpreted his message in that book as something approximately like "you can't out-tech the bad guys", where "bad guys" can mean government surveillance agencies (probably more what he had in mind) OR "big corporations trying to control your life" (this may be me extrapolating). But even if I'm over-generalizing a bit, I think the point still stands.
"We" (open source advocates / hackers / hobbyists / makers / whatever) can't win on just tech alone. We have to use the legislative process, political pressure, social pressure, whatever, to achieve our goals. And so we should use our superior knowledge of technology to support doing that. So don't just think "how can I hack my phone to use an open source OS" but think "How can I help use technology to influence the outcome of the next election, and elect candidates who really represent the things I care about?" or "How can I help use technology to stir up enough activists making enough noise to persuade my bank to let me access my account using a non-proprietary OS", etc.
Now I'm not saying any of this is easy. By no means. Just suggesting that we need to at least approach things with that mindset in view to some extent.
I see your point, but I disagree that you need direct involvement in the legal process.
Companies are moved by money, if your tech is popular enough companies will dance to your tune.
Say that you get to a point where 90% of desktop users are on linux. Is there any doubt that banks, messaging platforms and the like would have their own linux apps? no matter how many hoops you make them pass through, they won't let that piece of the cake go.
The problem is that the current way of doing things will never reach those numbers, because we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities; I think changing that is the mising piece.
> Say that you get to a point where 90% of desktop users are on linux. Is there any doubt that banks, messaging platforms and the like would have their own linux apps? no matter how many hoops you make them pass through, they won't let that piece of the cake go.
Here's the thing: we had that already. It was called Android.
> Companies are moved by money, if your tech is popular enough companies will dance to your tune.
We're having this discussion precisely because this is not true. If your tech is popular enough, companies will use their money and influence to subvert it so it serves their bidding.
Companies are moved by money, if your tech is popular enough companies will dance to your tune.
I don't disagree, and I guess I'd say that I think that is all part of the larger point. Eg, "getting more people to use (Linux|BSD|Minix|Mach|Whatever)" is part of the larger idea of "social pressure" to convince companies to behave in ways that we find desirable. So the question then is, as far as I can tell, what more can use techies do - leveraging out existing mastery of technology - to promote "(Linux|BSD|Minix|Mach|Whatever)" to people who don't currently understand the importance of these issues?
And I don't mean to claim that "using our tech knowledge" is the only kind of activism that matters. Maybe for some people it's just "donate money to the EFF every month" or whatever. But to me, that's all still part of the same general initiative.
s/out existing mastery/our existing mastery/
Damn typo. And missed the edit window. Sorry. :-(
> we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities
Some of the bigger open source communities, like GNOME, do some amount of these things. But I think very few people are excited enough about user studies or marketing to do them as a hobby, unlike writing code. It's hard to see how you could beat Google/Apple/Microsoft at their own game like this without a lot of money. Red Hat is probably the biggest company that might be interested in this, but still about 2 orders of magnitude smaller than the giants.
You’d be surprised, behance and the like are full of people doing case studies for rebuilding popular apps for example.
There are hobbyists and people trying to get experience eveywhere, but there’s a fundamental disconnect between communities.
I've not managed to read all the comments in this post, so apologies if I'm repeating other people, I also have only a passing understanding of how Google Play works, but couldn't we have:
Linux based phone, running Anbox to support Android apps running within containers. Effort would then have to put into support Play APIs within Anbox. Not a small amount of work, but I compare it to the state of Linux 20 years ago and how well Linux is doing today.
Yes. This already exists (though usually with Waydroid rather than Anbox I think). My Ubuntu Touch phone can run Android apps via Waydroid.
The integration isn't perfect (some important things like forwarding notifications to the host system are still missing) but it's already further along than you might have imagined.
Google would eventually manage to completely block that. For example, have the app be encrypted for download from the Play Store for the individual Google-approved device key, and the device’s firmware will decrypt and run the app in a way so that the user can’t get hold of the decrypted app blob, and hence can’t possibly run it in any other (non-Google-approved) environment.
The bottom line is, the only way to ensure user freedom here is by regulation/legislation.
The regulation will only work if it is clear that an alternative is viable and usable. This is why it's important to use GNU/Linux on mobile today.
So what. Enough of us do that it just might be feasible.
I've used Linux for a loong time before some business-critical software ran on it. I had to have a Windows VM for years for netbanking, or before that, dual-boot for gaming.
If we're all too spoiled to give a free alternative a chance because it might be slightly inconvenient, we don't deserve the free alternative.
> Enough of us do that it just might be feasible.
Not nearly enough. Not by three orders of magnitude for the market to care.
This isn't the 1990s. Computers are now mainstream.
Webapps solve this completely. You login to a service as we have been doing forever. And the control is still on their side when you use a webapp. Almost every single app that is on my phone can be a webapp.
Websites as platform can't solve a problem that's social in nature - that it's allowed and accepted for organizations to have such excessive, invasive levels of control.
The parties I accuse of driving this problem didn't suddenly go rogue when smartphones happened. They always wanted this level of control (and much more) - they just couldn't get it until relevant technologies matured enough.
I'm not speculating here - we have actual empirical evidence to confirm this. A clear example is that there are several countries that, unlike the US and most of Europe, went all-in on Internet banking back before smartphones. Web limitations and conventions didn't stop them from doing the same thing everyone is doing with the phones now - the banks there just force customers to install malware on their computers, so they can do some remote attestation and KYC (and totally no marketing data collection) on their PCs.
Most of the West never had this because of the inverse of leapfrogging phenomenon - big, developed economies had too fast progress and at the same time too much inertia to fully adopt a pre-smartphone solution nation-wide.
My bank had website which I can log in and just use. It does not force me to install anything. I need to type username, password and SMS code, that's about it.
Every org doesn't provide that choice. If your child's activities class only communicates via an app and that is the only option in a given radius, rejecting that will mean you child doesn't get to do their activity. There are other examples that are more way more serious and make avoiding installing apps infeasible.
Because your bank isn't even trying to be secure, relative to what's considered industry standard.
Be grateful while it lasts.
Why do you think their bank "isn't even trying to be secure"?
Because SMS is not considered a secure 2FA mechanism anymore, and hasn't been for a while. If that's the default for that bank, and not GP going out of their way to pick a legacy access path, then they're about a decade behind what's considered industry standard -- which today is querying a second factor not just per login, but also per important operations (money transfers, dispositions, changes in settings), with the second factor being by default a smartphone with hardware and software integrity verified via remote attestation.
Then literally every US business and government is not trying to be secure. I cannot name a single organization that does not have the option of or requires SMS 2FA.
I think the government and large businesses like it that way, as it makes the mobile network providers as a sort of credit check (or “are you worth dealing with”) mechanism.
Now that is more of a problem than a bank. Which is why someone beeds to integrate OTP tokens into ID cards, closing the issue.
I haven't heard a compelling reason why remote attestation is more secure.
The whole point of 2FA was to have two devices that you own. Now the bank is forcing your login and 2FA to be on the same device. Which is the easiest device to steal.
What about SMS is somehow worse than that?
It's fairly easy to get control of anyone's phone number without interacting with them in any form. Just some social engineering at the kiosk in the mall.
It is extremely common for people's phone numbers to be stolen (even if temporarily), and then their bank accounts drained.
> Just some social engineering at the kiosk in the mall
What scenario does a kiosk at the mall get control of my phone number but not control of my phone? I don't see how remote attestation solves anything here. Does the bank suddenly know a stranger is holding my phone?
We go from me needing to open a web browser on my computer and getting verified on my phone, to now my most important operations have to be from my phone. That's worse.
I am not arguing for some alternate solution. But sim swap attacks are common and relatively easy to do [1].
> The scam begins with a fraudster gathering personal details about the victim .... the fraudster contacts the victim's mobile telephone provider. The fraudster uses social engineering techniques to convince the telephone company to port the victim's phone number to the fraudster's SIM. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone.
SMS 2FA should simply not be used if one cares about security.
[1] https://en.wikipedia.org/wiki/SIM_swap_scam
> What scenario does a kiosk at the mall get control of my phone number but not control of my phone?
You can e.g. smooth-talk the customer service at a kiosk to give you replacement SIM card for the one you've "lost".
This is why banks increasingly don't trust your phone number, and their apps tie themselves to the phone itself, i.e. to hardware and OS IDs. But to trust those IDs, they need the phone to pass remote attestation.
Uh, banks still provide separate tokens and one time pad cards last I've heard.
If yours doesn't, pick one that does.
The larger point here isn't whether they do, but that they'd rather not. They want you to rely on their app, and have been pushing people to it for years now (some more intensely than others).
> clear example
> several countries
Doesn't name a single one
...
South Korea is, the go-to example I've seen brought up on on HN many times over the years. AFAIR, they used to legally mandate ActiveX controls to access banking and government portals, and that practice continues to date even though the legal mandate was dropped. From what I read, there's still a set of applications that are commonly required to access banking and tax filing services, that purport to provide a degree of remote attestation and "security" (firewalls, detection of keyloggers and screen capture), and to access digital certificates.
Brazil is another example - ironically, the software suite that's commonly required for banking is named after the capital of the country I live in :).
Some quick searching now also flags Slovenia and Serbia as places where some banks require custom desktop (or even Windows-specific) software to access banking services.
This works only as long as the webapp allows you to log in using a username/password and/or 2FA which is not tied to a smartphone app. More and more countries are moving to digital identity solutions, and while many of them offer hardware tokens as alternatives to apps, the future looks like one where smartphone apps will be only option.
Banking websites will tell you that you need 2FA. Of course you need to use not just any 2FA you need to use their app and of course you don't need a 2FA if you use the app directly for banking. My companys equity app does not even want to run on lineageos. At the moment it looks like a 2 phone will be necessary at some point.
The revised Payment Services Directive (PSD2) in EU describes standards of strong authentication and for the end user it means that mostly the bank's mobile app is being used as 2FA for logins and operations within the account
I'm not sure if physical tokens are being used anywhere but if they are, that's rather rare nowadays. It may be an option reserved in bigger banks or for business customers - I can see one of banks in my country offers it for a request and not by default.
Edit: it seems it's a feature for business indeed and banks opted for Cronto system - https://www.onespan.com/products/transaction-signing/cronto
For now, my banking app actually runs on GrapheneOS. My digital identity app that it requires to log in does not, but luckily my government also offers an NFC chip that I can just scan instead.
