F-droid gets many things right (e.g. verifiable builds), but it's just not usable in practice.
Installing applications is a rare event, updating them is frequent, and needs to disrupt the user as little as possible. Android used to not allow alternative app stores to update apps without user interaction, but now supports this through UPDATE_PACKAGES_WITHOUT_USER_ACTION, which doesn't seem to be supported by F-droid. So it's manual clicking for each update.
F-droid also somehow gets the regular update flow wrong and often (always?) shows an error when you try to install the update from the notification. That has remained unfixed for years. So you have to manually open it, initiate the update, then click through the dialogs.
Additionally, the official repos update so slowly that they're useless for fast-moving stuff like NewPipe.
Not really a counter point because you mention a lot of other issues with f-droid that sound valid (I haven't used it myself) - but as a tangent regarding auto updates, I disable them basically everywhere because I seem to have buggy experiences too often if I allow stuff to update all the time.
I then go through the list of updates in the Play Store once a week or so and install those that I think might improve app functioning/stability. I look over and install Windows updates once a way-too-long (need to work on this).
Feel like everyone is skimping on QA these days or something else fishy is going on. In the last handful of years there have been 2 or 3 Windows updates that either permanently erased data or caused some other insane issues. I didn't get them (tbf I understand that most people didn't), partially thanks to having auto updates disabled.
Yep, me too. I used to evangelize frequent updates because of the security aspect. However over time I kept getting burned by disruptive or buggy updates that broke things that I depend on.
The last straw for me was a few years ago when my podcast suddenly stopped playing. When I unlocked the phone to investigate why the episode had stopped the UI had completely changed, in a way that I was completely lossed and had to start over learning it from scratch. I was right at the beginning of a long road trip and had pre-downloaded many hours were of stuff to listen to because I didn't have much data in my plan. All of the episodes I had downloaded were gone. Additionally because I was driving, learning a completely new interface was horribly dangerous.
That was the day I disabled auto updates, and now I manually approve each one. Certain apps where I don't want to risk UI changes or new bugs, don't get updated right away. When they do, I always backup the old APK first so I can easily restore it if needed.
Exactly the same here. Nowadays I go through the changelog and often I realize there is no changelog for the update, or it is totally irrelevant for me (e.g. bug fixes for other android versions or problems which I don't have, marketing changes, cosmetic changes, features I don't need, etc.)
F-Droid lets you downgrade apps. The only problem is that due to Android's security protections, you have to uninstall the app to install an older version (downgrade protection).
This still sucks for your usecase on F-Droid. If you look through the available updates and pick 10 to install, you have to click through 10 popups to allow the installation, one for each update, waiting in between each for the previous update to finish before being able to approve the next.
How many apps do you need installed (and why)? I feel like I'm a pretty heavy user, but if I forget to update for a week at most I have 6 apps to manually click through. It seems likes an insignificant gripe considering the other alternatives (Play Store, Amazon, Huawei, etc)
> In the last handful of years there have been 2 or 3 Windows updates that either permanently erased data or caused some other insane issues.
I'm still mad about the Windows update that permanently stopped Windows from working with my Bose headphones. The headphones continued to work perfectly with anything that wasn't running Windows.
Out of interest, have you tested them on win11? One of the later win10 updates broke my Bluetooth headphones (actually, Bluetooth in general became pretty buggy), but they 'magically' unbroke after the upgrade
ime bluetooth has been buggy ever since. not always, but it failed me countless times in the worst situations. one reason why a phone has to have a 3,5mm jack.
i got stung a few times and have turned off updates since. it wouldn't be such an issue if the play store would allow you to roll back to a previous version
Even if Android would let you easily downgrade apps, the problem remains that each individual app would also have to support that scenario, too (by never doing any data migration that would leave the user data no longer readable by the old app version).
Personally, I've found that disabling auto-updates just means either unnecessarily sticking with outdated/buggy versions (or versions that drift out of sync with backend services and acquire new bugs that way), or I spend way too much time manually maintaining my phone instead of actually using it.
