
Free Software Foundation issues statement on new iPhone models from Apple - eltondegeneres
https://www.fsf.org/news/free-software-foundation-statement-on-new-iphone-models-from-apple
======
abalone
They've got it all wrong. Users are vastly better protected from the kind of
network surveillance they mention with Apple products, thanks to their
curated, controlled approach to third party software distribution.

This is backed by hard data on malicious attacks from the Dept. of Homeland
Security and the FBI. 79% occurred on Android, and just 0.7% on iPhone.

I'm also 100% positive this will have no effect on the reasoning of the FSF.

Source:
[http://www.bbc.co.uk/news/technology-23863495](http://www.bbc.co.uk/news/technology-23863495)

~~~
brymaster
> Users are vastly better protected from the kind of network surveillance they
> mention with Apple products, thanks to their curated, controlled approach to
> third party software distribution.

You have got to be kidding.

For an ecosystem where its been the 'norm' to slurp users entire address
books[1], NOTHING about Apple's 'curated, controlled' approach protects users.

Please get real.

1\.
[https://news.ycombinator.com/item?id=3563016](https://news.ycombinator.com/item?id=3563016)

2\.
[https://news.ycombinator.com/item?id=5632934](https://news.ycombinator.com/item?id=5632934)

3\.
[https://news.ycombinator.com/item?id=3564830](https://news.ycombinator.com/item?id=3564830)

4\. [http://www.idownloadblog.com/2012/09/27/facebook-
ios-6-phone...](http://www.idownloadblog.com/2012/09/27/facebook-ios-6-phone-
number/)

~~~
aaronbrethorst
Not any longer. Users must explicitly approve app access to contacts the first
time it's requested.

~~~
brymaster
And that only took them until iOS 6! My point still stands.

~~~
enraged_camel
No, your point does not stand. You shifted goalposts, like most posters here
do when they are proven wrong. Just admit your ignorance and move on.

~~~
brymaster
Admit what defeat? What an odd thing to say - as if posting on HN is some sort
of battleground.

Anyway, for years apps have been collecting user data without interference.

My point still stands. Apple can't protect users on their own platform. Keep
those blinders on, I guess.

~~~
awolf
Your point was

> NOTHING about Apple's 'curated, controlled' approach [that of having a
> closed source operating system] protects users

Definitely shifted goal posts.

Unrelated: you've said nothing to support this point anywhere throughout this
thread.

~~~
brymaster
> Unrelated: you've said nothing to support this point anywhere throughout
> this thread.

That's not true.

------
nly
I don't know why other comments are being so snarky or dismissive and
apologetic in response to this.

It doesn't matter whether or not you like the FSF, agree with Stallman, prefer
Android, think the problem is rogue apps, the NSA, or think it's all
irrelevant anyway due to the secret and proprietary nature of mobile firmware,
baseband or hardware.

The FSF have made a very astute observation about the implications of having a
finger print scanner in a personal device which you can probably not trust
with your secrets. Can't we talk about that specifically instead of flogging
the same old dead horses?

Do we really want to wait a few years until we discover that the authorities
have been downloading fingerprint profiles from phones (like they're already
known to do with messages and contacts) to acknowledge the insight here?

~~~
mrmaddog
Why is harvesting fingerprints such a catastrophic possibility? The government
already has your fingerprints if you've ever left or entered the country, and
they've likely been taken during other periods in your life as well. Hell,
even the Cambodian government decided to scan my fingers when I passed
through. DrCube's counter-argument [1] is logical: that with these existing
databases, the government can now access your phone. But really, is this
feature being touted as a impenetrably secure way to unlock your phone? It
seems to be positioned as "a way to make accessing your phone convenient for
you and non-trivial for others," and I think this feature does exactly that.

If you can't trust the phone vendor, why are you not more paranoid about
entering your username/password on the device? What about location data? I
really can't fathom why decrying fingerprint technology is the nexus of your
argument here.

