No user accounts, by design
f-droid.orgF-droid gets many things right (e.g. verifiable builds), but it's just not usable in practice.
Installing applications is a rare event, updating them is frequent, and needs to disrupt the user as little as possible. Android used to not allow alternative app stores to update apps without user interaction, but now supports this through UPDATE_PACKAGES_WITHOUT_USER_ACTION, which doesn't seem to be supported by F-droid. So it's manual clicking for each update.
F-droid also somehow gets the regular update flow wrong and often (always?) shows an error when you try to install the update from the notification. That has remained unfixed for years. So you have to manually open it, initiate the update, then click through the dialogs.
Additionally, the official repos update so slowly that they're useless for fast-moving stuff like NewPipe.
Together with Android bugs like https://issuetracker.google.com/issues/204233247 (resetting all "open with" URIs on update), this makes using packages installed through F-Droid a nightmare.
Not really a counter point because you mention a lot of other issues with f-droid that sound valid (I haven't used it myself) - but as a tangent regarding auto updates, I disable them basically everywhere because I seem to have buggy experiences too often if I allow stuff to update all the time.
I then go through the list of updates in the Play Store once a week or so and install those that I think might improve app functioning/stability. I look over and install Windows updates once a way-too-long (need to work on this).
Feel like everyone is skimping on QA these days or something else fishy is going on. In the last handful of years there have been 2 or 3 Windows updates that either permanently erased data or caused some other insane issues. I didn't get them (tbf I understand that most people didn't), partially thanks to having auto updates disabled.
Yep, me too. I used to evangelize frequent updates because of the security aspect. However over time I kept getting burned by disruptive or buggy updates that broke things that I depend on.
The last straw for me was a few years ago when my podcast suddenly stopped playing. When I unlocked the phone to investigate why the episode had stopped the UI had completely changed, in a way that I was completely lossed and had to start over learning it from scratch. I was right at the beginning of a long road trip and had pre-downloaded many hours were of stuff to listen to because I didn't have much data in my plan. All of the episodes I had downloaded were gone. Additionally because I was driving, learning a completely new interface was horribly dangerous.
That was the day I disabled auto updates, and now I manually approve each one. Certain apps where I don't want to risk UI changes or new bugs, don't get updated right away. When they do, I always backup the old APK first so I can easily restore it if needed.
Exactly the same here. Nowadays I go through the changelog and often I realize there is no changelog for the update, or it is totally irrelevant for me (e.g. bug fixes for other android versions or problems which I don't have, marketing changes, cosmetic changes, features I don't need, etc.)
F-Droid lets you downgrade apps. The only problem is that due to Android's security protections, you have to uninstall the app to install an older version (downgrade protection).
This still sucks for your usecase on F-Droid. If you look through the available updates and pick 10 to install, you have to click through 10 popups to allow the installation, one for each update, waiting in between each for the previous update to finish before being able to approve the next.
How many apps do you need installed (and why)? I feel like I'm a pretty heavy user, but if I forget to update for a week at most I have 6 apps to manually click through. It seems likes an insignificant gripe considering the other alternatives (Play Store, Amazon, Huawei, etc)
These are the apps on my phone that have updated in the past 7 days:
Subway/public transit app (see how much money I have left on the cards)
Grab (an Uber competitor where I live)
Facebook
YouTube
Google
Google Maps
A bank app
Signal
Google Calendar
GMail
Android Auto
Agoda, a hotel booking app
Dropbox
Netflix
Instagram
AirBnB
A second bank app
A boardgame helper app
Uber
TripIt
Microsoft ToDo
Shopping app for the baby store we order diapers and formula from every few days
Pocket
Spotify
Proton calendar
Facebook Messenger
Google Docs
Google Photos
Google Voice
Google Sheets
You Need A Budget
Tiktok
Shopee, an online shopping app I use nearly every day
My country's covid vaccine tracking app
Google Translate
From F-Droid? Are you not choosing Aurora store? (Yes, I know what those apps are, I'm in the same region and time zone as you)
Not from F-Droid. I was just replying to the parent's claim that normal people don't need a lot of apps.
If I don't have a laptop or desktop, why wouldn't I have a lot of apps on my phone?
That wasn't what I was asking though... I was talking specifically about the number of apps through F-Droid. They don't seem to require updates every two days unlike the Grab superapp.
That limitation perhaps also drives the infrequent updates?
In any case, it's fine for F-Droid to choose that behaviour, but then it limits itself to a niche of possible apps.
> In the last handful of years there have been 2 or 3 Windows updates that either permanently erased data or caused some other insane issues.
I'm still mad about the Windows update that permanently stopped Windows from working with my Bose headphones. The headphones continued to work perfectly with anything that wasn't running Windows.
Out of interest, have you tested them on win11? One of the later win10 updates broke my Bluetooth headphones (actually, Bluetooth in general became pretty buggy), but they 'magically' unbroke after the upgrade
ime bluetooth has been buggy ever since. not always, but it failed me countless times in the worst situations. one reason why a phone has to have a 3,5mm jack.
