Hacker News new | ask | show | jobs
by gorgonzolachz 1761 days ago
To What, though?

This is the problem I'm currently struggling with.

I could go to Android, which is relatively good but still run by Google (one of the most data-hungry corporations around). I kind of want the Z Flip 3, but not if it's running the kind of operating system that thinks of me as a data source and not a customer.

I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.

I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.

This isn't a rhetorical position: what do I do in this scenario? I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.
15 comments
adriancr 1761 days ago
You could stop buying iStuff on principle otherwise they'll just continue with this crap.

As for alternatives, anything would do. Android doesn't do client side scanning of files since that's your chief concern. If you want more you can always root and play around.

> I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.

Can't learn unless you try things.

I for one am happy with stock android and signal/telegram/whatsapp/sms.

I have freedom to root/modify as much as I want, I'm not forced to accept arbitrary company policies.

link
dividedbyzero 1761 days ago
> You could stop buying iStuff on principle otherwise they'll just continue with this crap.

I very much doubt losing a handful of sales from angry nerds will change that.

link
adriancr 1761 days ago
if that handful turns into a lot more they will care.

Hearing normal folk asking "will I get in trouble for photos of my baby" kind of shows its not just a bunch of angry nerds. Angry nerds will just put gas on fire with simple "yes" answers.

link
amelius 1761 days ago
One problem is that there is a significant number of "nerds" who make money on Apple's platform. There's this quote: it's difficult to understand something if your salary depends on you not understanding it.
link
adriancr 1760 days ago
True, so then me arguing here is pointless, thanks :)
link
zepto 1760 days ago
"will I get in trouble for photos of my baby"

This is a reasonable question, and absolutely something people should wonder about.

> simple "yes" answers.

This is an outright lie. The only honest answer is no.

Keep doing that and angry nerds will end up looking like tinfoil hat wearers and will lose any influence on future civil liberties.

link
adriancr 1760 days ago
> This is an outright lie. The only honest answer is no.

Are you sure about that?, I'm not... And all the news so far reinforces that oppinion...

Getting falsely accused of something like this will ruin you even if in the end you win.

Here's apple fucking up human review and destroying a teens life https://www.theregister.com/2021/05/29/apple_sis_lawsuit/

Imagine that with CSAM... Perceptual filter there seems pretty poor in terms of collision resistance

link
zepto 1760 days ago
>> This is an outright lie. The only honest answer is no.

> Are you sure about that?,

Yes.

> I'm not... And all the news so far reinforces that oppinion...

There are no news articles that explain how anyone will be falsely accused for having pictures of their own baby.

> Perceptual filter there seems pretty poor > in terms of collision resistance

I don’t think you know anything about how poor the filter is. What is the false positive rate on randomly selected photos?

The system is even resistant against intentionally created false positives.

Here is the relevant paragraph from Apple’s documentation:

“as an additional safeguard, the visual derivatives themselves are matched to the known CSAM database by a second, independent perceptual hash. This independent hash is chosen to reject the unlikely possi- bility that the match threshold was exceeded due to non-CSAM images that were ad- versarially perturbed to cause false NeuralHash matches against the on-device en- crypted CSAM database. If the CSAM finding is confirmed by this independent hash, the visual derivatives are provided to Apple human reviewers for final confirmation.”

https://www.apple.com/child-safety/pdf/Security_Threat_Model...

...

link
skinkestek 1760 days ago
They will think twice when they realize the people who found them cool and did unpaid marketing for them doesn't anymore.

There is also a massive backlash going on against them. It hit a major tech news outlet here in Norway and was linked from the biggest national newspaper just a few days after it became known, so I guess there will be multiple waves of backlash.

link
Redoubts 1760 days ago
This reminds me of the scene from the Simpsons, where Homer is yelling “you just lost yourself a customer” to Moe. But Moe can’t hear him over the cash register being continuously stuffed full of money.

These “vote with your dollar” comments all have the same energy.

link
istingray 1760 days ago
How do you suggest change happen then?

Your comment may be interpreted as "sit down and shut up". Perhaps that's not your intent.

link
Joeri 1761 days ago
Android does the CSAM image scanning on the server if you sync your photos to the cloud. On iphone if you don’t use icloud there is no scanning. I would call that “same difference”.

If you’re running stock android you’re running a closed OS that can be set up to spy on you just as easily as iOS. The existence of AOSP does not confer any “protection” if you run stock android, because you can’t know what other code google added onto it.

link
adriancr 1761 days ago
> would call that “same difference”.

As much as they might want, Google cant scan local phone files with server side code...

Apple on the other hand just has to break a small pinky promise, code and infra is already there.

See the difference?

One is relying on a pinky promise, one is knowing they cant if you dont upload.

> If you’re running stock android you’re running a closed OS

Here's the source code: https://source.android.com/

What parts are closed source? How does this compare to Apple where everything is closed source?

> because you can’t know what other code google added onto it.

