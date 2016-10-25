from the free-the-phones-not-walled-gardens dept.
The Free Software Foundation (FSF) today announced its project to bring mobile phone freedom to users. "Librephone" is an initiative to reverse-engineer obstacles preventing mobile phone freedom until its goal is achieved.
Practically, Librephone aims to close the last gaps between existing distributions of the Android operating system and software freedom. The FSF has hired experienced developer Rob Savoye (DejaGNU, Gnash, OpenStreetMap, and more) to lead the technical project. He is currently investigating the state of device firmware and binary blobs in other mobile phone freedom projects, prioritizing the free software work done by the not entirely free software mobile phone operating system LineageOS.
So a free phoneOS. Free of the crud. Free of the bloat. Or something. Unclear when or if we can except this to be finished. If ever. The hardware might put up some hurdles.
https://www.fsf.org/news/librephone-project
by Anonymous Coward on Saturday October 18, @12:20AM
The carrier-side will always be a black box.
by Rosco P. Coltrane on Saturday October 18, @12:43AM
I have a Linux phone. It actually works rather well. But here's the thing: there's no Signal client for it. That's a deal-breaker for me.
It only takes one app someone desperately needs not working or not existing on Linux, and that people stays sticks to Android or iOS. And since the majority of people end up sticking with Android and iOS, app vendors only release their apps for Android and iOS. Chicken and egg...
The FSF's efforts are laudable, but their success depends on apps being released for their platform. And none of the important commercial, non-principle-driven app vendors will make any effort to support a niche privacy-focused mobile OS. Meaning sadly the Librephone, is DOA.
by JoeMerchant on Saturday October 18, @01:46AM
I put real money down on the Jolla back in 2013, the first paragraph of the wiki page is extremely charitable:
https://en.wikipedia.org/wiki/Jolla_(smartphone) [wikipedia.org]
My experience, and I was told I am no different than all the other early supporters, is that we got a bit less than half of our $200 deposits back and no phone. The phones were actually made, but somehow never delivered to the control of the people we gave our deposits to. The Jolla crew continued putzing around on Sailfish OS for some years and the hardware manufacturers managed to sell the phones to other chumps.
I wanted to believe in the Nokia Qt phone that was rumbling about back in 2007-8, but Microsoft squashed that with a fabulously expensive crystal sledgehammer.
FOSS phones are a wonderful idea that's just a bit too delicate to work well in the global marketplace, the competition is ruthless.
by JoeMerchant on Saturday October 18, @01:48AM
As for getting Signal on your phone, not bloody likely - yeah.
But if you could convince your secure communication partners to use something else, Signal isn't magically un-reproducible.
by Thexalon on Saturday October 18, @01:49AM
One thing about the FSF: They've been known to engage in extremely long term rather quixotic efforts that seem pointless until all of a sudden they're very very useful to lots of people and form an essential piece of a larger system.
So I'm optimistic that such a thing might someday come to something useful or important. Even if it takes 15 years.
Of course, it could one day be another Hurd instead.
by JoeMerchant on Saturday October 18, @02:33AM
GNU hurd is actually still quite useful for many users.
For the Linux phone, sure maybe another 15 years, it has already been 20.
by aafcac on Saturday October 18, @05:04AM
I've got mixed feelings, sometimes I do think they take too strong of a position on things, sometimes they're things that even now 40 years later are preposterous. To an extent, I get it, but when there's no option available, doing without isn't always an option. And, it's hard to demonstrate that you're part of a market large enough to bother with if you aren't ever compromising. Some of this stuff can be done to the FSF's satisfaction, but only if there's enough people willing to buy.
Personally, I've been considering making my next phone something that's free of Google stuff. I've switched back right now to my KaiOS flip phone from a few years ago, and it is OK, but it lacks any real 2FA options other than SMS, and SMS is rather problematic. I've been seeing some information about the Brax3 phone which looks to be promising, but if it hasn't got authy or something of similar credibility, it's not really a suitable replacement. And, I see there's a few other options, but I've got 2 phones that work just fine, so I'm going to take my time looking for something that does address the things I need.
by Reziac on Sunday October 19, @03:38AM
I like having a flip phone, but KaiOS is about as horrible as it can get and still mostly work. I don't know what was on the T-Mobile phone I had before this one, but it was a lot nicer to use.
