Language
-
It's an option you have. Personally having to do the same thing for my family, I configure an idiot-proof setup and I don't get random calls from my parents / grandparents.
Blocking sideloading won't help you here either though. You can just leave your mom using Google play store which vets the applications on the store.
You can lock down a device security-wise without locking down a device freedom-wise.
That said, I don't think there ever will be a foolproof device, that's not realistic.
If you want to guarantee someone won't fuck up their device that's what Administration is for. That's what child controls and safety features are for.
Its not that I "don't get it" its that I've been there and done that. And I use the tools given to me to make my life better. Those tools are for managing what my normie grandparents can and can't do, because in reality, they just want to face-time their grandchildren, check emails, and print photos. But they're also targets for scammers.
wrote last edited by [email protected]No, trust me, it's that you don't get it.
What you're describing is an inordinate amount of effort and you clearly don't realize just how much. There are billions of people with billions of devices. People who can "configure an idiot-proof setup" at all are outnumbered many thousands to one.
There isn't a you to configure anything for most people with a mobile phone. That's not how that works. It either works out of the box and forever or it's broken and unusuable.
And sure, locking it down is no guarantee. People can still mess up their Apple phones, and those do like a thing and a half. Less than that without Apple's strict supervision. But this is a matter of degrees. The difference between a few of those thousands of unsupervised normies making a mistake each year and 10% of them making a mistake each year is the difference between Android being a viable platform and it being a broken mess nobody uses.
I feel like I'm weirdly relitigating every other conversation I have with people about Linux over here. It's kind of exhausting.
And to reiterate, that doesn't make Google insisting on having the ID of the author of every piece of software allowed to run on Android acceptable. It's just the difference between a reasonable objection and... not that.
-
If I ever go insane and write a manifesto this will be on it.
Sounds fairly sane to me.
-
meh both on mac and windows you’re not the true admin of the machine. mac requires disabling SIP and some others to even be able to delete default applications for example and don’t get me started on windows. linux ftw (as I type this from my old ass ios device)
I mean nobody is shocked that they both suck. If it's not open source you are not in control.
-
This does feel like a bit of a double-standard to me. I’ve hated how Microsoft and Apple have introduced app stores on Windows and macOS and try to push people to only install from there instead of directly from the developer. And yet on Linux the advice seems to be never ever download directly from the developer; you should only download from the package repository provided by your OS (which sure feels like an App Store). And that package probably wasn’t even provided by the developer or the OS but some random volunteer that you just assume has good intentions.
Installing from a repo via a terminal does not feel like an App Store at all. It's only the GUI apps that do and those are all entirely optional. Exactly how it should be. God's in his heaven. All's right with the world.
-
But we subsidised the cost of your phone so we could make sweet sweet recurring revenue off your usage habits and targeted advertising!
You wouldn't want to take that away from us would you? Won't SOMEBODY think of the shareholders?!
I'm getting really sick of products being only available subsidized by a level of invasiveness that should be illegal.
The government should need an individualized warrant to purchase my data. And honestly Google should need one to collect it
-
From a personal freedom POV, I agree. But, if it was easy it would be a support nightmare.
Google and Apple scan every app that gets loaded into their app stores for malware. There's also a lengthy review process, even just for updates. Some malware does still slip through, but it's a trickle compared to what gets blocked. If sideloading apps were easy, my younger sister would be in so much trouble. She'd have various accounts phished within a day. She'd install something that drains the battery within an hour and not understand what was going wrong. And, she's relatively tech savvy. I have no idea how the older generation would survive.
Of course, since Apple and Google make 30% of every sale on the app store, they're not purely motivated to just keep their users safe. The real problem is that there is a duopoly in smartphones. Apple and Google have essentially the same policies, and if you don't like them you have no other options. If there were a dozen OSes, there could be smart phones for Granny that had everything locked down, and smart phones for h4x04z that didn't. Companies that struck a good balance between protecting their users and allowing their users freedom would do well in the market. Companies that didn't would shrink and fail.
wrote last edited by [email protected]So? Don't run fishy files off the internet unless you're open to the risks. Have secure walls that require either a setting change or individual permission grants before they can access secure apps.