Two phones is such an unsatisfactory solution because it will be too impractical, too expensive, or both, for the vast majority of people.
Is there anything preventing use of something like Keepass vaults as your 2FA solution?
Yes, the fact that these 2FA systems aren't based on time-based one time passwords you're probably thinking of. It's a push notification that you need to open and approve in the official app.
The 2FA is not TOTP, it’s push notifications to the bank’s proprietary app
They're working hard on shutting that down as well with Passkeys. It's only a matter of time until the only way to log in will be through de-facto proprietary apps.
But, it doesn't. The browser is unsupported for many of the above-mentioned applications.
Can I get an example of a single one that can't be found on the web?
I seem to remember Venmo and Cash App had near useless web portals. TikTok's web app is very poor. Reddit's mobile app has functions not available on web. I bet the McDonald's web site doesn't let you order for pickup and get the deals (does Starbucks?). CapCut's web site sucks, and their desktop app is missing a bunch of features the mobile app has. I'd guess an absolute ton of betting apps don't work on the web because they are trying to do good location checking. Does Shazam even have a web version? What about mobility apps like Uber/Lyft and the bike/scooter ones?
On the flip side of the coin, some places are locked to web apps because Google & Apple won't allow them to exist. e.g. OnlyFans and Playboy can't get in the app stores, but OnlyFans still manages to make several billion dollars a year, most of which is almost certainly mobile.
I think you're misunderstanding my conjecture. My point is that there is no technical reason these features can't live on the web. I'm not talking about the incidental or intentional decision by some company to force user behavior by not providing a web solution.
Yes, theoretically anyone could build anything. Building it is not, nor was it ever the hard part.
There’s no financial, political, or mass market incentive for browser APIs to have feature parity with mobile OS APIs. Approximately nobody wants to do what you’re asking for. If anything, there are incentives against doing this.
Netflix? Telegram's push 2FA? Any mobile wallet application? The vast majority of dating apps? Any of the app-only social networks? Basically all keyless entry applications?
All functionality found on the web.
Have you tried?
* Netflix does not load in a mobile browser, it directs you to download their app.
* web.telegram.org sends a 2FA push notification to their app
* Apple wallet/ Android wallet do not have web apps
* Popular dating apps, e.g. Hinge do not have web apps
* Some social network apps, e.g. BeReal do not have web apps. Many others have reduced features.
* I have never seen a keyless entry app that supports the web, at least not from a mainstream manufacturer.
Can you name a single browser app that can do NFC payments in the US?
Firefox supports Netflix web app. It prompts you to install the Widevine plugin.
I use Netflix web version on my linux desktop all the time.
We were talking about mobile browsers. Obviously I am aware that people watch Netflix on their laptops.
Being a web app doesn’t mean shit. We already have DRM encrypted web content where the consuming device requires some attestation to decode. I.e. Widevine.
Stupid question: couldn't we work around that with some VM/container-style solution? They could probably find ways to lock it down with TPM/TEE and similar, but in today's landscape it should be possible if you're willing to accept the performance and battery cost. And if it does get traction, there'll also be more push to keep open alternatives viable. Giving in without a fight is the only way to ensure you'll lose.
Yes, some banking apps work on Waydroid.
It's not that an open platform can't succeed, but rather people are accustomed to closed platforms, so more resources went into perfecting them. The aforementioned players pushing for control aren't invincible. Whether we can move to open platforms depends on the choices people make.
I can choose to use a bank that allows me to access all of their online banking features via the browser. I can choose to work for a company that doesn't want to surveil my personal device. I can deal with the government via snail mail, or in the browser. I can use third-party YouTube clients and torrent movies and games, or simply don't engage with DRM'd media because there's plenty of entertainment out there.
Count the percentage of software you use that are open-source compared to 10 years ago. I bet it's more. It's only a matter of time before we make hardware open-source, too.
When the mainstream is evil, being an outcast is the right thing to do. Every big change begins as a small movement.
> I can choose to use a bank that allows me to access all of their online banking features via the browser.
Lucky you. There are fewer and fewer such banks out there. The trend is to route login and consequential interactions on the web through 2FA on a phone - and not TOTP, but push notifications sent to the bank's app, that only runs on devices that pass remote attestation checks.
> I can choose to work for a company that doesn't want to surveil my personal device.
Again, lucky you. Most people don't really get many options for employment at any given moment, and the issue of corporate phones is usually at the bottom of the list of criteria when one is looking for a job. I.e. not a real choice for most people.
> I can deal with the government via snail mail
At a snail pace.
> or in the browser.
Modern government systems around the world tend to require some sort of identification that usually gets tied to your smartphone, either directly or via your bank.
> I can use third-party YouTube clients and torrent movies and games, or simply don't engage with DRM'd media because there's plenty of entertainment out there.
Torrents aside, that's not the case. Entertainment isn't fungible. Disney can release all Star Wars media DRM-free for everyone to download, and it means exactly zero to someone who wants to watch Star Trek, but Paramount/CBS decided to go all Ferengi on the franchise. Can't substitute one for the other. This is why the market supports so many streaming services these days - they exploit this very fact.
> Count the percentage of software you use that are open-source compared to 10 years ago. I bet it's more.
Open Source software stopped mattering once the world embraced Software as a Service model. Source code on Github means nothing if the code is actually executed on servers you don't control and have no visibility into.
That covers end-user OSS. The larger space of OSS building blocks are... building blocks. OSS libraries matter to users just as much as standard Phillips screws used inside an appliance, when they're beneath layers of glue and permanently soldered elements and join together elements explicitly labeled as "not end-user servicable".
> It's only a matter of time before we make hardware open-source, too.
That time will come around when we build a Star Trek-style replicator (and then have a successful revolution to seize this new means to production, because no way the first company to build an universal manufacturing device is going to just let people use it). Open Source Software succeeded only because software development has near-zero natural barrier to entry, so there was a large supply of bored high-schoolers and students, hobbyists, academics and other do-gooders with enough time and will to just build stuff and give it away for free. This isn't true for hardware.
Now, circling back to the main point:
> Whether we can move to open platforms depends on the choices people make.
No, it does not. On consumer side, the market is driven by supply, not demand. I.e. you only get to choose from what the vendors decide to make available to you, and they know perfectly well you have to choose something, so your voice doesn't matter.
If it did, we wouldn't be having this whole thread in the first place.
> Lucky you. There are fewer and fewer such banks out there. The trend is to route login and consequential interactions on the web through 2FA on a phone - and not TOTP, but push notifications sent to the bank's app, that only runs on devices that pass remote attestation checks.
There will be fewer and fewer such banks out there if people choose to not use them, among other short-sighted decisions which produce such trends. You need to give the banks a reason to care.
> Again, lucky you. Most people don't really get many options for employment at any given moment, and the issue of corporate phones is usually at the bottom of the list of criteria when one is looking for a job. I.e. not a real choice for most people.
The first part is not true. You have plenty of options, they're just not equally good. It depends on what you're willing to give up in exchange. And you can push for change within your org.
> Modern government systems around the world tend to require some sort of identification that usually gets tied to your smartphone, either directly or via your bank.
They can have some sort of identification, but it shouldn't involve surveillance spyware on my device. If a government needs that then they're part of the problem. People form governments, you can push back against those people. Don't bend the knee to tyrants.
> Torrents aside, that's not the case. Entertainment isn't fungible. Disney can release all Star Wars media DRM-free for everyone to download, and it means exactly zero to someone who wants to watch Star Trek, but Paramount/CBS decided to go all Ferengi on the franchise. Can't substitute one for the other. This is why the market supports so many streaming services these days - they exploit this very fact.
Entertainment can be fungible if you decide that it is. I can live without watching a DRM-protected show. Watch something else. Do something else. They exploit the people which has decided for themselves that they must be loyal to certain franchises.
> Open Source software stopped mattering once the world embraced Software as a Service model. Source code on Github means nothing if the code is actually executed on servers you don't control and have no visibility into.
You can choose to not use SaaS. Host your own stuff. Give your money to ISPs that allow you to host stuff. Pressure your government to regulate ISPs. And there's plenty of offline software that doesn't need Internet connectivity. Not everything needs to be artificially-scarce cloud-slop, unless we want it to be.
> Open Source Software succeeded only because software development has near-zero natural barrier to entry, so there was a large supply of bored high-schoolers and students, hobbyists, academics and other do-gooders with enough time and will to just build stuff and give it away for free. This isn't true for hardware.
FOSS succeeded because there's a base production rate for software, software (as it gets further from the metal) doesn't need monetary incentives. When I said open-source hardware, I meant the IP. Obviously making the physical thing isn't free. But the IP doesn't need to be as scarce as it is now. Schematics will be harder than firmware will be harder than software to open-source because they're close to the hardware (which is naturally scarce), but it's possible, and will be done, and we don't need to invoke movie magic.
> No, it does not. On consumer side, the market is driven by supply, not demand. I.e. you only get to choose from what the vendors decide to make available to you, and they know perfectly well you have to choose something, so your voice doesn't matter. If it did, we wouldn't be having this whole thread in the first place.
Consumers and suppliers don't exist in perfectly separated vacuums. You can influence suppliers. There are plenty of side channels.
Here's what separates chance and choice:
If we assume that our decisions don't matter, then we're definitely screwed. If we assume that our decisions matter, then we're only probably screwed. It's up to each and every one of us to make the latter assumption.
Counterpoint: vast majority is not making those choices, and if you insist on defying the mainstream, you gradually become separated from human society.
This isn't solvable through individual choice. It's a coordination problem - and coordination problems are what underlies every actually hard problem that humanity is struggling with. War, poverty, authoritarian regimes, corporate overreach, environmental destruction, climate change - all could be solvable though choices like you describe, but in practice are not, because humans can't coordinate at scale.
Relevant search term: "meditations on Moloch".
The direction of society is the aggregate of our individual choices. I'm no expert on coordination, but I think we ought to start with ourselves and not spread misery like "your voice doesn't matter" or "humans can't coordinate at scale".
Interesting exchange! IMO you're both right.
This is why we need laws and regulation. And the most important thing we need is not governments forcing Android to be open, but laws requiring governments to not force their citizens to use locked down hardware.
