No user accounts, by design(f-droid.org) |
No user accounts, by design(f-droid.org) |
Installing applications is a rare event, updating them is frequent, and needs to disrupt the user as little as possible. Android used to not allow alternative app stores to update apps without user interaction, but now supports this through UPDATE_PACKAGES_WITHOUT_USER_ACTION, which doesn't seem to be supported by F-droid. So it's manual clicking for each update.
F-droid also somehow gets the regular update flow wrong and often (always?) shows an error when you try to install the update from the notification. That has remained unfixed for years. So you have to manually open it, initiate the update, then click through the dialogs.
Additionally, the official repos update so slowly that they're useless for fast-moving stuff like NewPipe.
Together with Android bugs like https://issuetracker.google.com/issues/204233247 (resetting all "open with" URIs on update), this makes using packages installed through F-Droid a nightmare.
I then go through the list of updates in the Play Store once a week or so and install those that I think might improve app functioning/stability. I look over and install Windows updates once a way-too-long (need to work on this).
Feel like everyone is skimping on QA these days or something else fishy is going on. In the last handful of years there have been 2 or 3 Windows updates that either permanently erased data or caused some other insane issues. I didn't get them (tbf I understand that most people didn't), partially thanks to having auto updates disabled.
The last straw for me was a few years ago when my podcast suddenly stopped playing. When I unlocked the phone to investigate why the episode had stopped the UI had completely changed, in a way that I was completely lossed and had to start over learning it from scratch. I was right at the beginning of a long road trip and had pre-downloaded many hours were of stuff to listen to because I didn't have much data in my plan. All of the episodes I had downloaded were gone. Additionally because I was driving, learning a completely new interface was horribly dangerous.
That was the day I disabled auto updates, and now I manually approve each one. Certain apps where I don't want to risk UI changes or new bugs, don't get updated right away. When they do, I always backup the old APK first so I can easily restore it if needed.
I'm still mad about the Windows update that permanently stopped Windows from working with my Bose headphones. The headphones continued to work perfectly with anything that wasn't running Windows.
I don't have time to read release notes/research each new version, so I'd likely just spend 10 minutes hitting "update" on everything, then getting bitten by the same issues.
(This is specifically in regards to Android apps, not other platforms).
With Play Store I agree. With F-Droid, I do not. You can easily install older revisions if you find a problem, which I almost never do with F-droid.
I thought you needed some kind of registry hacks or something to disable automatic updates since W10, can you elaborate on how you got it to stop pestering you?
I actually tried to play with this not long ago, and it is so broken that it makes me think they just wanted to "check the box" in case some judge thought this was abusive behavior. It probably still is.
Not only this API is available only on Android 12, it also _only_ works for programs that have Android 12 as target level API (i.e. when you try to upgrade older programs the prompt will still show up), and only works for programs that your package manager installed in the first place. GPlay does not have this limitation and will happily update packages you installed, after which your package manager is no longer allowed to upgrade them. It's all a big mess.
> ...this makes using packages installed through F-Droid a nightmare.
I run 2x Androids with near 80%-90% of the packages installed from F-Droid repos (to include Bromite and Bitwarden custom repos); it has quirks and is not perfect - but far from "not usable" and "nightmare" as your hyperbole would suggest.
Thank you whoever is behind it, you're doing a great job.
You need to install the F-Droid Privileged Extension, or use a ROM that has it pre-installed. That way it can update apps without user interaction.
Further, I disable notifications for nearly everything, so that point doesn't matter to me either.
I'm definitely relieved that the most-upvoted comment critiquing F-Droid doesn't raise anything of concern for me! I was worried I was about to read something that might push me away from making a de-Googled Android device my next smartphone... haha
So does Bromite browser. https://www.bromite.org/fdroid
It's so refreshing, especially compared to $megacorp <strike>control freak</strike>, er, security measures, yeah that's it!
I also haven't had issues with update flow. When was the last time you used F-Droid for a prolonged period of time?
You are right that the download / install process is very quirky. It often fails to provide the right feedback about what's going on and errors are common. Is it downloading, is it installing, did it get my touch? However I really want to install from there and not from Google.
So for at least some users, this isn't a problem at all. It's a better default.
It seems to me that if you can compromise the f-droid infrastructure you can compromise millions of handsets.