[https://news.ycombinator.com/item?id=6364725](https://news.ycombinator.com/item?id=6364725)

~~~
nly
> The government already has your fingerprints if you've ever left or entered
> the country, and they've likely been taken during other periods in your life
> as well.

So, because it's pervasive, it's absolutely fine to allow it to become more
pervasive?

Fyi, I'm approaching 30, have travelled widely, and to my knowledge have never
had my finger imprints taken. I see no reason to find this acceptable. Not all
countries are as fucked as the US in wanting your biometrics.

> is this feature being touted as a impenetrably secure way to unlock your
> phone?

That's not the issue, it's the fingerprints themselves that the FSF and many
of us are concerned with. Sure, you _do_ leave your fingerprints everywhere
you go... but I really can't see a team of spooks dusting down the counters in
McDonalds or the handrails in the subway to establish a national database. On
the other hand, I can _totally_ see the Facebook mobile app using fingerprints
for remote authentication and then the authorities gaining access to that data
store.

> If you can't trust the phone vendor, why are you not more paranoid about
> entering your username/password on the device? What about location data?

1) I can use a password that's unique to the device, my account, my app, or
the the colour of my underwear. My fingerprints don't change.

2) Location data is less avoidable because it tends to be a by-product of
optimal operation of a mobile device. Even excluded GPS, cell towers can be
used to triangulate your position well enough to be useful to advertisers, for
example, but that same raw data is totally needed for hand-off between cells
and managing network coverage.

3) Again, existing concerns don't make new concerns OK.

~~~
jemeshsu
> Not all countries are as fucked as the US in wanting your biometrics.

Malaysia is another country that will scan your fingerprint when you enter the
country.

------
Samuel_Michon
This is not news. Stallman and the FSF are against all things Apple and have
been ‘critical’ of the company for ages.

[http://www.fsf.org/blogs/community/5-reasons-to-avoid-
iphone...](http://www.fsf.org/blogs/community/5-reasons-to-avoid-iphone-3g)

[http://www.defectivebydesign.org/apple](http://www.defectivebydesign.org/apple)

[http://stallman.org/apple.html](http://stallman.org/apple.html)

[http://www.geek.com/apple/fsf-attends-ipad-launch-with-
warni...](http://www.geek.com/apple/fsf-attends-ipad-launch-with-warning-
sign-1190692/)

~~~
kunai
I think this is the problem exemplified, especially the last one -- that was
plain embarrassing. The FSF just cannot tactfully spread their (quite wise and
forward-thinking) message. To any average Joe, the guy outside the Apple Store
protesting the iPad is no different from the local drunk schizophrenic who
lives on the alley corner yelling "REPENT, SINNERS!" until he passes out
again.

Their concept of professionalism is flawed -- actually, a more apt predicate
adjective would be "completely nonexistent." Just look at their website. 2003
wants its two-tone website design back.

~~~
dgesang
Don't judge a book by its cover.

~~~
nikatwork
That's all very nice in theory, but if I am not a domain expert in a subject
and the book's cover is made of clip-art and Comic Sans, human nature will
lead me to trust it less.

Humans are not rational animals, no matter how much we'd like it otherwise.
Rather than shouting down the tide, it's wise to invest in a little
design/marketing - even if it rankles.

------
badman_ting
Points scored, pat yourselves on the back.

Apple says the info stays on your device. "They're lying." Ok, but is there
ANYTHING that could possibly convince someone of this mindset otherwise? I'm
guessing the answer is along the lines of, Open source the whole thing. Oh
well. Like I said, points scored.

~~~
sanderjd
It seems like even within the text of your comment that yes, there is
SOMETHING that could possibly convince someone of this mindset that they
aren't lying - they could open source the whole thing.

------
kemiller
Apocryphal, but funny story about Calvin Coolidge: After returning from church
one day, his wife is supposed to have asked him, “What did the preacher talk
about?” Mr. Coolidge is reported to have tersely replied, “Sin.” Still
insistent, Mrs. Coolidge probed, “Well, what did he say about sin?” That is
when Silent Cal responded, “He was agin’ it.”