No, I haven't.
i got stung a few times and have turned off updates since. it wouldn't be such an issue if the play store would allow you to roll back to a previous version
Even if Android would let you easily downgrade apps, the problem remains that each individual app would also have to support that scenario, too (by never doing any data migration that would leave the user data no longer readable by the old app version).
Personally, I've found that disabling auto-updates just means either unnecessarily sticking with outdated/buggy versions (or versions that drift out of sync with backend services and acquire new bugs that way), or I spend way too much time manually maintaining my phone instead of actually using it.
I don't have time to read release notes/research each new version, so I'd likely just spend 10 minutes hitting "update" on everything, then getting bitten by the same issues.
(This is specifically in regards to Android apps, not other platforms).
> Personally, I've found that disabling auto-updates just means either unnecessarily sticking with outdated/buggy versions (or versions that drift out of sync with backend services and acquire new bugs that way),
I guess I don't care if my apps are "outdated" as long as they still do what I want. If there's something buggy about an app that annoys me enough I'll often just uninstall the buggy app and find an alternative.
I find that once I install an Fdroid app and I like it, it'll pretty much just keep working just the way I want it to. The only app I use that breaks if I don't update it is NewPipe and that's google's fault. It doesn't happen often enough, or take long enough to update to offset the benefits of using it.
Even most my regular google play store apps don't actually "need" to be updated, and many haven't been since the day they were installed with no bugs or issues.
> regarding auto updates, I disable them basically everywhere because I seem to have buggy experiences too often
With Play Store I agree. With F-Droid, I do not. You can easily install older revisions if you find a problem, which I almost never do with F-droid.
>I look over and install Windows updates once a way-too-long
I thought you needed some kind of registry hacks or something to disable automatic updates since W10, can you elaborate on how you got it to stop pestering you?
I followed this website and it works:
https://www.windowscentral.com/how-stop-updates-installing-a...
Brilliant, thank you!
I also disable auto updates once every six months is enough for me. I really really don't care about the security of these apps.
> UPDATE_PACKAGES_WITHOUT_USER_ACTION
I actually tried to play with this not long ago, and it is so broken that it makes me think they just wanted to "check the box" in case some judge thought this was abusive behavior. It probably still is.
Not only this API is available only on Android 12, it also _only_ works for programs that have Android 12 as target level API (i.e. when you try to upgrade older programs the prompt will still show up), and only works for programs that your package manager installed in the first place. GPlay does not have this limitation and will happily update packages you installed, after which your package manager is no longer allowed to upgrade them. It's all a big mess.
> ...but it's just not usable in practice.
> ...this makes using packages installed through F-Droid a nightmare.
I run 2x Androids with near 80%-90% of the packages installed from F-Droid repos (to include Bromite and Bitwarden custom repos); it has quirks and is not perfect - but far from "not usable" and "nightmare" as your hyperbole would suggest.
This is exaggerated language, but the described traits are certainly inconvenient, unpleasant, and unnecessarily time consuming for the user.
Same here. Curation could still be better on F-Droid, but I'm very happy with it overall.
Thank you whoever is behind it, you're doing a great job.
>So it's manual clicking for each update.
You need to install the F-Droid Privileged Extension, or use a ROM that has it pre-installed. That way it can update apps without user interaction.
Ah, but it looks like that means you need to be rooted?
Yes the Android OS requires you to be rooted to add the feature if your image wasn't built with the privileged extension.
You don't need to be rooted if you're using a custom rom like LineageOS, where you could potentially install the extension with temporary root like is done for UnifiedNLP here: blog.eowyn.net/unifiednlp/
Hmm, sounds great to me. I loathe automatic updates and consider them a great way to ruin the software I'm used to. I can't possibly count the number of times an update to a piece of software (especially on closed platforms like iOS) broke something I rely on and I had to either wait until the developer fixed the issue, or just accept that the software is never again going to work the way it used to.
Further, I disable notifications for nearly everything, so that point doesn't matter to me either.
I'm definitely relieved that the most-upvoted comment critiquing F-Droid doesn't raise anything of concern for me! I was worried I was about to read something that might push me away from making a de-Googled Android device my next smartphone... haha
Just FYI, NewPipe has their own F-Droid repo with faster updates. https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo/
So does Bromite browser. https://www.bromite.org/fdroid
That, in itself, is another nice feature of F-Droid. It allows you to add additional repositories of your own choosing.
It's so refreshing, especially compared to $megacorp <strike>control freak</strike>, er, security measures, yeah that's it!
I have been using F-Droid for about 2 years now as the main source for the few apps that I use and updates are coming through without interaction. Bitwarden/Aegis/Tutanota/Syncthing/K-9 all receive regular updates as far as I've experienced during this time.
I also haven't had issues with update flow. When was the last time you used F-Droid for a prolonged period of time?
I have the same issue fwiw. A notification to update NewPipe that always fail to install the update, but it works if you do it manually in the app. Just happened a couple of hours ago.
I'm OK with manual updates, I disabled autoupdates on Google Play too because I can't trust the apps to actually update them and not remove some functionality or worse.