> This means that F-Droid can verify that an app is 100% free software while still using the original developer’s APK signatures
Years back we were doing something that included users documenting TV shows. We had a big meeting where people put every feature they wanted on index cards. We laid the cards out a founder's dining room table. The host got their change jar and each person got a certain number of pennies to mark features they thought were vital for first launch.
After the first round of token-voting, the "user accounts" card had no votes. At first it seemed impossible. But after some discussion, we realized that viewing users didn't need accounts for launch. For people who wanted to edit, we let them type in a name to take credit for their contributions if they wanted, but with no verification. At worst, we figured we could add something more robust if the need were stronger.
It turned out fine. The launch got out earlier and we got to test a number of key product hypotheses without having to build any sort of user account system. Months later it did eventually become the highest priority. But not having accounts worked way longer than I expected.
if (if) you assume that it's impossible for consumers to account for how sites use and share userdata, requiring businesses to allow anonymous transactions is the only policy solution to privacy
tricky to balance a 'right to anonymous transaction' against other policy goals like financial KYC, fraud protection, but IMO our current KYC approach has been taken too far at the cost of consumer welfare, and there's an unexplored middle ground
It's a bit sad how a website not employing a dark pattern inspires explicit praise these days...
So even though my software does not require user accounts, it requires a serial number to activate all features. That serial number can be linked to the purchaser, so in theory my app could do really invasive tracking. (It doesn't, but my users have to rely on my word)
How can one fix this? I would love for my software to somehow anonymously check whether the user paid for it, and isn't running it on more than X devices, but I'm not sure how this could be done without revealing the users identity.
https://mullvad.net/en/pricing/ ctrl+f cash (the section has no anchor)
I am trying to get telemetry in place to demonstrate how much of our capacity is going to particular features, so that we can say, okay, that wizbang thing is costing us $100k a year. Our profit is 1:X (we make $X for every dollar we spend). Is this lowering or raising our profit margin?
I think we are completely disconnected from opportunity costs and the entire center of most orgs I've been in are all about covering your own butt and telling stories. Until the layoffs happen and then we discover that the investors, advisors and some of the C suite actually care about whether spending $1 for the prospect of making $1.50 is a complete waste of time and energy. And I often wonder if some of the narratives I hear about who got laid off and why are not seeing this calculus in the results.
But user accounts helps reduce spam, save profiles and enable cross platform syncing.
Sure you could do something like have a user account-like process, which involves unique ids and all that jazz. Except, at that point, you're making a user account with 10 more steps.
And maybe prefer procedurally-generated identicons rather than photo avatars if you want a visual aspect.
But privacy is not secrecy. If f-droid tracked my every waking move, and then just never bother to look at that data, I would still have privacy from them.
What they are doing here is a form of guaranteeing their future good behaviour. Which is nice, but there are other methods. For example I am happy to announce my plans to not rob a bank. But there are means in place to ensure I do not - At least not twice.
So while it is nice to find ways to avoid having user accounts at all, most hospitals will have to have other means to keep their users privacy.
Most of the time we are going to need to rely on regulation, where PII data (which lets face it is 98% of all data) will both legally and culturally have to be protected at levels hardly dreamed of today.
No, they have an unexploited asset and you think you're safe because nobody has exploited it yet. This is false security. If money gets tight they'll exploit it. If they get bought out the new owners will exploit it. If they get hacked, the entire Internet will exploit it.
I would highly recommend that you spend a little bit of time thinking about or working with groups of dissidents, other oppressed groups, even people who have been sexually harassed. I have seen so much wrong-thinking about what Security actually is and it's always people living in a privilege bubble, not thinking of actual, real life existential threat that exposure can represent until they have some user in hiding because they got death threats after being doxxed. Or just plain disappearing because their government black-bagged them over something they posted online.
But I do not want to be on the side of "we need a better way to hide". Staying hidden should not be the solution to death threats. Jail is the solution.
I hate that we (western ? US/UK?) society has abandoned hope of properly funding a justice system, let alone a mental health system.
In our society I do not want the response to death threats to be "hide better". It must be "police better". And that is expensive and difficult and long.
In other societies, well, We are not going to bring the worlds dictators down with clever messaging protocols. That is going to be old fashioned politics (and by recent events war too).
I have been very unsure about posting this - it's a very big wide topic that raises a lot of emotions. And that's because it is important - we have much to fix about our world.
Nope, Klar == Focus in German-speaking markets, the rename was caused by an existing trademark: https://support.mozilla.org/en-US/kb/difference-between-fire...
