The apple store always distribute apps under a proprietary license. So even if the code is open-source, if you install it on your device through the apple store you are still installing proprietary software.
They say on their Github page that their app is licensed under GPLv3. Yet they can't publish it under GPLv3 license to the apple store. This means that if you contribute to the project under the GPLv3 license, they can't redistribute your through the apple store. So if you contribute your code it will always have to be licensed under a permissive license.
> The apple store always distribute apps under a proprietary license. So even if the code is open-source, if you install it on your device through the apple store you are still installing proprietary software.
There is something to the saying that FOSS advocates are never satisfied. The alternative here isn’t a FOSS-distributed iOS app, it’s no iOS app at all.
> The alternative here isn’t a FOSS-distributed iOS app, it’s no iOS app at all.
>> You should put the blame on Apple for this, not on FOSS
advocates.
It seems like an odd interjection to make at this point if Apple is the target. It’s well known that Apple’s store is proprietary and closed source, adding this comment to one of Proton’s news releases can’t help but come across as an implied criticism of Proton.
How is Blink Shell: Mosh & SSH Client[1] licensed as GPLv3 on the iOS App Store? To my knowledge that's not the only GPLv3 app on the iOS app store. Many of the projects give a special grant for it to be published on to the app store.[2]
I’m not even sure a grant is necessary. As the author, you can relicense your work whenever you want. That includes relicensing for a certain platform. So, release your GPLv3 source code, but release the “proprietary” version on the App Store.
If you're the sole author yes. If you took any contributions then no unless you got all the contributors to accept your proprietary license for their contribution.
Actually clicking on the "License Agreement" link pops up a copy of the GPLv3 License, so it looks like you can distribute GPLv3 software in the app store (and charge for it!)
What is the license of apps on the App Store? I don’t really see the issue, as long as you make al the code available. You don’t need to provide the signing certificates.
IANAL but, if they write software and publish it under a license, it does not restrict their own ability to do anything with the software. But, if they accept a contribution under a specific license then that would be different.
Analogy: Movie studio publishes a movie under Creative Commons. They can still use it however they want.
It's probably more about knowing what you are installing on your device anyway.
People love to hate on Apple for "not allowing them to install apps on their devices freely, therefore they don't own the device" but in reality what Apple is doing is controlling the mass distribution channel and you can actually distribute your apps without Apple's approval with some inconveniences to the users.
More importantly, you can run your own code however you want so you don't have to trust 3.rd party apps.
I wish they had developer edition iPhones(I think they have but not easy to get one) where you can experiment more freely. This would win back quite a lot of goodwill since nerds don't care about licenses and such but want to tinker with things freely.
> People love to hate on Apple for "not allowing them to install apps on their devices freely, therefore they don't own the device" but in reality what Apple is doing is controlling the mass distribution channel and you can actually distribute your apps without Apple's approval with some inconveniences to the users.
No, in the reality I know, Apple doesn't allow you to install apps on your device freely.
Yes, and no, in reality. It’s complicated, but you can set up your own enterprise certificate (for a cost) or just resign the app using your own developer license every 7 days. Cydia Impactor even allows you to do the latter on non-macOS devices.
So while it’s definitely not as “open” as, say, a PC or Android, it’s not as simple as, “no they don’t.”
You can also automate the resign-every-week process with iTunes Wi-Fi Sync and have it just work so long as you are on your home network at least once a week.
Run Windows or macOS in a VM? Bare-metal Hackintosh? I agree that it’s somewhat restrictive (and it would be great if iTunes ran on Linux, not that it’s surprising that it doesn’t), but it’s not horribly difficult to run your own self-signed iOS apps. If you can’t handle Windows or macOS, then you’ll have to plug your iOS device in to your Linux machine to use Cydia Impactor.
So you're suggesting to create multiple fake apple accounts and use them to build apps for personal use? I think that Apple would find out and ban those accounts, because surely they made that restriction to restrict exactly this behaviour (abusing developer account to by-pass AppStore). Does someone use that approach?
Fake accounts makes it sound like some “thing”. Just using a couple of different accounts for most any public-ish big service is pretty par for the course.
Not sure what “does someone use that approach” mean. I can just say Apple for sure does not do any sort of banning of any kind if you use a handful of accounts with one device.