You are right that the download / install process is very quirky. It often fails to provide the right feedback about what's going on and errors are common. Is it downloading, is it installing, did it get my touch? However I really want to install from there and not from Google.
I believe this is a result of fdroid wanting to support older android versions for longer than google does. They could probably make two versions to allow this though but that would require more maintenance
In order to reduce disruption from updates, I've found it necessary to turn them off. I'll go into the play store and update the ones I want to update, when I want to.
So for at least some users, this isn't a problem at all. It's a better default.
Issue tracking here: https://gitlab.com/fdroid/fdroidclient/-/issues/2316
Slightly hyperbolic in saying it's "usable in practice", but only slightly, and everything you said is true per my own experience. That just makes these issues super annoying. Normal people won't put up with it, and they shouldn't have to. Hacker types might be motivated to continue using F-Droid, but power users and others probably won't.
I just use SkyDroid. It's way faster, less buggy, and compatible with Shinzuku which allows rootless auto-updates by making use of newer developer options (Android 11+)
This action is supported by Droid-ify, an unofficial client.
App developer's perspective. I have a few apps on all major places, including F-Droid. The 'no user accounts' thing makes developing and distributing on F-Droid a freeing experience, as compared to the G/A 'jails'. There is no pressure to meet arbitrary undocumented restrictions, you are not subject to the whims of dehumanizing AI routines, there are no ratings and reviews (the feedback is direct). The build and deployment process is not really my problem, as part of their Reproducible Builds, even that aspect is taken care of. https://f-droid.org/en/docs/Reproducible_Builds/
I find the distributor-does-the-building-and-signing to be problematic from a security point of view. I would much prefer that each developer does a build, signs it, and a notarization of some kind is added by the distributor.
It seems to me that if you can compromise the f-droid infrastructure you can compromise millions of handsets.
F-Droid already supports this. From GP's link:
> This means that F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures
I tried something like this once and it worked surprisingly well, even for a UGC site.
Years back we were doing something that included users documenting TV shows. We had a big meeting where people put every feature they wanted on index cards. We laid the cards out a founder's dining room table. The host got their change jar and each person got a certain number of pennies to mark features they thought were vital for first launch.
After the first round of token-voting, the "user accounts" card had no votes. At first it seemed impossible. But after some discussion, we realized that viewing users didn't need accounts for launch. For people who wanted to edit, we let them type in a name to take credit for their contributions if they wanted, but with no verification. At worst, we figured we could add something more robust if the need were stronger.
It turned out fine. The launch got out earlier and we got to test a number of key product hypotheses without having to build any sort of user account system. Months later it did eventually become the highest priority. But not having accounts worked way longer than I expected.
What's been professionally frustrating me for years as a developer is how much of the engineering and operational budget for a project is tied up into identifying and tracking users. The first time this happened to me we had some idiot who insisted that we needed to display exactly how many logged on users there were on every page load. There was no point in doing so, and we had proven that it was at least ten percent of the cost of each page load. In fact it was higher than that but 10% is what we could proved. My current project is about our customers, not the users, and probably 80% of the operating budget is about making the customer feel like they're running the show. Often with demonstrable and even clichéd consequences for the users.
Without customization or user tracking, many, many workflows shift to read-mostly. Many are idempotent. Some can be fully cached. Some can be edge-cached.
The dark secret of 'social' media that has been slowly coming out is that they aren't social. They aren't about 'Us', they're about me. Me, me, me. So of course the whole workflow is build around who I am and what I want. That's not just unhealthy, it's also really fucking expensive. And if it's really expensive we can't just eat the cost as a 'value add', we now have to monetize it. So things were already pretty dark and then compensation came into the picture and now it's positively dire.
It goes beyond social media.
Software always starts by appealing to discerning customers. The early adopters.
Once it is fairly widely adopted, often the early adopters have adopted a newer, better thing.
So now you are making features for a crowd of people who are there mostly because of platform intertia.
They don't even appreciate or use new features, because anyone who actually deeply cares about your product niche doesn't use your product.
> What's been professionally frustrating me for years as a developer is how much of the engineering and operational budget for a project is tied up into identifying and tracking users.
To add onto this, as a security-adjacent person, it's sad how much people think user behaviour data will be worth to their company. From the well-intentioned "we must pave the cowpaths" to the harmful "harvest the data and sell it", the attitude appears to have cropped up in the past 15 or so years as a mainstay of what apps should be doing and it's absolute insanity to me.
My only victories in convincing teams are where I could demonstrate their ROI was never actually going to materialize, especially when the investment part required enough development hours that other features that might sell more apps would have to be delayed. And even then, it's been about 40% of the time, with the other 60% being met with, essentially, "we have assurances it will be profitable" hand-waving.
The painful part of this is that unless certain privacy regulations start to get much more painful economically for companies, there's basically no incentive not to do it.
It's the entire "Data is the new Oil" run amok.