My government, Denmark, is one of the most digitized societies in the world. While the government has allocated money to a committee to investigate how the country can become less dependent on American big tech corporations, at the same time they are planning on launching a mandatory age verification solution in 2026 where the only possibly anonymous way of verifying your age to access e.g. social media will be through a smartphone app running on either Google Android or Apple iOS. These nincompoops do not realize that this move will effectively put every open source alternative at a permanent and severe disadvantage, thus handing Apple and Google, which are already duopolies in the smartphone market, a huge moat that will lock out all future competitors form entering the market.
I have written to the relevant government agencies, and while they are nice enough to actually answer questions, their answers reveal that they act as if they are a commercial business and not a government agency that is supposed to act in the interest of the people and preserve their freedom. They argue that they are releasing a solution that will work for the vast majority of platforms and that they are continuously monitoring the market to assess whether they need to add support for other platforms. This is a cost-cutting measure which is maybe okay for a commercial entity targeting a specific market demographic, but it is an absurd way for a government to think.
Before the upcoming age verification we already had a national digital identity solution, MitID, which also comes as an app running on Android and iOS, and which is locked down to require strong integrity using Google Play Integrity. But at least here they also offer hardware tokens so people can use their digital identity without owning a smartphone and running an open source OS like Linux on their desktops. But with age verification this is apparently over, all the while the government is lying about actually making an effort to free us from American big tech - they are instead basically forcing us to be their customers now.
I think this is true for other European governments. The UK is has introduced age verification (although not mandated an app) and is pushing for digital ID. If digital ID meets too much pushback plan B is a boiled frog approach by introducing it for children first (the legislation for that is in its final stages).
Governments say they want sovereignty but not if they have to pay anything for it. They also like the fact that forcing everyone to do everything through a few big businesses makes surveillance and censorship easy. No need to pass laws, just do deals with a few companies. Governments are all about central control, and its more important to them than what they see as obsolete nonsense about sovereignty.
Your post made me contemplate how other entities want to be able to attest themselves (in your case the government wants to be able to verify the identity of its citizens). Moral and legal arguments aside, the way they are going about it is a bit sloppy in that they are banking their sovereignty on a third party instead of taking the reins themselves.
Instead of mandating google/apple signed applications, they could instead implement some specification for a secure enclave (or whatever fits their needs - I doubt they need control over the entire OS meaning there is plenty of space for pushback for people that want to retain their rights and freedoms for their devices). If you add some sort of certification based on an open standard that would allow any manufacturer interested in the market to be verified that the "attestation" for specific apps or secrets works, then it would no longer enshrine the current winners (apple/google) and instead allow for a healthier market.
This would only be a good thing because it places power with the government and not a third party (something surely the government would prefer), and allows things to be more in the open.
And in an ideal world the specific locked down portion would not need to be active or interfere with the rest of the operating system to some extent, so people would not be reliant on the manufacturers for their applications and would have the freedom of installing whatever they want and using the rest of their device however they wish.
I strongly agree, this is very possible and would be what a competent government should do. It would also ensure that they had a fallback that was guaranteed to work if a certain authoritarian ruler decided to suddenly use our reliance on Google and Apple for critical infrastructure as a weapon to put pressure on us, say if he wanted control of a piece of land.
It would also open up for some interesting and innovative competition in personal hardware security devices.
I think, even though the ideas aren't "perfect"/"complete", Nietzche's "Will to Power" does a pretty good job of explaining "why" animals/ideologies/organizations/systems "unfold" the way they do. Everything (mostly) tries to protect/strengthen/replicate itself.(viruses being the most obvious example) https://www.gutenberg.org/files/52915/52915-h/52915-h.htm
> Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...).
The only real issue here is banks that don't offer an equivalent website or require the "app" as authentication factor. I couldn't care less about copyrighted media. It's only fair that I source my media from the high seas when the only options that respect their "rights" infringe my own right to run free software on my devices.
The key thing isn't that the banks (and governments, and enterprise software vendors, and ...) don't provide an alternative to the app as authentication factor. It's why they don't do this.
It's not about security. It's about them wanting people to use the apps. Forcing everyone to use an app streamlines the vendors' operations, reduces the state space of possible user interactions down to small number of flows they control directly, and also provides them a direct channel (communications or upsell, where applicable) to the user.
This is not a fluke or a conspiracy of small number of influential players. It's an emergent alignment of incentives across pretty much the whole supply side of digital aspect of human civilization (not "just" the market, because it's also happening in political and social spheres).
Yes and to be honest it's not necessarily unjustified BUT it should ONLY be done when the parts, hardware, software, or both, are not linked to a single proprietary actor.
Need security before doing a $1000 transaction because everything so far was $10? Sure, ask for a physical token 2FA, NOT a YubiKey implementation.
Obviously though if I was working at Google or Apple and paid for the success of my company via incentives, e.g. stock, I would fight tooth and nail to let banks know that only MY solution is secure.
I wonder, if there were an open platform to exist that people use increasingly, maybe that would be incentive enough for at least one bank/financial app to permit that platform just to get a competitive advantage.
In the meantime probably the best that can be done is having a regular phone and a banking phone.
Maybe the answer is to put whatever the banks etc need on something like a smartwatch. Smartwatch + phone is better than two phones IMHO and they're so tedious to use/install anything on that it reduces the attack surface for hackers etc. Tap to pay or digital signatures or identity, passkeys etc via a smartwatch interaction seems like a good use case. Sort of a souped up yubikey. I don't know how good biometrics is on watches nowadays but my Pixel phone has some sort of camera behind the screen to read fingerprints so I can't imagine its impossible. Even adding a capacitive pad on a band seems plausible. Who knows, I don't feel like biometrics have been a real focus of design in the smartwatches I've used.
Personally, I have found smartwatches fairly useless (I do enjoy the activity tracking and notifications but that's not much really) so freeing my phone from bullshit by moving some functions to a watch could increase the value/utility of a some sort of smartwatch. Ultimately, it doesn't need to be that "smart" even.
Still, the problem is that if you go this way, you'd have to put almost all useful functionality of a modern phone on a smartwatch, at which point you could just ditch the phone.
It's not just one tiny use case that's pushing us down the road of increasingly locked down devices. It's most use cases - because no matter the service, it's more profitable for the provider to control what you can and cannot do.
I don't think that's actually true? That's like insisting all useful functionality would have to be moved to a smartcard/yubikey/bitcoin hardware wallet/TPM etc. The main reason this is an issue is to prevent emulated hardware tokens. If you can disable secure boot, you can emulate secure elements and then things that others (i.e. your bank, government, etc) believe are carefully controlled secrets are not.
Doubtful - the costs of supporting it far outweighs any gain they'd have. In case of banks, the costs of supporting aren't just about developing software for an additional platform, but also insurance premiums and managing fallout of hacks (which always eventually happen) - both of which would go way up, as the company would be voluntarily supporting endpoint decides that are less secure than "industry standard" minimum.
Bank apps: Use an ATM, or a second phone. Enterprise apps: Use a second phone, preferably paid for by work. Government apps: Use a second phone, or refuse to use it (since there's likely elderly whom are not on board yet). Copyrighted media: Piracy.
"just use a second phone" cannot be the answer because 99% of people will just scoff at that. Instead of buying a second phone, why not just buy one that works?
And that's to say nothing of the environmental impact.
> "just use a second phone" cannot be the answer because 99% of people will just scoff at that.
Here we are talking about installing PostmarketOS/Linux on a smartphone. The next milestone is not to get everyone on it. First we need a base of early adopters that are willing to use it despite the drawbacks. The more user those alternatives will get, the more they will be developed, the better it will get.
Sure, for the next years, it will be way behind Android or iOS in terms of ease of use, but that's the price to pay to get back control on the device you own that is probably the main computer you use everyday.
For me that's not worse than using Linux in the early 2000s, and like Linux in the early 2000s, it may even be _fun_ to be an early adopter of Linux on the smartphone.
Now we don't need to migrate everyone to PostmarketOS, we _just_ need an alternative OS for at least the ones who are willing to play with it.
> it. First we need a base of early adopters that are willing to use it despite the drawbacks.
That didn't work that well for Linux, though. It's still a very niche OS even on desktop.
https://www.ubuntu-touch.io/
What you're saying already existed. Linux on a smartphone was called Android. It ended up where it is today. If you were to somehow make another Linux on a smartphone competitor, it too would end up where Android is today, for the same reasons.
This is just not true. Google has been directing the development of Android to maximize their profits. without such incentive, it won't be repeated.
Also, please stop with security nihilism, https://news.ycombinator.com/item?id=27897975
The current cyber security zeitgeist is to only allow "trusted" devices in your SSO flow and to also shove your VPN authentication on that SSO flow which includes even third party browsers not working. Only Chrome with a managed profile is even allowed to login. That pretty much means if you're not using a most recent version of iOS or Android you're SOL for using it for work.
And good luck spoofing it these days cause they are usually backed by hardware backed tpm encryption. Which is why windows 11 only installs if there's a tpm 2.0 device detected.
It's become super dystopian in the past 10 years and I don't see it changing.
Always thankful that I got to live through the wild West days because that's going away.
I don't argue that the problem isn't serious. I just want to tell that giving up is not the solution. I use a GNU/Linux phone and refuse any banks or services that don't work there. Yes, it's challenging and I have to make compromises because of it. Such is life.
Having a rooted android 11 phone for years was never a problem. My bank apps worked just fine. Even for work stuff (usually). It's on the personal side where I actually started to value having a virtual credit card on my phone with Google pay or apple pay. The stack to enable that securely is only on android and iOS and there's nothing else out there that has that. Open source community needs a full stack for attesting biometric sensors, storing secrets, and pushing them out through NFC and doing it properly is a lot.
Seconded. The NFC payment feature is useful on mobile in a way that generic "online banking" just isn't IMO. In the same category are transit apps, ride-hailing apps, social messaging, and a (very) few other others. The problem is that payment really does require a secure stack, as you describe.
I prefer to use an actual credit card, in order to keep the control over my computing in my hands.
Indeed, I do too. But since you always need at least one backup means of payment, I keep a second virtual card on mobile for that. Which alas is a very convenient solution.
Why can't you have two plastic cards from two different banks?
I find that cards are a PITA, mainly because they're always expiring and I tend to change physical address a lot.
