Wouldn't the spirit of librem here suggest the solution would just be to make and distribute an open VPN app on iOS and tell your librem one subscribers to install it and have an easy and secure method of downloading a file with your endpoints? Then there is no argument to be made that it's tied to a subscription because anyone could use it for their own or yours or anyone else's that supports it.
PIA (and others I'm sure)offers a zip of .ovpn files for their endpoints that Linux users can import to use with openVPN without using their app.
Obviously, this is a proposed solution to having the app on iOS, no dealing with Apple's access monopoly.
This is timely considering I just got hit with a rejection from Apple for my app. It's insane to me that a $1 trillion company is willing to put someone out of business for a measly $300/mo.
I’m glad there’s a company that is willing to protect its customers from abusive devs. If there are a few false positives then too bad, nothing is perfect.
Apple is requiring us to add the ability to sign up and pay for Librem One subscriptions within the Librem Tunnel app before they will allow updated versions into the App Store.
This the basically the summation of it all. Doesn't Apple require the ability to have anonymous logins too when creating accounts on iDevices?
You're also leaving out that the VPN is just one part of the larger "Librem One" subscription package. It's something customers discover through Librem's marketing, buy from Librem on Librem's website not using Apple's payment/account systems, and not exclusive to Apple platforms in any way.
Yet Apple is forcing them to give up 30% of their revenue, because they can.
It sucks, they don't require it of Netflix, Spotify, Amazon, Disney, etc
What Librem are doing is the right thing though - go to the press, raise a big stink and Apple will back off. It's been proven to work time and time again.
Any software distributed on the App Store immediately becomes nonfree software. The free software definition is linked to the end-user's freedom to modify the programs on his computers, not whether a developer can fork it.
Specifically, distribution on the app store denies "The freedom to... change it so it does your computing as you wish (freedom 1)."
Does Librem One allow you to download the OpenVPN/Wireguard profiles? Because then you can just download OpenVPN Connect and get just about the same experience. Sounds much more free than using a VPN app that can't be used with other VPN servers.
This way you can still pay for Librem One outside the app, and thereby circumvent the 30% toll, and continue to serve your iOS users.
The Android docs seem to hint that it's using ovpn profiles under the hood - it shouldn't be too hard to get the config file if it isn't already provided in the librem one website: https://docs.puri.sm/Librem_One/Android/VPN_Tunnel.html
It is still absolutely fascinating to me how we have arrived at a point where in order to use one's own device properly, one has to ask a US company nicely or be unable to do so - and people pay money for it. On macOS, it is now impossible to distribute a VPN or a virtualization software without permission from Apple. 30% of the world's population would, if their government cut a deal with Apple, be unable to install a certain app at the flip of a button (check Spain's Catalonia referendum or Hong Kong, etc.). I really do hope that some EU regulation will force device manufacturers above a certain market size to allow a) sideloading apps and b) allow different browser engines as boycotts seem to no longer work after a certain amount of market penetration.
On the other hand, I spend 0% of my time managing iOS devices for my parents and am constantly bombarded with issues from my in-laws with Android phones. I agree that some of Apple's behavior is monopolistic and has some unfortunate, possibly unforeseen consequences, but the end result is pretty nice for the consumers who are willing to accept the compromise.
It boils down to someone's personal definition of "properly."
You are on HN. Your definition of using a device "properly" is very different from the vast majority of the other human beings on the planet. You're not Apple's target audience, and that's OK. The more of you there are, the more force there is for creating other options. But don't pretend that there is only one "proper" way to use a device.
> On macOS, it is now impossible to distribute a VPN or a virtualization software without permission from Apple
No it’s not. It’s impossible if you don’t want to require your customers to change some security settings.
We can have a discussion about whether that’s practical for a developer, but either way, the user has control over their Mac. Completely different situation from iOS.
The solution you are proposing is worse than the problem.
If Apple were forced to allow multiple stores or sideloading, governments that right now have no leverage with Apple would force their citizens to install government stores and apps.
The only way to prevent large, billion+ dollar corporations from existing is via highly intrusive state regulation, so people who are appalled by the monopolistic and authoritarian behaviors of big tech should really be asking themselves (1) whether they are against capitalism, because there isn’t a model of optimizing economies for market freedom and profit that disallows the existence of billion/trillion dollar companies, and (2) whether they are okay with breaking up the concept of a “nation-state”, since its size requires it to have large economies.