Absolutely. I think your last point is especially good. Facebook consumes a ton of cash for what many people feel are disappointing results. Are they vulnerable to a competitor who is less about what users want than what they need? A competitor who can do that for 1/10th or 1/100th as much money? That could be very hard for the me-me-me companies to keep up with.
The thing with fads, and adoption cycles in general, is that what people 'want' can be figured out pretty quickly, but as far as I'm concerned, The Trough of Disillusionment is what happens when people figure out that what they need is something else.
So what you're asking is can someone come into the ToD and introduce a new product that steals people away? It's plausible and if I were in a better headspace I could probably name you a bunch of examples. But does it always happen? I don't think so. There are plenty of incumbents who manage to coast through and come out the other side having demonstrated a dilute form of change of heart - just enough to convince the customers that 'something was done' even if they can't quite put a finger on what exactly is better and how much.
Sorry, I shouldn't have phrased that as a direct question. I meant it in a more rhetorical sense.
Oh, sure. It's a very tough field, and would be even if the incumbents didn't have billions to throw at the problem. I definitely don't believe that the better product wins; I only need Microsoft as a counter-example.
But it does strike me as a zone of opportunity. Maybe Substack is a good partial example here. Before the web, we had magazines. Then we basically had magazines on the web, preserving much of the old structure in the new medium. With lots of flailing as people tried to find sustainable business models.
And then Substack came along with an extremely bare-bones implementation mostly using 1980s technology and a lot of writers and readers are very happy with it.
So it's more that I'm asking myself. What are the products that cost 1/100th as much that might be as satisfying for my Facebook-ish needs?
Way back in the long dark ago I ran into some abandonware for incorporating third party data onto web pages via a shared server. Nobody I knew understood how it was meant to work, but I got the impression it was meant to be a tool where a group of people could host commentary about a website that was not their own.
I keep wondering why nobody has really tried that again. Slashdot sort of filled in that space, and then Digg and now Reddit. Or Facebook for the 'all-in' solution. I keep thinking there was something I was missing about why that would be difficult to pull off.
Today I have a different answer for that - that ship has sailed. We are multi-device and it would be much more difficult for me to have a consistent experience across phone and personal (and sometimes work) machines.
But at the time perhaps it as an adoption thing. Just visiting a website is a cheap interaction that can lead to a habit. Having to do something special doesn't work the same way.
What about abuse/vandalism? If the whole web has edit privileges, what's to stop someone from scripting changing all of the titles to random strings every hour? Do you do a captcha on every edit or something?
I think the main idea around user accounts is that they centralize a point of applying captchas as well as a tiny bit of data collection (some form of contact information) that can be used for antispam (e.g. banning certain email address domains from creating accounts, or banning certain email addresses, etc).
I'm familiar with the theory. But accounts just aren't a big barrier to determined bad actors.
Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has. And note also that some of big tech companies, despite having all the money in the world, still have problems with fake accounts. So at best, requiring user accounts is one possible anti-abuse step, but it's neither necessary nor sufficient to prevent abuse.
> Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has.
Not really. You can't edit Wikipedia from a VPN (even with a user account!), and I think they ban most datacenters. The edits aren't really anonymous if they publicly associate with a piece of PII that, for most people, directly maps to their name and home address.
> The edits aren't really anonymous if they publicly [show your IP]
Counter-example: stackoverflow is also reasonably big and allows anonymous questions, answers, and even edits, without publishing an IP address or anything. The edits end up in a review queue, the rest I think is actually published immediately.
But doesn't this content need to be reviewed (read permitted) by other non-anon user accounts?
> The edits end up in a review queue, the rest I think is actually published immediately.
Wikipedia also locks most interesting pages so only established accounts can edit them.
This is a good and sad point. I was on the wiki page for derivatives and found it was locked due to vandalism. On one hand, we don’t want pages locked because that defeats the point. On the other, how do we stop every troll high schooler who just learned derivatives and messes up the wiki page for lulz? We either need active watchers (surprisingly and fortunately pretty easy, wiki editors are a passionate and eagle-eyed group, but I wonder how long and how much of this is just the initial hard core fans from the early days) or to have some deterrent to vandalism in the first place. For some, maybe this is IP address logging (although as someone else noted in the thread, at what point does this sink anonymity?). For others, maybe creating an account. In practice, neither of these work 100% of the time. I have seen vandals from both IP accounts and registered accounts in about equal frequency.
I don’t think it really matters. Wikipedia has surprisingly strict standards and traditions that aren’t very intuitive. If you as a brand new user attempted to edit the page for Donald Trump or Apple, there is a close to 0% chance your edit would not be reverted anyway. These pages are highly curated and there is minimal value you can add to them as a new user. So the semi lock almost just stops people wasting their time.
Much better to start off editing your local country town which has no power users patrolling and tends to be significantly out of date.
Oh? My current IP is 2601:646:4300:758:f676:3f1b:8b5:42a. Please show me how to turn that into my name and home address. Thanks!
GP's "directly" is a pretty large overstatement, but at the same time I've noticed something of an uptick over the past couple of years of people saying that IP addresses aren't PII or that people shouldn't be concerned with them getting leaked, and I just don't think that stands up to much scrutiny.
