I want regulation that divides all software into two categories: part of the hardware, or not part of the hardware, with specific requirements.
Part of the hardware:
- Can be restricted to specific devices
- Must be available under GPLv3, including anti-tivoization provisions (forced bootloader unlock)
- May not attempt to use TPMs, DRM, or other systems to support assertions about client devices
Not part of the hardware:
- May only interact with hardware through public, documented, APIs in the "part of hardware" category
- Using alternatives from competitors must be fully supported
- When made by a company that also makes hardware, must also work on competitors' hardware (at least one, more if technically feasible)
- May be under a proprietary license
- Must not attempt to assert anything regarding the hardware, so things like Google Safteynet are now illegal. Security boundary must be shifted to consider client devices insecure
This is, I think, a good compromise to allow software developers to get paid without taking away ownership of hardware devices. Developers can be paid for "part of the hardware" software with money from selling the hardware, and "not part of the hardware" software can be trivially commercialized under a proprietary license. But, there is no way for a user to end up unable to control their hardware, or incentivized to configure it in a specific way.
Also, things like TPMs, Secure Boot, etc, are good security tools which can be used by an end user to get security guarantees over their device.
I use Secure Boot with Linux because, when done right, it means you can get full disk encryption without gaps (at best, without secure boot, you have an un-encrypted bootloader on a flash drive which decrypts your disk and boots your machine, and this is a clunky setup).
I use GrapheneOS's hardware attestation to alert me if something compromises my android phone's operating system.
Now it's true that these features are abused by companies like Google to force you to run a blessed Android build if you want to use e.g. Google Pay (which is the only mobile payment option in e.g. the UK). But it's important to separate the technology from the bad actors abusing it.
The difference is you using the tpm feature and anyone else using the tpm feature. The feature can exist as long as it's only there for you not for anyone else. You can satisfy yourself that no one has hacked your device. Your bank can not satisfy itself that they have ultimate control over your device instead of you.
The described mechanism doesn't say the hardware features can't assert the software features, only the other way around: the premise was merely that the software features need to be replaceable; in fact, this is exactly what you want, as it ensures that the mechanism in the hardware providing the secure boot feature is open source and it also ensures that the operating system you run is anything you want, rather than being locked into a specific choice by the maker of the hardware (or, if the people who make the hardware want to ship an OS with the hardware as if it were some kind of cohesive product, then that OS would also have to be open source and modifiable, which is how you can get a GrapheneOS in the first place).
That's a good idea in spirit but seems a little over complicated to me. I think it might be simpler to just categorically ban any and all technical measures designed to prevent users from controlling or modifying software on devices that they own. Distributing binary code without the source and build tools would count as such a technical measure. This would be an even more radical change in many respects, but also a lot simpler and more principled.
Curious to hear if there are any unintended consequences to this that I may not have thought of. Think of this as a strawman proposal.
You'd need to define "technical measure", or you'd have endless litigation to do it in courts. Trying to define that reasonably precisely is how I came up with my proposal.
I think that it might make sense as a kind of certification that can be available for computers that follow these specifications. However, it will need to be changed a bit; one change is that the division as part or not part of the hardware is not good enough and there should be one in between. Most of it looks like good, though.
No, I explicitly want the game console business model to be shut down. As it stands now, they sell hardware at a loss to then extract value later, at the cost of user control over what they bought. I'd like to see consoles cost what they really do, and then the same for games. I also don't like how restricted it is to make games for consoles nor do I like games being exclusive, since this blocks competition between consoles on their own merit. If a user wants to pay less upfront and more later, then we have a tool for that. It's called financing.
Why? If Sony is loosing money on selling these devices, they should perhaps just raise the prize. Why should we make carveouts to allow companies to compete on the market unfairly and to lock in customers?
Locked app store was my primary reason staying away from iPhone.
Now, this is gone. It also open door for censorship, like disabling ICE-tracking or
other politically inconvenient apps. This is a terrible decision for Android and for our freedoms.
Google only directly controls the Pixel line because of antitrust action from the EU.
Originally, device makers who used Android themselves were contractually prohibited from manufacturing devices for any company that forked Android, for instance.
Google selling Android as both open source and open to running any software you like in order to quickly gain market share, only to break those promises after driving competing platforms out of the market is nothing more than fraud.
https://en.wikipedia.org/wiki/Usage_share_of_operating_syste... says otherwise; while Android variants have allowed other manufacturers to gain footholds, and some even are "de-Google-fied" in terms of services... all of them stem from a codebase that has been designed to be compatible with, if not explicitly promote, Google's revenue streams.
