Bingo, this right here. Linux desktop wasn’t a daily driver until one day it was.
Although the only problem with this strategy is that Linux got that way because of a lot of private companies that actually wanted that. Valve didn’t want to be locked in with Microsoft. Many of Microsoft’s direct competitors also don’t want to be locked in. IBM famously switched to Mac, Google has been using Mac and Linux workstations for a long time as well.
Also, web technologies like Electron made porting applications to small user bases Linux easier. If that never happened, I wouldn’t be able to use my commercial apps on Linux. This concept might be a little more of a challenge for the mobile app ecosystem, which is a mix of native wrappers like react native and native apps, and there is a high amount of dependency on native APIs for the extra sensors and hardware features phones have the laptops and desktops don’t have.
E.g., For Linux on mobile to work react native can’t be an incomplete implementation like the status quo.
It's a transient state. Food for thought: how much of Linux being a daily driver depends on you having a modern Android or iOS smartphone?
If you need a locked down phone that passes remote attestation to authenticate yourself to a remote service, then whatever you use to access the service UI doesn't really matter: the only device that's necessary to have to use the service is the one you don't fully control, and which gets to control your patterns of use.
An intuition pump I like: imagine you want to put a widget on your desktop that always shows you the current balance of your bank account. You want it to just work ~forever after initial authentication (or at least a couple weeks between any reauth), and otherwise not require any manual interaction. See how hard it is (if it's even possible), and you'll know how badly you're being disempowered already.
Interesting thought. I’d say a low to medium amount but you’re making a good point here.
Most services offer simple SMS two factor, and then if they offer an upgrade to Authenticator or passkey then I have no iOS/Android dependency.
My bank’s website works almost the same as the phone app, I think the only difference is the lack of mobile check deposit (but nobody’s writing checks anymore).
Some services like Venmo are most popular on apps but still have a website.
My remaining hooks are:
- iCloud shared photo libraries with my family. I can use those on iCloud.com but it’s a bit more of a pain. My paid iCloud storage has been migrated to more open alternatives.
- AirTags and Find My. There just isn’t a competitor that’s anywhere near as good. It’s thankfully not a very necessary product.
- Apple Watch. (AirPods actually work great on Linux, btw, even if they are missing some functionality)
- Apple Home. I could migrate this to Home Assistant.
- Apple Wallet. This is mostly convenience. Most things that use it have some kind of alternative, like printed boarding passes. But there’s…
- Ticketmaster. The mobile website tells me I must download the app or add to mobile wallet. Barcodes are dynamic and screenshots don't work. I think the only alternative is to go to the box office before the event which can be very annoying.
My daily driver is Rocky 10, but my control plane is a Pixel 6 on the ATT network but I control almost nothing on that layer. It is why I have been moving most of my core workloads off SaaS and back to local.
My daily driver has been debian and ubuntu since Potato 25 years ago. My bank has been online only since 2006 and has worked with Konqueror and later Firefox all that time.
2FA is either a standard TOTP generator or an SMS.
Now I do have a smart phone, because I'm not a complete luddite, but I can't think of anything other than perhaps some forms of entertainment (apple tv, paramount, disney perhaps) which might not work on my laptop. I shun things like notifications of my bank balance, is that an essential thing? How did people in the 90s cope without a per-minute balance?
Account balance is a litmus test. If you can't liberate even that information, you've lost control over the banking and your own device.
> 2FA is either a standard TOTP generator or an SMS.
For now. Be grateful while you have it. Most banks everywhere are moving to 2FA through push notifications to their proprietary app, and are deprecating other channels. TOTP is becoming unusual in a bank; where I live, I haven't seen it in use in banking in over a decade (though I'm not counting SMS here; they're technically kind of like TOTP, but they're generated by the service, not on your end).
Between that and a web-wide push for passkeys, having a locked down smartphone is already becoming a soft requirement for doing anything on the web.
"lost control" seems odd, before 1999 I got a bank balance by phoning up a number and putting a ton of other numbers in, so I'm not sure when I ever had control
I guess I could automate my browser or write something, but the lack of a published API doesn't mean I don't have theoretical control over my device (in practice I rely on a linux distribution and firefox/mozilla to create/maintain the browser engine)
Sure in the future they could hypothetically enforce non-free methods to access my bank, and hypothetically all banks could do this, but that's certainly not the case now.
Personally I wouldn’t want to have an account with any bank that allowed permanently open api’s - an attacker gets one auth and then can see my balance forever? No thanks.
And that would give the attacker exactly what?
Yes, I can come up with scenarios where this gives an attacker exactly what they need to time some scam (or mugging) perfectly. I can just as easily come up with scenarios where the same attacker uses already available (or inferrable) information for the same purpose.
Look, many banks are perfectly fine with letting you opt into showing the account balance on their app before log-in step[0]. So why not let someone opt-in to direct access to that information? Or even opt-in to allow the app to expose this information somehow. Even in a body of a goddamn notification[1] (not disabling screenshots is too much to ask, I know, surely everyone will get hacked if this is enabled).
Paranoid mentality about cybersec is a big part of the problem - in itself, but also because it legitimizes the excuses app vendors provide to force users into their monetization funnels.
--
[0] - It's not a very useful feature, since you still need to open the app - and at that point, it's faster to log in via PIN or biometrics than to "swipe down to reveal account balance" or whatever bullshit interaction they gate access through in lieu of just showing the damn thing.
[1] - The increasingly common pattern of "let's notify user that something happened, but do not say what happened in the body of the notification" is getting infuriating. It's another way to force users to "engage" with the app, and it happens to also deny one of the few remaining ways of getting useful data from the app for purposes of end-user automation.
It would give them my balance, something extremely private to me. Not sure what you’re not getting about that.
There’s good reasons you can’t do this, and sure, maybe you don’t care about those reasons, but you’d be in the minority.
Bitcoin :D
All fun and games until you want to exchange it to traditional fiat - at which point regular banking suddenly feels like FSF heaven in comparison :).
Lots of private companies do not want to be forced to pay Apple and Google a hefty chunk of their earnings either. That's what drove Epic Games and Spotify to fight Apple.