If IP addresses didn't matter for privacy, Tor routing wouldn't exist. If IP addresses weren't useful for blocking specific users, IP bans wouldn't exist. If IP addresses weren't useful for tracking, operators wouldn't have gotten up in arms about Apple's private relay service. Obviously this stuff matters.
Remember that not everyone lives in or around San Francisco. For someone in a suburban/rural area, an IP address combined with things like timestamps, user ids, and the text of the edits can go a really long way towards unmasking them. Even for people who live in more urban areas, it is still obviously easier to find someone who lives in San Francisco than it is to find someone who could be living anywhere on the West Coast. If they could also have been using a VPN, or time-shifting their posts... that makes it even harder.
In contrast, how hard do you really think it would actually be to get some address data from a voter roll or via a warrant or even just through one of the scummy person lookup services online and to iterate through everyone who shares that IP address and check to see how many of them are named Pietri? Or who have shared the username wpietri across another account, or posted somewhere else at roughly the same time? Your IP address is drastically reducing the search-space for other attacks, many of which (timing, text-analysis, etc) are impossible to get rid of when making a Wikipedia edit.
I agree IPs are PII, and that they can lead to unmasking. I also agree the person I replied to was wildly overstating things.
But for the current context, where we are talking about whether or not user account registration is helpful in preventing abuse, I think the kinds of low-probability, long-timeline consequences you describe are not really going to deter most would-be vandals. Especially since Wikipedia is going to know the vandal's IP address whether or not it gets show publicly. So I think Wikipedia is still a good example of how "no user accounts" is workable at scale.
That's totally fair. In the context of preventing abuse, having an IP address on Wikipedia is definitely less useful to them than having an IP address + an email + whatever other verification methods services are throwing in front of accounts.
Comcast has a portal for law enforcement to request subscriber information at https://lea.comcast.com . That IPv6 address, plus the current date and time, uniquely identifies you by name and service address. Any edits you make to Wikipedia from that address are not anonymous.
This is a use of "anonymous" that is unfamiliar to me. Do you mean something like "untraceable"? For example, when non-profits credit an anonymous donor, they know who the person is. In that more common sense of the word, Wikipedia's anonymous edits are indeed anonymous: they are published without a name attached.
Anyhow, that seems besides the point. All HTTP requests come with IP addresses. That the police might be able to trace them back to a house eventually does not say much about either Wikipedia (who would give up an IP address with a warrant whether the edit was for a named account or an anonymous one) or no-user-account systems in general.
You are confusing anonymous and pseudonymous. Tor for example can afford you request-level anonymity.
I really don't think I am. Look, for example at this project that is on the front page of HN: https://docs.taler.net/
They describe it as an anonymous payment system. That matches the first definition here: https://www.dictionary.com/browse/anonymous
3270 23rd street, 94110?
You definitely didn't get that from my IP address.
The person y'all are downvoting is not technically incorrect if they're in the EEA, as this is exactly how GDPR treats it. Because there exists a party that can map it (your ISP), it's PII under that law. Of course this may be different in other jurisdictions.
Accounts alone won't do it. Accounts and invites might? But then someone who doesn't know anyone on the site needs to figure out how to contact someone who's a member.
It's not good for growth, but some websites are fine with that.
Over time the quality of the invites go down as well.
If I'm in the picky group, and we send out 5 invites total, but the unpicky group sends out 10, then 2/3 of the invites are unpicky - if the groups are the same size, which they probably won't be for a while (I'm probably inviting people who are almost as picky as I am)
There's also someone on the team who thinks we'd grow faster if we simplified the onboarding process, which is true but also means when we piss off some user they can create a bunch of accounts while they're still spun up and cause a bunch of overhead for the support team and the developers. That gets expensive too.
'anonymity is a great way to ensure privacy' is a strong argument IMO
if (if) you assume that it's impossible for consumers to account for how sites use and share userdata, requiring businesses to allow anonymous transactions is the only policy solution to privacy
tricky to balance a 'right to anonymous transaction' against other policy goals like financial KYC, fraud protection, but IMO our current KYC approach has been taken too far at the cost of consumer welfare, and there's an unexplored middle ground
Love the sentiment & love F-Droid. Vote for non-dark patterns with your patronage wherever possible!
It's a bit sad how a website not employing a dark pattern inspires explicit praise these days...
I try to follow this as much as possible, but at some point when providing a paid service you run into the problem that you need to track whether the user has paid for the software or not.
So even though my software does not require user accounts, it requires a serial number to activate all features. That serial number can be linked to the purchaser, so in theory my app could do really invasive tracking. (It doesn't, but my users have to rely on my word)
How can one fix this? I would love for my software to somehow anonymously check whether the user paid for it, and isn't running it on more than X devices, but I'm not sure how this could be done without revealing the users identity.
Mullvad allows Bitcoin purchases of tokens, which can then be used as a serial for the VPN that works for the time period you've purchased. Users can change tokens any time. That's probably close to what you're already doing.
