I feel LineageOS + F-Droid is often underrated when it comes to these discussions about alternate ecosystems. If we're ready to let go of name brands, then F-Droid has some very high quality apps[1] built with passion over profit.
But I agree that the initial friction to setup LineageOS on the device is far too high for a non-technical customer, Something which could be only resolved if a devices ships with LineageOS(I think even F(x)tec, Fairphone requires the user to flash LineageOS) but then again memories of that fateful tie-up with device manufacturer which ended CyanogenMod would be fresh within LineageOS team.
Now that's the catch-22, Alternate exists but not for everyone.
I had run LineageOS for some time. It works, but FDroid is missing too many apps, even opensource like Signal. I have to update apks manually every few months.
Signal team fought a long war against any forks or unauthorised builds of Signal. There are (or were) FDroid repositories with Signal compatible builds, but Moxie stated that any such build will be considered malware. Signal team was making such builds increasingly difficult to produce.
Official F-Droid repo doesn't allow proprietary dependencies on which Signal depends for some messages (push?)
Signal is open-source in the "look at it, but don't even try to tun it" way. I'd rather support a protocol that supports federation and encourages alternative clients.
Not upvoting or downvoting, but Matrix is an experimental choice at this point. I have some hope for the near future, but so far Matrix protocol is far from an established standard.
> supports federation and encourages alternative clients
Currently, the only featureful matrix server (synapse) uses gigabytes of RAM just for a handful of users (see also progress on dendrite and conduit). As for supporting alternative clients, Matrix ecosystem has an overdependence on 3rd party web widgets (eg. Jitsi) for client features because they are not supported by the protocol itself yet, making it harder to implement a native client with good performance and all Element features.
As i'm writing this, i realize nheko client now supports WebRTC audio-video calls when a recent GStreamer is available, congratulations on that, and good luck for the multi-platform implementation!
It may be the only one. I was simply aware of this example. My point is not that Jitsi cannot be selfhosted but that using it in your client means your client requires a full web rendering engine to provide that feature, making clients more resource-hungry. To be clear, i'm great it exists at all. It has provided useful services for tech conferences like FOSDEM. I'm just concerned with interoperability and the webification of everything.
Using HTTPS for transport as part of the matrix protocol is great for punching through firewalls, i'm just not convinced the rest of the web stack is well-suited to social networking usecases with a lot of information pouring in. Web engines and the DOM model were designed for static data, not for highly-dynamic information, although there's ongoing R&D around virtual DOMs to optimize those usecases.
Why doesn't Signal maintain an F-Droid compatible build? (if there's a dependency problem, then they should considering dropping it, release a Signal lite perhaps)
Making your own F-Droid repository was harder a few years back, and UX client-side was bad. Nowadays setting up a 3rd-party repo is as easy as scanning/approving a QRCode (for example for Newpipe repo).
Not that i approve Signal's attitude on this topic at all, but there are (were?) technical reasons for which they would do something else. Of course, F-Droid maintaining proper LibreSignal builds in their place alleviates the concern, and that's what Signal team famously opposed. For the uninformed, F-Droid has very serious review/build process for apps and i don't think malware was ever distributed on there (and antipatterns are listed in the UI client-side).
Yes it's a shame that Signal is not on F-Droid, but there's a self updating apk available[1] for side-loading which doesn't use Google Push Notifications if not available and as for why it's not there on F-Droid here's their official response[1], Which IMO makes some reasonable (against forks using their servers) and unreasonable (against normalizing side-loading) justifications.
> some reasonable (against forks using their servers) (...) justifications
How is that reasonable in a centralized client-server model? That's precisely what we find unreasonable with Twitter and others shutting down or making life hard for 3rd party clients. Why would it be more acceptable from a free-software service?
The network effect says a centralized protocol like Signal has "zero" value without reusing the same servers. All this because Signal maintainers have an ideological argument against decentralization, which received many great responses including this one from a Jabber/XMPP client developer: https://gultsch.de/objection.html
In all cases, Signal servers control who has an account, what permissions and what can be posted. You can't just extend the protocol to enrich your client by abusing Signal's servers, but you can make your client compatible with Signal protocol (interoperability). Preventing that is rather user-hostile.