Why postmarketOS and not Mobian?
idk, I was just giving a name for "Linux but not Android on a smartphone".
It's called GNU/Linux.
>It's called GNU/Linux.
The overwhelming majority of users call it "Linux" and don't care what the operating system's pronouns are.
Many Linux systems are running today without GNU coreutils or userland.
It's time to stop posting this flame bait.
This isn't a flame bait. GNU is exactly what's different between GNU/Linux and Android. So say it when it's the point.
> "just use a second phone" cannot be the answer
It is the best answer at the moment. You can keep an absolute basic phone with all the banking and such apps loaded and nothing else. You treat it like an appliance. Your daily driver will be separate and can be running PostmarketOS or LineageOS etc.
There are several benefits off the top of my head:
1. Since you only install banking/govt type apps on your "important" phone, it stays more secure vs. putting your random game app along with the banking app on the same phone.
2. When you upgrade your daily driver, you don't need to deal with tons of re-auth steps for banking/govt apps.
3. Your daily driver can be customized to the nth degree because the pesky banking app won't be on it to refuse login because, say, you turned on developer options or rooted the phone.
4. You can even leave the basic phone at home for extra safety, if you wish, without affecting your daily driver.
5. You can root your daily driver and put as much adblocking setup as you want to boost your privacy. Your basic phone won't have enough activity outside banking/govt. to build much of a profile.
There's just one problem: increasingly, everything that makes a phone a "daily driver" is the thing that can only work on the "important" phone. Banking/finance, government services, commerce, work, communications (thanks a lot E2EE), and DRM-ed entertainment - all the major players here are locking their software down and relying on remote attestation to ensure their locks stay shut.
With this being the trend, you're already more likely to leave what you called "daily driver" phone home, and only take the "important" one with you.
Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
Been doing this for years. Old phone for testing apps and running servers
All the Google stuff is disabled, open source Contacts app,^1 no Google Play Services, no access to remote DNS, Netguard for application firewall and port forwarding, with computer I control as gateway. 1. Have yet to find any other app that can access contacts when storing them this way, even the Meta's biggest Trojans
Meanwhile, new phone, "important phone", stays offline. Wifi off. Location off. path?.xtracloud.net blocked. Phone is used for texting and phone calls, no internet access
The "banking app" argument, i.e., either install a custom ROM or give up or submit to surveillance, is a false dichotomy. There are other options
I don't use a phone for internet banking, I use a computer I can control; there is no "banking app" (talk about high risk, geez)
The "banking app" problem is a common refrain on HN but in the real world I know many people who do not use a phone for internet banking
Mobile OS just suck. It's like being forced to use MS Windows
It might actually be a better environmental decision, if instead of buying a new second phone, it is instead about keeping an existing phone in use and not adding to the burning heaps of e-waste. Given the rising popularity of refurbished phones, not to mention the lower costs, it might actually be the opposite of what you claim, at least on those grounds.
And for the rest, well, "just works" for what? With a little time and effort, it may even get to the case of the "just works" part is a siloed unit like a SIM card that is just installed to the device, making it opt-in and user owned...
> "just use a second phone" cannot be the answer
Not That i want to kick the can down the road, but the ultimate solution (barring actually fighting for our privileges over the systems we buy) is to have that second phone, and control it either via vnc, or via a kvm which presents vnc. I know, its really absurd, complexity wise, what with tunneling and figuring out where to house said setup. However, the latter is ultimately transparent to the phone, outside of allowing a second monitor/hid to be connected to it. You could, given a VNC client then go ahead and control it via laptop or another phone.
It's not a solution because VNC is already nerfed and will be the first thing to go, if people try to embrace the idea.
Providers of all the service types aren't driving this because they believe locked down phones are a Good Thing. They're driving this because they explicitly don't want you to do the very things you'd want to do with your VNC idea.
Which is exactly my point: once you apply these workarounds, you don't need a smartphone anymore.
Also: both banks and governments are pushing for 2FA with a mobile device being the primary, and in some cases the only, accepted second factor source.
As for the atm: to use the ATM I need a bank card, to use the bank card I need a PIN. What do you think all the local banks have chosen as their secure channel for communicating that pin to users in the last few years?
For bank apps, you can just use their website
I would add that end-users are OK with this because they expect their devices to not be compromised when installing an app. The majority of users are OK with trusted computing and are OK with trusting Google, Apple, Microsoft because it’s easier to trust one of those companies than having to trust each app developer. In the end, you have to trust someone and it’s better if that someone can be held accountable by some legal system.
I agree. I also think though that it's a different kind of trust. They trust Google, Apple, and Microsoft because they _think_ they'll be held accountable by some legal system, but judging by the wrist slaps meted out for their massive security lapses (especially you M$) or their constant breakage of their own privacy policies to spy on people it actually seems worse than trusting individual app developers.
So the last possible community response is to bring back "responsive web apps"(tm) in the browser. And make sure a privacy first mobile web browser is installed.
Too bad browsers also support device attestation.
I'm fine with using bank/financial services/media via the web. Other stuff can be emulated.
Hopefully I'll never have to buy another closed phone.
This is only until the only 2FA solutions that the bank requires you to use to log in and authorize transactions only come as smartphone apps.
to your point, not exactly a one-to-one, but several discount airlines (e.g., RyanAir, PLAY, Allegiant, Frontier, Spirit, Wizz, Flair, AirAsia) already require an app to check in for a flight, or pay a fee. No app (or the horrors, no mobile), it cannot be done on a regular computer, must go to a ticket counter and pay a fee.
This isn't a problem, these apps will probably run fine under emulators. It's only wildvine/play protect stuff that barfs.
They'll run fine until they don't, because they'll hook up to remote attestation "for sekhurity" like more important apps do. Not to mention, those apps' vendors don't particularly want you to run their apps in emulators either - there's no use case for this they consider not harmful to their business.
Maybe some, but certainly not all in the list. Neither Ryanair nor Wizzair need app, you can do everything in the browser.
Yeah, I would absolutely get rid of my smartphone if I could do banking and all the numerous authentication processes without it. While I sympathise with all the Linux phone projects, I just don't have a use case for a Linux phone.
relative of mine has t1d and they use their phone app to monitor and give insulin, also alarm them when they are low..trusting outside the reliability of apple and google for this type of stuff i imagine would be difficult.
There are OSS solutions for glucose monitors and even insulin pumps, and they exist precisely because commercial vendors tend to give at best suboptimal quality even when it comes to medical devices. Sure, most pay attention to not accidentally kill you, but beyond that, their incentives go in opposite direction to your incentives.
It's important to have computing freedoms so that people who actually care end-to-end, and don't have financial incentives directed against patients' well-being, are able to build on top of products on the market, fix the enshittification, and improve functionality.
(We also need that to close the loop. It's a common story that meh products of today, which improve on bad products of yesterday, are just commercializing the fixes developed by people fed up with said bad products.)
This is the reason I have given up on thinking of smartphones as general purpose computers. I used to root my phone on day one, play with custom ROMs, etc...
But then, it became more and more annoying with apps blocking root access, features being unavailable to custom ROMs, etc... There are workarounds (is Magisk still a thing?), but I got tired of them.
So now, I just buy an entry level Samsung, which is well supported, runs all the apps I need (browser, financial, maps, chat, ...) and takes recognizable pictures. It is just a boring tool, like a credit card, I need one because that's the world we live in, but the object itself is of no importance.
If I want to play with a computer, I have a "real" computer. If, at some point, I get interested in smartphones as a platform, I will buy one just for this, in the same way that I have no intention of using the credit card I buy stuff with should I want to play with smartcards.
It has also killed my desire to spend money on a smartphone. What's the point of a $1000 device? What's to point of upgrading unless forced to by planned obsolescence? Why should I pay more than $200 every 5 year or so? They are all the same to me. They even all have the same form factor, besides overpriced and fragile foldables.
IMO, we should be demanding more from the banks and governments, not that they keep android open.
We should demand that they support every platform. Or at least every platform that adopts some sandboxing model.
The web is an open platform, and most, if not all, aforementioned applications are happily working on the web.
Web being an open platform doesn't matter in any way, when the code runs on proprietary servers.
What prevents banks, etc, from doing the same with apps for open mobile OS?
> Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
But they don't demand the same control over laptops and desktops. Only phones. Why is that? Granted I can't deposit a check with my laptop but I can do any other banking I wish to do.
So to me it's more that they see the chance to gain this control where they didn't see it before. Phone providers are only too happy to get on that bandwagon because they get to deploy all kinds of surveillance capitalism in the name of security ("hey the banks want it!").
Granted these freedoms are slowly leaching away from laptops and desktop too with stuff like TPM, so I don't know. I've about had it though.
> But they don't demand the same control over laptops and desktops. Only phones. Why is that?
Oh, but they do. PCs (and Macbooks) are products of an earlier era, and the solutions of control evolved along; it looks chaotic, but that's because it's where the R&D happened over the past decades, which ultimately produced a cleaner - and more easily identifiable - mobile control ecosystem. But it's all there, if you look closely. To name few major groups:
- Many generations of DRM plugins for games, then for streaming media
- Trusted computing hardware
- Intel Management Engine and other firmware backdoors routinely inserted into hardware
- Endpoint security software, deployed widely on corporate-owned machines
Mobile solutions are just version 2.0, built on top of all that R&D.
> Granted I can't deposit a check with my laptop but I can do any other banking I wish to do.
This is the insidious part: for many banks, this is only tolerated because they force you to use their proprietary app on a trusted mobile device as a second factor! At this point, it doesn't really matter how well-controlled your main browsing platform is, because you have to use your phone anyway, and there the control happens. And, "for your convenience", the mobile app isn't just a physical security token, but lets you do banking too, which allows them to gradually deprecate the web experience.
Apple is already in the process of closing down the Mac. As for PCs... why do you think these hardware requirements were imposed on Windows 11?
Hint: When Windows 12 comes out, everyone, or at least everyone with a newish PC, will have a TPM module that's capable of enforcing and attesting a signed-code boot path from power on all the way down to application-level code. Windows 12 will turn these machines into Xboxes that run Excel. Many computers will also have Pluton technology, which is an on-chip TPM implementation that cannot be tampered with or removed from the CPU, and which literally came from Microsoft's Xbox division.
