The time is right for this project I hope they succeed.
Otherwise, their website suggests you can specify a particular project via the memo line of a check:
I'm willing to suffer a rough beta or alpha experience, but let me use modern hardware of my choice.
That said, the phone market is huge. They could sell enough devices to fund future development which might be good enough even if it doesn’t slow down Apple or Google. At least then there will be a device for those of us who are not happy with the state of things.
> I don't think you're the target market for this phone.
My comment is downstream of the entertaining of a possibility of:
> a significant user base that runs alternative operating systems
... which isn't going to happen if you ask your users to give up commonly used features. It will forever be a niche project, at best.
People do proprietary bullshit because they want to do proprietary bullshit. Anything else is made up.
WTF? What kind of shitty banking system are you using?
The only supported 2FA is the bank's own dedicated 2FA app.
To hack the banks app you have to find an exploit in iOS or Android which would allow you to read the other apps private storage, which is borderline impossible now. To hack the banks website you just have to buy some random browser extension and add malware to it, or break into someones NPM account and distribute it there, or any number of ways to run code on someone else's computer. Something very achievable by an individual.
Does it? The browser doesn't do anything, the person sitting at the computer where the browser is running is what performs the actions. The reauthentication and 2fa is meant to authenticate and authorize the user, not the browser.
The attack vector of someone else using your phone using an app that doesn't require (re)authentication is independent of the browser or the app itself being trusted. That your bank doesn't periodically require some kind of re-authentication for their app is a security hole, but because the device could fall into the wrong hands, not because the code/app/browser used to access it isn't trusted.
My other bank offers 2FA via chip reader as an alternative. I guess that's somewhat viable for an alternative phone OS, if you want to carry the reader around with you
That might just be European banks though
Also many websites are making it remarkably hard to not use the app if they even remotely sense you're not on an actual PC. FB and LinkedIn aren't banks but prime examples.
I like my credit union.
I remember the stagnation of Internet Explorer combined with increased awareness of security exploits in Windows and Internet Explorer led to the rise of Mozilla Firefox and (to a lesser extent) increased marketshare for the Mac. This, combined with the arrival of smartphones around 2007, put pressure on organizations to make their Web sites accessible to a wider range of browsers instead of just IE.
Perhaps if we had a critical mass of people using phones with FOSS software, this would be enough for banks and other organizations to consider people who don’t use Apple/Google products.
The challenge, though, is getting that critical mass. Firefox benefitted from Microsoft’s fumbles in the 2000s. It’s going to be hard for a FOSS project to compete head-on against Apple and Google.
A free OS will empower developers to implement technical workarounds that could trick these apps into working there. If the OS is tightly controlled, we have no recourse.
Even in the worst case scenario, we could use a cheap big-tech-approved phone for these applications (a glorified digital token) and use the free phone for everything else. When there's enough adoption and trust in the new phone, non-technical avenues are available to influence these organizations to accept the alternative.
If you can't be sure what's going on and unable to inspect or debug the hardware and software, how can you trust it's doing what you want?
Proprietary hardware and software is already known to work against the interests of the user. Not knowing exactly what's going on is being taken advantage of at large scale.
Let's put it this way: if you can choose between making your own lasagna with a good recipe vs ready-made microwave lasagna. What would you choose? How about your suit? And would you trust an open known to work well pacemaker vs the latest Motorola or Samsung pacemaker? Would you rather verify the device independently or pay up for an SLA?
Does anyone remember having a copy of internet explorer that the bank required (or chrome these days) but using firefox for everything else? Apply that concept to a phone.
But the partially wrong part is, we can make our own platform. PCs let you install and run any software you want, because it's an open platform. If we make an open platform smartphone that can compete on features with the closed behemoths, and that then becomes popular enough, then banks may offer apps on that.
But this is tricky too. Linux already has issues getting official support from corporations. We'd need our open platform to be compatible with the closed ones, so that it's easy for banks to run their apps on our open platform. There are already ways around this, like virtual machines to run Android, or other methods. But the closed behemoths may try and end-run around this, like DRM. So we'll still need to advocate for our rights and compatibility.
Stallman had a good idea for free (as in freedom) software, but then "missed the forest for the trees" by focusing on the source code.