I don't have time to read release notes/research each new version, so I'd likely just spend 10 minutes hitting "update" on everything, then getting bitten by the same issues.
(This is specifically in regards to Android apps, not other platforms).
> Personally, I've found that disabling auto-updates just means either unnecessarily sticking with outdated/buggy versions (or versions that drift out of sync with backend services and acquire new bugs that way),
I guess I don't care if my apps are "outdated" as long as they still do what I want. If there's something buggy about an app that annoys me enough I'll often just uninstall the buggy app and find an alternative.
I find that once I install an Fdroid app and I like it, it'll pretty much just keep working just the way I want it to. The only app I use that breaks if I don't update it is NewPipe and that's google's fault. It doesn't happen often enough, or take long enough to update to offset the benefits of using it.
Even most my regular google play store apps don't actually "need" to be updated, and many haven't been since the day they were installed with no bugs or issues.
>I look over and install Windows updates once a way-too-long
I thought you needed some kind of registry hacks or something to disable automatic updates since W10, can you elaborate on how you got it to stop pestering you?
I actually tried to play with this not long ago, and it is so broken that it makes me think they just wanted to "check the box" in case some judge thought this was abusive behavior. It probably still is.
Not only this API is available only on Android 12, it also _only_ works for programs that have Android 12 as target level API (i.e. when you try to upgrade older programs the prompt will still show up), and only works for programs that your package manager installed in the first place. GPlay does not have this limitation and will happily update packages you installed, after which your package manager is no longer allowed to upgrade them. It's all a big mess.
> ...this makes using packages installed through F-Droid a nightmare.
I run 2x Androids with near 80%-90% of the packages installed from F-Droid repos (to include Bromite and Bitwarden custom repos); it has quirks and is not perfect - but far from "not usable" and "nightmare" as your hyperbole would suggest.
You don't need to be rooted if you're using a custom rom like LineageOS, where you could potentially install the extension with temporary root like is done for UnifiedNLP here: blog.eowyn.net/unifiednlp/
Hmm, sounds great to me. I loathe automatic updates and consider them a great way to ruin the software I'm used to. I can't possibly count the number of times an update to a piece of software (especially on closed platforms like iOS) broke something I rely on and I had to either wait until the developer fixed the issue, or just accept that the software is never again going to work the way it used to.
Further, I disable notifications for nearly everything, so that point doesn't matter to me either.
I'm definitely relieved that the most-upvoted comment critiquing F-Droid doesn't raise anything of concern for me! I was worried I was about to read something that might push me away from making a de-Googled Android device my next smartphone... haha
I have been using F-Droid for about 2 years now as the main source for the few apps that I use and updates are coming through without interaction. Bitwarden/Aegis/Tutanota/Syncthing/K-9 all receive regular updates as far as I've experienced during this time.
I also haven't had issues with update flow. When was the last time you used F-Droid for a prolonged period of time?
I have the same issue fwiw. A notification to update NewPipe that always fail to install the update, but it works if you do it manually in the app. Just happened a couple of hours ago.
I'm OK with manual updates, I disabled autoupdates on Google Play too because I can't trust the apps to actually update them and not remove some functionality or worse.
You are right that the download / install process is very quirky. It often fails to provide the right feedback about what's going on and errors are common. Is it downloading, is it installing, did it get my touch? However I really want to install from there and not from Google.
I believe this is a result of fdroid wanting to support older android versions for longer than google does. They could probably make two versions to allow this though but that would require more maintenance
In order to reduce disruption from updates, I've found it necessary to turn them off. I'll go into the play store and update the ones I want to update, when I want to.
So for at least some users, this isn't a problem at all. It's a better default.
Slightly hyperbolic in saying it's "usable in practice", but only slightly, and everything you said is true per my own experience. That just makes these issues super annoying. Normal people won't put up with it, and they shouldn't have to. Hacker types might be motivated to continue using F-Droid, but power users and others probably won't.