General purpose computing isn't quite dead yet, but there's really nothing we can do for the patient. We're just waiting for it to flatline.
that's true only for as long as we allow that to be true. Users can live without Spotify (to cite just one representative of the mentioned categories), but Spotify can't live without users. We could (and should) stop behaving as powerless victims.
Good luck convincing anyone of that. We could also live without clothes and fancy food and most of modern amenities, but we don't, for the same reason.
This and also phone manufacturers lock us with Google.
And yet Linux and to lesser extent Windows and even lesser macos exist. They don't have that excessive control and we still can use bank/financial goverment and (if we enable DRM) also copyrighted media webpages (and sometimes apps).
Aside from music/video there are no obstacles for other apps to exist in open system.
And yet I can open my bank's website on my Linux desktop, using Firefox. The "players" are not all-powerful, and defeatism serves no one.
Yes, but what do you use as a second factor to authenticate and confirm money transfers?
In large parts of the world, the answer is usually "my uprooted, remotely attested smartphone". Increasingly, it's becoming the only supported method. When that's the case, what you use to load the banking UI doesn't matter anymore - the mobile device is the only actual requirement.
No, I use a dumb phone. Do you have anything more to say?
> Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...). Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
Those work perfectly via a browser, on any platform where the browser can run. As long as a hypothetical open OS has a browser capable with bog standard modern capabilities, it will be fine
I tried to log into a banking website on a full desktop browser recently, one that I had previously used with a password. It literally would not let me login until I downloaded their app and set up a passkey. That is now the _only_ way for me to access those accounts. Presumably, I could call in, though I wouldn't be surprised if the person on the phone also asked that I download the app in order to verify my identity, and even if it wasn't the case, they didn't offer that option when I was trying to login. Many bank websites now also require the phone app.
There are banks that do not work via a browser. But no one prevents them from doing that. It's their conscious choice, not a technology limitation
The happened to me with Uphold, precisely yesterday.
It required me to install the application to sign in via web browser. There was no way, the web app wouldn't bulge.
I did it, checked my $5 dollars balance and deleted the app again.
Totally disgusting behaviour.
Remind me again what video quality Netflix gives you when streaming to an open browser on an open OS?
You mean Firefox that refuses to support web standards for encoded video streams for ideological reasons?
Wasn't aware of that, can you send a link explaining?
For a while Netflix didn't support 1080p on browsers other than Edge on Windows or Safari on Mac. This has changed somewhat but they still reserve their resolution content for their "blessed" OS/browser combinations
https://help.netflix.com/en/node/30081
It's not just Netflix. It is also FaceTime calls for Firefox. This is the reason why Netflix limits Firefox.
Here's the discussion of that: https://news.ycombinator.com/item?id=27432001
You're saying I can use Revolut in the Firefox on, say, Fedora?
People have genuine reasons to stay with the provider / platform and usually browser doesn't cover half of their use cases.
For example I have to use Revolut because it's one of the very few banks that allow me to use Garmin Pay and work (reluctantly) on my phone without Google rootkit. Can't use, say, Curve because their privacy policy is alarming (and I had a very very weird/disappointing interaction with their compliance team).
And you've already got a good example with Netflix.
You're getting downvoted because that's not the point.
You are technically right, we still have access to these services via a web browser today. It doesn't mean we'll have it forever.
With the advent of AI browsers and AI agents, it's not hard to think of a future where LLM chat interfaces and mobile apps are the future, and web apps start getting disregarded as legacy and eventually, discontinued.
Try ordering some food via mobile application and then again via web app. You'll instantly feel the downgrade on the web app. Bugs, glitches, slow experience.
The desktop web is already the 2nd-class citizen for modern startups.
My reply is a counterpoint to the statement that banks, government services and streaming services require excessive control over my device. They aren't, as they all can run in a browser, which sandboxes them from the OS. That's it.
And I guess people who downvoted my counterpoint thought that it means that all services on the planet have very well functioning browser version, judging by their comments. Some don't, some do. But no one of them "requires" excessive access a native app can provide.
Some may want to have it, for some browser version is simply not a priority. But nobody needs to have additional info for those services to function.
> Why do we have to beg Google to keep Android open? Seriously.
Because the market has failed, and we have a duopoly. There are many reasons for that, but, this is the exact sort of time a govt must step in - when something becomes a utility, it needs to be regulated as such.
I agree, I don't really want to enshrine Google/Apple into law, however if they are makers of an operating system that is used like a common utility, they should be regulated as such.
Unfortunately western governments are moving to impose more and more control over our digital life, and I think they see a locked down commercial platform as a convenient means to that end because they can regulate it. If the EU commission ever succeeds in passing Chat Control, which requires client side scanning on all devices, then it is very convenient for them if people do not use open source operating systems where they can just run clients that don't send data to a third party.
EU govs siding with google in this move would be catastrophically stupid, it's equivalent to ceding their digital sovereignty to the US. All it would take to knee-cap Europe is for the US to command google to suspend all european developers' accounts, and suddenly Europe is fucked. No banking apps, no government services, no nothing.
The only rational step for the EU is to support open everything: Open Software, Open Hardware, Open platforms, etc...
Beggars can't be choosers. Until they pony up the cache to fork android, they're beholden to the US.
I agree, but the EU is currently doing exactly the wrong thing and doubling down on forcing their citizens into the American duopoly.
right, government literally side with them if any
open hardware/platform is impossible if they mandate all chat is exported to gov anyway
some governments, especially autocratic or authoritarian.
Even govts that may be in some political climates authoritarian can and will want exceptions to this.
There is no world that I see where decisions being made by Google are a good or reasonable choice for all parties, even ones you might think would side with this decision.
Remember, this give Google more control than an authoritarian govt. Sure, there may be a cost of doing business with some countries, however, even in those cases, this is bad for them - Google can just say "sucks to suck" and they either must use their product or develop their own, but if they use their product, *Google still has more control over that authoritarian govt than the people in it*
Put simply, now, Google Is Evil.
Samsung can cut ties with Google if they want to, they have market share to go on their own.
I'm sure they would love to. They've been trying to make their own app store (Galaxy Store) a thing for over a decade. But cutting ties with Google would mean no Google Apps and no Google Play Store, and that would probably be catastrophic for them.
Some would argue it would be more catastrophic for Google. Most people equate Samsung to Android.
Legislation is required at this point. Infrastructure companies (including finance and transportation) should be required to provide web apps that have feature parity with proprietary apps. (Enforcement is simple: ban distribution of the proprietary app for 5 years).
I think we going the other way though.
For instance, this recently proposed bipartisan bill would force all (even locally installed) AI apps to repeatedly run age checks on end users, and also adds $100,000 penalties each time the AI screws up when a minor is involved, even for bugs. I don’t see any safe harbor provisions, or carve outs for locally installed / open source / open weight projects, so it’d end up handing a monopoly to ~ 1 provider that’s too big to prosecute:
https://news.ycombinator.com/item?id=45741862
The most important thing you can do right now is get the democrats to actually field a candidate in 2028 that will restore the rule of law and free markets in the US.
> Why do we have to beg Google to keep Android open?
We don't! Instead, we go to regulators. Though I suspect your question really is "Why bother with salvaging Android at all?"
Mobile platforms are hard - famously, Microsoft failed to make Windows phone a viable platform, and John Carmack successfully argued that Meta didn't need a custom OS. Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying. Both Firefox OS and Postmarket rely on an Android foundation for HAL/drivers, IIRC. Device bring-up is hard, and negotiating with OEMs is harder still, and that comes "free" with Android-supporting devices.
Logistically, the vast majority of people who install apps from non-Play-Store sources do so ok their daily-driver phone, which is running the stock operating system. They are not tech savvy at all
> Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying.
Firefox OS had serious issues.
* Web standards 2013-2017 weren't ready enough.
* 2013-2017 phones still weren't powerful enough for complex JS apps to feel fast.
* asm.js was de-facto proprietary (a new FFOS with wasm would be be another story)
* The UI wasn't so great.
* Their launch devices were slow, cheap, and sucked.
* Their launch devices weren't readily available to developers.
* Their OS provided no real advantages over iOS or Android
The OS is still around as KaiOS (with a couple hundred million devices shipped IIRC) and I believe it still powers Panasonic TVs.
Interestingly, I think a FirefoxOS of today with good React Native and Flutter integration and cutting-edge WASM support could have a shot at success if not completely mis-managed.
Web standards have progressed but your other points would still apply.
Does there exist a company or project that has the resources to develop a smartphone with better performance, UI, and cost than Android or iOS devices? Microsoft couldn't pull it off, and I am skeptical that Meta would have been able to.
I can imagine an alternative smartphone carving out a niche audience like older users, FLOSS enthusiasts, digital minimalists, kids, gamers, privacy-focused users, etc. Perhaps over the span of decades such a project could iteratively improve while the incumbents enshittify and eventually surpass them in popularity.
But it seems more likely to me that Android and iOS will dominate consumer smartphones for as long as that form factor exists. When they are displaced, it'll probably be by some innovative non-smartphone computing device.
Nobody was wanting to pay for and deal with the Microsoft lock in.
A new web-centric OS could fix those issues by doing a few things to reduce friction.
First, use an Android-compatible kernel version so drivers are easy to port. This gets manufacturers on board.
Second, make your App Store a non-profit that charges enough for ongoing store development and distribution. This gets devs on board.
Third, make sure you have decent third party framework support. Flutter, react native, and maybe even an Android runtime that legacy apps can integrate into their wasm binary. This helps kickstart your ecosystem.
Fourth, add better integration of webgpu and 2d canvas (which probably needs some extending). In addition, they need to add a low-level API to access DOM nodes from wasm. For security and ease of implementation (without stepping on the toes of the normal standardization stuff), this would probably be a virtual DOM with only a provably secure subset of the actual nodes being sent back and forth.
UI is an easier problem. The best design to date is still webOS. Copy their general design (maybe rip off some of their never-shipped mochi stuff).
The biggest issue as you said is financing. All these things turn into lots of developers and time. The best bet here would be replacing something like Tizen where a corporation is already investing.
Developers are typically motivated by net revenue which is more dependent on audience size than fees. That is, if you sell an app for $1, would you prefer to earn $0.70 on a million downloads or $0.99 on a thousand? (With the former you can buy a house, with the latter you can buy a laptop.)