There are security researchers you know? the shitstorm that would appear on funny business will rival the one you see now.

link
foobar33333 1761 days ago
Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

In this day and age, if you don't trust your phone vendor with your data, you shouldn't be using it. They can do anything at any time and you wouldn't know. Even if there is no tracking code on your phone at this moment, they can put it on at any time.

Can't find the news article anymore but there was an incident where Google accidentally turned on airplane mode for every pixel at once via their remote control tools.

link
miles 1760 days ago
> Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

Not all Pixel devices; mine doesn't even have Play services installed:

https://calyxos.org

https://grapheneos.org

https://news.ycombinator.com/item?id=28090024

https://news.ycombinator.com/item?id=20148771

link
adriancr 1761 days ago
> Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

Apple does too, its called software updates.

Here's the deal:

- Google could develop software/infrastructure to scan on your phone client side.

- Apple has it deployed already.

link
zepto 1760 days ago
> Here's the deal: > - Google could develop software/infrastructure to scan on your phone client side. > - Apple has it deployed already.

This is just false.

What Apple has deployed doesn’t do anything nefarious, and is not easily repurposed.

Both companies would need to deploy a new mechanism via software update.

link
jclardy 1761 days ago
I was watching a pinephone update video. It highlighted that it now had smooth hardware accelerated video playback. That was a feature released on the original iPhone …I don’t want to go back to Windows Mobile/PalmOS days where you never know if you will be able to play a YouTube video.
link
ekianjo 1761 days ago
The Pinephone is just a dev platform. It has completely obsolete hardware, but it's there to pave the way for more solid software to be used by better hardware in the near future.
link
amelius 1760 days ago
Do you remember the days when Linux became a thing back in the 90s? From an average user's p.o.v. the experience was probably disappointing compared to the leading OS at the time (MS Windows). But enthusiasts persisted and now Linux is a world-class OS.

The same thing could happen with Linux on mobile. The Pinephone Beta is targeted at developers. However, it's only $200 so you could buy one if you want to support the community.

link
raman162 1761 days ago
If you really wanted to quit you could get a pixel and install lineageOS or CalyxOS. Now I agree that's jumping through a lot of hoops to get your privacy but it's all based on how much you value that.

I personally like to believe that I value my privacy but de-googling sounds like a large inconvenience. The cynic in me also partially believes that it's pointless and another company will just be(gin) churning my data.

I was thinking of switching from my pixel to an iphone but this recent misstep by apple has dissolved the belief I've had that they are a privacy centric company.

link
peakaboo 1761 days ago
It matters very much if one company grabs all your data and combines it, vs lots of separate companies having small bits of your data.
link
candiodari 1760 days ago
... which is exactly why 99% of privacy laws should focus on government services. Becomes government services combined have all the highly sensitive data you absolutely do NOT want anyone to have, especially not the police, your doctor or other branches of the government. From tax to criminal records, with medical records in between.

And, of course, there, we've chosen to not care. So government social workers constructing databases of homeless with the express purpose to deny them emergency medical care is done at least in Belgium and the Netherlands, maybe elsewhere. And that's just one example.

If child services is involved, we now consider a mother's medical records fair game in divorce proceedings (and how long is it really going to take to drop that requirement too?). If you manage to download your spouse's facebook chats, or outlook, or whatsapp backup, you get to use them in divorce too, by the way (yes, I know about "no fault" divorces, but if they "depend" on someone else already you technically don't owe any alimony since someone else already took that over). Tax records are used to find people for parking tickets. Medical records are monitored live, so people can get arrested instead of cared for in hospitals if they're behind on their taxes. Child services, the front side (e.g. street workers, or the ones that are kind-of sports coaches in the street and do, say, basketball), by the way, are now forced to find "kids" for the police to arrest. NOT specific kids, mind you, when there's been a protest and the police needs kids to arrest, these people have it as their JOB to find kids for that (and yes, I'm sure they do try to find a few that were in the protest first).

To make matters worse, you can look at the organisational structure, which again, no-one seems to realise. The chief of police, who asks these social workers to find kids to arrest, is appointed directly by the major. The major, of course, is an elected official, who is absolutely not neutral. So it's a matter of time until a "Vlaams-Belang" major gets caught making sure it's "brown" kids that get arrested for every protest by replacing the chief of police with a raging lunatic racist. Or worse.

But we're worried that Apple might pass pictures that you're essentially carrying in your pocket to the police? I don't understand people ...

These days it actually makes sense to ask your doctor NOT to keep a medical file on you, which is a right you still have in Belgium. If you do get in trouble, you're FAR better off without one. You don't get to refuse to unlock your phone anyway in Belgium, so what's the point of having the pictures on your phone behind a lockscreen?

link
ekianjo 1761 days ago
> I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.

It's the best time to start seriously investing development resources in this alternative.

link
istingray 1760 days ago
I like this. Looking for a good way to encourage people to switch, even though Linux phones do seem inferior. That's exactly why people need to buy them -- and then tell the manufacturers what they really want. Be a vocal System76 customer, or Purism customer, tell those companies what you really want.