I just use SkyDroid. It's way faster, less buggy, and compatible with Shinzuku which allows rootless auto-updates by making use of newer developer options (Android 11+)
App developer's perspective. I have a few apps on all major places, including F-Droid. The 'no user accounts' thing makes developing and distributing on F-Droid a freeing experience, as compared to the G/A 'jails'. There is no pressure to meet arbitrary undocumented restrictions, you are not subject to the whims of dehumanizing AI routines, there are no ratings and reviews (the feedback is direct). The build and deployment process is not really my problem, as part of their Reproducible Builds, even that aspect is taken care of. https://f-droid.org/en/docs/Reproducible_Builds/
I find the distributor-does-the-building-and-signing to be problematic from a security point of view. I would much prefer that each developer does a build, signs it, and a notarization of some kind is added by the distributor.
It seems to me that if you can compromise the f-droid infrastructure you can compromise millions of handsets.
I tried something like this once and it worked surprisingly well, even for a UGC site.
Years back we were doing something that included users documenting TV shows. We had a big meeting where people put every feature they wanted on index cards. We laid the cards out a founder's dining room table. The host got their change jar and each person got a certain number of pennies to mark features they thought were vital for first launch.
After the first round of token-voting, the "user accounts" card had no votes. At first it seemed impossible. But after some discussion, we realized that viewing users didn't need accounts for launch. For people who wanted to edit, we let them type in a name to take credit for their contributions if they wanted, but with no verification. At worst, we figured we could add something more robust if the need were stronger.
It turned out fine. The launch got out earlier and we got to test a number of key product hypotheses without having to build any sort of user account system. Months later it did eventually become the highest priority. But not having accounts worked way longer than I expected.
What's been professionally frustrating me for years as a developer is how much of the engineering and operational budget for a project is tied up into identifying and tracking users. The first time this happened to me we had some idiot who insisted that we needed to display exactly how many logged on users there were on every page load. There was no point in doing so, and we had proven that it was at least ten percent of the cost of each page load. In fact it was higher than that but 10% is what we could proved. My current project is about our customers, not the users, and probably 80% of the operating budget is about making the customer feel like they're running the show. Often with demonstrable and even clichéd consequences for the users.
Without customization or user tracking, many, many workflows shift to read-mostly. Many are idempotent. Some can be fully cached. Some can be edge-cached.
The dark secret of 'social' media that has been slowly coming out is that they aren't social. They aren't about 'Us', they're about me. Me, me, me. So of course the whole workflow is build around who I am and what I want. That's not just unhealthy, it's also really fucking expensive. And if it's really expensive we can't just eat the cost as a 'value add', we now have to monetize it. So things were already pretty dark and then compensation came into the picture and now it's positively dire.
> What's been professionally frustrating me for years as a developer is how much of the engineering and operational budget for a project is tied up into identifying and tracking users.
To add onto this, as a security-adjacent person, it's sad how much people think user behaviour data will be worth to their company. From the well-intentioned "we must pave the cowpaths" to the harmful "harvest the data and sell it", the attitude appears to have cropped up in the past 15 or so years as a mainstay of what apps should be doing and it's absolute insanity to me.
My only victories in convincing teams are where I could demonstrate their ROI was never actually going to materialize, especially when the investment part required enough development hours that other features that might sell more apps would have to be delayed. And even then, it's been about 40% of the time, with the other 60% being met with, essentially, "we have assurances it will be profitable" hand-waving.
The painful part of this is that unless certain privacy regulations start to get much more painful economically for companies, there's basically no incentive not to do it.
Absolutely. I think your last point is especially good. Facebook consumes a ton of cash for what many people feel are disappointing results. Are they vulnerable to a competitor who is less about what users want than what they need? A competitor who can do that for 1/10th or 1/100th as much money? That could be very hard for the me-me-me companies to keep up with.
The thing with fads, and adoption cycles in general, is that what people 'want' can be figured out pretty quickly, but as far as I'm concerned, The Trough of Disillusionment is what happens when people figure out that what they need is something else.