And as you've pointed out, implementing support for third party frameworks and funding improvements to webGPU, wasm, etc is expensive. Even recreating the webOS UI would be a considerable undertaking.
> The biggest issue as you said is financing.
Exactly. I agree that it is technically feasible, my point is that it is economically challenging. Not impossible, just extremely unlikely.
> The best bet here would be replacing something like Tizen where a corporation is already investing.
It looks like the last Tizen phone was released eight years ago and the Tizen app store shut down four years ago. Like webOS, it lives on as an OS for TVs, but I am skeptical it can rebuild enough momentum to challenge Android or iOS.
> Second, make your App Store a non-profit that charges enough for ongoing store development and distribution. This gets devs on board
You're hilariously underestimating the difficulty of getting the dev/user flywheel started: developers go where users are, and users won't adopt a platform without the apps they need. Microsoft was literally paying devs for submitting apps, and they mostly got variants of Flashlight apps, and none of the apps that matter. Look at the top 10 App Store/Play Store apps and ask yourself if the developers will bother with a hypothetical non-profit, upstart
I didn’t say it was easy, but what I listed are to me the best ways to reduce as much friction as possible.
AsI recall, Microsoft wanted devs using their proprietary silverlight and c# which required a complete rewrite from iOS or Android. Allowing existing apps to bundle their preferred Android runtime is a lot closer to something like containers or flatpak and is a proven way to reduce developer friction. Ironically, such an app running in wasm would be supported indefinitely while Android apps on Android eventually lose support.
A lot of these pushes for attestation are coming from regulators and security audits though.
If that's inevitably the case, then we should all enjoy the ability to install user-controlled, open source operating systems while we still can.
However, if it's not inevitable, then those who cherish such freedoms should forcibly push back against the attempts to strip them away.
It's absolutely not inevitable since even opensource operating systems can work on providing attestation systems that aren't owned by big corporations and serve the user.
But just like with something like secure boot, they're missing the train and letting corpos dictate the implementation.
> Why do we have to beg Google to keep Android open?
Because Google and Apple have put themselves between us and everything else.
Until we manage to replace them (by lobbying to everything including governments against them, and by working towards making the alternatives usable), we unfortunately have to resort to this. I'd even say we are entitled to this because we never asked for Google and Apple to become compulsory, they decided this.
I would personally be able to switch to Linux mobile today because I don't rely on anything proprietary (except the interrail app occasionally, damn them - but possibly waydroid would work for this)… if only there was usable and reliable hardware that could run the mainline kernel: decent battery life, decent picture quality, decent GPS, decent calls (especially emergency calls even if I haven't needed to actually make one so far, finger crossed, and Signal would do for most other situations actually).
I've daily-driven the PinePhone for a year. Call quality is awful and calls are awfully unreliable, and SMS are quite unreliable as well. Too bad for a phone. Unfortunately the phone took a big rain and now its modem is unreliable and doesn't come back up very often, but that's something a phone will likely endure in its life. Pictures are awful. GPS never worked well on my regular PinePhone. It somewhat worked on the Pinephone Pro until it died because it overheated. Linux hardware support is okayish, it was nice to run completely free software which was my main motivation for trying it but the hardware is crap to the point of being unusable serious.
The FP5 can apparently run PostmarketOS quite well. It would make an awesome Linux mobile. Camera and calls only partially work though [1]. And that's the main features of a phone.
Linux mobile itself it becoming quite decent (if one can do without the proprietary apps), what we really need is good hardware running it. Then we can begin to imagine a world with it having a decent usage share.
[1] https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...
Did you consider Librem 5? The hardware is much better, calls etc work fine.
> I've daily-driven the PinePhone for a year.
Which OS? Did you try SXMo?
The Librem 5 is awfully outdated now (and so I won't buy it today because I'd worry about it becoming e-waste fast), doesn't have a good battery life, is very pricey, and I'd worry about call reliability (I have no doubt it can be made to work, but reliably, from sleep?).
I'm sure it's way better than the PinePhone, but the Librem 5 is definitely not suitable for the general public, even without considering the Linux mobile part.
> Which OS?
Mobian and postmarketOS
> Did you try SXMo?
Yes, not my cup of tea. I'm happy with a stable Plasma or Phosh; at this point, the GUI is not a concern at all for me. SXMO is a nice project but it will never target the general public, and I think we need to target the general public because I wish the general public's computing were free. It's nice that nerds can be free but it's also not good enough.
> The Librem 5 is awfully outdated now
https://puri.sm/posts/the-danger-of-focusing-on-specs/
> doesn't have a good battery life
It's far from great but you can change the battery on the go. Look, you can't fight for anything without making any compromises.
> you can fight for anything
I suppose your mean't you "can't".
I know, m'y life is full of compromises because of my various political opinions.
> https://puri.sm/posts/the-danger-of-focusing-on-specs/
I agree and I intend to keep my current phone at least ten years (and I hope it will be able to run Linux at some point, it's very close!), but the Librem was released with outdated specs and that was 5 years ago. It was released with outdated specs because then current hardware was not free software friendly. However, producing outdated hardware today is a huge environmental concern for me.
That current hardware is non-free software friendly is a huge concern as well, and both concerns go by hand: we are absolutely building huge piles of e-waste just because of proprietary / closed hardware.
Anyway; the Librem 5 has been a fantastic thing for the development of Linux mobile. We also won't go anywhere with phones such as the Librem 5 to make Linux mobile a reality for the general public.
Fair enough. See also: https://source.puri.sm/Librem5/docs/community-wiki/-/wikis/F...
> I suppose your mean't you "can't".
Thanks, yes, fixed.
Interesting link, thanks for sharing!
For another platform to rise, there needs to be some heavy market shift. There already were opensource mobile OS: Maemo/meego/Tizen. Heck! I'd even throw phosh and ubports in the pot. But those are about as rare a sight in the wild as lightphones.
Phones have become essential to daily lives and the catch22 is: companies won't support niche platforms for their apps and users won't switch until the apps are there. Android happened to get adopted before everyone started relying on mobile devices as computer substitutes. Unless a major player pulls out a Valve move and does with waydroid what Valve did with wine, I can't imagine the market changing significantly.
One of the benefits of mobile GNU/Linux distros is that it is possible to run Android apps on them. Waydroid works well. The one catch is that it can be difficult to trick certain picky apps into running on an "unsecured" device.
> The one catch is that it can be difficult to trick certain picky apps into running on an "unsecured" device.
Imho, this is where we should fight for regulation.
"All mobile apps must allow the user to acknowledge the risks of running on an unsecured platform, but then launch normally"
Couple it with a liability shield for user security issues, if the user acknowledges risk.
The real Android lock-in is the universe of essential apps that, through developer laziness, refuse to launch on alternative platforms.
Eh, I disagree.
You can never catch all "bad actors". Sure, you can make a best effort, but govts are not efficient/usually work better at doing one thing, not 100 - they should be regulating the common platform not all actors on it.
Anyways, that's just as bad as what Google's trying to do.
> that, through developer laziness, refuse to launch on alternative platforms.
Android Dev is (relatively) quite difficult. The code and UI elements do not translate easily to other platforms. If a solitary developer (keep in mind, they may be a volunteer doing things in their free time, or just someone scratching a personal itch) does not then go out, purchase multiple other pieces of hardware, and write the application on multiple other platforms, that is not "developer laziness", rather that is a high cost to entry creating practical hurdles.
I think next time I upgrade my "phone" I'm going to get a gaming capable tablet with wireless and give it the steamos treatment. This gives you decent linux/windows/android interop.
I already lug a small backpack around most of the time, I can leave the tablet in the bag and use buds for conversations and when I need an actual computer it'll be way better.
Hm, how do you plan on taking calls? Will you notice an incoming call even though your tablet is in the bag?
(Asking because this idea sounds appealing to me as well.)
As is typical on Linux, lots of duct tape. Probably starting with https://github.com/dscripka/openWakeWord and speaking to https://github.com/rafael2k/ofono, then hacking from there.
Will you be able to notice when you receive a call? The only way that I can think of off the top of my head would be to make it ring out loud, which is more disruptive than a phone in-pocket set to vibrate.
My thought was a tone in buds (if they're in my ears) or just vibrate/straight to message otherwise, but I'm sure I'll be doing a lot of tinkering.
>Unless a major player pulls out a Valve move and does with waydroid what Valve did with wine
Sailfish sort of did.
I don't understand why individuals expect a corporation like Google, driven by profits, to give a sh*t. I would expect no less of Apple with IOS.
Individuals should look for and support alternatives. I'm currently working on a desktop running Ubuntu because I want an alternative to the duopoly of Windows and macOS.
Additionally, we should support open-source alternatives with our donations. I personally donate money every year to Ubuntu, the Gnome foundation, and Tor.
If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make. Please consider running upstream Debian; there are very few downsides, but the upside is that it is run by an organization that is not (and never will be) driven by profits. Also, it seems a little silly to donate to Ubuntu, which is maintained by a for-profit company.
Ubuntu controls a big voting block in debian’s organization. They forced systemd in, for example.
Devuan is a good enough compromise for me. The OS is stable, and the only issues I’ve had involve hacking curl|bash scripts that fail to realize they should just install the debian version.
(Steam and docker run well.)
Even without counting Ubuntu, was there a significant number of people against systemd in Debian, with convincing arguments?
Summary of some of them can be read at https://lwn.net/Articles/452865/
Debian’s debate page can be read at https://wiki.debian.org/Debate/initsystem/systemd
Nothing there supports there were a significant number / more than a minority of people against systemd in Debian outside Ubuntu, which was the extraordinary claim I was (implicitly) complaining against.
I see the convincing arguments against systemd, mostly wrt to the support of the FreeBSD kernel in Debian. I wasn't familiar with them, it's interesting, thanks.
> If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make.
Why not? The point is not to not have anything supplied by a business. The point is to avoid being controlled by a business.
Ubuntu does not have the same hold over your computer that Google has over your phone. The software is open source. You can switch distros easily as it does not have lock-in.
So the argument for running Ubuntu is I can choose to not run Ubuntu? I've already made that choice!
The OS on desktop situation isn't comparable to the OS on mobile situation. You can buy any PC and expect being able to replace its OS. On phones, you have to look for the ones where it's possible, and depending on the phone, it's possible despite the efforts from the manufacturers for not allowing it.