Not everyone is a developer or reader of HN. Apple has evolved their software to make users safe.
I get fewer problems managing friends and family on Apple products vs Android/Microsoft products. I work in enterprise and am a lot happier managing macOS devices than PCs.
I get the whole “I own it and shouldn’t have to have it walled/leased/owned by the developer,” but the success for Apple when Jobs returned was simplifying the product lineup and making products that just work.
I agree I don’t like being locked into a hardware manufacturers box, but not everyone can build a kernel from source or use Gnome/KDE/whatever desktop manager there is out there. It should turn on, be easy to use, and be a safe experience for everyone.
I'm not clear on why Librem would need to add an in-app purchase option under app store guidelines, and their article doesn't really explain it either.
App store guidelines on this topic are:
> 3.1.3(f) Free Stand-alone Apps: Free apps acting as a stand-alone companion to a paid web based tool (eg. VOIP, Cloud Storage, Email Services, Web Hosting) do not need to use in-app purchase, provided there is no purchasing inside the app, or calls to action for purchase outside of the app.
So are they offering purchase inside the app? I downloaded it, and there's a bare login prompt with no mention of purchasing outside the app that might get them in trouble.
"Even though Librem Tunnel is just part of the overall Librem One offering, because it’s part of a subscription service, Apple is requiring us to add the ability to sign up and pay for Librem One subscriptions within the Librem Tunnel app before they will allow updated versions into the App Store."
However, what you show seems to contradict that?
EDIT: If I were to guess, the flagging was an automated process, i.e. Apple flagged it and sent an automated email to Purism. Whether or not Purism tried to respond or not I do not know, but in the end they decided not to deal with it and pulled their app.
Sidenote, but their font has a really horrible "3". I was reading and wondering why Epic needs to pay 80 % toll instead of 30 %. Even after realizing it’s a 3 I’d always see an 8 at first.
> Their use of the App Store to disadvantage competitors (such as when they removed competing parental control apps in the name of privacy coincidentally when launching their own).
My experience seeing parent control apps, are that they likely leak private data either intentionally or unintentionally. These apps, would have access to all sorts of data, and unless the developers are both very scrupulous and very competent, it is easy for private info to be leaked. I am far more comfortable with Apple handling that, than a third party.
Off topic but this website has the most obnoxious lower case letter 't' I have ever seen. I had to stop reading after the first two paragraphs and try to figure out what was wrong because the text felt off.
one of the many reasons I never bought an iPhone... not because I have some beef against iOS/OSX... I just dislike Apple's business antics, a.k.a. greed.
A few years ago, I got my grandmother an iPad. She used it for years until she passed. I just powered it on yesterday and it now "requires activation", which won't complete via WiFi. All the data on it, e.g. pictures, is now inaccessible. It is, effectively, bricked. I'll sooner eat a pile of shit before I ever touch or recommend another Apple product again.
Edit: To clarify, it was never locked or password protected before, and I would use it to look at pictures in the Photos app locally. I hadn't used it for several months.
I left an iPad on a shelf for more than a year. During that time, Apple must have done migrations with iCloud and Apple accounts, and completely deleted the account the iPad was signed in under. I couldn't unlock the iPad, and I even tried re-registering a new account using the same email address and password that I had originally used. Didn't work at all, and it's still a paperweight.
I'm just lucky in that I didn't have any important data like pictures, passwords or 2FA apps on it. Sorry for your loss.
Okay. I just had to recover my father's iPad account; he's alive but lets just say aggravating at times getting him to do what he is told to do.
Since he bricked his iPad I had to submit a recovery through iCloud and that invokes a twenty four hour delay before it sends recovery information to his listed authentication device; as in his telephone.
So that comes in which directs you to apple.com/recover or such and when you put the id in you have the option to get a 2FA code back to the phone which we did. I then simply put my phone number into the account so all future recoveries would be simpler.
Apple will allow for more than one authentication method, use it for ANY gift you give to an elderly parent or such. Frankly the best option you have is to get yourself on their email account recovery page as well.
Its just common sense in this era of identity theft that you do your due diligence so you can protect those you care for.
If your iPad is asking for a passcode and you don't know it you are lost unless it was backed up which brings up the second point.