Speaking of which, Focus fits my flow of incidental, one-off browsing quite well — it’s my default browser. If I need a more serious or stateful interaction, I might have the service’s/whatever’s app installed, or use Chrome or full Firefox.
The official Firefox Klar builds originally contained slightly less tracking than the official Firefox Focus builds. Nowadays it might be only the trademark that keeps them separate, but originally there were clear differences in code.
On the other hand, though, if you want to publish/share a diff, then, you know, privacy is the core of the value proposition, so you probably don't want to share it with the whole world, much less let the whole world edit or delete it!
It's possible to design a scheme with hard-to-guess URLs, URL parameters with "secret edit tokens" and so on, but that feels hard to use and different from how other sites work.
I'm quite torn.
https://guardianproject.info/contact/android-python-contract...
The vast bulk of sites want to make signup easy, meaning user objects are cheap. Cheap user ids are easily disposed of and replaced. So if you need to keep bad actors out, user accounts may not help a ton.
Actually showing your id was once rare and still is. In the 80s in UK a lot of people did well completely without one.
Would love to learn the options!
Without customization or user tracking, many, many workflows shift to read-mostly. Many are idempotent. Some can be fully cached. Some can be edge-cached.
The dark secret of 'social' media that has been slowly coming out is that they aren't social. They aren't about 'Us', they're about me. Me, me, me. So of course the whole workflow is build around who I am and what I want. That's not just unhealthy, it's also really fucking expensive. And if it's really expensive we can't just eat the cost as a 'value add', we now have to monetize it. So things were already pretty dark and then compensation came into the picture and now it's positively dire.
Software always starts by appealing to discerning customers. The early adopters.
Once it is fairly widely adopted, often the early adopters have adopted a newer, better thing.
So now you are making features for a crowd of people who are there mostly because of platform intertia.
They don't even appreciate or use new features, because anyone who actually deeply cares about your product niche doesn't use your product.
To add onto this, as a security-adjacent person, it's sad how much people think user behaviour data will be worth to their company. From the well-intentioned "we must pave the cowpaths" to the harmful "harvest the data and sell it", the attitude appears to have cropped up in the past 15 or so years as a mainstay of what apps should be doing and it's absolute insanity to me.
My only victories in convincing teams are where I could demonstrate their ROI was never actually going to materialize, especially when the investment part required enough development hours that other features that might sell more apps would have to be delayed. And even then, it's been about 40% of the time, with the other 60% being met with, essentially, "we have assurances it will be profitable" hand-waving.
The painful part of this is that unless certain privacy regulations start to get much more painful economically for companies, there's basically no incentive not to do it.
It's the entire "Data is the new Oil" run amok.
I think the main idea around user accounts is that they centralize a point of applying captchas as well as a tiny bit of data collection (some form of contact information) that can be used for antispam (e.g. banning certain email address domains from creating accounts, or banning certain email addresses, etc).
Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has. And note also that some of big tech companies, despite having all the money in the world, still have problems with fake accounts. So at best, requiring user accounts is one possible anti-abuse step, but it's neither necessary nor sufficient to prevent abuse.
I guess I don't care if my apps are "outdated" as long as they still do what I want. If there's something buggy about an app that annoys me enough I'll often just uninstall the buggy app and find an alternative.
I find that once I install an Fdroid app and I like it, it'll pretty much just keep working just the way I want it to. The only app I use that breaks if I don't update it is NewPipe and that's google's fault. It doesn't happen often enough, or take long enough to update to offset the benefits of using it.
Even most my regular google play store apps don't actually "need" to be updated, and many haven't been since the day they were installed with no bugs or issues.
It doesn't get any more anonymous than cash in the mail. :)
https://www.windowscentral.com/how-stop-updates-installing-a...
But since then I've had friends who volunteered for domestic abuse situations, and I've had a few friends who talked about former stalkers. In one case, the stalker was a LEO. My best friend's parents found asylum in the US, having snuck out of Poland sometime in the mid 80's, with the Communists hot on their trail. The Law would have had them swinging from a yard arm.
Jail isn't the solution in at least half of these cases. It's the stick being used against the victim, not a way out of the problem. In the police procedural dramas the cops have to assure people about how they're not INS, they're just here to ask about a murder. Those fictional scenarios, and the real situations that inform those writers, are essentially a case of Principle of Least Power playing out on the streets. Protests are often about changing the laws to match current or emerging public opinion. Changing a law means you're working against the law.