So what you're asking is can someone come into the ToD and introduce a new product that steals people away? It's plausible and if I were in a better headspace I could probably name you a bunch of examples. But does it always happen? I don't think so. There are plenty of incumbents who manage to coast through and come out the other side having demonstrated a dilute form of change of heart - just enough to convince the customers that 'something was done' even if they can't quite put a finger on what exactly is better and how much.
Sorry, I shouldn't have phrased that as a direct question. I meant it in a more rhetorical sense.
Oh, sure. It's a very tough field, and would be even if the incumbents didn't have billions to throw at the problem. I definitely don't believe that the better product wins; I only need Microsoft as a counter-example.
But it does strike me as a zone of opportunity. Maybe Substack is a good partial example here. Before the web, we had magazines. Then we basically had magazines on the web, preserving much of the old structure in the new medium. With lots of flailing as people tried to find sustainable business models.
And then Substack came along with an extremely bare-bones implementation mostly using 1980s technology and a lot of writers and readers are very happy with it.
So it's more that I'm asking myself. What are the products that cost 1/100th as much that might be as satisfying for my Facebook-ish needs?
Way back in the long dark ago I ran into some abandonware for incorporating third party data onto web pages via a shared server. Nobody I knew understood how it was meant to work, but I got the impression it was meant to be a tool where a group of people could host commentary about a website that was not their own.
I keep wondering why nobody has really tried that again. Slashdot sort of filled in that space, and then Digg and now Reddit. Or Facebook for the 'all-in' solution. I keep thinking there was something I was missing about why that would be difficult to pull off.
Today I have a different answer for that - that ship has sailed. We are multi-device and it would be much more difficult for me to have a consistent experience across phone and personal (and sometimes work) machines.
But at the time perhaps it as an adoption thing. Just visiting a website is a cheap interaction that can lead to a habit. Having to do something special doesn't work the same way.
What about abuse/vandalism? If the whole web has edit privileges, what's to stop someone from scripting changing all of the titles to random strings every hour? Do you do a captcha on every edit or something?
I think the main idea around user accounts is that they centralize a point of applying captchas as well as a tiny bit of data collection (some form of contact information) that can be used for antispam (e.g. banning certain email address domains from creating accounts, or banning certain email addresses, etc).
I'm familiar with the theory. But accounts just aren't a big barrier to determined bad actors.
Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has. And note also that some of big tech companies, despite having all the money in the world, still have problems with fake accounts. So at best, requiring user accounts is one possible anti-abuse step, but it's neither necessary nor sufficient to prevent abuse.
> Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has.
Not really. You can't edit Wikipedia from a VPN (even with a user account!), and I think they ban most datacenters. The edits aren't really anonymous if they publicly associate with a piece of PII that, for most people, directly maps to their name and home address.
> The edits aren't really anonymous if they publicly [show your IP]
Counter-example: stackoverflow is also reasonably big and allows anonymous questions, answers, and even edits, without publishing an IP address or anything. The edits end up in a review queue, the rest I think is actually published immediately.
This is a good and sad point. I was on the wiki page for derivatives and found it was locked due to vandalism. On one hand, we don’t want pages locked because that defeats the point. On the other, how do we stop every troll high schooler who just learned derivatives and messes up the wiki page for lulz? We either need active watchers (surprisingly and fortunately pretty easy, wiki editors are a passionate and eagle-eyed group, but I wonder how long and how much of this is just the initial hard core fans from the early days) or to have some deterrent to vandalism in the first place. For some, maybe this is IP address logging (although as someone else noted in the thread, at what point does this sink anonymity?). For others, maybe creating an account. In practice, neither of these work 100% of the time. I have seen vandals from both IP accounts and registered accounts in about equal frequency.
GP's "directly" is a pretty large overstatement, but at the same time I've noticed something of an uptick over the past couple of years of people saying that IP addresses aren't PII or that people shouldn't be concerned with them getting leaked, and I just don't think that stands up to much scrutiny.