Also in PC OSs, there isn't a corporation dictating what programs you are allowed to install. In iOS there is, and soon in Android too.
IMO, these corporations have managed to amass an amount of power where there's no longer consumer freedom. Therefore, there's no free market. We have reached a point where the law must intervene to restore capitalism.
Because we can't install that on phones and even if we did, we need to use Android apps to do basic daily things.
Phones are not like PCs, you can't "just install a different OS". You also can't just build a phone from parts like you can with a PC, it comes locked in with the OS, with proprietary drivers and advanced cryptographic DRM measures.
And even if we did get things to the level of desktop Linux, we can't run any of the apps we need for everyday life. Most of these things on desktop are web-based, so you can use them on Linux, but this isn't the case for mobile and many things only come in mobile. Bank apps, government services, digital identification, mandatory companion apps for other devices...
If nothing else, we need to keep Android as open as possible because it makes it easier to port those things to other platforms and maybe one day have a proper alternative.
Oh, and it's not like we have a good alternative. The current Linux stack is completely inadequate for mobile use. An average phone has something like 50 apps the need to be able to react to any of a few dozen different local or remote events at any moment, yet also need to use approximately zero CPU cycles to do that. We need a brand new app paradigm if we want mobile Linux to succeed and it's not looking like that's going to happen any time soon.
> Phones are not like PCs, you can’t “just install a different OS.”
This right here is the root of the problem.
> Phones are not like PCs, you can't "just install a different OS"
They should be. Mine is exactly like that.
The short version is: the PC is a historical accident. By "the PC" I mean "the Windows-Intel platform on which most consumer PCs were built." Linux and BSD were both able to exist in the form they did because there was a commodity hardware platform that was standardized (ad-hoc standardization, mind you) and _somewhat_ open. IBM, Microsoft and Intel were all best frenemies, able to exert enough power to standardize the PC platform but also able to exert enough power against each other to prevent them from locking the platform down too much. There is no standard "smartphone" platform like there is with the PC, really the only standard is Android AOSP. Because of this, it's a lot harder to do a third-party phone platform without adopting large parts of Android's code.
I agree with you completely.
The point we are all missing, Google is not going to pull back, they have already invested in this change, it's in rollout phase, infrastructure is in place. It's not going to be rolled back. The ship has sailed. Keep Android Open is unfortunately dead on arrival, IF we are going to depend on Google.
And, are we going to keep depending on a profit oriented company to follow our bid? If so, then, we are very well have lost already.
The problem is that a new project and even a fork would need buy in buy companies like Samsung. Otherwise a project LineageOS would be much more popular. This is hard to do without serious money.
Yes, agree 100%. It's not only Android the problem. It's the cartelization between them and hardware manufacturers. But then that means that we will be doomed to the current duopoly between Google and Apple.
The very first step I believe needs to be taken is to pass strict laws to allow devices to be reflashed with whatever we want. Until we do not have that in place we will always be stucked like this. Once people can truly install from scratch whatever they want then the game should change completely.
Agreed.
So many good working devices go to waste because no longer supported by Google and the hardware manufacturers. They have good cameras, good wifi etc... we should be able to reflash them and install whatever OS we want on them.
It's becoming more and more difficult to install even Lineage on a lot of 6 or 7 year old hardware.
Good point about hardware duopoly, and laws (along lines of "right to repair", right?). Nit: "Until we do not have that in place" - double negative
Why is popularity a concern? I'm writing this on a Librem 5 with PureOS that I've been daily driving for the last few years and which gives me a much better experience than Android could. Why would it matter to me as a user whether it's popular or not? The only thing I can think of is availability of native applications, but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Popularity is important when we consider whole societies, but it's not particularly relevant for individuals. I don't need a buy in of Samsung to use GNU/Linux on my phone.
For example because the wait time in the theme park which I visited can be find only in their app for iOS and Android. The same true for ordering food to your table in another theme park. Yeah, there are alternatives, but those cost you time, sometimes hours. And these companies won’t implement anything for an error margin.
The fact this is a thing is part of the problem.
We should not be downloading executables and running them from random third parties in order to do mundane tasks. If they absolutely must have an app, it should be a web app, end of.
Here's a question, what if the executable was thoroughly sandboxed? Like Firecracker level with virtualization? And once you're there, what's the difference between that and a webapp?
I don't think apps are going away so users need to have a switch that says, "I don't trust this company with anything". Extremely limited Internet access, no notifications, no background activity at all, nothing. It needs to be like apps for the 2nd gen iPhone: so completely neutered that webapps look like Star Trek level technology.
There is beyond zero incentive for either Apple or Google to provide something like this. Google HAS network permissions on Android. You just can't access them. They're hidden from you, presumably because Google prefers more malware and spyware running on your phone.
The reality is that both Google and Apple are not just in on this, they created this situation. They not only don't care if you download 1 million apps from the app store that may or may not be malware, they actually prefer that model. Going as far as to sabotage the web to maintain that model. Going as far as developing their own browser which is broken to maintain that model.
Which, relatedly, is why any type of argument of "safety" around the app store or play store is complete and utter bullshit. Apple and Google want you to download as much malware as possible. All their actions demonstrate that.
Google is a step ahead of that, with their device attestation technology. Now apps can make sure they are only running in an approved environment.
This is the inverse of what he's saying. Attestation takes control away from users. Permissions give control to users. The ultimate user control is not using the software at all.
That's what the GP meant, wasn't it? "Good luck with your sandboxing, Google is already a step ahead in this cat-and-mouse game".
Again:
> but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Just consider how this wouldn't happen at all in an environment where no platform dominates in popularity (and it doesn't always happen today either, as lots of things like these are accessible via the Web from any platform regardless).
We have exactly that interoperability right now, and the market said that they don’t want use that.
A market like that needs to be better regulated then.
True, if a new system ever wants to rise, it’s gonna need backing from a major player. But once it takes over the market, it might just become the next “Android.”
Not so, if the next system is mobile GNU/Linux. As long as the components remain free and mostly the same as on desktop, if one or two go bad, they can be replaced. And certainly the core system won't go bad.
> "We need these kind of projects, not kneeling down to a company like Google and begging for Android to be open."
Indeed.
> "Effort needs to be put elsewhere."
Also correct. Outside of offering (an) alternative product(s), one also needs to fight the inevitable pushback of industry dinosaurs and their political toadies.
In other words: One needs to invest in massive lobbying efforts on the same playing field of corporations as well, e. g. in the EU or the US. For without sound organizing all efforts will be relegated to hobbyist spaces with an assortment of "Are we there yet?" products.
Smartphones and function-alikes are an entirely different breed of device, or at least can be: the general-purpose computing platform for your pocket. In this market, "somewhat different" rules apply.
Drivers and firmware blobs.
The real problem was never solved to begin with: all mobile devices require proprietary drivers to function at all. Because these drivers are proprietary, the only people in a position to make them compatible with an OS are the manufacturer's dev team; and they are only interested in compatibility with Google's proprietary Android fork.
When Google starts to release versions of its proprietary Android fork, any open Android fork (or other alternative OS) will have to reverse engineer that proprietary Android fork in order to match its compatibility with proprietary firmware blobs. This will need to be done for every device.
Imagine trying to find your way through a building while wearing a blindfold. It's much easier if you are able to study the original floor plan that building was modeled after, even if the building itself has a modified design. Google is taking away that floor plan.
The situation is already medium-bad: it would be trivial to use an alternative OS if drivers and firmware were open source. It would be relatively easy if drivers and firmware had open specifications. It's difficult, but feasible in the current situation, where drivers and firmware are closed spec, but designed to be compatible with a close fork of an open source codebase. It will be extremely difficult (and technically illegal in the US) to do when drivers and firmware are closed spec, and designed to be compatible with a closed source codebase.
I used to have a Jolla phone which ran a pretty cool linux OS on it but it only worked because it had an alien dalvik android vm so I could still run apps like those from my bank, whatsapp etc..
It's nearly impossible to live in the modern world without either an iphone or android without making some major sacrifices e.g. I'd love to not use whatsapp but it's not an option because all of my friends and family use it
Why did you stop using it? Asking because I was wondering if I should get one.
If people have to put the tiniest bit of effort into using a different platform, they won't. This is the sole problem with alternative platforms. I agree with you that the ideal solution would be to break away from Google entirely, either with a hard fork of Android, or something completely different. But you'll have to make the transition absolutely seamless for the masses, or it won't happen.
Because smartphones are designed such that I cannot put whatever OS I want on them. I'm stuck with whatever proprietary flavor of Android the manufacturer loaded it with.
If I'm really lucky one of the opem source Android forks will support my device. But my current phone is not supported by postmarketOS or GrapheneOS.
I don't want a world where the market can only support a dozen devices across 4 or 5 manufacturers.
> So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
Ironic because the foundation of Android itself is built on open source.
Most if not all large, successful open source projects are funded by commercial interests, not just consumers. The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
> Most if not all large, successful open source projects are funded by commercial interests, not just consumers.
Right, the key point here is most of the fundamental projects were never commercial in origin and had grassroots community or academic roots. Android is built on top of a student's hobby Unix clone.
> The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
Um, no duh a corporate project requires corporate funding. Android was never a grass roots community effort.
It's better to have a billion dollar corp footing the bill for the massive amount of work it takes to maintain Android. If it comes to needing a fork so be it, but if they can be convinced (or strongarmed) to be more supportive of an open ecosystem and FOSS Android projects, everyone wins.
This comment nails it. There was an an article about how the FSF got funding for exactly one dude to work on free phone software https://news.ycombinator.com/item?id=45586339
That's great and all but it's just a drop in the bucket of the amount of work needed.
Systems with less maintainers require less maintenance because they are made in ways that require less maintenance. They also tend to be less good systems, but not in linear proportion to their reduced maintenance.
Why would you want to start over with a new platform when Android (as a FOSS project) is already most of the way there in terms of freedom and usability? The only problem are "apps" that depend on proprietary Google libraries. This only concerns a minority of apps, but notably includes some foreign banks that require the "app" as second authentication factor.
Perhaps this could be regulated by law or executive power, but considering that governments themselves have created apps that depend on proprietary software, I am not too hopeful. But as long as the same "app" is accessible through a browser, this remains a minor inconvenience.