Or for those less blockchain-inclined, you can just send them cash as well...
https://mullvad.net/en/pricing/ ctrl+f cash (the section has no anchor)
Yep, came here to say this.
It doesn't get any more anonymous than cash in the mail. :)
I'm not sure how Mullvad does it, but I keep a record of who purchased what serial number. My number one customer support request is people asking for their serial numbers because they lost them, which is why I keep a record.
I've always wished that mobile app "stores" worked more like Linux package managers.
Still hopeful to get a proper Linux phone someday.
The PinePhone (Pro) and its ecosystem looks promising, no? I'd say we're closer than ever to it being a capable daily driver, certainly by the next iteration.
Or Librem 5, whose software is developed not by volunteers but by a company.
Note that the Librem 5 is practically a scam. There are still people who ordered in 2017 who have not received their phone. Requesting a refund takes hundreds of days to be issued.
It's not a scam. Did you hear about supply chain problems in CPUs? See here about delivery progress: https://forums.puri.sm/t/estimate-your-librem-5-shipping/112.... Every time Purism can get the CPUs, they deliver another bunch of the phones.
>See here about delivery progress
That thread is backing up what I said. 4 days ago someone from the original crowdfunding campaign in 2017 is being shipped his Librem 5. If someone were to order a Librem 5 today (for $1200, double what people in 2017 paid) they too may have to wait years to get it.
>Did you hear about supply chain problems in CPUs?
Purism had years to procure the CPUs they needed.
>Every time Purism can get the CPUs, they deliver another bunch of the phones.
Sure, but the amount they are able to make is not enough. Purism's timeline constantly slips. Your money is stuck in an interest free loan to Purism that they won't let you get out of. It is not hard to find people complaining about not getting refunds or refunds taking hundreds of days to go through. It seems like they want to get as much money as possible while delivering as few phones as possible. This may not be their intention, but this is what it feels like to a lot of people.
> Purism had years to procure the CPUs they needed.
Yes, Purism had their own delays. In my opinion, they had good reasons for those [0]. But today delays are due to the supply chain, not Purism.
[0] https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
>[0]
They say the delays stem from their choice of SoC. They decided to use i.MX 8M in 2018. They had time to order the CPUs.
>there were only two SoC's that Purism could use (i.MX 6 or i.MX 8M) that could run on 100% free software and fit within the power limitations of a phone
This isn't true as it requires proprietary software for things such as doing memory training on boot.
>But today delays are due to the supply chain, not Purism.
Despite the uncertainty in the supply chain Purism continues to take orders even if it may not be possible to fulfill these orders.
> This isn't true as it requires proprietary software for things such as doing memory training on boot.
https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...
In the article they describe how they are running the proprietary memory training software on the M4 core in the i.MX 8 chip.
Running proprietary code on the i.MX 8 chip means that it is not 100% running on free software.
I'm no expert but probably yes. More details: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
It's however the most free phone as far as I know.
> Despite the uncertainty in the supply chain Purism continues to take orders even if it may not be possible to fulfill these orders.
not taking new orders (and money) would be a very bad sign for investors, no?
The large backlog of orders is a big red flag for the product to investors. I don't think continuing to take money is as big of a signal. Having a big backlog means that competitors who can actually deliver a product are going to be making more sales. It's a giant competitive advantage to be able to buy a phone and receive it in a couple days compared to buying a phone and receiving it in a couple years. For the fast moving technology space of phones with every year phones get delayed the product's hardware will become more and more outdated making the competitors look better.
To me keeping the orders, doubling the price, and trying not to give out refunds makes me think Purism has serious money issues.
I mean regardless of what the reason is, a 5 year delay is a 5 year delay, and if the refund process isn't near-perfect, I would call that scummy at the very least.
F-Droid is about user freedom, so there are clients that are more like Linux package managers, for example https://github.com/mvdan/fdroidcl
What we used to call "Need to know" is making a comeback. You don't need to know. I don't need to know. And in most cases the less we do know the better. Glad that GDPR is spreading this fundamental security principle again. Most websites could and should dispense with sign-in. Even those that have something to sell can compartmentalise that function these days. That's why I like Gemini, because of its regression to more or a less stateless web that is about words, roles, knowledge, links, things and places, but not so much about people and "identity". That's where we've gone wrong with WWW.
I have been experimenting with trying to draw a line between wants and consequences where I work. It's tough, and I'm only barely making headway, but on a large project what you often end up with is people adding costs to the system without a clear payoff, and without cost accounting.
I am trying to get telemetry in place to demonstrate how much of our capacity is going to particular features, so that we can say, okay, that wizbang thing is costing us $100k a year. Our profit is 1:X (we make $X for every dollar we spend). Is this lowering or raising our profit margin?
I think we are completely disconnected from opportunity costs and the entire center of most orgs I've been in are all about covering your own butt and telling stories. Until the layoffs happen and then we discover that the investors, advisors and some of the C suite actually care about whether spending $1 for the prospect of making $1.50 is a complete waste of time and energy. And I often wonder if some of the narratives I hear about who got laid off and why are not seeing this calculus in the results.