Make sure your app has a progressive web app version that has feature parity with the store apps. That way, the app will work on phones like the librephone, and, if Apple or Google decide to kick you off the store, you and your users have some recourse. As a bonus, it’s compatible with open source — users can modify the app and install it without jailbreaks, root or (for now) sideloading.
React Native supports this (and can mostly be bundled with electron for mac/win/linux support).
Are there other stacks people can recommend?
Log in to your bank over the internet, the normal way.
Currently scope only seems to go as far as the operating system
These projects have stuff that works, but the lack of firmware for chips that can connect to modern cell infrastructure means that they can't really create an appealing product. The OS layer is where all previous Linux phone efforts have failed, and I hope the FSF makes it farther than everyone else has.
The OS layer is where the existing projects are thriving, with various distros and shells to choose from to match one's needs and tastes. It's the appropriate hardware that's in undersupply. I'm using a Librem 5, a 2019 design, and if I wanted to switch to something newer I can't because there's no viable upgrade path on the market. No other hardware vendor has invested significant resources into mobile GNU/Linux since then, everything else is either purely community-based or uses Halium.
I like postmarketOS, but it always felt to me more like a pet project than a real OS, for that reason.
Seems like a smart decision to me since that's what everything phone related builds to as a lowest common denominator anyway.
Doesn't stop you on working from there once that milestone is reached.. I would certainly welcome more alternatives in light of the recently announced changes from do-no-evilG
Trying to build a non-Android Linux phone that is competitive is just not practical at this point. It would require an enormous amount of funding.
In a modern smartphone, modem is often a part of the SoC itself - and it runs some of the biggest and fattest blobs you've ever seen.
In most countries, the spectrum that cell phone carriers use is licensed to the carrier, under the condition they only connect devices that are guaranteed to comply with the requirements of using that spectrum. The end user (i.e. the person with the phone) has no license to use the spectrum. So in order to get regulatory certification, basically every modem has to be locked down so that the end user cannot operate it in a way that would violate any rules or regulations for using that spectrum.
So basically, it's illegal to have open source modem firmware. At least, as long as cell phones are operating on spectrum that isn't open for public use.
Ultimately, if you want to open source a modem, you first need to build your own cell phone network.
I am so happy they are focusing on Android, one of the most popular operating systems widely used by every day people. This is important work for providing user friendly, free software to users.
Let's just hope they don't fall into the trap of disqualifying binary blobs sent as part of drivers vs opting for hardware that harcodes the blob.
They're saying approval of any who-knows-what code shouldn't be decided based on how it's loaded.
The OP's point is, having the firmware permanently burnt-in on a ROM chip vs loaded as a binary blob via a driver doesn't change the "non-free"-ness of the firmware itself.
So opting for hardware which has a "fully-open-source" driver, but runs a binary blob encoded into the hardware, doesn't make the system fully open.
It's a take for a more Free system, not for accepting binary blobs.
(Or I guess for acknowledging that if you're willing to allow binary blobs stored in hardware, then dynamically-loaded binary blobs doesn't change the "free"-ness.)
Open Source Firmware signed by OS > Firmware blob signed by device manufacturer > Firmware blob hardcoded by device Manufacturer
The FSF treats hardcoded firmware blobs as "free" and updatable firmware blobs as nonfree despite there not being a big difference between them in practice. And practical differences like being able to fix security issues benefits users.
This needs to be done before age verification apps become universal..
They should probably prepare themselves to make ideological concessions... The situation is very ugly here in mobile land. Treacherous computing, remote attestation, DRM, all ubiquitous and normalized...
I'm not going to say how this situation should be dealt with, but it's not a good look. Maybe it's better to salvage what can be salvaged and otherwise keep a distance.
*Edit* Because Idiots are Downvoting me, look at the texas law SB 2420 as an example. These phones will essentially be illegal in texas unless they comply with already passed laws.
Any reason that can't happen now in something like the Steam Deck?
[0] https://www.thinkpenguin.com/gnu-linux/usb-4g-lte-advanced-m...
These days, I see FSF and all I can think of is a donation racket with zero sincere intent to operate or capability to execute. If they were not still cashing in on goodwill from the Unix Wars era, they would be nothing more than a grift overseeing a mountain of copyright assignments.
Terr_•2h ago
Just because pieces are open-source (or "free software") doesn't mean the autonomy and capabilities we want are necessarily present in the overall system.
[0] https://news.ycombinator.com/item?id=45562286