If IP addresses didn't matter for privacy, Tor routing wouldn't exist. If IP addresses weren't useful for blocking specific users, IP bans wouldn't exist. If IP addresses weren't useful for tracking, operators wouldn't have gotten up in arms about Apple's private relay service. Obviously this stuff matters.
Remember that not everyone lives in or around San Francisco. For someone in a suburban/rural area, an IP address combined with things like timestamps, user ids, and the text of the edits can go a really long way towards unmasking them. Even for people who live in more urban areas, it is still obviously easier to find someone who lives in San Francisco than it is to find someone who could be living anywhere on the West Coast. If they could also have been using a VPN, or time-shifting their posts... that makes it even harder.
In contrast, how hard do you really think it would actually be to get some address data from a voter roll or via a warrant or even just through one of the scummy person lookup services online and to iterate through everyone who shares that IP address and check to see how many of them are named Pietri? Or who have shared the username wpietri across another account, or posted somewhere else at roughly the same time? Your IP address is drastically reducing the search-space for other attacks, many of which (timing, text-analysis, etc) are impossible to get rid of when making a Wikipedia edit.
Comcast has a portal for law enforcement to request subscriber information at https://lea.comcast.com . That IPv6 address, plus the current date and time, uniquely identifies you by name and service address. Any edits you make to Wikipedia from that address are not anonymous.
The person y'all are downvoting is not technically incorrect if they're in the EEA, as this is exactly how GDPR treats it. Because there exists a party that can map it (your ISP), it's PII under that law. Of course this may be different in other jurisdictions.
Accounts alone won't do it. Accounts and invites might? But then someone who doesn't know anyone on the site needs to figure out how to contact someone who's a member.
It's not good for growth, but some websites are fine with that.
Over time the quality of the invites go down as well.
If I'm in the picky group, and we send out 5 invites total, but the unpicky group sends out 10, then 2/3 of the invites are unpicky - if the groups are the same size, which they probably won't be for a while (I'm probably inviting people who are almost as picky as I am)
There's also someone on the team who thinks we'd grow faster if we simplified the onboarding process, which is true but also means when we piss off some user they can create a bunch of accounts while they're still spun up and cause a bunch of overhead for the support team and the developers. That gets expensive too.
'anonymity is a great way to ensure privacy' is a strong argument IMO
if (if) you assume that it's impossible for consumers to account for how sites use and share userdata, requiring businesses to allow anonymous transactions is the only policy solution to privacy
tricky to balance a 'right to anonymous transaction' against other policy goals like financial KYC, fraud protection, but IMO our current KYC approach has been taken too far at the cost of consumer welfare, and there's an unexplored middle ground
I try to follow this as much as possible, but at some point when providing a paid service you run into the problem that you need to track whether the user has paid for the software or not.
So even though my software does not require user accounts, it requires a serial number to activate all features. That serial number can be linked to the purchaser, so in theory my app could do really invasive tracking. (It doesn't, but my users have to rely on my word)
How can one fix this? I would love for my software to somehow anonymously check whether the user paid for it, and isn't running it on more than X devices, but I'm not sure how this could be done without revealing the users identity.
Mullvad allows Bitcoin purchases of tokens, which can then be used as a serial for the VPN that works for the time period you've purchased. Users can change tokens any time. That's probably close to what you're already doing.
I'm not sure how Mullvad does it, but I keep a record of who purchased what serial number. My number one customer support request is people asking for their serial numbers because they lost them, which is why I keep a record.
The PinePhone (Pro) and its ecosystem looks promising, no? I'd say we're closer than ever to it being a capable daily driver, certainly by the next iteration.
Note that the Librem 5 is practically a scam. There are still people who ordered in 2017 who have not received their phone. Requesting a refund takes hundreds of days to be issued.
What we used to call "Need to know" is making a comeback. You don't
need to know. I don't need to know. And in most cases the less we do
know the better. Glad that GDPR is spreading this fundamental security
principle again. Most websites could and should dispense with
sign-in. Even those that have something to sell can compartmentalise
that function these days. That's why I like Gemini, because of its
regression to more or a less stateless web that is about words, roles,
knowledge, links, things and places, but not so much about people and
"identity". That's where we've gone wrong with WWW.
