F-droid gets many things right (e.g. verifiable builds), but it's just not usable in practice.<p>Installing applications is a rare event, updating them is frequent, and needs to disrupt the user as little as possible. Android used to not allow alternative app stores to update apps without user interaction, but now supports this through UPDATE_PACKAGES_WITHOUT_USER_ACTION, which doesn't seem to be supported by F-droid. So it's manual clicking for each update.<p>F-droid also somehow gets the regular update flow wrong and often (always?) shows an error when you try to install the update from the notification. That has remained unfixed for years. So you have to manually open it, initiate the update, then click through the dialogs.<p>Additionally, the official repos update so slowly that they're useless for fast-moving stuff like NewPipe.<p>Together with Android bugs like <a href="https://issuetracker.google.com/issues/204233247" rel="nofollow">https://issuetracker.google.com/issues/204233247</a> (resetting all "open with" URIs on update), this makes using packages installed through F-Droid a nightmare.
App developer's perspective. I have a few apps on all major places, including F-Droid. The 'no user accounts' thing makes developing and distributing on F-Droid a freeing experience, as compared to the G/A 'jails'. There is no pressure to meet arbitrary undocumented restrictions, you are not subject to the whims of dehumanizing AI routines, there are no ratings and reviews (the feedback is direct). The build and deployment process is not really my problem, as part of their Reproducible Builds, even that aspect is taken care of. <a href="https://f-droid.org/en/docs/Reproducible_Builds/" rel="nofollow">https://f-droid.org/en/docs/Reproducible_Builds/</a>
I tried something like this once and it worked surprisingly well, even for a UGC site.<p>Years back we were doing something that included users documenting TV shows. We had a big meeting where people put every feature they wanted on index cards. We laid the cards out a founder's dining room table. The host got their change jar and each person got a certain number of pennies to mark features they thought were vital for first launch.<p>After the first round of token-voting, the "user accounts" card had no votes. At first it seemed impossible. But after some discussion, we realized that viewing users didn't need accounts for launch. For people who wanted to edit, we let them type in a name to take credit for their contributions if they wanted, but with no verification. At worst, we figured we could add something more robust if the need were stronger.<p>It turned out fine. The launch got out earlier and we got to test a number of key product hypotheses without having to build any sort of user account system. Months later it did eventually become the highest priority. But not having accounts worked way longer than I expected.
'anonymity is a great way to ensure privacy' is a strong argument IMO<p>if (if) you assume that it's impossible for consumers to account for how sites use and share userdata, requiring businesses to allow anonymous transactions is the only policy solution to privacy<p>tricky to balance a 'right to anonymous transaction' against other policy goals like financial KYC, fraud protection, but IMO our current KYC approach has been taken too far at the cost of consumer welfare, and there's an unexplored middle ground
Love the sentiment & love F-Droid. Vote for non-dark patterns with your patronage wherever possible!<p>It's a bit sad how a website <i>not</i> employing a dark pattern inspires explicit praise these days...
I try to follow this as much as possible, but at some point when providing a paid service you run into the problem that you need to track whether the user has paid for the software or not.<p>So even though my software does not require user accounts, it requires a serial number to activate all features. That serial number can be linked to the purchaser, so in theory my app could do really invasive tracking. (It doesn't, but my users have to rely on my word)<p>How can one fix this? I would love for my software to somehow anonymously check whether the user paid for it, and isn't running it on more than X devices, but I'm not sure how this could be done without revealing the users identity.
What we used to call "Need to know" is making a comeback. You don't
need to know. I don't need to know. And in most cases the less we do
know the better. Glad that GDPR is spreading this fundamental security
principle again. Most websites could and should dispense with
sign-in. Even those that have something to sell can compartmentalise
that function these days. That's why I like Gemini, because of its
regression to more or a less stateless web that is about words, roles,
knowledge, links, things and places, but not so much about people and
"identity". That's where we've gone wrong with WWW.
I feel that no user accounts just makes things harder. For some things it isn't required, like joining a video call.<p>But user accounts helps reduce spam, save profiles and enable cross platform syncing.<p>Sure you could do something like have a user account-like process, which involves unique ids and all that jazz. Except, at that point, you're making a user account with 10 more steps.
The thing that F-droid are getting right here is "if we don't track you, you have privacy from us".<p>But privacy is not secrecy. If f-droid tracked my every waking move, and then just never bother to look at that data, I would still have privacy from them.<p>What they are doing here is a form of guaranteeing their future good behaviour. Which is nice, but there are other methods. For example I am happy to announce my plans to <i>not</i> rob a bank. But there are means in place to ensure I do not - At least not twice.<p>So while it is nice to find ways to avoid having user accounts at all, most hospitals will have to have other means to keep their users privacy.<p>Most of the time we are going to need to rely on regulation, where PII data (which lets face it is 98% of all data) will both legally and culturally have to be protected at levels hardly dreamed of today.
> Mozilla has taken this idea a step further with Firefox Klar (also known as Firefox Focus similar to Firefox Klar but with less private default settings).<p>Nope, Klar == Focus in German-speaking markets, the rename was caused by an existing trademark: <a href="https://support.mozilla.org/en-US/kb/difference-between-firefox-focus-and-firefox-klar" rel="nofollow">https://support.mozilla.org/en-US/kb/difference-between-fire...</a><p>Speaking of which, Focus fits my flow of incidental, one-off browsing quite well — it’s my default browser. If I need a more serious or stateful interaction, I might have the service’s/whatever’s app installed, or use Chrome or full Firefox.
I've been thinking a lot about this for <a href="https://www.diffdiff.net" rel="nofollow">https://www.diffdiff.net</a>. After convenience, privacy is the core of the value proposition - the text to diff doesn't get sent to the server.<p>On the other hand, though, if you want to publish/share a diff, then, you know, <i>privacy is the core of the value proposition</i>, so you probably don't want to share it with the whole world, much less let the whole world edit or delete it!<p>It's possible to design a scheme with hard-to-guess URLs, URL parameters with "secret edit tokens" and so on, but that feels hard to use and different from how other sites work.<p>I'm quite torn.
I note that F-Droid are hiring contractors right now:<p><a href="https://guardianproject.info/contact/android-python-contractor/" rel="nofollow">https://guardianproject.info/contact/android-python-contract...</a>
I'd like to point to my comment on another thread pointing out some poignant issues with F-Droid's design: <a href="https://news.ycombinator.com/item?id=30507185" rel="nofollow">https://news.ycombinator.com/item?id=30507185</a>
in meatspace a lot of things work without logging in – use cash, buy a hammer, make phonecalls from public booths, take a train etc.<p>Actually showing your id was once rare and still is. In the 80s in UK a lot of people did well completely without one.
I have been thinking how we can incentivize people building netizen friendly website/app. Creating users, cookies, javascripts heavy, paywall, analytics, etc all share a common incentive of ease of monetization. Privacy, usability, performance, all important stuff, but apparently not important enough, as a result plummeted.<p>Would love to learn the options!