What I really want is a simplified smartphone in a flip form factor. And not at Motorola prices.
by Rosco P. Coltrane on Saturday October 18, @06:58AM
But I'll be dead in 15 years :)
by Kilo110 on Saturday October 18, @07:06PM
Not doubting you, but can you share some examples?
by tekk on Sunday October 19, @03:34AM
gcc is the only example I know of. Even then (at least according to what I see,) that wasn't even really a long time later, it happened to release around the same time that Sun started charging separately for *its* C compiler so it quickly gained adoption there. Plus we already had pcc, so it wasn't like there were *no* compilers available.
Maybe the core GNU utilities were notably better than their BSD/sysv equivalents back in the 90's but they certainly haven't been that way for as long as I've compared between them.
by Thexalon on Sunday October 19, @02:47PM
The prime example is glibc, gcc, and most of the standard Unix userspace utilities. They (and by "they" I mostly mean RMS and whoever he could personally rope into helping him at first) started working on it in the early 1980's, and people other than RMS who were contributing to it would chip in a feature or two just because they had nothing better to do or a bugfix for something they found annoying. This went on for over a decade, with the GNU versions of Unix userspace existing as optional packages you could install alongside the "standard" versions that came with either BSD or AT&T branches of Unix that tried to be compatible with the standard versions but with some extra bells and whistles and gongs you might like to have.
Then Linux came along, and all of a sudden having a Unix userspace unencumbered by copyrights preventing anybody from just using it became super-important. Linux gave you an OS kernel, but without the userspace you couldn't do anything with it. Combining that with the stuff the FSF had been working on all that time all of a sudden gave you a working free operating system (as in both "free speech" and "free beer") that could do useful things. The whole "GNU/Linux System" thing is self-aggrandizing, sure, but isn't inaccurate about the importance of FSF's contribution to the system.
One exercise I'd recommend doing at some point if you're interested in this kind of thing is building a Linux From Scratch [linuxfromscratch.org] system. Doing that and playing around a bit while you do it, you'll begin to appreciate both how much stuff makes a Linux system work, and also the very significant percentage of it that comes from gnu.org.
by iamjacksusername on Monday October 20, @03:26PM
I think a great example is GPL 3. I recall the discussions on the other site when RMS was pushing it. Lots of hand wringing about if it was a useful license, would it discourage developers, even Linus was not so sure on it. But, what happened just a few years after it was released? Software became SaaS and patents were used to lock-up code that _should_ have been free.
I think the best summary is the philosophical difference between "open-source" and "free" software.
From RMS:
"The fundamental difference between the two movements is in their values, their ways of looking at the world. For the Open Source movement, the issue of whether software should be open source is a practical question, not an ethical one. As one person put it, "Open source is a development methodology; free software is a social movement." For the Open Source movement, non-free software is a suboptimal solution. For the Free Software movement, non-free software is a social problem and free software is the solution."
To your question, this is not about a 'pointless until all of a sudden they're very very useful' tool and more about solving the social and philosophical structural problems in society. Does it matter today? No, but when suddenly the governments decide that privacy is illegal, and your social score is decided by a LLM that reviews your chat, messaging, and email history, then maybe that "free" phone is suddenly something important.
by tekk on Saturday October 18, @03:58AM
I'm surprised that the FSF is bothering with this at all, I wonder if their legal counsel has changed its mind. Previously they OK'd "free" phones with proprietary modems because (supposedly) the FCC told them that no mobile chip with foss firmware would be legal to use in the US due to the FCC's fears that someone could modify the firmware (duh.) I believe that was what led to the compromise with...openmoko if I remember right? Basically the FSF declared that a phone would be kosher as long as it was connected to the modem over some serial connection and it didn't have actual access to any system bus/dma.
Maybe they plan on skipping to somewhere with looser wireless regulations.
by dmc on Sunday October 19, @05:06AM
wasn't there a project called 'replicant' a decade ago that was exactly the same as this? As I recall the last time I looked, it had basically gone nowhere, and year by year LineageOS seems to be going lesswhere (unless I'm wrong and somehow everybody uses LineageOS GSI where an ever so meaningfully slightly larger set of the low level framework gets relegated to the same blackbox(though maybe large parts of it glassbox) trust of effectively tivo-ized binary blob firmware (read: kernel and whatever the hell else the tivo-lord locked down manufacturer wants to add to all the actual firmware binary blobs, particularly as mentioned in other comments already- modem firmware).
