Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.

Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.

I mean, you can hack/root most devices, even right now. I expect that’s not changing.

I’m not sure if that would be viable technically.

They might be able to make requestable the connection requests to outside sources (which I expect is something many extensions use, even those without data collection), but whether those requests relate to data collection is not something that can be determined programmatically.

Samsung s22 and s25

I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.

Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.

Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked “none” then no need to go out of your way to figure out if it does it.

For some extensions it might actually be relatively easy to figure out if they do communicate with an external server that they might not need to, specially considering that the extension format can easily be decompressed, .crx files are just zip files with some javascript and other files inside… they might want to obfuscate the logic, but it’s not impossible to try and unravel things to some extent.

I’ve commented it in the other post, but in my opinion, the issue of the “nothing to hide” -> “no worry in showing” statement is that in between lines (specially in the context for which it’s used) it seems to want to imply that having something to hide must be something rare or perhaps wrong… as if it were not possible to want to hide things that are good for society to keep hidden.

This isn’t a formal, logical fallacy, but an informal one: https://en.wikipedia.org/wiki/Informal_fallacy

From a perspective free of presuppositions and biases, I don’t think the logic of the argument on itself is wrong, because of course I wouldn’t be worried about my privacy if I had no interest in keeping my private information hidden… but the premise isn’t true here! the context in which the argument is used is the problem… not the logic of it.

It’s not incorrect to say: “nothing to hide” -> “no worry in showing” …what’s incorrect is assuming that the “nothing to hide” antecedent is true for all law abiding citizens …as if people didn’t have an interest in keeping perfectly legal and legitimate things hidden and safe from as many prying eyes as possible. The fallacy is in the way that it’s used, they are pretending that this means people shouldn’t be worried, when in fact it means the opposite, since everyone does, in fact, have information that should remain hidden. For our own safety and the safety of our society! …so everyone should in fact be worried about breaches in privacy.

In my opinion, this looks more like an informal fallacy, the problem is in the context and the intent that is given to the statement, not so much in the logic of it.

The postulate has some ambiguity… because in between lines it seems to want to imply that having something to hide must be something rare or perhaps wrong… as if it were not possible to want to hide things that are good for society to keep hidden.

This isn’t a formal, logical fallacy, but an informal one: https://en.wikipedia.org/wiki/Informal_fallacy

From a perspective free of presuppositions and biases, I don’t think the logic of the argument on itself is wrong, because of course I wouldn’t be worried about my privacy if I had no interest in keeping my private information hidden… but that premise isn’t true here! the context in which the argument is used is the problem… not the logic of it.

It’s not incorrect to say: “nothing to hide” -> “No worry for showing it” …what’s incorrect is assuming that the “nothing to hide” antecedent is true for all law abiding citizens …as if people didn’t have an interest in keeping perfectly legal and legitimate things hidden. So it’s not that the statement isn’t logically sound, the fallacy is in the way that it’s used, they are pretending that this means people shouldn’t be worried, when in fact it means the opposite, since everyone does, in fact, have information that should remain hidden. For our own safety and the safety of our society!

It’s more like calling “nazi” to all forms of authoritarian positions, even the left-wing authoritarians in the opposite side of the spectrum.

There’s a distinction between “informal fallacy” and “formal / logical fallacy”. Both have separate articles in wikipedia as well. Why not just call it “fallacy” without categorizing it into a specific subcategory it does not fit anyway?

Yes! I mean, blame those who post AI-generated translations as if they were their own, or blame the AI scrappers that use those poorly generated pages for training, but it makes no sense to blame Wikipedia when the only thing they have done is just exist there and offer a platform for knowledge sharing.

In fact, this problem is hardly exclusive to Wikipedia, every platform with crowdsourced content is in some level susceptible to AI poisoning which ultimately ends up feeding other AIs, the loop exists in all platforms. Though I understand wanting to highlight particularly the risk of endangered languages being more vulnerable to this, since they have less content available to them so the AI models have a smaller dataset which makes them worse and more sensible to bad data.

And even if they did somehow manage to get permission to switch the license, all previous versions would still be open in perpetuity so a fork would come easily. Immich source isn’t only open, and not only GPL… but AGPL-3.0 which is as copyleft as you can get.

Did they work on developing new web standards to unlock that potential on the web?

Back then HTMLv5 wasn’t even a thing, there was no concept of video/microphone/gyroscope/gps access for webapps, notifications, web workers, web sockets, offline PWA webapps, etc. It was not a viable idea unless they actually were to invest big. They weren’t so committed. In Firefox OS even the dialer was a webapp, Mozilla brought forth a lot of innovative APIs to make it possible, many of which are in use today even after the OS was discontinued. And nowadays you even have things like Webassembly that allows you to code it in C or whatever low level language you want.