Imagine, if you will, an adblocker that could run across not just web pages but all apps, in a privacy-protecting and declarative way. Google has every incentive to simply slow-walk the OS-level support necessary for this kind of system, perhaps citing legitimate security concerns, but certainly not allocating resources towards solving the problem in earnest. And if you hard-fork Android to do this kind of deep work, rather than just maintaining packages or patchsets, you'll be forced to dedicate tremendous resources towards maintaining that fork to keep up with mainline fixes/APIs. (And that's just the tip of the iceberg.)
So it's an incredibly effective chilling effect in practice, quite intentionally so.
I started on Android in 2008. I maintained my own ROM, complete with a custom kernel. Then I moved on to various AOSP forks. I ran the local Android Developers MeetUp and evangelised the platform for so many years.
This year I finally moved to iOS. I don’t feel happy about it, but they are now both basically as closed as each other, both are run by what I consider evil corporations.
If you told the teenager me in mid 90s, watching the internet bloom all around me, promising freedom and democratisation of access to knowledge the world over, that one day we would replace the open, standards based, federated, decentralised World Wide Web with two proprietary walled gardens, beholden forever to the whims of two companies, I would have thought you’re nuts.
The ability to install what I want is one of the reasons I went with Android, I guess I will have to look elsewhere when I next need a phone. I am hoping the new GNU Phone or Linux Phone get to be "thing".
This would make it no longer free software as per the FSF's definition. We could turn many more things into GPLv3, which would prevent this, however. Then, Android and iOS can use them if and only if they go under GPLv3 too, which includes provisions against bootloader locking.
The bigger factor is whether or not Linux phones that are reasonably nice to use (everything works, isn’t flaky, battery life is decent-ish) come to market or not. Developers aren’t going to be interested in a platform that for practical purposes is at best a curiosity or something to tinker with, no matter how many idealist checkboxes they tick.
Good North America market availability sure would help too. There’s been stuff like Sailfish that seemed interesting in the past but didn’t have easily purchasable devices available in the US, completely precluding development for the platform for a significant number of devs.
Usage restrictions are not allowed to be considered an OSI-approved Open-Source license. Plenty of people think that the OSI "Open Source Definition" is the only valid definition of "open source", and will thus reject calling such licenses "open source".
I've been happily using "GNU/Linux phones" since 2008, with only 2-3 years around 2017 of using an Android device as a backup, so there's no need to "hope"; you can just act.
I'll probably have an android phone in my bag for emergencies and use some kind of offline Linux phone for my mobile computing needs. or even give up on the mobile form factor for general use.
> The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
The first part is obvious I think (they don't want to make registration in google's store a requirement for f-droid since that defeats half the purpose of f-droid).
The other half is suggesting they could offer uploading the apps put into f-droid to the store (under an f-droid account I'd guess) but they immediately discard that option since it would make f-droid the exclusive distributor, taking something from the dev.
Do it, Google! Nobody's going to fight for their computing rights until you've stepped on them hard enough. I can't wait for the amazing (non-Google) products that come out after this.
Like LineageOS, GrapheneOS, CalyxOS, Droidian, Mobian, /e/OS, SailfishOS, postmarketOS, PureOS, Ubuntu Touch, Plasma Mobile, etc, etc. There are a dozen or more Android alternatives (either forks or completely separate OS) currently in development and with phones launched. That's just what's out so far. Locking down the platform will force more people into this growing ecosystem.
The EU can't get involved fast enough. The Digital Markets Act should prevent Google from inserting themselves into the process of downloading apps from third parties.
GrapheneOS has been rock solid for me for several years now. Just pick any Pixel device. As for software, there are alternatives to everything you can find on the Play Store, assuming you're not reliant on a specific Google product. GOS has robust support for sandboxed Play services that work without Google, though I personally haven't used it. Even banking apps work without an issue for me, though YMMV.
I'm considering abandoning Android altogether in favor of a proper Linux device, but GOS is what makes Android usable for me.
Pick any pixel device, except pixel 10. It’s not supported and no word on when they will add support since google are no longer open sourcing the drivers for the pixel phones. Hopefully they manage to figure it out.
I'm honestly surprised this didn't happen sooner. Apple's been a "lavish jail cell" since its inception, and the control definitely makes them the big bucks. ChromeOS was a jail cell from its inception too. You could do some dev stuff to enable user control, but it disabled other things. https://rainestorme.github.io/guide/ is a guide to jailbreak it. It shouldnt need jailbroken, ever. Should be yours from the moment you paid money for it and bought it.
Google/Alphabet's been slowly tightening all sorts of things. Of course "security" is the term bandied around. Of course, I'd say "security" is overloaded - is it security for the user, or security for google AGAINST the user? I think it's the second.