When giving gifts like these out make sure to help the recipient learn how to back it up to a computer or have them let you back it up to yours when they visit.
If I understand correctly, Apple would only get 30% of the in-app subscriptions but not those from outside the app?
If so, I think there are likely multiple motivations here. Apple has long been willing to force certain standardizations in the name of simple and uniform user experiences (they’re not perfect but the intent is clearly there). Having to drop out of an app experience to do something isn’t good UX - so enforcing the option to do it in app makes for a simpler experience - as much as it also adds to Apple’s bottom line. To be honest, the issue seems more to be just how big of a cut they want to take - but that’s even harder to fight against (capitalism and all) so this is the easier target.
Can somebody provide a direct answer to the question of why Apple’s App Store policies are bad? The argument that always comes up is that it is anti-competitive, but how does that not encroach on every business owner’s right to decide who they want to do business with, how they want to run their businesses, and how they design their platforms?
Also, one of the examples that always comes up in these discussions is how Internet Explorer came to be dominant in the 90s and 00s stifling innovation in the web, but if you look at how it was dethroned, it wasn’t dethroned because of government regulation; IE was dethroned because more innovative products entered the market, i.e. Firefox and Chrome, and this all happened under the framework of free market capitalism. What, then, is the argument for regulating Apple, and what exactly is the expected outcome?
Firefox and Chrome were able to dethrone IE because Windows doesn't have any gatekeeper preventing apps from being installed.
Apple has the right to decide who they do business with, but app developers shouldn't be forced to do business with Apple at all. That's the asymmetric part of the relationship. App developers should be allowed to distribute/sell apps directly to people. Specifically, the expected outcome is either that the App Store becomes optional (sideloading is allowed) or that the App Store becomes a neutral utility where everything is allowed.
> but how does that not encroach on every business owner’s right to decide who they want to do business with
There is no such right. There is a right to free association, but incorporation is a privilege granted by the state. It comes with many benefits, such as being able to walk away from the business if it goes bankrupt. It also comes with some responsibilities, such as not violating civil rights and antitrust laws.
In practice, some businesses start exerting too much power and start harming other entities, so they have it reduced.
To use your analogy, there is only one road and it is a toll road. Maybe they are ok with a side road, but there is none.
The only thing tired is extractive monopolies. Funnily enough, Apple could make a few small tweaks and not be in this category. They've chosen instead to double down on exerting their market power.
On top of letting the toll take 30% on the merchandise on each deliveries on the ONLY road available on their platform.
They already pay their Apple Developer Program yearly membership fees. If Apples deem this isn't enough, then they should raise the cost to properly take that into account.
I have been a vocal supporter of Librem, and Pine64 because I see the adoption of free devices running free software as a necessary solution and the way to ultimately change the dynamics in the industry.
They are literally doing the thing I think is the solution.
On the other hand, I oppose the generic bashing of Apple and Epic’s antitrust campaign, because these have nothing to do with creating an alternative. Indeed if Epic wins, iOS will become even more entrenched.
So, I can no longer recommend librem, and will only recommend Pine.
[+] [-] crusty|5 years ago|reply
PIA (and others I'm sure)offers a zip of .ovpn files for their endpoints that Linux users can import to use with openVPN without using their app.
Obviously, this is a proposed solution to having the app on iOS, no dealing with Apple's access monopoly.
[+] [-] knubie|5 years ago|reply
[+] [-] FriendlyNormie|5 years ago|reply
[deleted]
[+] [-] Google234|5 years ago|reply
[+] [-] protomyth|5 years ago|reply
This the basically the summation of it all. Doesn't Apple require the ability to have anonymous logins too when creating accounts on iDevices?
[+] [-] bogwog|5 years ago|reply
Yet Apple is forcing them to give up 30% of their revenue, because they can.
[+] [-] akmarinov|5 years ago|reply
What Librem are doing is the right thing though - go to the press, raise a big stink and Apple will back off. It's been proven to work time and time again.
[+] [-] crazypython|5 years ago|reply
Specifically, distribution on the app store denies "The freedom to... change it so it does your computing as you wish (freedom 1)."
[+] [-] prophesi|5 years ago|reply
This way you can still pay for Librem One outside the app, and thereby circumvent the 30% toll, and continue to serve your iOS users.