I feel Apple has always been more interested in their own ecosystem. Opening the web to have the same level of potential as the native apps from their walled garden goes against that strategy, so I don’t believe they were really serious about that approach, it’s always been more interesting for them to prioritize their native apps.

I wonder if resurrecting Firefox OS might still be an option. It was such an interesting idea having the webapps be first citizens.

There’s the KaiOS fork, but the direction is not really the same since it’s more targeted to low power keypad-based phones… and I believe they replaced much of the Gonk layer with a very stripped down low level Android base which isnt fully open source… maybe if they coordinated with the LibrePhone project and some hw manufacturers (like EU-based Nokia) we’d get a fully free stack.

Good marketing means achieving an arbitrary limit of what you consider “good” marketing. So it depends on where you set the bar.

The best marketing necessarily requires some level of unethical behavior, because being honest and saying the whole truth doesn’t sell. Everything has drawbacks and benefits… the better marketing minimizes (or even hides / fails to mention) the drawbacks and emphasizes the benefits, which is a form of deception.

I feel it’s a bit like the usability vs security dilemma… you can try to optimize to have both, but then you won’t have as a result neither the most secure system nor the smoothest user-friendly experience, but something in between (you might still consider that “secure” or “usable”, but that just depends on where you set your expectations).

If you want to maximize marketing then the result won’t be as ethical as it could be, and if you want to maximize ethics then the result won’t be as marketable as it could be.

I always saw I2P as a more modern and distributed onion-routing alternative to Tor.

The thing is that people are used to making use of Tor in different ways than the way they use I2P, but you can also have outproxies (ie. exit nodes/relays) in I2P the same way as in Tor… and you can also host a service inside the Tor network without relying on an exit node, like in I2P. It’s just that people only seem to want to host exit nodes for Tor and not so much for I2P, this led to internal communications in I2P being more common (which is a good thing), whereas in Tor it’s common to use it for anonymous access to the clearnet (which strains the network and causes chokepoints, specially with big downloads or torrent sharing). That’s just a matter of usage, not capability.

I think it makes sense to choose a phone that’s freer than most phones as a start, then fill up the gaps to make it fully free. As things are all phones have blobs (even non-Android ones).

I expect non-Android linux mobile OSes can also benefit from the reverse engineered firmware.

What should be the highest priority in terms of being able to use a fully FOSS phone? I feel we already have FOSS alternatives for most things that make the phone usable.

Perhaps free hardware might be top, but the S in FSF is Software and being able to avoid non-free software would be close 2nd, imho.

I expect it’s a combination of all the above in some sense. They state they want to build on LineageOS (an Android variant) and replace its binary blobs, I expect the result would be a new custom ROM targeting specific compatible hardware with the goal of ultimately supporting usable phones working on fully Free Software.

What it’s not is the creation of a libre hardware phone. I don’t think they are working on hardware, at least not anytime soon. Also if by “Linux phones” you mean non-Android based, that’s not necessarily a requirement (given that they mention LineageOS), but I expect regardless the kernel will be Linux without the blobs and it’s entirely possible that they add support for installing their firmware on those “Linux phones”.

I do kinda wish they’d focus on stuff that has a way bigger user impact 😅

The thing is that technically we already have fully usable FOSS software at that user level. Using for example LineageOS with F-droid as the only app store already gets you there. Whereas, ensuring your phone is not spying you or having some malicious functionality on the hardware/driver level is something that currently is simply not possible.

The FSF has always been doing the thankless job of championing for the things that are harder and less rewarding to do, but that will advance software freedom most for those who do seek it. Even when that thing is not necessarily the most popular/mainstream. I feel this has more of an impact in software freedom than, say, if they were to reinvent the wheel just to have their brand attached to it, and/or provide a slightly different UI to do the same thing other FOSS software already does.

The fingerprint (or you can also call it “security code”, it’s just a code for verification), is generated from the combination of the locally stored encryption keys from each side of the conversation, it will be different every time. I believe it’s also not technically required by the protocol that the same encryption key should be used for all conversations (although I don’t really know if the client does generate a new one every time or keeps reusing the same, that’s up to the implementation I believe).

When it comes to initializing the connection, It’s true that those identifiers (or perhaps more accurately, addresses) are susceptible to collisions in a “global space”. But they are temporary, ephemeral addresses (they are discarded after use and/or expiration), and the space is astronomical so chances of collision are tiny, and even in the rare event of a collision you still have a step in which you verify a fingerprint code that’s independent of the address, related to the individual local device… so you have a second factor authentication of sorts, if you are adding a person and the code does match then you can be pretty sure it’s the correct person, since both the shared address and the internal locally-stored key match.