Operating systems are prone to natural monopoly or duopoly. Furthermore there's anti consumer incentives here in that governments want surveillance data and os companies sell it.
Where competition fails to protect consumers governments must. And that includes protection from governments. I know it's ironic today as we're in a fascist regime, but that's one of the basic principles of my country. So anyways please Europe protect us worldwide consumers from American companies.
-
This does feel like a bit of a double-standard to me. I’ve hated how Microsoft and Apple have introduced app stores on Windows and macOS and try to push people to only install from there instead of directly from the developer. And yet on Linux the advice seems to be never ever download directly from the developer; you should only download from the package repository provided by your OS (which sure feels like an App Store). And that package probably wasn’t even provided by the developer or the OS but some random volunteer that you just assume has good intentions.
Because the Linux repositories are apathetic third parties (ie they have no reason to care whether or not you download any given app) while Microsoft and apple are financially incentivised for you to buy buy buy.
This means that when you download a .exe from a vendor instead of going through the windows store you're cutting Microsoft out of their cut of what you paid and you're denying Microsoft information about what it is that you bought. But the flipside is Microsoft didn't impartially verify that it's not malicious.
When you download a .deb instead of going through apt, you're also denying them their cut (of nothing) and you're denying the repository managers the ability to see what you're doing, but Linux people generally trust repository managers to not be selling their habits to advertisers and governments.
I will say there is a reason to side load on Linux though, paid software is sometimes unavailable through repos.
-
what are link relation types like "preload", "prefetch", "prerender", "next", "stylesheet", "intervalbefore", "memento", etc.?
-
Megacorps gonna megacorp.
Monopolies gonna monopoly.We can fight these giants by not using their services & products.
It only gets harder to fight them the more we give in.
I can't even get people to switch to LibreOffice, not cuz they use some advanced MS Office feature but because the interface "looks dated". So they'd rather pay a subscription for life to use software that spies on them than download free software that does what they need but has a 2010s style interface.
Humans suck so much.
-
I finally want to switch to android and boom: Custom ROMs and "sideloading" gets swept off the platter. Well ok I guess I‘ll just wait for a good linux mobile OS
So annoyed that just bought a Pixel 8a for Graphene. I thought I'd get to use it til 2030 when it stops getting security patches and now I might not even get a full year out of it.
-
I'm not sure what the original vision was, but KaiOS is just a fork of Boot2Gecko.
In fairness I've not tried it, but their homepage has been all about apps for a while.
-
Let me answer your question with a question: How many things do you do with your phone that aren’t also able to be accomplished with a website already?
This is kinda begging the question imo. Phones are terrible anti-user devices, so I can't do the things I'd like to do with it that I can't also accomplish on a website. Wasn't that kinda the problem that was initially stated in the OP?
Delivering application-like experiences via the web allows users to make accessibility changes to that experience without the developer needing to support it explicitly. It also allows users to implement plugins that extend and improve their experience, by removing undesirable content or adding functionality that you haven’t provided. And because browsers are built on open standards, there’s no longer any device ecosystem lock-in; I should be able to access all of the websites I want to from any browser on any device. Users could even build their own bespoke applications, without the need to enable a developer mode on their phone or get a certification from a megacorp.
Almost all of this would be equally possible if the phone wasn't just a platform for a browser. I actually think a browser model limits a lot of what you say here, and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn't the great liberator of phones imo.
I don't hate browsers; a lot of what you said is true and great for users with respect to browsers. I do however think it's a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.
Phones are terrible anti-user devices, so I can't do the things I'd like to do with it that I can't also accomplish on a website. Wasn't that kinda the problem that was initially stated in the OP?
Maybe I phrased it poorly. I meant, what things do you do on your phone that wouldn't be possible on a website if you were on another platform?
Actually, I've been actively trying to use Firefox Mobile for everything I reasonably can on my phone, and it's way more possible than you might think.
I actually think a browser model limits a lot of what you say here,
I think you misunderstand me here. I'm not asking for a browser model to increase the number of things that app developers can do, I want to increase the number of things that end-users can safely do, and running web apps in a browser are currently the easiest way to do that.
and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn't the great liberator of phones imo.