And we also have no valid 3rd party phone platform. In reality, there was Windows Phone, but that was even worse locked down.
There's a few Linux phone projects. Pinephone is an embarrassment and an abject failure. I think the UbuntuPhone is dead as well.
Once they do this, it'll probably be a while before a proper Linux phone hits the market.
"It's my device, I should be able to do whatever I want with it!"
The reason this argument isn't holding water and swaying popular opinion, in my opinion, is because everything else in life is heavily regulated, licensed, and restricted.
"It's my car, I should be able to do whatever I want with it!" does not hold, either for driving, or removing the catalytic converter, or changing the tuning to be able to roll coal, or uninstalling the seat belts.
"It's my kitchen, I should be able to do whatever I want with it!" does not hold when I can't sell my baked goods to my neighbors without a license, or replace the interior of my kitchen without a permit.
"It's my home, I should be able to do whatever I want with it!" does not hold when I can't build a deck, add an addition, or even install a new electrical outlet, without permission. Have you ever tried putting something in your front yard?
Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now. It's no surprise to me then that the argument does not resonate. That does mean we may have to allow people to have an uncomfortable level of freedom, across the board, in order to be logically consistent, and broaden chance of success.
The technologist sees licensing from Google to develop Android apps as tyranny. The average person asks "where have you been? What can you do without a license?"
> I can't sell my baked goods to my neighbors without a license, or replace the interior of my kitchen without a permit.
You can though. No one will stop you from doing either of those things.
> I can't build a deck, add an addition, or even install a new electrical outlet, without permission. Have you ever tried putting something in your front yard?
A deck or addition might draw attention and run afoul of some rule depending on where you live, but a lot of places won't care. If you want to put in an outlet, the world's your oyster. The only real consideration is if you're worried you may do it wrong and may run into insurance denials after a catastrophe or something. You don't actually need anyone's permission. And it's October; I have decorations in my front yard right now. No one was consulted about this.
It's like my air conditioner broke a couple weeks ago, so I ordered a capacitor off amazon and fixed it. I've never touched one of these things before, but the only one stopping you from unscrewing it and going to town is you. If you passed high school you ought to have a basic understanding of how stuff works and be able to do some light reading to make sure you're doing this correctly and safely. LLMs make this even easier.
These phone restrictions, by contrast, would be like if your AC or electrical panel somehow required a licensed professional to activate new parts. Or even more on point, required someone registered with e.g. Carrier (not actually any kind of professional certification; just someone gatekept by a business trying to monopolize things).
> No one will stop you from doing either of those things.
It's literally illegal in many US states and countries to do so. In my home state, MN, it is tightly regulated what kinds of "cottage food" you are allowed to sell.
You're confusing ability with legality. Try loading up some food you cooked in your kitchen and selling it out of your car, door-to-door, and watch what happens. This is despite, for most people, judging the health risks of food being wildly easier than the security risks of a sideloaded app.
> These phone restrictions, by contrast, would be like if you AC or electrical panel somehow required a licensed professional to activate new parts.
That already exists in car repair; with key reprogrammers and especially anything engine-tuning being restricted to licensed individuals. Also, good luck messing with your catalytic converter, without the ECU by law detecting it and getting very angry. Take my relative's diesel truck from 2015 - a single failed sensor in the exhaust, and it caps itself as low as 30 MPH.
> Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now.
I think the relevant difference is that it has real-world consequences for other people. And the consequences are likely to scale with the magnitude of the audience, meaning that it is bigger players that should face stiffer regulation. And yes, I think some of the examples you give should also be allowed.
Catalytic converters are there because they reduce the emissions your car produces. Those emissions get out into the air and affect everyone around you, and (over time, potentially) everyone on the planet. Rules around selling baked goods exist to ensure you don't sell bread made with rotten eggs or something that would make people sick. (And there are now "home kitchen" laws in some places that do allow you to do this anyway.) Installing a new electrical outlet has potential fire risks which could affect nearby buildings. Building a deck has potential safety consequences, but I imagine there are many jurisdictions where you can do that without a permit, and even more where you can get away with doing so even though it's technically not allowed.
Me installing a tic-tac-toe game from F-droid doesn't have the same kind of ripple effects on other people. It probably has much smaller such effects than installing a mainstream app like Facebook.
> Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now. It's no surprise to me then that the argument does not resonate. That does mean we may have to allow people to have an uncomfortable level of freedom, across the board, in order to be logically consistent.
The bigger you are, the more everything you do affects other people. To my mind the "logically consistent" approach is to impose greater restrictions on almost all sorts of behavior the larger and more powerful the entity performing the behavior. By this logic, it would be Google that is restricted from changing its policy like this, simply because it is big.