Consolidating all power into one place is how power trips end, but it can also be how they start. As someone else put it so plainly elsewhere in the thread, "You don't need to know" is an important concept and one we've lost. If I were President, I'd dismantle the TSA, and go back to something halfway between what we had before and where we are now. Because it looks exactly like the setup for a dystopian novel. We're still partly in the 'acclimate people to unreasonable request' but that's how totalitarians start out.
I can certainly see I am putting hope over experience. But that is the excuse to do nothing as well.
The world has changed. We must chnage our laws and our culture.
Yes there is a danger of totalitarianism, but we have had that without iPhones. We will have it with iPhones. The problem lies not in our stars.
Subway/public transit app (see how much money I have left on the cards)
Grab (an Uber competitor where I live)
YouTube
Google Maps
A bank app
Signal
Google Calendar
GMail
Android Auto
Agoda, a hotel booking app
Dropbox
Netflix
AirBnB
A second bank app
A boardgame helper app
Uber
TripIt
Microsoft ToDo
Shopping app for the baby store we order diapers and formula from every few days
Spotify
Proton calendar
Facebook Messenger
Google Docs
Google Photos
Google Voice
Google Sheets
You Need A Budget
Tiktok
Shopee, an online shopping app I use nearly every day
My country's covid vaccine tracking app
Google Translate
So what you're asking is can someone come into the ToD and introduce a new product that steals people away? It's plausible and if I were in a better headspace I could probably name you a bunch of examples. But does it always happen? I don't think so. There are plenty of incumbents who manage to coast through and come out the other side having demonstrated a dilute form of change of heart - just enough to convince the customers that 'something was done' even if they can't quite put a finger on what exactly is better and how much.
Oh, sure. It's a very tough field, and would be even if the incumbents didn't have billions to throw at the problem. I definitely don't believe that the better product wins; I only need Microsoft as a counter-example.
But it does strike me as a zone of opportunity. Maybe Substack is a good partial example here. Before the web, we had magazines. Then we basically had magazines on the web, preserving much of the old structure in the new medium. With lots of flailing as people tried to find sustainable business models.
And then Substack came along with an extremely bare-bones implementation mostly using 1980s technology and a lot of writers and readers are very happy with it.
So it's more that I'm asking myself. What are the products that cost 1/100th as much that might be as satisfying for my Facebook-ish needs?
I keep wondering why nobody has really tried that again. Slashdot sort of filled in that space, and then Digg and now Reddit. Or Facebook for the 'all-in' solution. I keep thinking there was something I was missing about why that would be difficult to pull off.
Today I have a different answer for that - that ship has sailed. We are multi-device and it would be much more difficult for me to have a consistent experience across phone and personal (and sometimes work) machines.
But at the time perhaps it as an adoption thing. Just visiting a website is a cheap interaction that can lead to a habit. Having to do something special doesn't work the same way.
That thread is backing up what I said. 4 days ago someone from the original crowdfunding campaign in 2017 is being shipped his Librem 5. If someone were to order a Librem 5 today (for $1200, double what people in 2017 paid) they too may have to wait years to get it.
>Did you hear about supply chain problems in CPUs?
Purism had years to procure the CPUs they needed.
>Every time Purism can get the CPUs, they deliver another bunch of the phones.
Sure, but the amount they are able to make is not enough. Purism's timeline constantly slips. Your money is stuck in an interest free loan to Purism that they won't let you get out of. It is not hard to find people complaining about not getting refunds or refunds taking hundreds of days to go through. It seems like they want to get as much money as possible while delivering as few phones as possible. This may not be their intention, but this is what it feels like to a lot of people.
Yes, Purism had their own delays. In my opinion, they had good reasons for those [0]. But today delays are due to the supply chain, not Purism.
[0] https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
They say the delays stem from their choice of SoC. They decided to use i.MX 8M in 2018. They had time to order the CPUs.
>there were only two SoC's that Purism could use (i.MX 6 or i.MX 8M) that could run on 100% free software and fit within the power limitations of a phone
This isn't true as it requires proprietary software for things such as doing memory training on boot.
>But today delays are due to the supply chain, not Purism.
Despite the uncertainty in the supply chain Purism continues to take orders even if it may not be possible to fulfill these orders.