That's absolutely a huge problem, yes; but it's a different one. And in the faintest praise possible, Google does at least maintain fairly solid web standards.
I do however think it's a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.
It would be a replacing a sandbox that's restrictive for the user and developer with one that's only restrictive for the developer. And I don't think it's a particularly terrible development ecosystem; in a lot of ways, the front-end dev ecosystem is the most mature ecosystem. We're absolutely spoiled for choice in IDEs, in linting tools, in packages...I mean, I used to work in email development years ago. THAT is a terrible development ecosystem, let me tell you.
-
You're right, it is an inordinate amount of effort.
So much effort, that I don't believe doing it on the scale Android / Google would need to do is possible.
We see Google, Apple failing at this insurmountable effort all the time. Even Linux has failed at it sometimes with supply chain attacks.
And frankly I don't feel that Google can do better than what they've done already in terms of sideloading. Right now of you don't want to go through the app store, you have to ignore two separate warnings when you side load a malicious app. At that point it's negligence.
Because of that I don't feel that adding this restriction to sideloading will help the situation. I believe it's a cop out, if anything they should direct the effort to the Play Store more. There is plenty of actually harmful malware on the Play Store that we can see in the news is a much larger impact than sideloading applications.
That's probably why no one is empathizing with what you're asking for, there is too much showing this change is in bad faith.
We did have that impossible to screw up device in feature phones. But we traded that for pocket computers that enable us to install, and build apps.
As for Linux, I completely agree with you. It still needs to improve user friendliness. It's improved exponentially lately, and could be argued to be better than Windows, but it's still not as good as smartphone computers which are the epiphany of user friendliness (and ignoring the dark patterns being added).
-
From a personal freedom POV, I agree. But, if it was easy it would be a support nightmare.
Google and Apple scan every app that gets loaded into their app stores for malware. There's also a lengthy review process, even just for updates. Some malware does still slip through, but it's a trickle compared to what gets blocked. If sideloading apps were easy, my younger sister would be in so much trouble. She'd have various accounts phished within a day. She'd install something that drains the battery within an hour and not understand what was going wrong. And, she's relatively tech savvy. I have no idea how the older generation would survive.
Of course, since Apple and Google make 30% of every sale on the app store, they're not purely motivated to just keep their users safe. The real problem is that there is a duopoly in smartphones. Apple and Google have essentially the same policies, and if you don't like them you have no other options. If there were a dozen OSes, there could be smart phones for Granny that had everything locked down, and smart phones for h4x04z that didn't. Companies that struck a good balance between protecting their users and allowing their users freedom would do well in the market. Companies that didn't would shrink and fail.
Sure, but there's a good argument that that should be an end-user issue, and not something that the OS/Phone manufacturer should be trying to mitigate. It's a risk you take when owning a device, that you can also break it, or get it infected.
Otherwise, why bother selling the phone in the first place, rather than contracting it out under a rental agreement?
-
Intriguing! I'm concerned about the "advanced power management algorithms" they're putting up front and center without clarifying. My current phone (OnePlus) is very aggressive about that and just kills my alarm clock in the middle of the night once in a while and breaks other apps, even with optimizations disabled and the phone plugged in. Furiphone isn't listed on DontKillMyApp and I didn't see anything with a quick search, have you heard anything about how it does on that?
Also that size, oof. Mine is already too big and this is noticeably bigger in all 3 dimensions.
I have a Ulefone, which is too small of a brand for there to be much specific guidance on how to counter some of the unwelcome power management stuff
-
Phones are terrible anti-user devices, so I can't do the things I'd like to do with it that I can't also accomplish on a website. Wasn't that kinda the problem that was initially stated in the OP?
Maybe I phrased it poorly. I meant, what things do you do on your phone that wouldn't be possible on a website if you were on another platform?
Actually, I've been actively trying to use Firefox Mobile for everything I reasonably can on my phone, and it's way more possible than you might think.
I actually think a browser model limits a lot of what you say here,
I think you misunderstand me here. I'm not asking for a browser model to increase the number of things that app developers can do, I want to increase the number of things that end-users can safely do, and running web apps in a browser are currently the easiest way to do that.
and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn't the great liberator of phones imo.