Google is very clear, sideloading has about 50x more malware than the Play Store. The Brazilian government in particular is absolutely furious about the amount of scams, and was openly planning legal interventions.
Your ability to distribute your app anonymously absolutely meets the definition of real-world consequences for other people.
I personally find it absurd we accept that the government regulates food (people can't detect bad food), and hair cutting (people can't detect inexperienced people with scissors), but the right to anonymous app distribution is sacrosanct, as though food quality is less transparent than app quality. It's not - all of these licenses need to be let go of on the small scale.
There are plenty of physical appliances you can modify how ever you want because it's really only your business. Installing the software of your choice on a phone is like that. It's not something like a car sharing a public road and polluting the air.
people might watch movies they haven't paid for. people might read books they're not supposed to read. people might start having ideas that the oligarchs don't approve of. it's terrifying!
You can do whatever you want to do with your car, your kitchen, or your home. There is nothing a manufacturer can do to stop you. But you can't demand that they help you and provide you with assistance. Likewise, you can do exactly whatever you want with your iPhone or Android phone. You can rip out the chips and put in different chips, if you have the talent to do it. But you can't demand that the manufacturer helps you.
I said it was inconsistent to fight for digital freedoms without real world freedoms. I did not say I was okay with the loss of digital freedoms.
I think people should be able to build a deck without state consent. I think people should be able to sell to their neighbors without the health department watching. I think people should be able to start a small business without needing IRS filings at first. I think a small business might need OSHA exceptions across the board for the first few employees. I even think, yes, that allowing some idiots to roll coal is worth more than tightly regulating car repairs and controlling car repair equipment. And I think, to most people, these freedoms matter more than digital sovereignty.
---
Edit, posting too fast, cannot reply directly: In that case, that's a great argument for regulating app distribution, we need to protect people from scam apps. We can't possibly neglect people who don't know better about the risks of sideloading.
I'm sure you wouldn't say, "I just want to do whatever I want with code, while stopping my neighbor from building a dangerous deck," with a straight face, right?
Previous discussion: https://news.ycombinator.com/item?id=45409794
I want regulation that divides all software into two categories: part of the hardware, or not part of the hardware, with specific requirements.
Part of the hardware:
- Can be restricted to specific devices
- Must be available under GPLv3, including anti-tivoization provisions (forced bootloader unlock)
- May not attempt to use TPMs, DRM, or other systems to support assertions about client devices
Not part of the hardware:
- May only interact with hardware through public, documented, APIs in the "part of hardware" category
- Using alternatives from competitors must be fully supported
- When made by a company that also makes hardware, must also work on competitors' hardware (at least one, more if technically feasible)
- May be under a proprietary license
- Must not attempt to assert anything regarding the hardware, so things like Google Safteynet are now illegal. Security boundary must be shifted to consider client devices insecure
This is, I think, a good compromise to allow software developers to get paid without taking away ownership of hardware devices. Developers can be paid for "part of the hardware" software with money from selling the hardware, and "not part of the hardware" software can be trivially commercialized under a proprietary license. But, there is no way for a user to end up unable to control their hardware, or incentivized to configure it in a specific way.
Unfortunately it's never going to happen.
Also, things like TPMs, Secure Boot, etc, are good security tools which can be used by an end user to get security guarantees over their device.
I use Secure Boot with Linux because, when done right, it means you can get full disk encryption without gaps (at best, without secure boot, you have an un-encrypted bootloader on a flash drive which decrypts your disk and boots your machine, and this is a clunky setup).
I use GrapheneOS's hardware attestation to alert me if something compromises my android phone's operating system.
Now it's true that these features are abused by companies like Google to force you to run a blessed Android build if you want to use e.g. Google Pay (which is the only mobile payment option in e.g. the UK). But it's important to separate the technology from the bad actors abusing it.
The difference is you using the tpm feature and anyone else using the tpm feature. The feature can exist as long as it's only there for you not for anyone else. You can satisfy yourself that no one has hacked your device. Your bank can not satisfy itself that they have ultimate control over your device instead of you.
The described mechanism doesn't say the hardware features can't assert the software features, only the other way around: the premise was merely that the software features need to be replaceable; in fact, this is exactly what you want, as it ensures that the mechanism in the hardware providing the secure boot feature is open source and it also ensures that the operating system you run is anything you want, rather than being locked into a specific choice by the maker of the hardware (or, if the people who make the hardware want to ship an OS with the hardware as if it were some kind of cohesive product, then that OS would also have to be open source and modifiable, which is how you can get a GrapheneOS in the first place).