What did the FSF talk about? Proprietary software. What did they have to say
about it? They're agin' it. And like the sorts of preachers who love to talk
about sin, there's never room for subtlety or tradeoffs.

~~~
thristian
You can't talk about tradeoffs without a firm understand of the two (or more)
things you're trading off. There are a million PR agencies evangelising
benefits of proprietary software and the drawbacks of Free software, and that
viewpoint has been vehemently expressed for over 35 years (Bill Gates' "Open
Letter to Hobbyists" was written in 1976, 37 years ago), so that side of the
equation is very well understood. Meanwhile, the benefits of Free software and
the drawbacks of proprietary software are much less frequently expressed.
Sure, if you're a Linux user or subscribe to the nerdier-end of tech-news
sites like HN, you've probably heard it all before, but that's still a small
percentage of the IT industry, let alone the huge number of people considering
updating to the iPhone 5S.

There's room enough for blog-posts and multi-page articles debating where the
author wants to draw their personal line between proprietary and Free; we
shouldn't complain about the FSF trying to fit their message into a soundbite
for their target audience.

~~~
Karunamon
I had a friend bring this exact thread up over dinner. The reaction of pretty
much everyone else at the table, myself included, was "Okay, and? How is this
different from what the FSF does every day? Are they planning on releasing
some silly PR flack every time a company comes out with a new device?"

Meanwhile, the benefits of proprietary software are more immediately obvious
(the professional content creation market, for instance, is completely
unserved on Linux last I checked), while the benefits of free/open source
software are much more subtle and more ideological than functional.

The recent NSA shenanigans have (rightly, IMO) elevated the priority of that
ideological fight, but it still is what it is.

(Note that I believe the FSF is fighting a good fight, but their organization
and leadership appears to be dogmatic and often unrealistic)

------
davidedicillo
Not to be a jackass, but "regular" people don't want open source. They want
things that "just work."

And there's no such thing as secure, unless you build your own software, that
only talks to your own servers and that only uses your personal telco and your
own infrastructure.

~~~
AnthonyMouse
>Not to be a jackass, but "regular" people don't want open source. They want
things that "just work."

By what logic do you come to the conclusion that these things are mutually
exclusive?

Firefox "just works." 7zip "just works." There are innumerable things (like
ssh) that "just work" so well that you don't even know when you're using them
half the time.

The difference is that with free software you _can_ do the things that _don
't_ just work. With Apple if you want to do X thing and Apple deigns to
provide X thing then you can do it without any futzing around. But if you want
to do X thing and Apple deigns to neglect it then you will not be doing X
thing whatsoever, regardless of how much you need it.

So for example if you want to install the latest version of Debian on a
PowerMac, you boot the install CD and press enter until it's installed.
Generally speaking it "just works." And in the event that it doesn't, chances
are that you yourself can make it work. By contrast, if you want to install
the latest version of OS X on a PowerMac, you can't. Enjoy your paperweight.
The end.

~~~
Dylan16807
>By what logic do you come to the conclusion that these things are mutually
exclusive?

That conclusion is not in the post you're replying to.

~~~
AnthonyMouse
Are you trolling? If you don't read the post's first paragraph to say that
regular people want software that "just works" rather than open source
(thereby implying said conclusion), it would turn the paragraph into
gibberish. Reading the two statements as unrelated makes the statement about
regular people not wanting open source into a baseless conclusion without
explanation and makes the statement about wanting things that just work into
an irrelevant tangent having nothing to do with the topic of discussion. I
prefer to give the poster the benefit of the doubt that the post was intended
to convey a coherent meaning rather than an arbitrary amalgamation of
unsubstantiated opinions.

~~~
Dylan16807
The argument is that regular people _do not care_ about open source.

You're reading too far into posts or something. I never said the statements
were unrelated. They're definitely related, just not in the way you thought
they were.

Compare to: "Regular users don't look for 'health' food, they want something
purple." Nowhere is it concluded that something can't be both healthy and
purple.

Bonus link: [http://www.fastcompany.com/1739774/how-carrots-became-new-
ju...](http://www.fastcompany.com/1739774/how-carrots-became-new-junk-food)

~~~
AnthonyMouse
Let me put it this way: If the post I responded to didn't conclude that open
source doesn't "just work" then using the same logic, my post didn't say it
did. All I did was point out that healthy food _can_ be purple, and that
"regular" people may benefit from retaining their ability to choose to eat
food of more than one color.

