There are those who believe that F-Droid’s role as a “middle man” vetting and building packages from source instead of blindly shipping builds provided by upstream makes it a security risk, because you’re trusting F-Droid in addition to (some say instead of) the upstream developer. Perhaps telling is that none of these critics can offer an alternative solution.

Before anyone mentions Obtainium and Accrescent, these are not alternatives to F-Droid, they solve completely different problems.

I feel like there’s a lot of FUD around this subject, because people bring it up as if it’s purely a negative without talking about the reasons why it’s done the way it is. The whole point of F-Droid is that it’s a repository (not a store) of free software applications. They have an inclusion policy forbidding proprietary code and dependencies, and in order to enforce this policy they have to build from publicly available source code, and in order to do so they need to sign the builds themselves. This means, yes, you are trusting F-Droid instead of the upstream developer - but given F-Droid has higher standards than upstream developers this is a tradeoff I am willing to make.

Reproducible builds solves this in a way that preserves the standards of F-Droid, however, “security peoples’” favored “alternatives” (such as Accrescent, Obtainium, and Google Play Store/Aurora Store) forego this entirely, showing they don’t either have a viable solution to offer or that they don’t really care about the problem that F-Droid is addressing to begin with.

Vivaldi’s target audience is people who don’t mind proprietary blobs as long as they are “good” or make things “work better.” Given that Vivaldi itself is essentially a proprietary blob combined with a Chromium backend this makes sense.

AFAIK FUTO/Rossmann, to their credit, stopped trying to openwash themselves. They created their own phrase “source-first” to describe their proprietary EULA.

That doesn’t change the fact that it’s proprietary and not worth promoting here.

For me LineageOS is a good baseline. I don’t have anything against “privacy” OS’s but they’re not really for me. I just use F-Droid to get apps and don’t care about compatibility with proprietary stuff so neither microG nor the GrapheneOS sandboxed Play services are of interest to me. I don’t use GrapheneOS because I don’t have or want a Pixel phone.

LineageOS significantly increases the lifespan of devices it supports and that’s important to me. Planned obsolescence is cancer.

My ideal mobile OS would be something like Mobian (or even better, a GNU Guix based distribution) but it should be noted that AOSP is also a Linux based operating system and thus anything derived from that is a Linux mobile OS.

Microsoft is about as bad as any other proprietary software company. They do some good things for the open source economy, but they also mistreat their users.

I think it’s a mistake to look at the free software movement as being a reaction against Microsoft or Google. It’s against the proprietary software world in general.

This app is actually free (as in freedom) and not merely gratis.

https://github.com/bitwarden/authenticator-android

F-Droid has high inclusion standards (not high enough IMO but apparently too high for many Android developers). If a project isn’t in F-Droid and has no interest in being in F-Droid I consider it a red flag, but it’s crucial to find out if an issue has been opened and what the project’s response on that issue is. Sometimes it’s just because the developer(s) haven’t gotten around to it yet, but other times it’s because there’s a proprietary component that can’t be easily removed.

For example on this app (2fas) the reason it’s not on F-Droid is apparently because it uses Google cloud messaging (FCM) and there’s no interest in developing a version without. https://github.com/twofas/2fas-android/issues/14

Unfortunately with the security FUD against F-Droid peddled in part by PrivacyGuides and other organizations (which Obtainium and its fanbase happily help spread) there is decreasing interest even in using, let alone developing for, this repository.

AFAIK on Android it has a hard dependency on Google services. I don’t mind installing proprietary stuff to my work profile for the express purposes of work but that requires modifying my system to accommodate this specific app and that’s a step too far for my personal device. So I use a free software option (Aegis) instead.

edit: if for some reason I really did need MS Authenticator and not any old TOTP app, I would procure a googled device specifically for work rather than install google or microG into my personal device.

There is, I believe, a fundamental misunderstanding as to what exactly a site like Stack Overflow is. It’s not a forum; there’s no such thing as “your posts.” It’s more like Wikipedia, as in a collaborative question-and-answer site, or a knowledgebase. Each question and answer can be edited like a mini wiki page. They aren’t “yours” any more than the Wikipedia page you created ten years ago is; you contributed it to the commons, so (at least in theory) you don’t have the right to take it back.

Whether whatever "Open"AI is doing is right is another question, of course. But, I don’t think destroying or poisoning the commons to strike back at it is any helpful either; it feels like “destroying it to save it.”

FWIW I’ve been using purple-discord for several years (and made some contributions to it) and have yet to be banned.

Beeper is proprietary but their Matrix bridges are all free software, as far as I am aware. I think you can also use a free software client with Beeper’s service (that’s what people have said in the last Beeper thread I’ve seen).

Thank you for providing links to true third party clients and not just webview wrappers and mods for the first party client.

Privacy isn’t the only reason to use free software. Some people have contacts on Discord that they don’t want to lose touch with. Of course, like all proprietary silo networks, Discord is best avoided if possible.

Because even some FOSS developers value convenience over freedom and privacy, unfortunately. Those of us who’ve spent decades warning about this get shouted down and told we’re being too puritan or ideological and that the proprietary thing just works and everyone uses it already so we’re wasting our time.

https://xkcd.com/743/

Free refers to freedom, not price. It is perfectly acceptable to sell free software.

Very concerning misinformation in this thread. Open source does in fact mean more than “can look at the source code.” The open source definition closely parallels the free software definition, in fact.

I don’t like the terms open source, FOSS, or FLOSS precisely because of this misconception.

Fauxpen source licenses such as this are the answer to the wrong question.

“Other people making money with my stuff” was never a problem in the software-freedom community. Whether this means “selling my stuff” or “using my stuff in a commercial setting” (“commercial use” restrictions are confusing in this way). In the free-software world we just accept that our work belongs to the community and the community can use it in ways we don’t approve of.

(Edit: Likewise, it has never been an issue to sell copies of free software, although I should point out the very nature of software freedom makes it more difficult to guarantee a revenue stream in this way)

Rather, this is a symptom of the proprietary software world’s reaction to free software and co-option of it (in the form of the open source movement). Tom Preston-Werner, founder of GitHub, opined that proprietary software companies should open source almost everything - “almost everything” being anything that does not “represent business value.” In other words, open source cost centers but keep profit centers proprietary. Ideally, these companies would cooperate on widely used components (and some do!), but practically they spend as little as possible because capitalism. This is also why we see so many projects turning fauxpen source lately; these companies imagined they were developing cost centers and then realized they could be profit centers instead.

What was (and still is) a problem is people making proprietary derivatives of free software, and copyleft is the solution to that. If you want to extract license fees from proprietary software developers you can dual-license under a strong copyleft like (A)GPL for the free software community and sell proprietary licenses. Believe it or not, Stallman explicitly does not object to this - mainly because, if selling GPL exceptions to enable proprietary development is wrong, then releasing under a permissive license must also be wrong because that also enables proprietary development.

Traditional GNU/Linux distributions (as well as F-Droid) are not “app stores” even though they are superficially similar. Traditional distributions are maintained and curated by the community, and serve the interests of users first and software developers second, whereas an “app store” has minimal curation and serves the needs of software developers first and users second.

I point this out because there’s an annoying meme that traditional distributions are obsoleted by the “app store” model. I don’t think that’s the case. “Verification” is essential for an app store but pointless for a distribution.

Unfortunately a lot of this seems in reponse to Midori, a seemingly hostile fork with a pretty suspcious website.

To some people all forks are hostile. This appears to be such a case. He just seems to be sour over people exercising the same freedoms he got from Mozilla upstream. Rules for thee but not for me. The free software community doesn’t need his obscure fork.