That's absolutely a huge problem, yes; but it's a different one. And in the faintest praise possible, Google does at least maintain fairly solid web standards.
I do however think it's a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.
It would be a replacing a sandbox that's restrictive for the user and developer with one that's only restrictive for the developer. And I don't think it's a particularly terrible development ecosystem; in a lot of ways, the front-end dev ecosystem is the most mature ecosystem. We're absolutely spoiled for choice in IDEs, in linting tools, in packages...I mean, I used to work in email development years ago. THAT is a terrible development ecosystem, let me tell you.
I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?
This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they're both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can't take advantage of Linux's configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they're talking to as malicious. That's the whole threat model, and it's completely correct, but I don't want that threat model applied to my entire device.
I think we're just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that's pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much... no different. I wouldn't be particularly excited. I never understood the Boot2Gecko excitement anyway.
I'd like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you're allowed unconfined root access. You simply can't get that if you're being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn't need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.
With respect to the development ecosystem.. we can agree to disagree I guess. I'd rather leave the industry than deal with modern web development, but that's just my personal opinion.
Google does at least maintain fairly solid web standards
I have to strongly disagree with this though. Google wants to bring it's attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don't trust Google to have the user's best interest in mind for a single second.
Anyway, I asked where you're coming from so thanks for sharing.
-
I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?
This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they're both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can't take advantage of Linux's configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they're talking to as malicious. That's the whole threat model, and it's completely correct, but I don't want that threat model applied to my entire device.
I think we're just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that's pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much... no different. I wouldn't be particularly excited. I never understood the Boot2Gecko excitement anyway.
I'd like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you're allowed unconfined root access. You simply can't get that if you're being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn't need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.
With respect to the development ecosystem.. we can agree to disagree I guess. I'd rather leave the industry than deal with modern web development, but that's just my personal opinion.
Google does at least maintain fairly solid web standards
I have to strongly disagree with this though. Google wants to bring it's attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don't trust Google to have the user's best interest in mind for a single second.
Anyway, I asked where you're coming from so thanks for sharing.
I think I'd rather my phone be a little "dumber" than my laptop or desktop, though. Or I want it to be powerful enough to be the brains of both, but that would make it expensive enough that I would worry about losing it. Making it just a browser gives it enough utility to be broadly useful, but also enough friction that I won't get sucked into it.
Also, I think a low-cost, low-power, mass-market B2G-type phone (a la the Chromebook) is way more likely than a mass-market Linux phone. Maybe that's just me being cynical, though.
As for Google, yeah. I agree that they don't have the users' best interest in mind. But there's currently enough of a pull from mobile Safari that they're willing to play by the rules for now. My understanding is that the Web Attestation API was basically dead in the water—though maybe that's me being too optimistic, ha.
Anyway, I asked where you're coming from so thanks for sharing.
Same to you! Good conversation. I appreciate it.
-
Well there actually is a problem this can help solve. Malware. There are other concerns that are bigger motivators for Google, but the ability to lock shit down can help control security issues.
Most people can’t get the software they run on their devices. The idea of “you can trust me, bro” is fucking dumb, even in the open-source world. This helps nerf this for the stupid people who buy this shit. It’s a priority because there are more stupid people willing to buy a product and put up with its bullshit than there are smart people willing to put in the effort themselves.
But also money.
-
I can't even get people to switch to LibreOffice, not cuz they use some advanced MS Office feature but because the interface "looks dated". So they'd rather pay a subscription for life to use software that spies on them than download free software that does what they need but has a 2010s style interface.
Humans suck so much.
I get what you are saying but is it really too much to ask for an interface that looks like it belongs there?
-
meh both on mac and windows you’re not the true admin of the machine. mac requires disabling SIP and some others to even be able to delete default applications for example and don’t get me started on windows. linux ftw (as I type this from my old ass ios device)
you can get all the right you need with a little trickery. I mean, psexec is made and distributed by Microsoft, freely. a simple download. and I don't think it's bad that the average user can't run everything immediately as TrustedInstaller or SYSTEM.