That's a good idea in spirit but seems a little over complicated to me. I think it might be simpler to just categorically ban any and all technical measures designed to prevent users from controlling or modifying software on devices that they own. Distributing binary code without the source and build tools would count as such a technical measure. This would be an even more radical change in many respects, but also a lot simpler and more principled.
Curious to hear if there are any unintended consequences to this that I may not have thought of. Think of this as a strawman proposal.
> ban [...] technical measures designed to prevent users from controlling or modifying software on devices that they own
Is this legal ownership or technical 0wnership?
You'd need to define "technical measure", or you'd have endless litigation to do it in courts. Trying to define that reasonably precisely is how I came up with my proposal.
I think that it might make sense as a kind of certification that can be available for computers that follow these specifications. However, it will need to be changed a bit; one change is that the division as part or not part of the hardware is not good enough and there should be one in between. Most of it looks like good, though.
What would this third division consist of?
Do you make any carveouts for software meant for game consoles, like the playstation 5?
No, I explicitly want the game console business model to be shut down. As it stands now, they sell hardware at a loss to then extract value later, at the cost of user control over what they bought. I'd like to see consoles cost what they really do, and then the same for games. I also don't like how restricted it is to make games for consoles nor do I like games being exclusive, since this blocks competition between consoles on their own merit. If a user wants to pay less upfront and more later, then we have a tool for that. It's called financing.
3 replies →
Why? If Sony is loosing money on selling these devices, they should perhaps just raise the prize. Why should we make carveouts to allow companies to compete on the market unfairly and to lock in customers?
Locked app store was my primary reason staying away from iPhone. Now, this is gone. It also open door for censorship, like disabling ICE-tracking or other politically inconvenient apps. This is a terrible decision for Android and for our freedoms.
Not to be dramatic but I'll ask the question.
Do we really want a future where 99.9% of people's pocket computers must ask for permission from one of two companies to run something on a device?
It's entirely possible to prosecute Google for fraudulently marketing Android as open and force them to keep their promise.
If they want to have a closed platform, do what Microsoft did with Xbox and create something new.
13 replies →
I can buy EU software for my PC only to be required to sign in with google, apple, meta or microsoft. The lazy dev world isn't much better
1 reply →
Google only directly controls the Pixel line.
OEMs may be forced to do the same, but 3rd party ROMs will not.
I do agree this cuts deeply for F-Droid.
> but 3rd party ROMs will not.
Google are also making that harder, at least for the Pixel line by no longer publishing the device tree as part of AOSP.
I know Fairphone do publish a buildable tree - though it's not yet available for their latest device - does anyone else?
1 reply →
Google only directly controls the Pixel line because of antitrust action from the EU.
Originally, device makers who used Android themselves were contractually prohibited from manufacturing devices for any company that forked Android, for instance.
Google can force OEMs implement non-unlockable secure boot.
6 replies →
Google selling Android as both open source and open to running any software you like in order to quickly gain market share, only to break those promises after driving competing platforms out of the market is nothing more than fraud.
Their trial proved that even if you lose you can still keep your monopoly.
It took them 17 years to finally pull the cage all the way shut. A long con indeed.
You think it's an accident that they've been abandoning developer APIs and replacing them with closed source Play Store versions for a decade now?
1 reply →
Other hyperbole notwithstanding, Google has pretty clearly done an extremely bad job of driving competing platforms out of the smartphone market.
Tell it to Blackberry, Windows Phone, WebOS and the Nokia N900.
1 reply →
https://en.wikipedia.org/wiki/Usage_share_of_operating_syste... says otherwise; while Android variants have allowed other manufacturers to gain footholds, and some even are "de-Google-fied" in terms of services... all of them stem from a codebase that has been designed to be compatible with, if not explicitly promote, Google's revenue streams.
Imagine, if you will, an adblocker that could run across not just web pages but all apps, in a privacy-protecting and declarative way. Google has every incentive to simply slow-walk the OS-level support necessary for this kind of system, perhaps citing legitimate security concerns, but certainly not allocating resources towards solving the problem in earnest. And if you hard-fork Android to do this kind of deep work, rather than just maintaining packages or patchsets, you'll be forced to dedicate tremendous resources towards maintaining that fork to keep up with mainline fixes/APIs. (And that's just the tip of the iceberg.)
So it's an incredibly effective chilling effect in practice, quite intentionally so.
2 replies →
I started on Android in 2008. I maintained my own ROM, complete with a custom kernel. Then I moved on to various AOSP forks. I ran the local Android Developers MeetUp and evangelised the platform for so many years.
This year I finally moved to iOS. I don’t feel happy about it, but they are now both basically as closed as each other, both are run by what I consider evil corporations.