~~~
Dylan16807
Your post did a good job of showing examples of software that does both, and
making an argument that open source improves the chances of working.

But your very first line, the line I quoted, directly states that
davidedicillo was calling them mutually exclusive. That line is what I was
objecting to.

------
tnorthcutt
_We can 't imagine a more hostile reaction to the wave of privacy concerns
sweeping the world right now than debuting a proprietary, network-accessible
fingerprint scanner as your new 'feature'._

I can't imagine a more short-sighted view of product development than to
assume that new hardware is a _reaction_ to events which occurred only a few
months before the first shipment of that new hardware.

~~~
diydsp
They could have canceled the feature and launched the product without it. They
could have referenced the privacy implications and their role in it, but they
chose not to. The fingerprint scanner is clearly not a reaction to recent
events, but we can't honestly pretend it has an existence outside their
context.

No matter how ineloquent the FSF may be, we need some people out there leading
our introspection, driving us to answer questions for ourselves about the
potential tradeoffs. We _need_ multiple groups out their stirring people like
us to communicate to "regular people in restaurants" and whatnot what the
tradeoffs and technical capabilities are.

This goes double for the new Google phone announced in the wake of the NSA
scandal. One if it's new features? A single core is listening 24/7 for key
phrases. We have to tell people why this is could be hazardous to their well-
being.

------
kilroy123
What alternative do we really have?

Android phones aren't anymore transparent. The carrier or phone manufacture
can add whatever they like to android.

Even if you flash your own os, you still aren't going to know if any backdoors
have been added.

~~~
benologist
FSF offers multiple alternatives to which you could add Firefox OS and Ubuntu,
although you would have to trust the hardware is not betraying you.

~~~
kilroy123
With the FF OS phones, I wouldn't trust the phone manufacture not tampering
with the OS, or like you said, the hardware.

~~~
mwcampbell
I wonder how the GeeksPhone Peak+ fares in this context. I pre-ordered one a
few weeks ago.

------
richardking
This statement seems to be a general 'complaint' about Apple, rather than
specific to the new iPhone models introduced today. How is a fingerprint
scanner restricting users' essential freedoms?

~~~
vwinsyee
Presumably the fingerprinting issue is more of privacy than essential
freedoms. Even if we believe Apple when it says that fingerprint data (and
authentication?) will remain solely on the device, it's potentially only one
vulnerability before someone collects or accidentally exposes millions of
iPhone users' fingerprints. And unlike your private keys, you can't change
your fingerprints.

~~~
diydsp
We could perhaps communicate this to people by way of saying that it resembles
Bt corn. Bt works well as an infrequent insecticide, however, when it is used
full-time, insects become immune to it and the usefulness of Bt is spoiled
forever.

We could also regard fingerprints as a classic example of Security-By-
Obscurity, like SSNs. They work well when used in small, obscure places like
Top Secret building locks, but once the obscurity is removed by the
fingerprints being compromised through accidental distribution, the technique
as a resource is collapsed as a whole for everyone.

------
MisterWebz
There were people in that other iPhone thread claiming that the discussion
about the privacy issues of the fingerprint scanner were irrelevant to the
discussion and that they'd much rather not talk about it because they were so
sick of reading about the NSA. I kid you not.

------
mni3
In a different way, you could argue that the Apple Appstore (and similar) are
protecting general computer users from malicious software.