There’s probably people in the sideloading and jailbreak community who have a dozen accounts linked to one device. I’ve never thought of it as anything more than just doing some simple relatively innocent thing to get around the 3 limit. No problems to the at this point probably dozen accounts I have.
No, if you are listening to angry hate boys, yes if you actually look into it.
The binary needs to be signed off but Apple does not require a review to sign your binary, only to distribute it through App Store.
So to run your code you create an account, the free version has a shorter validity time frame I believe which means you will have to re-install the app once it ends, set up your signing profile on your developer tools and you are good to install and run any code you want.
You can have a torrent client or app that messes around with private API or whatever. Your code is signed locally, Apple wouldn't know what you are up to.
Apple needs to pay off the influencers to spread the word I guess :) At least, I think they need to take some effort to break the "greedy Apple corporation vs the generaous Google charity" narrative.
Speaking as someone much much closer to a fan boy than a hate boy (I make my living on Apple's platform), this is...possible, but with a lot of caveats. It's nowhere near the level of control you have on a desktop machine.
- The signing expires every 7 days, meaning re-install once a week. The app just crashes on launch when it expires.
- There's a (low) limit on the total number of apps you can have installed at one time via this method. I believe it's 5.
- The Apple ID you're using to codesign the app has to be signed in on the device to which you're installing. (I may misunderstand this one -- been a while since I've done it and it may have changed somehow -- but I'm pretty sure about it.) The implication here is that to share the app to anyone else, you also have to share your Apple ID.
- You're still beholden to Apple. They can revoke your Apple ID and thus your signing privilege pretty much any time for any reason.
They've restricted this avenue enough that I think it's fair to say it's not functional as more than a teaser, for people just checking out iOS development.
Yep, the free accounts are quite restricted. Having a paid developer account makes things much better(I have some app builds installed god knows when that I was too lazy to remove and they are running just fine) but yes, there are restrictions.
I would guess that what Apple wants to prevent is being undercut by another app distribution platform by making unauthorized app installation a pain. It is a choice that brings some advantages and disadvantages.
It is true that Apple might cancel the access to your device but I am find with that as long as Apple is not in a monopoly position. If A day comes and for some reason(like an US embargo?) Apple no longer can serve me, I would just move to the platform that serves me.
There's really nor reason to be paranoid over Apple's grip on the system. I am much more worried about Google cancelling my Gmail account and cutting me off from my digital presence.
I don’t think the Apple ID has to match what you’re signed in to on device. At least when using Impactor. Is the sign in account referring to App Store id or iCloud? I assume App Store.
PSA: One can still distribute and allow installation of full open source HTML5 apps that can work offline and use a smattering of device APIs, without having anything to do with Apple’s app store, developer accounts, or signing.
Sure, it’s not a ‘native binary’, but for all kinds of utilities, both offline and online, that’s not really a problem.
Some big companies even use a web technology approach on purpose for a variety of reasons despite distributing through the app store. Slightly less ‘buttery’ feeling but generally not terrible.
Do you care to explain why you think that nerds care about licenses?
Well, obviously the more politically involved nerds would care and take fights about licenses on the internet but when was the last time a nerd check the license before satisfying his/her curiosity?
I’ve been so happy with ProtonMail as a strategy to store any email I receive with dollar signs in it (to avoid google’s vacuuming it up into “purchases” and “reservations” dashboards, which I find exceptionally creepy on a paid gsuite account)
ProtonMail provides a lot of value for the small dollar amount per month! So happy to see the new mail beta, and now open source for the iOS app!
Very excited for protondrive now. Google Drive is usually fine but I never feel comfortable storing scans of IDs or tax documents there.
I have a few domains from a time where I could just add more domains to my server config. Getting all of those to work on ProtonMail is quite expensive (I'm on Visionary right now)
Depending on your use case, Yandex is a good alternative to Gsuite. No charge to use your own domain...it's free. No doubt Russians can scan it all, but maybe they have little interest in a US centric small business for example.
Also, I imagine they have little interest in complying with US LEO requests.
I'd be very worried about transferring business bank account details and commercial records to Russia. The state might not be interested in you in particular, but scammers know no borders. Also Yandex has admitted publicly to providing customer data to the FSB. Again you might not care about the FSB, but any transfer of or access to data to an outside organisation inherently increases the risk of further leaks.