Motorola... (owned by lenovo/china?) will let you unlock the bootloader (if and only if the reseller doesn't lock you out (cricket wireless locks out the tap-buildnumber-7times devmenu facilitating bootloader unlocking with motorola's indie-dev coop for 6 months on a phone I got from them... 4 or 5 months ago)*
... but they won't let you relock the bootloader because... users get that little respect from the masters of the controlling programs in our world. Or maybe I'm wrong because though I felt I cared way more about this stuff that 99+% of people over the years, I've broken and accepted learned helplessness. Donald Trump runs GITMO. Your phone won't save you from the coming consequences in the future. The system is so far rigged against the user, I can't believe that the history of Replicant(.us if I remember the url correctly) didn't factor into the press I've read about this new endeavor.
* this dynamic seems to have not gotten sufficient press in the recent news cycles about whether or not google was lockingdown/out 'sideloading'(or whatever). I.e. the google response newscycle was "but adb", and they seem to have gotten away with that narrative without proactively mentioning that the next news cycle will be "but lockdown of tapbuildnumber7times by more and more resellers if not upstream manufacturers"
by tekk on Sunday October 19, @05:16AM
My understanding was that Replicant was literally just an un-googled Android with no drivers? My understanding of this project is that they want to actually write drivers for the hardware, including the actual cellular bits.
by dmc on Sunday October 19, @06:19AM
from wikipedia (note listed website for project no longer works)
"while Replicant aims to replace the proprietary drivers, it doesn't actually have a complete stack of drivers for any device"
...
"Replicant is sponsored and supported by the Free Software Foundation,[7] which also hosts Replicant's source code.[28][29]"
and earlier-
"History: The Replicant project started in mid-2010 with an effort to consolidate various initiatives attempting to produce a fully free-as-in-freedom Android derivative"
also mentioning that it basically starts as fork of cyanogenmod/lineageos.
and
"
In 2014, however, Replicant was criticized for lagging behind. "While CyanogenMod is up to 4.4.4, Replicant is still stuck on Android 4.2. CM runs on just about everything, but Replicant is only supported by a handful of devices ranging from two to four years old. Plus, while Replicant aims to replace the proprietary drivers, it doesn't actually have a complete stack of drivers for any device."[2]
"
So I guess I can phrase my question as- If replicant had succeeded in existing on say 3 devices today, matching the current android version (perhaps with a month of latency, or on vaguely on par with LineageOS whatever that amount is lately), then would there still be any motivation for for this project, and if so, where would that work be done and what would make using the result of that work a preferable choice to using the hypothetical modern replicant device?
by tekk on Sunday October 19, @07:40PM
My understanding from reading through the article again is that basically they're being handled at different levels. Replicant (if it did any significant development work. Usually FSF projects like this just leave you with broken hardware like this [fsf.org],) would be writing Linux drivers.
The goal here seems to be to write replacement *firmware* to run on the devices themselves, such as the modem, the gpu, etc. Historically firmware is a pseudo grey area for the FSF, with the rule basically being "if the device has firmware in ROM it's as if the device had no firmware, but if if expects the operating system to upload the firmware, then it must be free." Of course damn near every device made in the last 20+ years expects Linux to give it firmware on any boot since that saves $0.00002 of rom chip, so there are many, many, many, many devices that don't work on FSF-approved distros even though they have free drivers.
Mostly I'm wondering where the FSF was with this project, say, 10+ years ago with wifi chips. I believe to this day there are basically only 2 wifi chips which work without proprietary firmware: one series of Atheros chips where Atheros released the firmware in the 2010s, and some Broadcom chips whose firmware was reverse engineered as someone's grad school project. The linked site also says there's one usb wifi chipset, but I don't trust those.
by spiraldancing on Saturday October 18, @06:26AM
Just a quick vote for the /e/OS folks ( https://e.foundation/ [e.foundation] ). It's not a perfect project (what is?), but these guys have been doing very similar work -- removing/re-engineering left-over binary blobs from the LineageOS project -- and also building up a quite respectable alternate ecosystem around their Google-free version of Android, including private Cloud backups, OTA updates, preinstalled phones, alternate privacy-reviewed-and-ranked app store, etc.
/e/OS phones have been my daily driver phones for something like 5-6 years now.
by ShovelOperator1 on Saturday October 18, @01:15PM
Again, it looks like they try to solve a different problem than the problem really existing. It mostly is the other end of the "wire".
