1. 28
  1.  

  2. 10

    Just yesterday, I set up my new Android phone. Android is an incredibly hostile platform in every way. Immediately when I start the phone, I’m bombarded with EULAs and Terms and Conditions, some of which I have no choice but to accept to even use the phone. Google, the phone manufacturer and every other involved party want a piece of the pie of personal user data. The keyboard app - yes, the app that literally just displays a few buttons - transfered dozens of Megabytes to and from the internet, I have no clue for what purpose. Things that have no business running at all slurp up battery power like there’s no tomorrow. Okay, let’s install LineageOS. The process to unlock the bootloader is tiring and there wasn’t a single tutorial on the internet that got the process right, I had to figure it out on my own. Then you realize that if your bootloader is unlocked, your phone is now recognized as modified and no longer passes SafetyNet, a “helpful” API by Google that locks out anyone who has asserted ownership over their phone by modifying something. No more banking apps, Google Pay, Pokémon Go, even the McDonalds app checks SafetyNet. You can hide from SafetyNet, but we have now come to the point where they check hardware-backed attestation which cannot be circumvented. And all of this unlocking, flashing and SafetyNet circumvention stuff is incredibly tedious with pages-long tutorials on the internet, shady executables and the ever-present risk of turning your phone into a paperweight. A thriving Linux phone ecosystem isn’t just overdue, it was overdue 10 years ago. Purism Librem 5 and PinePhone push the envelope of Linux mobile, and even though the experience is still flaky, the basics work (I have a PinePhone) and are usable. Frankly, I don’t care what SoC they use as long as they at least push the software side away from this insanity. You can’t liberate everything and everyone at once. They have my full support.

    1. 7

      Then you realize that if your bootloader is unlocked, your phone is now recognized as modified and no longer passes SafetyNet, a “helpful” API by Google that locks out anyone who has asserted ownership over their phone by modifying something. No more banking apps, Google Pay, Pokémon Go, even the McDonalds app checks SafetyNet.

      I said this in a thread the other day, but it’s still true: this argument is based on an inconsistency.

      You feel it’s very important to “own” your devices and systems, and you seem not to want anyone else ever to dictate terms to you for how you can use your devices/systems, and you seem not to want anyone else ever to access your devices/systems except on terms you set.

      But you also are demanding access to others’ devices/systems, and demanding to dictate the terms on which you will receive that access.

      The only consistent position is to grant those other entities the same ownership rights to their devices/systems that you demand for yourself and your devices/systems. Which would mean they are perfectly within their rights to deny access to you or to set the terms on which they will allow access,

      And ultimately it really is just a matter of trust – your bank, for example, almost certainly has a website you could use, and that website is built for the low-trust client/environment of a web browser. They also offer a higher-trust client in the form of a mobile app, but require that it be used only in a higher-trust environment (i.e., one in which they can cryptographically verify that neither the app nor the key libraries/functions it depends on have been modified, since they have no way to tell whether a given modification is malicious or not). And again they are entirely within their rights to offer access on those terms. If you find neither option palatable, you can probably also call them, or walk into a physical branch office to transact your business (though in both cases they would demand that you go through a trust routine – verifying your identity as an account holder – before granting you access to do things).

      1. 3

        And ultimately it really is just a matter of trust

        A device I set up myself, with binaries from e.g. Arch, Debian or Ubuntu, is 10 times more secure and safe than any stock smartphone that ships with this ridiculous bloat that might even be compromised right out of the factory. The trust argument is such a laughable and obvious lie. Indeed, a lot of banks have a web client that has full access and runs on any device without such ridiculous constraints - precisely because they are not necessary, it’s security theater to disempower the user.

        And again they are entirely within their rights to offer access on those terms.

        Yes, the behavior is despicable but legal. Legality and morality are often orthogonal.

        1. 2

          The trust argument is such a laughable and obvious lie. Indeed, a lot of banks have a web client that has full access and runs on any device without such ridiculous constraints - precisely because they are not necessary, it’s security theater to disempower the user.

          If the bank truly had as its goal to “disempower the user”, they have a much larger arsenal of techniques at their disposal, and it would be odd that they and so many other entities are, effectively, fighting with one hand tied behind their back. I argued this in a thread the other day about Apple: if they really were going to lock down all their laptops/desktops, why haven’t they done it already? The iPhone and iPad demonstrate the technical capability, and their marketing of those devices as being limited for security has generally succeeded with the populace as a whole, but they still won’t even offer a locked-down Macbook as an option if you ask them for it. This is strong empirical evidence that the “disempower the user” type claims made about banks, and Google, and Apple, and other entities, are wrong.

          So perhaps their motivations are not what you hyperbolically attribute to them, and the decisions they make, and the motivations for those decisions, are downright banal when you really sit and think them through. The bank doesn’t need perfect security, for example – they just need “good enough to not get sued too hard” security. They often are dealing with maddeningly conflicting regulations which treat things as completely different when, to a technically-inclined person, they’re obviously similar or just the same. And on and on, all of which adds up to decisions like requiring attestation to trust the mobile app but not a web client.

          Yes, the behavior is despicable but legal.

          You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

          1. 2

            You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

            Well, if they are corporations and the device owners are people, then I guess that hinges on if one believes corporations are people, or at least what correspondences they have in terms of rights. I wonder if the device users in this thread were using devices owned by corporations, might they feel differently? Would they even use those devices?