If you told the teenager me in mid 90s, watching the internet bloom all around me, promising freedom and democratisation of access to knowledge the world over, that one day we would replace the open, standards based, federated, decentralised World Wide Web with two proprietary walled gardens, beholden forever to the whims of two companies, I would have thought you’re nuts.
Everything eventually becomes the Torment Nexus when greed becomes culturally acceptable.
The ability to install what I want is one of the reasons I went with Android, I guess I will have to look elsewhere when I next need a phone. I am hoping the new GNU Phone or Linux Phone get to be "thing".
edit: fixed spelling
It could be, if all FOSS developers slapped a new license on their projects saying "not for Android/iOS".
This would make it no longer free software as per the FSF's definition. We could turn many more things into GPLv3, which would prevent this, however. Then, Android and iOS can use them if and only if they go under GPLv3 too, which includes provisions against bootloader locking.
9 replies →
The bigger factor is whether or not Linux phones that are reasonably nice to use (everything works, isn’t flaky, battery life is decent-ish) come to market or not. Developers aren’t going to be interested in a platform that for practical purposes is at best a curiosity or something to tinker with, no matter how many idealist checkboxes they tick.
Good North America market availability sure would help too. There’s been stuff like Sailfish that seemed interesting in the past but didn’t have easily purchasable devices available in the US, completely precluding development for the platform for a significant number of devs.
Usage restrictions are not allowed to be considered an OSI-approved Open-Source license. Plenty of people think that the OSI "Open Source Definition" is the only valid definition of "open source", and will thus reject calling such licenses "open source".
I've been happily using "GNU/Linux phones" since 2008, with only 2-3 years around 2017 of using an Android device as a backup, so there's no need to "hope"; you can just act.
I would be interested in hearing more details. What devices? N900? Pinephone? And what particular distro(s) / software stack(s)?
1 reply →
How's the battery life?
Does the phone last an entire day on a single charge?
7 replies →
I'll probably have an android phone in my bag for emergencies and use some kind of offline Linux phone for my mobile computing needs. or even give up on the mobile form factor for general use.
Pixel 9 owner and F-Droid user. I voiced my opposition by filling out this form (thanks azalemeth, from the earlier discussion):
https://news.ycombinator.com/item?id=45409794#45411497
We're almost there, just about to kill off the custom ROMs/OSes. All we have to do is wait for the Android project to go closed source.
They've been abandoning developer APIs only to replace them with closed source versions that are only installed as part of the Play Store for years.
Can someone explain this?
https://f-droid.org/2025/09/29/google-developer-registration...
> The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
I don't understand the argument.
The first part is obvious I think (they don't want to make registration in google's store a requirement for f-droid since that defeats half the purpose of f-droid).
The other half is suggesting they could offer uploading the apps put into f-droid to the store (under an f-droid account I'd guess) but they immediately discard that option since it would make f-droid the exclusive distributor, taking something from the dev.
why would the dev lose the right to distribute their app?
2 replies →
How many F-Droid users are there, exactly? We don’t know, because we don’t track users or have any registration: “No user accounts, by design”
I use F-droid since around 2015, install it also for many family members and give them option to use open source alternatives of apps.
Most used apps are from F-Droid, about 20% from Aurora Store. No play services or gaaps at all.
Do it, Google! Nobody's going to fight for their computing rights until you've stepped on them hard enough. I can't wait for the amazing (non-Google) products that come out after this.
Like EMUI from Huawei or Xiaomi's HyperOS? Be real. Nothing is gonna come of it.
Like LineageOS, GrapheneOS, CalyxOS, Droidian, Mobian, /e/OS, SailfishOS, postmarketOS, PureOS, Ubuntu Touch, Plasma Mobile, etc, etc. There are a dozen or more Android alternatives (either forks or completely separate OS) currently in development and with phones launched. That's just what's out so far. Locking down the platform will force more people into this growing ecosystem.
[dupe] https://news.ycombinator.com/item?id=45428832
F-Droid and Google’s developer registration decree (f-droid.org) https://news.ycombinator.com/item?id=45428832 - 3 days ago, 121 comments
The EU can't get involved fast enough. The Digital Markets Act should prevent Google from inserting themselves into the process of downloading apps from third parties.
So, the old smartphones (I'm thinking something like an Android 13) will still be able to install any software?
A lot of software like banking and governments' identification won't work on old Android versions.
Of course, two phones: one to Play, one to Pay
Are there good Google-free Android phones? Recommendations?
GrapheneOS has been rock solid for me for several years now. Just pick any Pixel device. As for software, there are alternatives to everything you can find on the Play Store, assuming you're not reliant on a specific Google product. GOS has robust support for sandboxed Play services that work without Google, though I personally haven't used it. Even banking apps work without an issue for me, though YMMV.