I use a PDA every day and I don't have problems with it. For talking and SMS, I have a feature phone (2 weeks on one battery charge, fortunately). It also has quite poor, but sufficient camera and an useful audio recorder. The only "application" I have is the J2ME thing I put together to detect resistors color code for me.
PDA is a small pocket PC, running a full-featured Linux with a few touchscreen-friendly settings (and a typical MATE program menu is replaced by an old XLunch launcher). I can browse the web, write and receive e-mails, and use all PC software for Linux. OK, I have a DOSBox with Lotus on it, but this is only because there is no serious command-line spreadsheet in Linux :).
Desktop widgets fetch API data from a few Internet services and show me the results. This is made using the "jq" program and a Perl script. Contraption looks like bovinexcrement joined with used haybinder twine, but works surprisingly well.
This, in a term of features, is like a current stage "Linux smartphone" but cheaper. There are the essential parts, but something is missing. And a long battery life is not this thing. The problem is that modern smartphones are, primarily, simultaneously tools of corporate control, and tools of surveillance. If you want full features of the smartphone, you won't get it without proprietary applications. Even if there are free/libre replacements, these are not only the applications, but gateways to proprietary, closed-protocol services which cannot be accessed different way. How many people are in privacy-violating Meta's conglomerate, and how many people are in, e.g., a fediverse? There's the problem.
Again, not talking about becoming addicted to corporate-given dopamine shots for forwarding advertisements which may not be a top most-wanted feature for privacy enthusiasts :-).
There are other applications, usually linked to some profits for companies, like banking applications or applications which sell users' data (most of proprietary applications do it) which explicitly capture all countersurveillance modifications, inform about it, and cease operation. In some cases this is limited to the application source (the "store"), but in many other this is a direct profiling of user's device (all these "integrity API" like things). More tech-oriented people may think: OK, it is possible to emulate another computer, why it's impossible to stuff the fictional data to the app and run it in a virtual enclave?
There are two problems there: First, these applications' operators perform active comparison of gathered surveillance data with results of other operators surveillance operations, even if officially they are competing corporations. So if this data will be just unstable, it will be detected and will "violate terms of service" which seems to be a new law now. The second thing is that, looking at attempts to do it, one can get a strange feeling that people or groups who tried to circumvent this privacy-invading checks are directly threatened, or, rather terrorized not to do it. There are not many details, but this is a day-by-day transition from "let's fight for the privacy" to "we don't want to touch this! Nobody touches this! THIS IS TABOO! NO! NO! NO!". No more details can be obtained from those groups.
Additionally, some time ago I was talking with a designer of devices which connect thru cellular network and they had serious problems obtaining programmable modems in production-grade quantities. They design industrial devices, have numerous NDAs and deals to share the design only with interested parties and modem supplier wanted to know all of the device's details, not only these related to communication. For the initial production run of a few hundreds of devices, it was better to pay more and disassemble modems from some kits than to buy new ones! So there also might be a problem.
OK, so we will get another "Linux phone" and what?
- Apps will still violate privacy or there will be no useful replacements,
- There will still be no usable alternative for massive platforms,
- Many "serious" applications will not work,
- Privacy-oriented people may not be interested in corporate social engineering.
So how exactly these roadblocks can be solved?
by JoeMerchant on Saturday October 18, @06:38PM
>Apps will still violate privacy or there will be no useful replacements,
Useful replacements aren't all that hard to create. What's hard is when the apps connect to a service that doesn't play along nicely, as most of the "killer apps" do...
The hard part of the problem isn't making a free phone, the hard part is making, and populating, a free ecosystem for the phone to operate in.
by c0lo on Saturday October 18, @09:40PM
The only thing I need a smart mobile is 2FA - PDA won't respond to the need.
by Anonymous Coward on Sunday October 19, @01:56AM
> The only thing I need a smart mobile is 2FA
One customer wants 2FA to get into their internally hosted chat. I don't have a cell/mobile phone, but I do have a Google Voice (texting & voip) account which gives me a normal phone number and browser interface. So far (a couple of years) it's been doing a great job. I can even cut/paste the code number from Voice directly into the 2FA popup, no need to read the phone and type the code.
Of course you may not have/want a Google account, that's another story!
by c0lo on Sunday October 19, @04:38AM
My employer doesn't use Google as 2FA provider.
