← Back to context

Comment by nirui

9 hours ago

Emotional talk aside, there's not many good solution to this problem, unless of course F-Droid starts to make their own phones.

But then, Librem 5 Phone was just failed few years ago, telling the story that people who care about their rights are still sensitive to how much they would pay (which is a form of rights too).

Also but, there is the thing, making a phone is not easy. If you reach deep enough, you'll eventually reach the layer where you realize how solid the monopolization has become. The global telecom standards if you read them is in the hands of few companies, Boardcom, Motorola, Huawei, Nokia and such. They'll control whether or not your phone can access the network. Then there's telecom companies who runs the network, and they might have to approve your device/modem as well since they got their channel allocation from the government.

It's not easy, and it's not just the software problem.

Oh and yes, we also have the software problem. Linux, if you want to go that route, cannot be used as a mobile OS, as least not for the public, because the average people don't know how to properly secure their system, and Linux is not a restrictive-by-default system. It will be a malware nightmare if you ship Linux on a phone as is.

The best hope for now I think is for geek vendors to make more mobile/4/5G enabled Fairphone or uConsole-like product to the enthusiast market, and then you can load whatever OS on it as you want.

The Librem phones do exist and people use them.

Did it take the world by storm ? No.

But it exists, has users & is building the case (together with Sailfish OS and others) that having an abusive mobile OS duopoly is not the desirable state of matters.

I was surprised to hear Librem failed, but a quick search show this is not true. Quite alive and hopefully well.

There is a good solution. A big disclaimer and the user accepting the risk of running the software they want. The same solution they've been doing for years that did not need change. The new developer program is only here because it is more convenient to Google and governments.

  • We've known for literally decades that that doesn't actually work, for several reasons:

    1. People are conditioned to ignore warnings. There are way too many benign warnings in the world; you can't read them all.

    2. Even when people wouldn't ignore them, in cases where they are being tricked by scammers it's easy for the scammer to talk people into accepting them.

    3. Those sorts of warnings aren't actionable. You're installing a new app. It appears legit. You want to use it. You get a warning like "this app hasn't been verified; it might be malware!". What can you do with the information? Absolutely nothing. 99.9999% of users have zero way of doing any deeper check to see whether it actually is malware. Their only options are to give up and go home, or just hope that the warning is wrong. Even I - a highly technical user - get zero value from things like Windows' smart screen. "The app you're running hasn't been signed! It might be malware!". Err yeah sure. I'm not going to reverse engineer it to check am I?

    I think their solution of allowing you to disable the restriction with a one-time one-day delay is actually a really reasonable solution. As long as they don't go further than that - the risk is that it is just a temporary placation and they'll ditch that option in a few years.

    • It's 2026. This technology has been out for how long?

      We can't keep catering to the lowest common denominator of user. We have lost many computing freedoms over the decades as a result of this. Sorry, but its unacceptable.

      If they really want such locked down experience to be the default, they could also just as easily put out a ROM everyone else can flash that has no restrictions. You still get to cater to the lowest common denominator but without taking freedoms away from anyone else that wants to keep them, with official support. No scammer is going to convince someone to plug their phone into their laptop and flash a new ROM in order to scam them. If they can, there's no protections that would have helped in the first place.

    • The problem is easy to solve by making 99% of all apps normal apps that don't get any special privileges and don't require any developer certification, and having a certified developer program with heavily locked down run mode for the 1% of high security apps like banking and payment apps. It's not hard to attest unambiguously to the user in some way whether they are running one of these rare secure apps or a normal one, a restricted API suffices but you could also just add an LED for it.

      You can't possibly convince me that Google couldn't develop something like that if they wanted to.

      2 replies →

> because the average people don't know how to properly secure their system, and Linux is not a restrictive-by-default system. It will be a malware nightmare if you ship Linux on a phone as is.

Linux is a kernel. A Linux-based distribution decides what the defaults would be. Why, in your opinion, would a Linux distro targeting phone-ish ARM64 hardware be problematic? Why would it be a "malware nightmare"?