I'm considering abandoning Android altogether in favor of a proper Linux device, but GOS is what makes Android usable for me.
Pick any pixel device, except pixel 10. It’s not supported and no word on when they will add support since google are no longer open sourcing the drivers for the pixel phones. Hopefully they manage to figure it out.
So the best source for Google-free phones is ... Google?
2 replies →
https://murena.com (sells e/OS on Pixel, Fairphone, SHIFTphone, and "Hiroh powered by Murena" hardware, whatever that last one is)
https://www.shift.eco (need to somehow get ShiftOS-L variant; the -G variant has Google services on board)
This was clearly the idea. Google doesnt like competition.
well, it may be time for GrapheneOS
https://grapheneos.org/
I'm honestly surprised this didn't happen sooner. Apple's been a "lavish jail cell" since its inception, and the control definitely makes them the big bucks. ChromeOS was a jail cell from its inception too. You could do some dev stuff to enable user control, but it disabled other things. https://rainestorme.github.io/guide/ is a guide to jailbreak it. It shouldnt need jailbroken, ever. Should be yours from the moment you paid money for it and bought it.
Google/Alphabet's been slowly tightening all sorts of things. Of course "security" is the term bandied around. Of course, I'd say "security" is overloaded - is it security for the user, or security for google AGAINST the user? I think it's the second.
And we also have no valid 3rd party phone platform. In reality, there was Windows Phone, but that was even worse locked down.
There's a few Linux phone projects. Pinephone is an embarrassment and an abject failure. I think the UbuntuPhone is dead as well.
Once they do this, it'll probably be a while before a proper Linux phone hits the market.
Absolutely no one gives a shit about the features the out of touch nerds value, which is why Android inevitably begins to follow Apple.
This post was brought to you by your local troll.
not so sure about that, if i found 100 android users out and about i'd be lucky to find 1 that gives a shit
1 reply →
"It's my device, I should be able to do whatever I want with it!"
The reason this argument isn't holding water and swaying popular opinion, in my opinion, is because everything else in life is heavily regulated, licensed, and restricted.
"It's my car, I should be able to do whatever I want with it!" does not hold, either for driving, or removing the catalytic converter, or changing the tuning to be able to roll coal, or uninstalling the seat belts.
"It's my kitchen, I should be able to do whatever I want with it!" does not hold when I can't sell my baked goods to my neighbors without a license, or replace the interior of my kitchen without a permit.
"It's my home, I should be able to do whatever I want with it!" does not hold when I can't build a deck, add an addition, or even install a new electrical outlet, without permission. Have you ever tried putting something in your front yard?
Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now. It's no surprise to me then that the argument does not resonate. That does mean we may have to allow people to have an uncomfortable level of freedom, across the board, in order to be logically consistent, and broaden chance of success.
The technologist sees licensing from Google to develop Android apps as tyranny. The average person asks "where have you been? What can you do without a license?"
> I can't sell my baked goods to my neighbors without a license, or replace the interior of my kitchen without a permit.
You can though. No one will stop you from doing either of those things.
> I can't build a deck, add an addition, or even install a new electrical outlet, without permission. Have you ever tried putting something in your front yard?
A deck or addition might draw attention and run afoul of some rule depending on where you live, but a lot of places won't care. If you want to put in an outlet, the world's your oyster. The only real consideration is if you're worried you may do it wrong and may run into insurance denials after a catastrophe or something. You don't actually need anyone's permission. And it's October; I have decorations in my front yard right now. No one was consulted about this.
It's like my air conditioner broke a couple weeks ago, so I ordered a capacitor off amazon and fixed it. I've never touched one of these things before, but the only one stopping you from unscrewing it and going to town is you. If you passed high school you ought to have a basic understanding of how stuff works and be able to do some light reading to make sure you're doing this correctly and safely. LLMs make this even easier.
These phone restrictions, by contrast, would be like if your AC or electrical panel somehow required a licensed professional to activate new parts. Or even more on point, required someone registered with e.g. Carrier (not actually any kind of professional certification; just someone gatekept by a business trying to monopolize things).
> No one will stop you from doing either of those things.
It's literally illegal in many US states and countries to do so. In my home state, MN, it is tightly regulated what kinds of "cottage food" you are allowed to sell.
You're confusing ability with legality. Try loading up some food you cooked in your kitchen and selling it out of your car, door-to-door, and watch what happens. This is despite, for most people, judging the health risks of food being wildly easier than the security risks of a sideloaded app.
> These phone restrictions, by contrast, would be like if you AC or electrical panel somehow required a licensed professional to activate new parts.