Agree, but there are many more cases where the US digging into details is more risky than Russians doing the same. Yandex is a often a better, not perfect alternative for US small businesses.
I run a small business myself, and prefer Yandex for my email. What use cases DON'T apply? This keeps any of my customers free from NSA spying and US jurisdiction for my choices.
I'm not questioning your personal preference, I'm asking about a few of the specific (of, you say, many) cases in which using Yandex email is better for a small US business.
The NSA has greater authority (and likely, capability) to collect every single bit in a Yandex server than it has in a Google one. And, of course, so does the FSB, the security service of something fairly close to an actual mafia-run state. So that one doesn't sound super-convincing. What are some others?
My view is pretty much any city centric mom and pop business. The Russian risk is lower than the US Federal risk almost always. Consider the IRS and importing products.
Right, I understood you believe this, I'm trying to understand the basis for that belief since it seems both counter-intuitive and at odds with available facts.
Edit: you added a bit of detail about the IRS after I replied, are you saying a yandex email makes it easier to evade taxes? That the advantage of such an email address is skirting or breaking laws and regulations?
Re: The IRS. No, not pro evading laws. Like any law enforcement office, they can overreach, overstate, misinterpret, conflate, etc. Restricting their access has pros for innocents.
Here's a real example. Aluminum extrudes are highly import taxed UNLESS they are are an integral product feature. Does the IRS get to see my emails on that, pre-emptively, before any presumption of doubt? Should they be able to poke a few search terms into an NSA database? Or is the burden on them to get a subpoena?
I see no weirdness that they can see my books but have no business in my conversations. Decades ago, they couldn't peer into meetings in a real-time, prior reasonable doubt way. 1984 and all.
Putting your mail on a foreign server doesn't keep it free of NSA spying; in fact, it may make it easier for NSA to spy on you, because no legal requirement exists to prevent NSA from owning up foreign servers --- that is in fact NSA's entire charter.
The iron law of "You Are Going To Be Mossad'd Upon" applies.
As a European I don't trust the big US corporations but I can guarantee you I'd never voluntarily or any sensitive data - or my email, which is also an authentication tool for many issues - into the hands of a Russian or Chinese company. Like how incredibly naive can you be to think that that's not going to haunt you or some of your contacts in the future. Any dispute - boom, welcome to the Russian legal system!
I agree, but it's conditional. There are many, many, use cases where Russians knowing everything you do is way more palatable than the US knowing everything you do.
I love Protonmail, me and my entire family would have already been on it with a nice custom domain if that wouldn't cost me 32 euro's a month (4 mailboxes: me, wife and 2 kids, per year payment reduces it to 25/month). I now pay 6.05 euro's for that at Transip (can go up to 5 addresses + hosting space, 3 addresses is 3 euro's). I like Protonmail more, better, cleaner webUI, focus on privacy, nice app... but it's really really expensive.
> I like Protonmail more, better, cleaner webUI, focus on privacy, nice app... but it's really really expensive.
Have you considered something like Mailbox.org instead? It's also privacy-focused, European-based, allows custom domains, and starts at 1€ / month without any yearly commitments. Also, no proprietary stuff and much less marketing crap.
* Mailbox.org has a per mailbox price that starts at EUR 1 per month
* Runbox has similar options
* Mailfence is another one, but I have no idea how easy it is to use for setting up the custom domain and mailboxes (last I checked quite sometime ago, the setup involved contacting them)
* Migadu has an "all you can eat" pricing that starts at USD 48 per year, with restrictions placed on how many emails you can send per day. For those who don't use email accounts to send a lot of mails, I don't think there's anything that can beat Migadu on price.
All the above providers are based out of Europe. All of them provide direct IMAP support (unlike ProtonMail where you have to use a bridge application).
For those who don't mind US based hosting, Mxroute is another provider that's slightly similar to Migadu on the hosting several mailboxes for a fixed price.
Think of it the other way around: how much per month is Google making by reading your email (with bots) to generate a marketing profile so companies can buy targeted ads to sell you stuff? Besides, feature-wise, you get a LOT more from ProtonMail than, say, Fastmail, which is the low-feature, no-frills, non-encrypted alternative.