I have been experimenting with trying to draw a line between wants and consequences where I work. It's tough, and I'm only barely making headway, but on a large project what you often end up with is people adding costs to the system without a clear payoff, and without cost accounting.
I am trying to get telemetry in place to demonstrate how much of our capacity is going to particular features, so that we can say, okay, that wizbang thing is costing us $100k a year. Our profit is 1:X (we make $X for every dollar we spend). Is this lowering or raising our profit margin?
I think we are completely disconnected from opportunity costs and the entire center of most orgs I've been in are all about covering your own butt and telling stories. Until the layoffs happen and then we discover that the investors, advisors and some of the C suite actually care about whether spending $1 for the prospect of making $1.50 is a complete waste of time and energy. And I often wonder if some of the narratives I hear about who got laid off and why are not seeing this calculus in the results.
I feel that no user accounts just makes things harder. For some things it isn't required, like joining a video call.
But user accounts helps reduce spam, save profiles and enable cross platform syncing.
Sure you could do something like have a user account-like process, which involves unique ids and all that jazz. Except, at that point, you're making a user account with 10 more steps.
Yeah, but I think a lot of things could do well with just a pseudonym and a passphrase. Sure, that's still a user account, but no email or phone number or other stuff required (unless you want notifications, or to be able to reset your passphrase).
And maybe prefer procedurally-generated identicons rather than photo avatars if you want a visual aspect.
The thing that F-droid are getting right here is "if we don't track you, you have privacy from us".
But privacy is not secrecy. If f-droid tracked my every waking move, and then just never bother to look at that data, I would still have privacy from them.
What they are doing here is a form of guaranteeing their future good behaviour. Which is nice, but there are other methods. For example I am happy to announce my plans to not rob a bank. But there are means in place to ensure I do not - At least not twice.
So while it is nice to find ways to avoid having user accounts at all, most hospitals will have to have other means to keep their users privacy.
Most of the time we are going to need to rely on regulation, where PII data (which lets face it is 98% of all data) will both legally and culturally have to be protected at levels hardly dreamed of today.
No, they have an unexploited asset and you think you're safe because nobody has exploited it yet. This is false security. If money gets tight they'll exploit it. If they get bought out the new owners will exploit it. If they get hacked, the entire Internet will exploit it.
I would highly recommend that you spend a little bit of time thinking about or working with groups of dissidents, other oppressed groups, even people who have been sexually harassed. I have seen so much wrong-thinking about what Security actually is and it's always people living in a privilege bubble, not thinking of actual, real life existential threat that exposure can represent until they have some user in hiding because they got death threats after being doxxed. Or just plain disappearing because their government black-bagged them over something they posted online.
Yes, I do live a privileged life. I think I get it. And I do not want to spark some kind of fight here. I am interested in your views and would be interested in specific cases / archetypes of concern.
But I do not want to be on the side of "we need a better way to hide". Staying hidden should not be the solution to death threats. Jail is the solution.
I hate that we (western ? US/UK?) society has abandoned hope of properly funding a justice system, let alone a mental health system.
In our society I do not want the response to death threats to be "hide better". It must be "police better". And that is expensive and difficult and long.
In other societies, well, We are not going to bring the worlds dictators down with clever messaging protocols. That is going to be old fashioned politics (and by recent events war too).
I have been very unsure about posting this - it's a very big wide topic that raises a lot of emotions. And that's because it is important - we have much to fix about our world.
My friend dragged me to an Amnesty International meeting in college and for like the first half hour I thought they were joking. Surely... no, they're serious. There are movie villains out there in the world.
But since then I've had friends who volunteered for domestic abuse situations, and I've had a few friends who talked about former stalkers. In one case, the stalker was a LEO. My best friend's parents found asylum in the US, having snuck out of Poland sometime in the mid 80's, with the Communists hot on their trail. The Law would have had them swinging from a yard arm.