This inspired me to write both companies about my buying experience. Off to do that!

link
Yajirobe 1761 days ago
Android phones ARE linux phones
link
smichel17 1761 days ago
Android illustrates why GNU/Linux makes a meaningful distinction.
link
ekianjo 1760 days ago
Android phones have nothing to do with what we call Linux phones right now, which is Linux kernel + a Debian/KDE Mobile/something else userspace that is NOT Android. It's not because you share a kernel that you are the same thing, and Android phones are by nature tied to Google by default and keep calling home.
link
amelius 1761 days ago
> I could go to linux phones, except no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.

We might have to accept a solution that is technically inferior, yet overall superior. There is no guarantee that the quality of available consumer products is a monotonic function, so we shouldn't act like it is.

And perhaps it is time to experiment with a lifestyle that has less smartphone involvement.

link
istingray 1760 days ago
Yes especially folks here are in a position to lead as early adopters.
link
karmakaze 1760 days ago
> To What, though?

That's not the right way to think of this. The point is to send a strong message to Apple that this is not cool. Just as people didn't buy MacBooks without Esc keys, or bad butterfly mechanisms.

The MacBook itself got popular because the most technically knowledgeable people used them, got their families to use them, and was seen using them.

As Apple sees their numbers, they will put 1+1 together and decide that it's not worth it for them--they're a company out to make profits. It doesn't matter how much people complain if they keep buying. This makes a better Apple, and we can then again purchase the Apple products that live up to our standards. If we say, it sucks but it's better than the other one, this is a downward slope with no recovery.

link
jmnicolas 1761 days ago
I went with GrapheneOS and F-Droid. There's not many apps and the quality is lacking, however I feel relieved that my phone isn't spying on me anymore (allegedly).
link
hdjjhhvvhga 1761 days ago
What about battery life? Did you notice any difference after migrating?
link
jmnicolas 1760 days ago
It has been a better, about 2 days between charges. However since a few weeks it's getting worse and worse. I suspect it's the Telegram app but I'm not sure.
link
quambene 1760 days ago
I agree that we only have the choice between the devil and the deep blue sea concerning mobile OS.

But why is iMessage so great (asking as a non-apple user)? Is it even e2e?

Great alternatives which are not locked into a specific OS are Signal, Threema, and Matrix.

Specifically, Matrix -- which is also a protocol -- looks quite interesting to me. Similar to email, you can choose your client software. You are also free to set up your own matrix server but you don't have to.

link
adriancr 1760 days ago
> But why is iMessage so great (asking as a non-apple user)? Is it even e2e?

peer pressure... fear of exclusion from social circles.

It basically has a large market share and people using it dont want to use other messaging tools.

This does not exist outside US.

link
zepto 1760 days ago
> Is it even e2e?

Yes

link
yosito 1761 days ago
I think the easiest option is https://e.foundation/

A few months ago, I got a Pixel and installed CalyxOS on it. I'm self hosting Nextcloud for my files. It involves a bit of maintenance work to keep it going, but I take the adage "Program or be programmed" seriously.

If I ever got lazy, I'd switch to an /e/ phone.

link
beefield 1761 days ago
I have tried a few times to move back to feature phones, but it has gotten exceedingly difficult nowadays. What I currently think is missing is a containerization/virtualization solution where you run something like lineageOS as a host, and then apps are run in their own virtualized containers. Ideally host can feed containers either actual data from the hardware (location etc) or some spoofed profile/gps/sensor data, say, profile 1 for some apps: single mom living in small midwest city, profile 2 for some other apps: megarich guy globetrotting the worlds famous places etc. All while the actual phone is sitting on your table.
link
hdjjhhvvhga 1761 days ago
> I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.

While I don't agree with that assessment, the more important question is: would jailbreaking my device reliably prevent Apple from scanning my photos? I really doubt so. Moreover, it would be difficult to prove it either way.

link
istingray 1760 days ago
I'm in a similar position.

Linux phones seem like an okay option. Replacing my Mac with a System76 was an easier option.

Open source hardware and software seems like the only sustainable option long term. If it's not ready today, that's okay, it needs support to get there.

More discussion about Linux phones here: https://news.ycombinator.com/item?id=28164208

link
ekianjo 1761 days ago
> I want to leave Apple

Go back to a feature phone. That's always an option. After all, we could all live just fine with them until 2007.

link
peakaboo 1761 days ago
> To What, though?

> This is the problem I'm currently struggling with.

> I could go to Android, which is relatively good but still run by Google (one of the most data-hungry corporations around). I kind of want the Z Flip 3, but not if it's running the kind of operating system that thinks of me as a data source and not a customer.

> I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.

> I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.

> This isn't a rhetorical position: what do I do in this scenario? I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.

Best option is lineage os, or cyanogenmod as it used to be called.

link
wayneftw 1760 days ago
Why did you have to quote their entire comment for this response?
link
jjgreen 1761 days ago
No phone.
link