I feel that no user accounts just makes things harder. For some things it isn't required, like joining a video call.
But user accounts helps reduce spam, save profiles and enable cross platform syncing.
Sure you could do something like have a user account-like process, which involves unique ids and all that jazz. Except, at that point, you're making a user account with 10 more steps.
Yeah, but I think a lot of things could do well with just a pseudonym and a passphrase. Sure, that's still a user account, but no email or phone number or other stuff required (unless you want notifications, or to be able to reset your passphrase).
And maybe prefer procedurally-generated identicons rather than photo avatars if you want a visual aspect.
The thing that F-droid are getting right here is "if we don't track you, you have privacy from us".
But privacy is not secrecy. If f-droid tracked my every waking move, and then just never bother to look at that data, I would still have privacy from them.
What they are doing here is a form of guaranteeing their future good behaviour. Which is nice, but there are other methods. For example I am happy to announce my plans to not rob a bank. But there are means in place to ensure I do not - At least not twice.
So while it is nice to find ways to avoid having user accounts at all, most hospitals will have to have other means to keep their users privacy.
Most of the time we are going to need to rely on regulation, where PII data (which lets face it is 98% of all data) will both legally and culturally have to be protected at levels hardly dreamed of today.
> I would still have privacy from them.
No, they have an unexploited asset and you think you're safe because nobody has exploited it yet. This is false security. If money gets tight they'll exploit it. If they get bought out the new owners will exploit it. If they get hacked, the entire Internet will exploit it.
I would highly recommend that you spend a little bit of time thinking about or working with groups of dissidents, other oppressed groups, even people who have been sexually harassed. I have seen so much wrong-thinking about what Security actually is and it's always people living in a privilege bubble, not thinking of actual, real life existential threat that exposure can represent until they have some user in hiding because they got death threats after being doxxed. Or just plain disappearing because their government black-bagged them over something they posted online.
Yes, I do live a privileged life. I think I get it. And I do not want to spark some kind of fight here. I am interested in your views and would be interested in specific cases / archetypes of concern.
But I do not want to be on the side of "we need a better way to hide". Staying hidden should not be the solution to death threats. Jail is the solution.
I hate that we (western ? US/UK?) society has abandoned hope of properly funding a justice system, let alone a mental health system.
In our society I do not want the response to death threats to be "hide better". It must be "police better". And that is expensive and difficult and long.
In other societies, well, We are not going to bring the worlds dictators down with clever messaging protocols. That is going to be old fashioned politics (and by recent events war too).
I have been very unsure about posting this - it's a very big wide topic that raises a lot of emotions. And that's because it is important - we have much to fix about our world.
My friend dragged me to an Amnesty International meeting in college and for like the first half hour I thought they were joking. Surely... no, they're serious. There are movie villains out there in the world.
But since then I've had friends who volunteered for domestic abuse situations, and I've had a few friends who talked about former stalkers. In one case, the stalker was a LEO. My best friend's parents found asylum in the US, having snuck out of Poland sometime in the mid 80's, with the Communists hot on their trail. The Law would have had them swinging from a yard arm.
Jail isn't the solution in at least half of these cases. It's the stick being used against the victim, not a way out of the problem. In the police procedural dramas the cops have to assure people about how they're not INS, they're just here to ask about a murder. Those fictional scenarios, and the real situations that inform those writers, are essentially a case of Principle of Least Power playing out on the streets. Protests are often about changing the laws to match current or emerging public opinion. Changing a law means you're working against the law.
Consolidating all power into one place is how power trips end, but it can also be how they start. As someone else put it so plainly elsewhere in the thread, "You don't need to know" is an important concept and one we've lost. If I were President, I'd dismantle the TSA, and go back to something halfway between what we had before and where we are now. Because it looks exactly like the setup for a dystopian novel. We're still partly in the 'acclimate people to unreasonable request' but that's how totalitarians start out.
I see. I guess it's something about trust or hope. I hope that we can build a society that respects the individual rights of all, while using the powerful insights of digital surveillance to improve our lives (obvious answer is how much medical epidemiology will benefit from minute by minute data).
I can certainly see I am putting hope over experience. But that is the excuse to do nothing as well.
The world has changed. We must chnage our laws and our culture.
Yes there is a danger of totalitarianism, but we have had that without iPhones. We will have it with iPhones. The problem lies not in our stars.
> Mozilla has taken this idea a step further with Firefox Klar (also known as Firefox Focus similar to Firefox Klar but with less private default settings).
Nope, Klar == Focus in German-speaking markets, the rename was caused by an existing trademark: https://support.mozilla.org/en-US/kb/difference-between-fire...
Speaking of which, Focus fits my flow of incidental, one-off browsing quite well — it’s my default browser. If I need a more serious or stateful interaction, I might have the service’s/whatever’s app installed, or use Chrome or full Firefox.
It’s actually not that simple – Firefox Focus and Firefox Klar are two different apps, with different packages.
The official Firefox Klar builds originally contained slightly less tracking than the official Firefox Focus builds. Nowadays it might be only the trademark that keeps them separate, but originally there were clear differences in code.