The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up Them having their own F-Droid repository is to the quality standards, not adhering to feature parity while consuming their resources might not go well with their funders.
Signal having its own repo on F-Droid is the viable solution for them but they don't seem have any intention of doing it.
I don't agree with Moxie's reasoning against federated technologies, TBH I prefer email over any real-time communication due to its federated nature.
F-Droid community was interested to package Signal but at the time upstream had a hard dependency on Google Play Services (which according to my/F-Droid quality standards is pretty bad), and made it clear they didn't want any unapproved builds using their servers. This would include reproducible builds from the same source code as is standard in F-Droid official repo. Still, such builds would hypothetically have the same quality standards and feature parity with upstream.
I agree, Even the standalone apk which can use web sockets for notifications still has Google Play Services and so the F-Droid repo should be a separate code base without GPS.
Btw it seems I had a brain fart when typing this -
>The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up Them having their own F-Droid repository is to the quality standards...
The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up to their quality standards...
This exact issue years ago made me think less of (and stop using) Signal rather than F-Droid. You're better off with XMPP or Matrix, plus an ordinary SMS app.
Stellar UX are always welcomed, But the network effects of a chat application are too high of a variable for to just rely on stellar UX to be successful.
Case in point: There was a chat app called Hike[1] in India run by the son of the leading Telecom Billionaire. It had more features(free SMS, Stickers) and arguably better UX than WhatsApp according to its users(100M). But it could never gain over WhatsApp's initial market size in India(Why change what works?).
Final nail on the coffin for Hike was when WhatsApp was made available on the 4G feature phone released by a competing Telecom operator and loads of people got to experience WhatsApp on their first ever Internet enabled compute device.
Yeah or any kind of cartel, really. It's hard enough for a small coop to fight economies of scale, but in many areas you're facing an actual mafia.
Somewhat off-topic, but what's the situation with DIY non-profit ISPs in India? If you're not familiar with the topic, you can look up NYCMesh (New York), Guifi (Spain), Freifunk (Germany), FFDN Federation (France) or Rhizomatica (Mexico). Another interesting development in the telecoms field is https://jmp.chat/ promoting and developing free-software for cellphone<->XMPP/SIP interoperability.
ISPs by itself are heavily scrutinized entities in India, Even Starlink hasn't able to get its license yet AFAIK. I've seen couple of small for-profit ISPs come up and disappear in the form of both non-innovative distributors of bigger ISP and innovative original technology ISPs like WiFi Dabba(YC)[1](Not disappeared, but changed USP from mobile Internet to home broadband & moved the HQ from B'lore to Delaware).
As for non-profit ISP, even if possible it definitely cannot be open i.e. without oversight as in the examples from other countries you've sighted. Closest I've come to community run networks I've seen are LoRA networks.
jmp looks great, Google Voice has been shutdown in India can I use jmp as a replacement?
Edit: I've submitted jmp to HN as I didn't see any large discussions on it.
> non-profit ISP (...) cannot be open i.e. without oversight
That's also the case here. In France you need to declare your ISP activity to the telecoms regulator and follow some regulations. In Germany too there are regulations, but Freifunk as an activist collective ignored them in order to protect their users' privacy, and went up to the supreme court and won their right to operate a privacy-friendly ISP.
> jmp looks great, Google Voice has been shutdown in India can I use jmp as a replacement?
JMP is great from what i heard. It may not be as featureful as Google Voice yet, but there's active development and the user support (i hang out in their channel despite not being a client) is the best i've seen across the entire telecoms industry, and by far. The maintainers are very happy to work on new features and open to suggestions, but due to being a very small organization they're prioritizing obviously new features requests on a "who would pay for that?" basis.