Jail isn't the solution in at least half of these cases. It's the stick being used against the victim, not a way out of the problem. In the police procedural dramas the cops have to assure people about how they're not INS, they're just here to ask about a murder. Those fictional scenarios, and the real situations that inform those writers, are essentially a case of Principle of Least Power playing out on the streets. Protests are often about changing the laws to match current or emerging public opinion. Changing a law means you're working against the law.
Consolidating all power into one place is how power trips end, but it can also be how they start. As someone else put it so plainly elsewhere in the thread, "You don't need to know" is an important concept and one we've lost. If I were President, I'd dismantle the TSA, and go back to something halfway between what we had before and where we are now. Because it looks exactly like the setup for a dystopian novel. We're still partly in the 'acclimate people to unreasonable request' but that's how totalitarians start out.
I see. I guess it's something about trust or hope. I hope that we can build a society that respects the individual rights of all, while using the powerful insights of digital surveillance to improve our lives (obvious answer is how much medical epidemiology will benefit from minute by minute data).
I can certainly see I am putting hope over experience. But that is the excuse to do nothing as well.
The world has changed. We must chnage our laws and our culture.
Yes there is a danger of totalitarianism, but we have had that without iPhones. We will have it with iPhones. The problem lies not in our stars.
> Mozilla has taken this idea a step further with Firefox Klar (also known as Firefox Focus similar to Firefox Klar but with less private default settings).
Speaking of which, Focus fits my flow of incidental, one-off browsing quite well — it’s my default browser. If I need a more serious or stateful interaction, I might have the service’s/whatever’s app installed, or use Chrome or full Firefox.
It’s actually not that simple – Firefox Focus and Firefox Klar are two different apps, with different packages.
The official Firefox Klar builds originally contained slightly less tracking than the official Firefox Focus builds. Nowadays it might be only the trademark that keeps them separate, but originally there were clear differences in code.
I've been thinking a lot about this for https://www.diffdiff.net. After convenience, privacy is the core of the value proposition - the text to diff doesn't get sent to the server.
On the other hand, though, if you want to publish/share a diff, then, you know, privacy is the core of the value proposition, so you probably don't want to share it with the whole world, much less let the whole world edit or delete it!
It's possible to design a scheme with hard-to-guess URLs, URL parameters with "secret edit tokens" and so on, but that feels hard to use and different from how other sites work.
The way mega.nz works is the sharable url contains a decryption key in the hash. The server only sees encrypted data, the client requests that data then decrypts it. This design ensures they have no ability to see user content, while still enabling users to share links on the web.
We're just talking about software delivery here. Its the same as Debian not requiring you register before using `apt` to install packages (or every other linux distro).
It depends on context, but often having an object representing the user is at best a speed bump to a bad actor. Social media's an obvious example here. I know Twitter does quite a lot to limit bad actors, but the outcome is still not great.
The vast bulk of sites want to make signup easy, meaning user objects are cheap. Cheap user ids are easily disposed of and replaced. So if you need to keep bad actors out, user accounts may not help a ton.
I have been thinking how we can incentivize people building netizen friendly website/app. Creating users, cookies, javascripts heavy, paywall, analytics, etc all share a common incentive of ease of monetization. Privacy, usability, performance, all important stuff, but apparently not important enough, as a result plummeted.
Installing applications is a rare event, updating them is frequent, and needs to disrupt the user as little as possible. Android used to not allow alternative app stores to update apps without user interaction, but now supports this through UPDATE_PACKAGES_WITHOUT_USER_ACTION, which doesn't seem to be supported by F-droid. So it's manual clicking for each update.
F-droid also somehow gets the regular update flow wrong and often (always?) shows an error when you try to install the update from the notification. That has remained unfixed for years. So you have to manually open it, initiate the update, then click through the dialogs.
Additionally, the official repos update so slowly that they're useless for fast-moving stuff like NewPipe.
Together with Android bugs like https://issuetracker.google.com/issues/204233247 (resetting all "open with" URIs on update), this makes using packages installed through F-Droid a nightmare.