[+] [-] Stephen304|5 years ago|reply
[+] [-] pojntfx|5 years ago|reply
[+] [-] jsperson|5 years ago|reply
[+] [-] LeoPanthera|5 years ago|reply
Citation needed? I don't believe this is true. Tunnelblick and qemu both exist on macOS independently of Apple's approval.
[+] [-] reaperducer|5 years ago|reply
It boils down to someone's personal definition of "properly."
You are on HN. Your definition of using a device "properly" is very different from the vast majority of the other human beings on the planet. You're not Apple's target audience, and that's OK. The more of you there are, the more force there is for creating other options. But don't pretend that there is only one "proper" way to use a device.
[+] [-] Wowfunhappy|5 years ago|reply
No it’s not. It’s impossible if you don’t want to require your customers to change some security settings.
We can have a discussion about whether that’s practical for a developer, but either way, the user has control over their Mac. Completely different situation from iOS.
[+] [-] zepto|5 years ago|reply
If Apple were forced to allow multiple stores or sideloading, governments that right now have no leverage with Apple would force their citizens to install government stores and apps.
[+] [-] ctdonath|5 years ago|reply
If you don’t like the product, don’t buy it. Don’t compel them to satisfy your whim via police power of the state.
[+] [-] google234123|5 years ago|reply
[+] [-] 3grdlurker|5 years ago|reply
[+] [-] emteycz|5 years ago|reply
And who cares then...
[+] [-] someonehere|5 years ago|reply
I get fewer problems managing friends and family on Apple products vs Android/Microsoft products. I work in enterprise and am a lot happier managing macOS devices than PCs.
I get the whole “I own it and shouldn’t have to have it walled/leased/owned by the developer,” but the success for Apple when Jobs returned was simplifying the product lineup and making products that just work.
I agree I don’t like being locked into a hardware manufacturers box, but not everyone can build a kernel from source or use Gnome/KDE/whatever desktop manager there is out there. It should turn on, be easy to use, and be a safe experience for everyone.
[+] [-] mullingitover|5 years ago|reply
App store guidelines on this topic are:
> 3.1.3(f) Free Stand-alone Apps: Free apps acting as a stand-alone companion to a paid web based tool (eg. VOIP, Cloud Storage, Email Services, Web Hosting) do not need to use in-app purchase, provided there is no purchasing inside the app, or calls to action for purchase outside of the app.
So are they offering purchase inside the app? I downloaded it, and there's a bare login prompt with no mention of purchasing outside the app that might get them in trouble.
[+] [-] kop316|5 years ago|reply
"Even though Librem Tunnel is just part of the overall Librem One offering, because it’s part of a subscription service, Apple is requiring us to add the ability to sign up and pay for Librem One subscriptions within the Librem Tunnel app before they will allow updated versions into the App Store."
However, what you show seems to contradict that?
EDIT: If I were to guess, the flagging was an automated process, i.e. Apple flagged it and sent an automated email to Purism. Whether or not Purism tried to respond or not I do not know, but in the end they decided not to deal with it and pulled their app.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] Semaphor|5 years ago|reply
[+] [-] RcouF1uZ4gsC|5 years ago|reply
My experience seeing parent control apps, are that they likely leak private data either intentionally or unintentionally. These apps, would have access to all sorts of data, and unless the developers are both very scrupulous and very competent, it is easy for private info to be leaked. I am far more comfortable with Apple handling that, than a third party.
[+] [-] newbie578|5 years ago|reply
I feel like the tide is turning and change is coming.
[+] [-] vultour|5 years ago|reply
[+] [-] martin1975|5 years ago|reply
[+] [-] m-p-3|5 years ago|reply
[+] [-] forgotmypw17|5 years ago|reply
Edit: To clarify, it was never locked or password protected before, and I would use it to look at pictures in the Photos app locally. I hadn't used it for several months.
[+] [-] nemothekid|5 years ago|reply
In other words, why are you surprised that you can't hack into an Apple device?
[+] [-] heavyset_go|5 years ago|reply
I'm just lucky in that I didn't have any important data like pictures, passwords or 2FA apps on it. Sorry for your loss.
[+] [-] Shivetya|5 years ago|reply
Since he bricked his iPad I had to submit a recovery through iCloud and that invokes a twenty four hour delay before it sends recovery information to his listed authentication device; as in his telephone.