You may be interested to learn that stellar UX is an important point for the snikket.org family of XMPP clients, despite not being there yet. There's an upcoming UX study if you'd like to take part: https://snikket.org/blog/simply-secure-collaboration/
If you install signal from the apk they(moxie, signal) provide it works without google play services and it will update itself automatically, just requiring you to click a confirmation every few weeks.
Calyxos ships with Signal installed. I think it's an install time option? And it updates in an identical fashion.
By auto-update I mean it opens a prompt asking you to update. If you choose not to update it eventually stops working because they change the protocol periodically.
I use lineage, and the signal apk from the website, and signal nags me to upgrade -- that doesn't happen automatically as far as I can tell. I've disabled the "install unknown apps" permission, but I don't know precisely what "unknown" means in this context.
You need to manually update apps from Fdroid due to artificial limitations introduced by Google for third party app stores - only Google Play and possibly device vendor apps stores can update apps automatically on non-rooted device.
True I limited my comment to LineageOS as I've personally tried /e/OS only for a small period. Having it pre-burned on a device does alleviate a major problem, but is there any other reason to choose /e/ over LineageOS?
/e/ is actually LineageOS under the hood. Chose it cause i found one of the models they sell new for cheap, thought support for it might be better than a phone having one maintainer. The alternative of buying a two year old phone used, even if it has three maintainers for LineageOS did not look that appealing. /e/ offers a free account with email and stuff, based on NextCloud IIRC. You can get a paid account with more storage space to support them financially.
Personally I refuse to buy any device that requires me to go crying to the manufacturer for an unlock key.
Google and OnePlus devices can be unlocked locally with no need to contact anyone and beg, so no one can refuse your unlock on a device you already paid for.
T-Mobile US's LG devices came with unlockable bootloaders as well, but that only helps if someone develops a ROM for it. Even then, more and more important functionality is getting locked behind closed doors. On my Stylo 5, it's not the camera, it's VoLTE. What good is it to run a custom ROM if I can't make and receive phone calls?
For me, personally, a major reason to unlock the bootloader is to install Magisk. Running an entire ROM is nice if you can find a trusted and supported one, but failing that, root access is the next best thing.
I've got background clipboard sync back in KDE Connect through a Magisk module. No need for an entire LineageOS ROM (would be nice if it were officially supported) if everything I want can be done another way.
VoLTE is incredibly fragile. You can often force enable it and it'll just work, but there's so much that can go wrong that I wouldn't risk it.
Just curious, is there any "trusted" custom ROMs? It seems that LineageOS is most reputed, but are they doing some good work about trustworthy like reproducible build, or just a reputation?. I was using random custom roms from xda until Jerry Bean era, but I'm now afraid to install entire OS.
Just nitpicking, but it's technically possible to install Google Play Services on any ROM, to my knowledge. What makes GrapheneOS apart is they apparently found a safe way to prevent it from gaining control of your entire phone.
I have an LG G8 from T-Mobile. It hasn't been updated since February. Rumor is they're rolling out android 11 in Q4 which is more than a year after 11 was released.
Contrast that with my wife's S10 that's got 11 around February.
At this point I have very little faith LG will follow through with updates for even the original two years let alone android 12.
Yikes. My Stylo 5 recently got an update, bringing its patch level to June 1, 2021 (still Android 10). I guess I should consider myself lucky. Considering that LG decided to quit the market, I'm not too hopeful, either.
I'm honestly considering going back to a flip phone once the Stylo becomes unusable. Sure, I'd end up losing some neat things, but the bargain we're being offered with smartphones is looking more Faustian every day.
Yes but they promised they would keep premium phones updated for three years.
"The three OS update guarantee applies to LG premium phones released in 2019 and later (G series, V series, VELVET, Wing) while certain 2020 models such as LG Stylo and K series will receive two OS updates.*"
Google devices cannot be unlocked locally. My USA spec Pixel 5, purchased unlocked from Best Buy, had to be connected to the internet - and I don't remember, but I may have also had to put a SIM card in - before it could be unlocked. Apparently a background service automatically checks with Google's servers whether the device is eligible for unlock (is it paid off or still under financing, and which carrier is it from?) and then automatically fetches the unlock code if Google decides to allow it. But the default state until that happens is locked with no possibility of unlocking.
