> Feel free to complain, but don't forget you can make choices.
Of course. I can make a choice. When the choice is between being able to login to secure services with my SIM embedded e-signature, use mobile banking and conduct official business and not being able to do any of these things, making choices are easy.
Running Linux on desktop is easy mode when compared to phones, and yes, I started using Linux on desktop in 1999 too with SuSE 6.0. Phones are way more interconnected and central to our lives now when compared to a general purpose computer running your $FAVORITE_OS.
I booted Slackware from a pile of floppies back then. I thought the Germans had a pretty good offering with SuSE at the time.
Look I get it, even back then, most folks felt Windows was the obvious choice (and still do) for their jobs and so on. Sometimes you have to make do with with the unappealing choice in front of you.
For a little more context, my cracked screen iPhone can still do banking or whatever, but I chose not to pony up $800-$1200 for a new iPhone and bought the cheaper $350 Motorolla. It works for me and I think I'm not entirely alone. There are probably some cracked phones, some handme down phones that folks could use for those situations where you really need to use the closed platform, but otherwise are free to use something more open.
Slackware always brings out the inner teen in me. I feel giddy like in the old days. I need to install and maintain it somewhere some time, just for kicks.
I support FOSS wholeheartedly, and believe that it's possible to have a device which is completely Free (not Open but, Free) from hardware design to firmware and software.
On the other hand, there are some nasty realities which bring hard questions.
For example, radios. Radio firmware is something nasty. Give people freedom and you can't believe what you can do with it (Flipper Zero is revolutionary, but even that's a tongue in cheek device). Muck with your airspace and you create a lot of problems. The problem is not technology, but physics. So, unless you prevent things from happening, you can't keep that airspace fair to everybody.
Similar problems are present in pipelines where you need to carry information in a trusted way. In some cases open technology can guarantee this upto a certain point. To cross that point, you need to give your back to hardware. I don't believe there are many hardware security devices with open firmware.
I use MacBooks and iPhones mostly because of the hardware they bring in to the table. I got in these ecosystems knowing what I'm buying into, but I have my personal fleet of Linux desktops and servers, and all the things I develop and publish are Free Software.
I also use Apple devices because I don't want to manage another server esp. in my pocket (because I also manage lots of servers at work, so I want some piece of mind), yet using these devices doesn't change my mind into not supporting Free Software.
At the end, as I commented down there the problem is not the technology itself, but the mindset behind these. We need to change the minds and requirements. The technical changes will follow.
Luckily not everyone agrees with Richard Stallman's hard-line take on proprietary chips.
IMO, if the radio chip just acts as a radio, and passes packets as requested, and any needed firmware blobs are freely distributable, it's fine. It's not ideal, but it's good enough to make a libre-phone.
We all know the network is spying on us anyway, and the radio should be treated as being part of the network, on the other side of the security boundary from the main processor - and since we don't trust it, we don't have to demand that it helps us verify our trust in it!
For radios, the general idea of building radios to a spec and having them certified to be sold in country works pretty well most of the time. It might be nice to have a phone with plenty of flexibility on the radio, but I think most folks would be happy just to connect and send work-a-day packets OTA unencumbered by additional restrictions.
It seems like a hardware security device could act similarly to the radio in that the general OS can ask for service (e.g. a signature), but not have access to the internals of the MCU. I don't see why these systems need to be opaque either, in fact it'd be nice to know what is running on the security enclave or LTE radio, even if folks aren't generally meant to access/modify the internals.
It'll be interesting to see how things develop. In my case, I am looking for more experimentation with the smartphone form factor. I'd like to see better options in the market.
I don't think open source and not allowing people to break laws with impunity are at odds. Because there are laws governing airwaves. I think there would need to be some sort of legal entity (foundation?) that would need to steward open firmware + enable it to be locked down so regulations can be followed, but I don't think the two are somehow irreconcilable. The first example that comes to mind is how all the linuxes work with "secure boot" (all of its ridiculousness aside). I think it would be a more effort than that but I truly believe that it is possible to have trust and openness and following regulation. The idea that only a proprietary company can follow the law and comply with regulations is in my opinion strictly false.
That's a big part of the problem: enforcement doesn't scale. It's cheaper to restrict people by legal and technological means, than to let them use judgement and prosecute occasional abusers.
It’s fairly unappealing to carry around two devices also.
What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
We're headed down a very slippery slope and the destination is a very dystopian reality where those in power can prevent someone from participating in society on a whim. I believe the destination has previously been described as the beast system or New World Order.
We are all definitely going to have to make a choice. That much is certain.
> What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
In some cases, it already is.
We're already far on the path you described, and there is no choice to make on it, not for individuals. To stop this, we need to somehow make these technologies socially unacceptable. We need to walk back on cybersecurity quite a bit, and it starts with population-wide understanding that there is such thing as too much security, especially when the questions of who is being secured and who is the threat remain conveniently unanswered.
The US is not nearly as far down that path as is, for example, China. But two forces are at play here: 1. Near-term concern: F-Droid is getting too popular for Google's comfort and Android revenue ambitions 2. Longer term goal: Control. Much of Chinas's social credit scoring is mediated by their phones. Not an issue yet here in the US but assuredly, if not explicitly on the current's government's list of aspirations. A completely managed device with no freedoms (like f-Droid et al,) is antithetical to a more restricted (managed) device.
> Near-term concern: F-Droid is getting too popular for Google's comfort and Android revenue ambitions
That's good to hear.
I'm entirely on F-Droid, with no Google account.
Well put. Most SWEs on this very site probably require a smartphone for id verification for work. Acting like that is a personal choice is not useful
We're already there. Attestation is not in your phone, but in your ID card. European passports and ID cards carry biometric data of your face, so you can be computationally verified.
I'm aware of this slippery slope for a very long time, esp. with AI (check my comments if you prefer). On the other hand, I believe that we need to choose our battles wisely.
We believe that technology is the cause of these things, it's not. Remember:
The governments believe that this is the "necessity", so the technologies are developed and deployed. We need to change the beliefs, not the technology.The same dystopian digital ID allows me to verify my identity to my bank while I'm having my breakfast saving everyone time. That e-sig allows me to have a practical PKI based security in my phone for sensitive things.
Nothing prevents these things from turning against me, except the ideas and beliefs of the people managing these things.
We need to change minds. Not the technology.
> We need to change minds. Not the technology.
I totally agree that changing the hivemind's mind is the only way to preserve these freedoms.
Is anyone making any progress on this? Beyond the FSF, noyb, and hn lurkers?
I feel better having a physical token like an ID than it being on my phone, however.
Sure, but the bank feels better about forcing you to interact with their app on a daily basis, because this gives them a direct upsell channel for their financial services. They don't actually want you to us a physical token. Security is only an excuse.
Yup, right on target.
When that security model is based around SIM swappable hardware, this sounds at least questionable. Mobile security seems like a contradiction in itself. I would say this is also why Google is so eager to also lock down the last degree of freedom. So the joke is on you when you use it for online banking
Your comment makes a lot of assumptions, and all of them are wrong.
Exactly - if I don't have the Monzo banking app on my phone, I can't do _any_ banking.
Thinking about that now... That's not great.
I refuse to use a bank that does not have a website.
I do have one credit card that requires an app if you want to do thing online - otherwise its paper statements only. I use it a lot less as a result.