There hasn't previously been vetting of software, so novices would download
malicious programs from websites unaware. Now Apple performs helpful quality
assurance.

~~~
mattkrea
Agreed. Browsing the Play store is like looking at one of those download pages
that has 7 download links--one of which is the real link.

------
jaekwon
The onus is on the consumers to demand something better. I'm personally
boycotting Apple products partially for this reason. If I were to found a
company & give my employees cell phones, I would lean heavily towards
open/free hardware/software.

What hardware do you think is safe?

------
Tloewald
> We can't imagine a more hostile reaction to the wave of privacy concerns
> sweeping the world right now than debuting a proprietary, network-accessible
> fingerprint scanner as your new 'feature'.

That's what I call a serious failure of imagination.

------
codex
"Free software empowers users to replace any software hostile to their
interests."

I suppose so, but there's a much powerful mechanism: consumer choice. If a
user feels a phone is hostile to them, they will buy one which is not. This
replacement phone may be Free Software, or it may be non-Free. Free Software
can be user-friendly software, yes, but it can also be user-hostile. Users
won't use hostile Free software, but they won't use hostile closed source
software, either. That's the free market at work.

The FSF's position here is akin to: "Buy open source toasters, so you can
easily modify it if it's a design which spontaneously explodes!" No thanks--
I'll just buy a different toaster.

------
desireco42
I know everyone thinks this is nuts, but these people are the one who stand
their ground and defend our freedom when it is almost crazy to do so. I admire
them for pointing up obvious freedoms that people routinely give up.

~~~
cwp
Most people are giving up a freedom that they can't exercise anyway, in
exchange for something that the "free" alternative doesn't provide.

------
rdl
Rather than telling me not to use iOS (which I think is probably the best
overall package right now), FSF should build something better. I'd probably
tolerate Android 2.x-level quality if it were actually secure (i.e. I pick my
own root of trust for all services, which might be a server I own), and
ideally could run modern Android apps in nice little partitions. Neither Apple
nor Google is really committed to building something like that, and I doubt
Microsoft or Blackberry will, either.

------
shadowOfShadow
How can somebody not know that Apple is the brand of rebellion. You didn't see
WTO protestors winning the day with Windows Phones.

When Bashar Assad gassed his country at night, you didn't see lives being
saved by Android-mounted LED's. You saw iPads lighting the night sky.

Just sayin.

~~~
ewoodrich
Wait, what? You can't coordinate a protest on WP7/8 (or with dumbphones)? Why?

And what's so bad about the camera flash on Android phones (or is it unpopular
in Syria)? This comment sounds like a bad advertisement, and is completely
meaningless.

------
npguy
Apple should spend its cash on things that matter, like new product ideas.

[http://fakevalley.com/apple-investing-in-black-magic-to-
get-...](http://fakevalley.com/apple-investing-in-black-magic-to-get-product-
ideas-from-steve-jobs/)

------
yalogin
Did they just jump the gun and issue a statement on something they did not
even touch? If fingerprints are network accessible is their main complaint,
should they not wait till its out, check it and then issue a statement?

------
chatman
It is hilarious to see how agrieved Apple (and Android) fanboys here have
become to read the FSF post.

Android and Apple, both have proprietary code. Both are inappropriate
intrusions on users' freedom. Is it so hard to understand?

------
msisk6
At some point this whole exercise gets rather silly. No matter how open and
secure the phone is, there's the software that runs on the towers and in the
telco system that tracks personably identifiable data and metadata.

The solution is simple, though: if you really want to make sure your mobile
device isn't spying on you just don't use one. A bit inconvenient, but it's
not the end of the world. Unless you're a mobile developer. ;)

------
noonespecial
I really hope that what gets stored and transmitted is a hash or some sort of
meta-data generated using my fingerprint and not a scan of the _actual print_.

~~~
jaekwon
Doubt it, for something as analog as a finger print, I'm having a hard time
imagining a one-way hash function.

~~~
diydsp
This made me curious, so I found things like this:
www.cse.unr.edu/~bebis/UdayFingerprint.pdf‎ and
www.csis.pace.edu/~ctappert/dps/IJCB2011/papers/200.pdf‎

The features themselves are somewhat of a hash of the image, and as
quantizable elements, they could be further hashed.

------
oscargrouch
the big majority of the people in this thread seems to lack the understanding
that whats is really bad by this new wave of walled gardens created by apple,
is not only about inly closed software anymore.. its against to let someone to
decide by you what is good or not.. if they dont like something, or is
politically incorrect, you will never have the chance to choose for yourself!
im not talking about virus, and malware.. but political matters..

we got several problems with this approach.. one is the monopoly of one.. the
centralization.. this is bad economically and politically .. since the bad
guys the ones who have the apple in their pockets already could own whatever
apple has..

the other big implication, something unnaceptable for me.. is the fact they
can do whatever they want remotelly from their central with something that you
bough with your own money and SHOULD BE YOURS, its your property.. you do
whatever you want with it... do you wanna sell a music you bought to somebody
else.. can you? can you choose a app with artistic nude , because its your
choice??

its not just about now, its about the future.. its about the freedom of the
future generations.. i think all of this moves from any company ridiculous..
and by paying for this you are paying for the society failure in stand against
something will take our liberties away..

its a pretty phone with a big trap inside of it... corporations are taking a
ground they should not trespass and the problem is that others big companies
just follow..

dont worry, they are your friends.. they will protect you! while this
community in 100% in terms of technology wisdom , its visible the lack of
critical thinking of so many people is this thread.. its pretty sad

------
RachelF
The deep irony is that iOS is based on BSD, which is free.