So it's very unlikely that you'll be refused the unlock on a device you just purchased, and if you are then you can just return the device, but I don't like the internet requirement since that means Google's unlock code service and all the other Google applications on the phone sent out a bunch of information about my device to Google.
When I tried initially unlocking the option was grayed out and unusable. I had to find information about the internet connection requirement online.
I don't know whether OnePlus does something like that - my OnePlus 7 Pro was connected to the internet before I attempted to unlock it, but I'm receiving a OP 9 Pro today and would like to unlock it as soon as I get it without connecting to the internet or putting in a SIM card. Will see how that goes.
The OnePlus 9 Pro also required an internet connection, and I had to enable Google Play Services for the OEM unlock option to be enabled. I bought this phone unlocked directly from OnePlus.
Interesting, I can't find any such requirement online about OnePlus devices, but I did come across this mentioning that a law passed in California forced Google to do this on some devices:
Yes. That's what I'm talking about. Not carrier unlock. Bootloader unlock is blocked until the phone is fully paid off (if purchased under loan), and I believe T-Mobile requires a 40 day wait before bootloader unlock is allowed even if you pay in full upfront, and I think Verizon prohibits it completely. Google enforces these rules on their devices and requires the phone to connect to Google to authorize bootloader unlocking. It's an automated version of the manual bootloader unlock codes that some manufacturers do.
The average consumer only wants to purchase the cross-section between what is the cheapest and works the best. For most consumers Open Source is not a feature.
Actually, there is a specific set of features that guarantees planned obsolescence:
* Irreplaceable battery (or one that is difficult to remove by the user).
* on the iPhone, the Lightning socket and the Home button. The former starts to wear out after ca. 5 years; the Home button lasts a bit longer. Apple will repair both these for you but at this point you will be tempted to buy a new device instead because of the costs involved.
* the support for older devices is being dropped from SDKs. With time, it becomes more and more difficult to develop apps for your device. For many developers this is something completely natural and reasonable. For me it's not. I'm not asking Apple to support iPhone 4s (would be nice, but it's unrealistic), but just to let me still run and provision apps on my old MacBook with a previous version of Xcode. It used to work well in 2012, why can't I do it now? Upgrade, upgrade, upgrade, produce tons of electric waste, buy more, buy more. OK, I am buying new devices, but I care about the old ones. I won't throw away a perfectly working phone that will serve me another 10 years just because it is not considered modern enough.
EOL-ed smartphones are powerful computers, they have tons of different uses, I wish manufacturers recognized it and collaborate with their customers to reduce the amount of electrowaste.
I think this will change as devices become more long-lived (I still use an Android 5.x device today) and more repairable.
For many it won't matter, but for many it will.
You can see a similar thing today with automobiles. Some people only buy for features and let it go after a couple years, but many others also consider longevity and repair and parts costs.
Buying a LineageOS-supported device doesn't necessarily help. I bought a Pixel 2 from the Google store, and later replaced it under warranty due to a bad microphone. Now the bootloader is permanently locked, and security updates ended in 2020. This is a widespread issue with no known solution:
But then they don't allow me to have root at the same time. They claim it is for security reasons but fail to explain why and get really unfriendly. Maybe some power-trip? So now I can choose between vendor lock-in and random-programmer-lock-in.
The GrapheneOS developers like to talk as if relocking the bootloader is unique to Google Pixels and providing a custom key is unique to them.
But that's not true. Every OnePlus device in the last few years allows avb_custom_key as well, Xiaomi Mi A2 does too, probably many others. And ROMs like Pixel Experience publish their custom keys too.
Relocking the bootloader doesn't imply that verified boot is enabled or that that it's not broken for alternate OSes, as is the case for the devices you mentioned.
In the meantime, I will only buy what ACTUALLY gives me control RIGHT NOW, namely, what is supported by LineageOS:
https://wiki.lineageos.org/devices/