> So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
When it comes to consumer hardware or software targeted at end users? I think such cases are pretty rare and far in between. Firefox had a brief stint of being popular in the late 2000s, Valve is doing some cool stuff with SteamOS/Proton but I can't think of much else of the the top of my head.
Otherwise it's usually companies like Google or Apple which use OSS as a base layer for their closed down and proprietary platforms.
PostmarketOS is cool but its a product niche targeted a very tiny subset of consumers (just like Linux on desktop for that matter).
Likely there just aren't enough of the right people to support such a project, sans a sustained revenue model.
The equivalent of dual-booting would, IMO, be a big step towards Google-independence.
In my grad school days in the mid-90s I set up Linux because it let me write programs in a modern way, accessing all the available memory without jumping through hoops, etc. I would still switch to Windows for playing games, using Quicken, checking Usenet and email and browsing the web.
AOL not even being available on Windows and modem drivers for cheap-er hardware being Windows-only meant I had to switch back and forth (download on Windows, copy to a floppy, reboot, etc.). This sounds crazy today, but it worked "somewhat OK" for me to keep experimenting.
If we could somehow provide a similar environment for the phone, even jumping through hoops, this will enable enthusiasts to start seriously tinkering with their devices. But this is not easy -- both the hardware and the Android today place way more restrictions than much-vilified Microsoft and Intel did 30 years ago. And Microsoft tried very hard to snuff Linux out, wiping boot sectors and partition tables giving half a chance; Google will be much more successful killing any dual-boot attempts now. My 2c.
The difference is hardware. A large part of the explosion around Linux in desktop computing is based on the fact that IBM's patents for desktop architecture expired and IBM clones proliferated in the marketplace. Also, busses like ISA/PCI/AGP and ports (serial, parallel, ethernet, USB) were all standardized.
In short, Linux was possible because the underlying hardware was open and standard.
IBM had very little patentable subject matter in the original 5150 design, and anything they could patent would have been subject to an antitrust decree that legally required them to, in Tim Kulak[0]'s words, "work for free". That's why they focused on copyright in the BIOS so heavily.
Also, none of this impacts Linux, beyond the fact that IBM clones were ubiquitous by the time Linus started writing the kernel. If IBM clones weren't around, Linux probably would have originally ran on an Amiga. It was very much expected that personal computers would run anything compiled for the CPU, mainly because the companies making them shipped very little software. I guess you could say that Linux was possible because there were PCs to buy - otherwise we'd be stuck with BSD or GNU running on computers we had to rent. But even then, what IBM did here was not directly open the floodgates to a Free OS, they just accidentally opened the floodgates to a bunch of companies entering the PC market by blatantly and legally ripping them off.
[0] Kulak is a Russian word for owners of rural land that refused to join the Soviet collectivization regime, which was then later applied to basically anyone accused of not meeting the hilariously awful production quotas Stalin put on shit. Despite this awful history, I'm appropriating the term because A) it's a good pejorative for land-owning nobility and B) it almost rhymes with Cook.
Agreed w the sentiments. Minor nit: "I can't say it isn't a daily driver for everyone" - double negative
> A new platform needs to rise that breaks out completely from Google
After many many years and many forks, yes. This is still clearly the right answer. Google didn't succumb to Apple and just accept things, they acquired Android and invested heavily in it. We are all grateful for that. BUT, we must also acknowledge that the time of the two horse race is over. And while OpenAI and many others are attempting to do various things, we can continue to invest and back alternatives that create a more fragmented market. Maybe they will not replace Android, that's fine, but you're not going to fix Android's problems without suing Google, which people are doing, or actively working on alternatives, which again people are doing. Change is coming.
Because money. Yes Android is open source, but Google is spending billions of dollars a year paying engineers to develop it. If you want Android to be "free" find alternate funding, with no strings attached.
See: linux
How many consumer devices is Linux successfully running on?
Why? Because I want to run bank, OTP, streaming, and other crap apps that requires certain level of trust that a 100% open source version of AOSP made by some guy in a basement doesn't provide, that's why.
Because you cannot own or operate a cellphone. The cell phone modem is not licensed or controlled by you. It cannot be, it is the telecommunication company's. And this reality is intruding more and more into everyday life. You will not be allowed to control your smartphone. They are terrible computers because of this. A smartphone's legal purpose is now basically just banking, shopping, and navigation. Other things that interfere with commerce will not be allowed.
Just use your phone as a hotspot with a real computer for computing that you can and do own.
You're right. Especially with the rise of agentic AI. You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests, create a new OS, or Web Browser or anything. It's the end of monopolistic control of software.
But, I think the giants already know and accept this. The moat now is compute. A centralization of power back to the server, the rise of thin clients, and fat services.
So, it is a revolution but there's also counterbalancing forces. Still, we should ride that wave :)
> You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests
The current problem with "Linux on phones" is the locked down nature of the hardware. For example, looking at PostmarketOS's support device list [0], sensors, Wifi, even phone calls don't work. Would what you're saying enable faster implementation of those support modules? (This would be really cool if possible).
[0] https://en.wikipedia.org/wiki/PostmarketOS#Supported_device_...
If it's just about building software against suites of tests and spec that already exist, then definitely what I'm saying would make it faster. But if it's a hardware control issue, then no.
In that case (ie, if in order to be free we need to free the hardware, too), we need to create a hardware company that builds a phone from the modem/radio on up and owns every layer.
Obviously non trivial hahahahaha :)
AI is letting the world of bits move faster than before by exponentially reducing rework and sharing around the benefit of network effects from collective human knowledge. It's not touching hardware in the same way, and doesn't give us the same superpower.
edit: I guess the "easier" play is to convince an existing full stack phone hardware company to make us an OpenPhone that we can hack on because they believe in the inevitabilities of trends and consequences from AI and want to invest in that future. That would be cool? Any takers? Reach out cris@dosaygo.com
The way to make this work for real is with a smooth migration path, which means a way to keep running Android apps on your new system.
If you want to sponsor Waydroid to help make that happen, you can do so right now: https://opencollective.com/Waydroid (I'm not affiliated, just a fan, and it's the only realistic route to this I see).
I agree with you, but that only works if people value it and are willing to pay for it.
Look at email. It’s technically open, but in reality there are a few large players who control the majority of it.
The only way open source phone software succeeds is if there is real money behind it and there is an attractiveness to it that makes people pay for it.
Does Qualcomm support the use of their hardware in "raw" Linux phone and tablet use? Where I can be root?
The short answer is its a huge costly chaotic mess to be in a standards/compatibility battle we don't have to be in.
It's far easier for everyone if Google plays nice than to put in the work to unseat them and still keep app devs and users happy.
Simple answer, no open source project can have the keys that sign play store access.
We need both. Open source alternatives are great, but they don't replace tight regulation of large corporations. Just because Linux exists doesn't mean we can give Microsoft, Apple and Google free reign.
Problem is the hardware vendors often very much like closed systems. And banking apps too. We sadly have a much less open hardware ecosystem compared to the PC landscape. And even here driver problems are more pronounced the more exotic the OS platform.
For me mobile OS are a broken mess, irrespective of Apple or Google, so I would love to have an alternative. Mobile phones are powerful devices that are severely handicapped by bad software. Restrictions are sold as security and there are a lot of people that even buy into these crap argument. So much so that even legislation has adopted them to some degree.
But for hardware vendors to jump on another train, a new OS must probably offer something shiny. And the average user has no idea how easy it could be to interface your smartphone with other devices without needing some ad riddled vendor specific apps. I mean you can install an ssh client on your phone, but meh... That is more or less the only app I install these days.
I agree, F** Android, the website should me MakeLinuxSmartphoneReady.org and PostmarkeOS + Gnome Mobile is in good shape but a few smartphones support it.
What are your current bugbears with it to not be a daily driver? I’ve been curious for a while but haven’t pulled the trigger
I completely agree.
Google has been gradually becoming more restrictive on Android openness, slowly but surely strengtening the thumb screws.
On the long term, the best thing to happen is for them to bang make it proprietary [1] while it is still free and liberal. The shock effect will be big, and the initial changes big, too. Such will motivate the right people. Open source devs, governments, legislators, people with executive powers within other companies.
But Google is too sneakily clever for that. So they go slowly, gradually. There won't be a shock effect, or if it happens it'll be a done deal.
This is how you turn a country into fascism, too. Slowly but surely, and then bang. It is all the small steps beforehand which matter, and this is why the Execute Order 66 quote from Star Wars is so such a beautiful example in popular movie SF.
You can see how failed efforts for coups in democracies have failed recently because of checks and balances. South Korea is a recent example, but looking at the details it was a close call. In my opinion, the same was true for USA, and I don't know enough about the Brazil example.
[1] Yes, I realize Android is proprietary and AOSP is FOSS.
Good luck funding the development of a competing mobile OS by FLOSS nerds that can compete with Google's trillion dollar market cap.
Even if you could get some traction, you're gonna have a bad time getting banks to support this OS, at which point it will be useless for most users, preventing you from ever becoming profitable.
> Even if you could get some traction, you're gonna have a bad time getting banks to support this OS
This already happened. Banks here in Brazil like to require an invasive piece of software (a browser "plugin", though it installs system services) to access their online banking websites. For a long time, this invasive software was Windows-only, so those of us using Linux had to either beg the banks to enable a flag to bypass that "security software" for our accounts, or do without online banking. The same for the government-developed tax software, which was initially DOS-only and then became Windows-only.
But nowadays, there is a Linux variant of that invasive banking "security" software, and that tax software became Java-only (with Windows, Linux, and MacOS installers, plus a generic archive for other operating systems). So things can change.
Linux, linux, linux, if you’re blackpilled keep it to yourself, contributes nothing.
Like many others in this thread have already said, Linux is not the solution.
You call it blackpilling, I call it facing reality.
Your reality is sad, glad I don't live in it!
For some reason the awful orange app Materialistic does not have down vote so i leave this message instead.
I'm going to say something that should get upvotes.
YOU CAN, AND SHOULD, DO BOTH.
This is the correct take.
Let's say we beg Google to keep it open now, and they acquiesce.
So what?
Do you think this same drama won't repeat in the future?
I also don't think it is right for Goverment to force companies give up their properties, in this case it is like forcing Google to continue to fund Android.
May be Goverment world wide could all fund the same OSS OS which benefits everyone. But right now I see zero incentives for any government to do it.