If I don't have a laptop or desktop, why wouldn't I have a lot of apps on my phone?
In any case, it's fine for F-Droid to choose that behaviour, but then it limits itself to a niche of possible apps.
Not really. You can't edit Wikipedia from a VPN (even with a user account!), and I think they ban most datacenters. The edits aren't really anonymous if they publicly associate with a piece of PII that, for most people, directly maps to their name and home address.
Counter-example: stackoverflow is also reasonably big and allows anonymous questions, answers, and even edits, without publishing an IP address or anything. The edits end up in a review queue, the rest I think is actually published immediately.
If IP addresses didn't matter for privacy, Tor routing wouldn't exist. If IP addresses weren't useful for blocking specific users, IP bans wouldn't exist. If IP addresses weren't useful for tracking, operators wouldn't have gotten up in arms about Apple's private relay service. Obviously this stuff matters.
Remember that not everyone lives in or around San Francisco. For someone in a suburban/rural area, an IP address combined with things like timestamps, user ids, and the text of the edits can go a really long way towards unmasking them. Even for people who live in more urban areas, it is still obviously easier to find someone who lives in San Francisco than it is to find someone who could be living anywhere on the West Coast. If they could also have been using a VPN, or time-shifting their posts... that makes it even harder.
In contrast, how hard do you really think it would actually be to get some address data from a voter roll or via a warrant or even just through one of the scummy person lookup services online and to iterate through everyone who shares that IP address and check to see how many of them are named Pietri? Or who have shared the username wpietri across another account, or posted somewhere else at roughly the same time? Your IP address is drastically reducing the search-space for other attacks, many of which (timing, text-analysis, etc) are impossible to get rid of when making a Wikipedia edit.
It's not good for growth, but some websites are fine with that.
If I'm in the picky group, and we send out 5 invites total, but the unpicky group sends out 10, then 2/3 of the invites are unpicky - if the groups are the same size, which they probably won't be for a while (I'm probably inviting people who are almost as picky as I am)
There's also someone on the team who thinks we'd grow faster if we simplified the onboarding process, which is true but also means when we piss off some user they can create a bunch of accounts while they're still spun up and cause a bunch of overhead for the support team and the developers. That gets expensive too.
Sure, but then the student who shares their interactive class URL (w/ or w/o password) on 4chan still isn't accounted for.
>How do you solve problems arising from bad actors without an object representing the user?
In response to the argument that user objects are no longer needed, even for something like virtual meetings. The scenario of zoombombing isn't something "I came up with", it's a real life scenario that having a user object helps prevent bad actors with.
In the event of a user sharing their account, you would know who it was and be able to hold the bad actor accountable, as opposed to a meeting URL being shared. I think the better question is why you are so hostile to the idea of user accounts having utility.
Much better to start off editing your local country town which has no power users patrolling and tends to be significantly out of date.
But for the current context, where we are talking about whether or not user account registration is helpful in preventing abuse, I think the kinds of low-probability, long-timeline consequences you describe are not really going to deter most would-be vandals. Especially since Wikipedia is going to know the vandal's IP address whether or not it gets show publicly. So I think Wikipedia is still a good example of how "no user accounts" is workable at scale.
Emphasis added. You could create user-specific passwords, but that would require... users.
Anyhow, that seems besides the point. All HTTP requests come with IP addresses. That the police might be able to trace them back to a house eventually does not say much about either Wikipedia (who would give up an IP address with a warrant whether the edit was for a named account or an anonymous one) or no-user-account systems in general.
They describe it as an anonymous payment system. That matches the first definition here: https://www.dictionary.com/browse/anonymous
If you can trust the platform, in cases where the school hosts the program itself, the names can be added to the links directly. You don't need a big db of students for this, just an ephemeral list of strings.
Yes, it is a pain. No, it's not more of a pain than managing user accounts for the video conference thingy. Also, the video conference thing could automate emailing/texting each participant a unique link. It could manage the invites and address books locally (e.g., via the phone's existing contact list).
If something like the windows phone social hub still existed, it could even send the links via gateways to any social network the phone was logged into. I miss that phone. So much wasted potential.
https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...
Running proprietary code on the i.MX 8 chip means that it is not 100% running on free software.
It's however the most free phone as far as I know.
not taking new orders (and money) would be a very bad sign for investors, no?
To me keeping the orders, doubling the price, and trying not to give out refunds makes me think Purism has serious money issues.