So that comes in which directs you to apple.com/recover or such and when you put the id in you have the option to get a 2FA code back to the phone which we did. I then simply put my phone number into the account so all future recoveries would be simpler.
Apple will allow for more than one authentication method, use it for ANY gift you give to an elderly parent or such. Frankly the best option you have is to get yourself on their email account recovery page as well.
Its just common sense in this era of identity theft that you do your due diligence so you can protect those you care for.
If your iPad is asking for a passcode and you don't know it you are lost unless it was backed up which brings up the second point.
When giving gifts like these out make sure to help the recipient learn how to back it up to a computer or have them let you back it up to yours when they visit.
[+] [-] phren0logy|5 years ago|reply
[+] [-] lyptt|5 years ago|reply
[+] [-] musicale|5 years ago|reply
If the device never had a passcode/fingerprint/face id before you certainly don't need one to unlock it even if it has auto-updated.
It looks like the device auto-updated, so you should be able to complete the activation.
Now if you are talking about accessing iCloud, then you may need the iCloud password.
Apple should be able to help you fix the issue if you can't fix it yourself.
[+] [-] skim1420|5 years ago|reply
[+] [-] Angostura|5 years ago|reply
[+] [-] incongruity|5 years ago|reply
If so, I think there are likely multiple motivations here. Apple has long been willing to force certain standardizations in the name of simple and uniform user experiences (they’re not perfect but the intent is clearly there). Having to drop out of an app experience to do something isn’t good UX - so enforcing the option to do it in app makes for a simpler experience - as much as it also adds to Apple’s bottom line. To be honest, the issue seems more to be just how big of a cut they want to take - but that’s even harder to fight against (capitalism and all) so this is the easier target.
[+] [-] stalfosknight|5 years ago|reply
[deleted]
[+] [-] 3grdlurker|5 years ago|reply
Also, one of the examples that always comes up in these discussions is how Internet Explorer came to be dominant in the 90s and 00s stifling innovation in the web, but if you look at how it was dethroned, it wasn’t dethroned because of government regulation; IE was dethroned because more innovative products entered the market, i.e. Firefox and Chrome, and this all happened under the framework of free market capitalism. What, then, is the argument for regulating Apple, and what exactly is the expected outcome?
[+] [-] wmf|5 years ago|reply
Apple has the right to decide who they do business with, but app developers shouldn't be forced to do business with Apple at all. That's the asymmetric part of the relationship. App developers should be allowed to distribute/sell apps directly to people. Specifically, the expected outcome is either that the App Store becomes optional (sideloading is allowed) or that the App Store becomes a neutral utility where everything is allowed.
[+] [-] m463|5 years ago|reply
It's sort of like net neutrality and your ISP.
You pay your ISP for access to the internet.
If your ISP is also charging others for access to you, then either:
- you will pay more for those services, or
- the services available to you will be diminished
same for apps.
[+] [-] howinteresting|5 years ago|reply
There is no such right. There is a right to free association, but incorporation is a privilege granted by the state. It comes with many benefits, such as being able to walk away from the business if it goes bankrupt. It also comes with some responsibilities, such as not violating civil rights and antitrust laws.
In practice, some businesses start exerting too much power and start harming other entities, so they have it reduced.
There's been plenty written about antitrust. Check out some of the works of Lina Khan, who's slated to join the FTC soon: https://www.wired.com/story/lina-khan-ftc-antitrust-biden-ad...
[+] [-] imwillofficial|5 years ago|reply
[+] [-] adamcstephens|5 years ago|reply
The only thing tired is extractive monopolies. Funnily enough, Apple could make a few small tweaks and not be in this category. They've chosen instead to double down on exerting their market power.
[+] [-] m-p-3|5 years ago|reply
They already pay their Apple Developer Program yearly membership fees. If Apples deem this isn't enough, then they should raise the cost to properly take that into account.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] zepto|5 years ago|reply
They are literally doing the thing I think is the solution.
On the other hand, I oppose the generic bashing of Apple and Epic’s antitrust campaign, because these have nothing to do with creating an alternative. Indeed if Epic wins, iOS will become even more entrenched.
So, I can no longer recommend librem, and will only recommend Pine.