If you aren’t paying for the product then you ARE the product.
I would actually like to see a source for this claim. Google did state that it would stop scanning emails for targeting ads "later this year" at some point in time. But I haven't seen a document after that reaffirming that this has been done.
I suspect GDPR would have been sufficient threat since not all people involved in a scanned email were guaranteed to be Gmail users, so gaining consent would have been problematic.
I'm not really sure this is 100% true. I recently got a fight confirmation email and immediately started getting "things to see in LOCATION" push notifications from Google maps. I'm not sure of course that they really read my email, but it did convince me to look at alternatives.
As a Fastmail user (that's perfectly capable of managing his own PGP keys), what features am I missing? I honestly can't think of a single feature that'd make me go "I wish Fastmail had that".
If you're not using your own domain, and are instead using the provider's domain for addresses, one huge difference is that Fastmail recycles deleted addresses within a few months, whereas ProtonMail never recycles addresses on its domains. That to me is critical.
> Think of it the other way around: how much per month is Google making by reading your email [...]
That is a really weird way to think about it. For all I may know, google may be earning a million dollar by selling my data ... does not make the alternative product worth the money google is making for me to pay to avoid it.
I didn't because I'm not paying... But I do know that the bridge ensures that all data is always locally de and encrypted before being read from and sent to the Protonmail servers. So Protonmail can never read your mail. On the other side of the bridge, your standard email client can talk normal imap (which does not support encryption). I think it is rather elegant.
Indeed and the build up is strange because a one person account is 5 euros (4 paying yearly) a month. But then add a family with (2) kids that hardly do email, use the same domain, may even share the same GBs and for 4 persons it becomes more than 5 times as expensive. All separate accounts is not an option because we share a domain... It's very weird and aimed a single people I think.
Protonmail mentioned in the comments that the Android app is currently undergoing a similar third-party audit and the source code will be released once that is complete.
Does this mean that the app could be forked to support multiple accounts (which is currently not possible for the free tier users with the official app)?
Sure, but you need a paid Apple account to put it on the App Store. Chances are none of the cheapskates who ‘believe strongly in freedom’ are going to put their money where their mouth is and spend the $100 so everyone can enjoy that freedom.
You can't do that anyway. You can't put GPLv3 apps on the App Store.
ProtonMail can put this app on the store, because they own it and can relicense the App Store build at-will. But no one else owns ProtonMail's code, so we can't take it, give it an App Store-compatible license, and publish it.
Except I’m not using protonmail since I trust my yubikey way more in terms of storing my private keys.
Also, it only seems like a simple task. You still have to manage notifications and UI for multiple accounts. Not to mention that I’d probably not do that free of charge.
Beyond all the other benefits of this, hopefully it means more general feature updates/bug fixes. There are several (minor) bugs in the app that have existed for some time now, and it doesn't yet support iOS dark mode, for example. I know they don't have a huge team and are focused on the web app and security, but it would be exciting if the iOS app started getting a bit more love.
I wonder if the ProtonMail server will ever be open source. It'd be pretty cool to see the code and possibly self host, although having source code available might allow spammers to abuse the system.
If the software is indeed open source, it's entirely reasonable to expect to be able to use it unencumbered- I would be a bit bothered and would also complain if that were not true.
ProtonMail, the iOS app, is now open source, but ProtonMail, the service, is still proprietary and (mostly) paid.
It's somewhat comparable to using Thunderbird (open source) to connect to GMail (proprietary). GMail might impose some restrictions regardless of the open source status of the client.
Open source (or free/libre software, which is the more appropriate term in this context) guarantees you the right to modify the software to your liking, including the removal of that signature. It does not guarantee fitness for your purpose or usability out of the box.
There are lots of open source clients for commercial services. You’re not entitled to connect to other people’s hardware for free, even if the software is open source.
I think you can only provision a compiled app to run on a phone for 7 days before needing to reinstall IF you aren't paying the $99/yr Apple dev account fee. Running on simulators is free, though.
They say on their Github page that their app is licensed under GPLv3. Yet they can't publish it under GPLv3 license to the apple store. This means that if you contribute to the project under the GPLv3 license, they can't redistribute your through the apple store. So if you contribute your code it will always have to be licensed under a permissive license.
Still can't wait for the F-Droid release though.