That already exists in car repair; with key reprogrammers and especially anything engine-tuning being restricted to licensed individuals. Also, good luck messing with your catalytic converter, without the ECU by law detecting it and getting very angry. Take my relative's diesel truck from 2015 - a single failed sensor in the exhaust, and it caps itself as low as 30 MPH.
10 replies →
> Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now.
I think the relevant difference is that it has real-world consequences for other people. And the consequences are likely to scale with the magnitude of the audience, meaning that it is bigger players that should face stiffer regulation. And yes, I think some of the examples you give should also be allowed.
Catalytic converters are there because they reduce the emissions your car produces. Those emissions get out into the air and affect everyone around you, and (over time, potentially) everyone on the planet. Rules around selling baked goods exist to ensure you don't sell bread made with rotten eggs or something that would make people sick. (And there are now "home kitchen" laws in some places that do allow you to do this anyway.) Installing a new electrical outlet has potential fire risks which could affect nearby buildings. Building a deck has potential safety consequences, but I imagine there are many jurisdictions where you can do that without a permit, and even more where you can get away with doing so even though it's technically not allowed.
Me installing a tic-tac-toe game from F-droid doesn't have the same kind of ripple effects on other people. It probably has much smaller such effects than installing a mainstream app like Facebook.
> Unless we agree to fight for freedom everywhere, the only logical excuse is that the digital world doesn't have real world consequences, except that it increasingly patently does now. It's no surprise to me then that the argument does not resonate. That does mean we may have to allow people to have an uncomfortable level of freedom, across the board, in order to be logically consistent.
The bigger you are, the more everything you do affects other people. To my mind the "logically consistent" approach is to impose greater restrictions on almost all sorts of behavior the larger and more powerful the entity performing the behavior. By this logic, it would be Google that is restricted from changing its policy like this, simply because it is big.
Google is very clear, sideloading has about 50x more malware than the Play Store. The Brazilian government in particular is absolutely furious about the amount of scams, and was openly planning legal interventions.
Your ability to distribute your app anonymously absolutely meets the definition of real-world consequences for other people.
I personally find it absurd we accept that the government regulates food (people can't detect bad food), and hair cutting (people can't detect inexperienced people with scissors), but the right to anonymous app distribution is sacrosanct, as though food quality is less transparent than app quality. It's not - all of these licenses need to be let go of on the small scale.
5 replies →
There are plenty of physical appliances you can modify how ever you want because it's really only your business. Installing the software of your choice on a phone is like that. It's not something like a car sharing a public road and polluting the air.
A compromised phone could be used in a botnet, and might even cripple the cellular infrastructure itself with a DDoS attack.
1 reply →
What real world consequences occur from installing whatever software you choose on your device?
people might watch movies they haven't paid for. people might read books they're not supposed to read. people might start having ideas that the oligarchs don't approve of. it's terrifying!
You can do whatever you want to do with your car, your kitchen, or your home. There is nothing a manufacturer can do to stop you. But you can't demand that they help you and provide you with assistance. Likewise, you can do exactly whatever you want with your iPhone or Android phone. You can rip out the chips and put in different chips, if you have the talent to do it. But you can't demand that the manufacturer helps you.
Are you trying to further normalize the situation?
I said it was inconsistent to fight for digital freedoms without real world freedoms. I did not say I was okay with the loss of digital freedoms.
I think people should be able to build a deck without state consent. I think people should be able to sell to their neighbors without the health department watching. I think people should be able to start a small business without needing IRS filings at first. I think a small business might need OSHA exceptions across the board for the first few employees. I even think, yes, that allowing some idiots to roll coal is worth more than tightly regulating car repairs and controlling car repair equipment. And I think, to most people, these freedoms matter more than digital sovereignty.
---
Edit, posting too fast, cannot reply directly: In that case, that's a great argument for regulating app distribution, we need to protect people from scam apps. We can't possibly neglect people who don't know better about the risks of sideloading.
I'm sure you wouldn't say, "I just want to do whatever I want with code, while stopping my neighbor from building a dangerous deck," with a straight face, right?
1 reply →
You are mixing up legitimate government regulations with a corporation abusing it's power to fuck over consumers.
Following your rationale, we just actually need the government to step in and regulate that Google cannot do what they want with Android.
Since I live in the EU, that's exactly what I am hoping for.
> You are mixing up legitimate government regulations with a corporation abusing it's power to fuck over consumers.
Anytime similar argument is brought up for Apple, people always say "Their platform, their rules". Isnt that the case here?
7 replies →
A libertarian who somehow also wants rigid restrictions on technology? Did someone steal your crypto or something?
I find this position hard to reconcile.