            I think your point about locking things down could be informed by the other elephant in the room, anti-trust litigation. We see this coming from the EU on multiple fronts, and no matter how big Google and Apple may be, they probably don’t want to be prevented from selling things in the EU.

            1. 1

              Corporate personhood is pretty far to wander from the topic at hand, and is also a pretty settled question. It also tends to lead into absurdities when one considers extremely common cases like a sole proprietor, and asserting that people lose rights as an automatic consequence of, effectively, working for themselves.

              As for anti-trust: I am deeply pessimistic about the Digital Markets Act and about the EU’s approach in general. But again that’s wandering very far from the topic at hand.

              1. 1

                I disagree with most of the assertions in your comment here, but I wish you well.

                But again that’s wandering very far from the topic at hand.

                I understand your desire to shutdown discussion, and am happy to comply.

            2. 2

              You seem to think that your right to control and dictate terms of access to your devices/systems is moral in nature. Is not their right to control and dictate terms of access to their devices/systems necessarily of the same nature?

              The issue is symmetrical, and that’s precisely why there isn’t an “inconsistency” like you claim. The bank wants that my entire phone’s firmware is signed by a key of their choice (Google’s). Likewise, why can’t I insist that the bank signs all their binaries on all their servers with a key of my choice? Of course, the bank would laugh it off and tell me to get lost. And that is precisely how we, the users, should react to the request that our binaries be signed by Google.

          2. 2

            (though in both cases they would demand that you go through a trust routine – verifying your identity as an account holder – before granting you access to do things).

            Well, the difference here is that the verification mechanism is now with the world’s largest ad company, who is undoutedly going to use your information + habits + everything they can get to market to you. Verifying your identity at a bank by showing your ID isn’t quite the same thing…

            1. 4

              The point of hardware attestation is that it’s, basically, cryptographic signature verification using keys that aren’t easily modifiable by the software whose signature is being verified. Thus trying to solve a thorny security problem where you can’t trust a signature because the set of valid keys might have been tampered with by the thing you were trying to verify.

              So I don’t see how Google’s business model is relevant here. If hypothetically a non-profit dedicated to Free Software ideals released a device with such functionality, my argument – it’s inconsistent to demand “ownership” of one’s own systems while denying “ownership” of their own systems to entities one interacts with – would still be just as sound, while your argument, which is based on the non sequitur of pointing to the business model of the manufacturer, would no longer hold up.

              1. 5

                There is nothing inconsistent about wanting to exert ownership over one’s device and communicate to other devices. I see that you repeated this point again, as if there was some logical inconsistency in the desire to control one’s own mobile. There is not. When a third party forces me to relinquish control of my mobile to communicate with it, then it is overstepping my boundaries. Of course it can do that, but then I will make sure to migrate away as soon as possible because that’s abusive behavior. I don’t ask my bank to only run binaries that I signed. Likewise, my bank has no business of asking the reverse of me. That’s the inconsistency. This is a relationship where the user is on the losing side, and it is about time we negotiate better for our side.

                1. 2

                  I never said your argument was invalid, but the manufacturer is definitely relevant, since you have to trust them. Some people don’t trust an ad company to always do the right thing (now, but especially in the future…)

                  So the manufacturer’s business model is relevant, whether or not you want to believe it.

            2. 7

              I worked at a company that chose to implement a non-rooted phone requirement for its mobile apps. The choice wasn’t motivated by security snake oil or a desire for control, but a demonstrated large and significant empirical relationship between rooted phones and breached accounts. Given that this company might be liable for some of the losses incurred by a breached account, it was the rational choice to do this.

              Now, I’m very sympathetic to the ideas of user control and openness in the abstract, but anyone making that case really has to acknowledge that these are choices in a complex tradeoff space involving security and user control. I’m not saying that all or eve locked-down devices were motivated by a sincere concern for user security, but in practice there’s a clear demonstrated relationship between these things and I think there are reasonable explanations for why this may be the case.

              1. 3

                If rooting wasn’t so hard and tedious and wouldn’t require you to download shady binaries and leaked tools from forums, the security aspect would look entirely different. If there was an easily installable Debian-style distro for phones, where you can get pretty much everything from the apt store, such things wouldn’t happen nearly as much. The security issues are engineered precisely by the people who then jump in to “solve” them, albeit unwittingly, perhaps.

            3. 4

              As a fan, I do think a significant contributor to what Pine produces is “we just discovered a supplier for this neat chip that can do stuff, and figured out how to build stuff with it!”

              1. 2

                … which ends up generating a lot of e-waste, since a lot of their products are not very usable. even the most usable ones, e.g. the pinephone, still are a bit rough at times.

              2. 3

                A small correction: Precursor runs on xous OS, a microkernel written from scratch. I’m sure it could run Linux given enough effort though!

                1. 3

                  It’s increasingly clear that the electronics industry has gotten flexible / smart enough that small production runs for tech enthusiasts are viable and profitable. Doesn’t matter if it’s niche mechanical keyboards or “open source” hardware.

                  Previously, when a hardware company endorsed “openness”, it was usually due to some sort of internal victory by the engineering department, or a radical strategy to unseat an incumbent player.

                  Now it’s a marketing pitch.