~~~
belorn
A good example to bring up when picking a license. Would the author of a
software package be happy having apple using the software, but never receive
any attributions back. If the software is good, the CEO of apple get the
praise, and the author get forgotten. If its bad, you get the bug reports.

We all here know that iOS is built on BSD, but how many can name a single
author of that code? How many know the author of the linux kernel?

~~~
X-Istence
How many people know anyone besides Linus Torvalds? FreeBSD for example is a
project that was co-founded by Jordan Hubbard, who incidentally also worked at
Apple for a long time on OS X...

So named a single author, as requested. Linus may be known better, but when
you are practically synonymous with badly behaved/child like/tantrum throwing
behaviour you may want to rethink why you are well known...

~~~
Samuel_Michon
Naming your OS after yourself also works, although it takes chutzpah. Not even
big ego Steve Jobs named an OS or other product after himself.

------
dil8
Closed source with a finger print scanner!! No thanks...

------
nsxwolf
It's network-accessible? I'm sorry, does the FSF know something we don't, or
are they just ignorant and shooting off at the mouth?

~~~
prezjordan
Apple says it isn't, but I guess the general argument is that there's simply
no way to verify that claim.

------
vankap
I believe both sides have valid arguments depending on who you think the
threat is. If you expect complete control over your data then you would want
the system to be open source and transparent. To protect an average smartphone
user from malicious apps, a closed and curated system like Apple's appstore
makes sense.

------
jonny_eh
So the FSF says that people shouldn't use Apple phones because they don't run
FSF software? I'm shocked!

~~~
improv32
No, it's that they don't use Free Software. The FSF is not the only Free
Software organization.

~~~
fc2
Not to mention all the patent trolling and hardware restrictions.

------
EpicEng
The FSF folks always come off as little more than crotchety old men. Right or
wrong, their message obviously isn't being heard or perhaps few people
actually care. People vote with their wallets, may e it's time the FSF
evaluates their approach as they are completely ineffectual.

~~~
dgesang
... or maybe it's time for the people should stop voting with their wallets
and start listing. Then maybe their message would be heard and more people
would start to care about what they are saying and realize that they ARE
actually right.

~~~
EpicEng
Good luck with that approach. Idealogical, wishful thinking doesn't solve
problems.

~~~
dgesang
How is people using their brains instead of their wallets idealogical or
wishful thinking?

------
laureny
tl;dr: The FSF would rather you did not use any mobile phone at all since none
exist that match their requirements.

Nut jobs.

------
andrewflnr
Is there a good reason they didn't include FirefoxOS on the list of
alternatives?

------
Tloewald
> We can't imagine a more hostile reaction to the wave of privacy concerns
> sweeping the world right now than debuting a proprietary, network-accessible
> fingerprint scanner as your new 'feature'.

A serious failure of imagination.

~~~
rimantas
And serious failure on facts. iPhone is not the first phone to have
fingerprint scanner, and "network-accessible" is false is Apple is telling the
truth. Unless FSF know better than Apple.

------
drill_sarge
Why is this the big deal? Apple stands for everything that the FSF fights
against. Same goes for Microsoft and all the usual others. Just the usual
statement in case you didn't know already.

------
gesman
One way to submit your fingerprints into a single database for free in an
organized matter. Good move!