I've been thinking a lot about this for https://www.diffdiff.net. After convenience, privacy is the core of the value proposition - the text to diff doesn't get sent to the server.
On the other hand, though, if you want to publish/share a diff, then, you know, privacy is the core of the value proposition, so you probably don't want to share it with the whole world, much less let the whole world edit or delete it!
It's possible to design a scheme with hard-to-guess URLs, URL parameters with "secret edit tokens" and so on, but that feels hard to use and different from how other sites work.
I'm quite torn.
The way mega.nz works is the sharable url contains a decryption key in the hash. The server only sees encrypted data, the client requests that data then decrypts it. This design ensures they have no ability to see user content, while still enabling users to share links on the web.
They still have the ability to see user content, but it would require them to make a change to their codebase. If they did such a change silently...
just like whatsapp encryption
What if you embedded the diff in the html link itself, like PlantUML does for their web version?
I note that F-Droid are hiring contractors right now:
https://guardianproject.info/contact/android-python-contract...
I'd like to point to my comment on another thread pointing out some poignant issues with F-Droid's design: https://news.ycombinator.com/item?id=30507185
How do you solve problems arising from bad actors without an object representing the user?
We're just talking about software delivery here. Its the same as Debian not requiring you register before using `apt` to install packages (or every other linux distro).
The article gives specific examples like virtual meeting software that doesn't have users, just URLs. It's more than that.
The solution for that is easy: Don't share the new URL with someone that was a jerk in the past. (And don't make it easy to guess meeting URLs)
How do you share a URL without a user representation to share with? How do you prevent others from sharing URLs with bad actors? Or meeting passwords?
You send the url to your friends however you like. Email, chat, QR code. You don't send it to people who aren't your friends.
> How do you prevent others from sharing URLs with bad actors?
Sure, but then the student who shares their interactive class URL (w/ or w/o password) on 4chan still isn't accounted for.
Your argument boils down to "I came up with one scenario where this is bad, so it can't work at all" and I find this dissatisfying. If this hypothetical student "shared" their user account and then disavowed giving it out, you would have the same issues.
My original question is:
>How do you solve problems arising from bad actors without an object representing the user?
In response to the argument that user objects are no longer needed, even for something like virtual meetings. The scenario of zoombombing isn't something "I came up with", it's a real life scenario that having a user object helps prevent bad actors with.
In the event of a user sharing their account, you would know who it was and be able to hold the bad actor accountable, as opposed to a meeting URL being shared. I think the better question is why you are so hostile to the idea of user accounts having utility.
Jitsi lets you set room passwords, and it is also very easy to create a new Jitsi room, so you can easily send a new URL around as needed.
>Sure, but then the student who shares their interactive class URL (w/ or w/o password) on 4chan still isn't accounted for.
Emphasis added. You could create user-specific passwords, but that would require... users.
You can easily generate individual share links for every pupil and sanction the one whose link was used by a hundred random people from all over the world to join the conference. Jitsi and Big Blue Button are both able to handle this special use case where users aren't trusted to act in good faith I believe.
The individual share links would be linked to what exactly? A non-user object with the student's name and email address?
You can just make your own list. Generate 20 links, paste them somewhere, have your list of students next to it. Delete the list if nothing happened, check which number offended if it went wrong.
If you can trust the platform, in cases where the school hosts the program itself, the names can be added to the links directly. You don't need a big db of students for this, just an ephemeral list of strings.
So you're creating user records every meeting in a spreadsheet to get around having user records?
If you use email or a chat platform that has some sort of history, this rapidly reduces to sending a separate link to each person. No spreadsheet needed.
Yes, it is a pain. No, it's not more of a pain than managing user accounts for the video conference thingy. Also, the video conference thing could automate emailing/texting each participant a unique link. It could manage the invites and address books locally (e.g., via the phone's existing contact list).
If something like the windows phone social hub still existed, it could even send the links via gateways to any social network the phone was logged into. I miss that phone. So much wasted potential.
It depends on context, but often having an object representing the user is at best a speed bump to a bad actor. Social media's an obvious example here. I know Twitter does quite a lot to limit bad actors, but the outcome is still not great.
The vast bulk of sites want to make signup easy, meaning user objects are cheap. Cheap user ids are easily disposed of and replaced. So if you need to keep bad actors out, user accounts may not help a ton.
in meatspace a lot of things work without logging in – use cash, buy a hammer, make phonecalls from public booths, take a train etc.
Actually showing your id was once rare and still is. In the 80s in UK a lot of people did well completely without one.
F-droid reminds me there are still people out there making software for fun. Thank you Hendroid dev (a man of culture as well) whoever you are.
There is also midground which takes good/bad parts of both worlds. Users have id’s but no username or password. Some imageboards use this.
I have been thinking how we can incentivize people building netizen friendly website/app. Creating users, cookies, javascripts heavy, paywall, analytics, etc all share a common incentive of ease of monetization. Privacy, usability, performance, all important stuff, but apparently not important enough, as a result plummeted.
Would love to learn the options!