Free Software Foundation issues statement on new iPhone models from Apple

Why is harvesting fingerprints such a catastrophic possibility? The government already has your fingerprints if you've ever left or entered the country, and they've likely been taken during other periods in your life as well. Hell, even the Cambodian government decided to scan my fingers when I passed through. DrCube's counter-argument [1] is logical: that with these existing databases, the government can now access your phone. But really, is this feature being touted as a impenetrably secure way to unlock your phone? It seems to be positioned as "a way to make accessing your phone convenient for you and non-trivial for others," and I think this feature does exactly that.

If you can't trust the phone vendor, why are you not more paranoid about entering your username/password on the device? What about location data? I really can't fathom why decrying fingerprint technology is the nexus of your argument here.

https://news.ycombinator.com/item?id=6364725

"I don't know why other comments are being so snarky or dismissive and apologetic in response to this."

Because if you didn't already know what the FSF thought about <closed source software> you are the cancer killing HN by upcritically upvoting this (along with every NSA comment in every thread not remotely related to the NSA).

"The FSF have made a very astute observation"

No they haven't. They've made the same observation they always make -- closed is bad, proprietary is bad.

I think the FSF's caution is reasonable, but Thinkpads have had fingerprint scanners in them for years and it doesn't seem to have significantly impinged the privacy of people who use those devices.

Did they make the same astute observation when Motorola Atrix was released? How about phones having microphones? Funny how people freak out about fingerprint scanner which is optional and may not send any data anywhere, but don't care about Google Now.

"network-accessible fingerprint scanner as your new 'feature'."

It's embarrassing that even high profile people get this so wrong.

I see the statement as not a re-iteration of FSF's take on Apple but rather re-establishing the meaning of free software and its importance to people while the tide is high.

I think this is the problem exemplified, especially the last one -- that was plain embarrassing. The FSF just cannot tactfully spread their (quite wise and forward-thinking) message. To any average Joe, the guy outside the Apple Store protesting the iPad is no different from the local drunk schizophrenic who lives on the alley corner yelling "REPENT, SINNERS!" until he passes out again.

Their concept of professionalism is flawed -- actually, a more apt predicate adjective would be "completely nonexistent." Just look at their website. 2003 wants its two-tone website design back.

Stallman, et. al are also against anyone making any money from building software. He's said as much, that he thinks software engineers should work as waiters rather than work on anything which isn't entirely free.

So, naturally he's against Apple which happens to make a lot of money from building software.

It seems like even within the text of your comment that yes, there is SOMETHING that could possibly convince someone of this mindset that they aren't lying - they could open source the whole thing.

You can't talk about tradeoffs without a firm understand of the two (or more) things you're trading off. There are a million PR agencies evangelising benefits of proprietary software and the drawbacks of Free software, and that viewpoint has been vehemently expressed for over 35 years (Bill Gates' "Open Letter to Hobbyists" was written in 1976, 37 years ago), so that side of the equation is very well understood. Meanwhile, the benefits of Free software and the drawbacks of proprietary software are much less frequently expressed. Sure, if you're a Linux user or subscribe to the nerdier-end of tech-news sites like HN, you've probably heard it all before, but that's still a small percentage of the IT industry, let alone the huge number of people considering updating to the iPhone 5S.

There's room enough for blog-posts and multi-page articles debating where the author wants to draw their personal line between proprietary and Free; we shouldn't complain about the FSF trying to fit their message into a soundbite for their target audience.

>Not to be a jackass, but "regular" people don't want open source. They want things that "just work."

By what logic do you come to the conclusion that these things are mutually exclusive?

Firefox "just works." 7zip "just works." There are innumerable things (like ssh) that "just work" so well that you don't even know when you're using them half the time.

The difference is that with free software you can do the things that don't just work. With Apple if you want to do X thing and Apple deigns to provide X thing then you can do it without any futzing around. But if you want to do X thing and Apple deigns to neglect it then you will not be doing X thing whatsoever, regardless of how much you need it.

So for example if you want to install the latest version of Debian on a PowerMac, you boot the install CD and press enter until it's installed. Generally speaking it "just works." And in the event that it doesn't, chances are that you yourself can make it work. By contrast, if you want to install the latest version of OS X on a PowerMac, you can't. Enjoy your paperweight. The end.

Yes, they want things that "just work", but not against them. Most people realize that security is not perfect, but then most probably did not expect that that meant extensive and chronic surveillance.

Haven't seen a phone that would "just work" if this term means "do what I want it to do". It's always tons of "you can't do it that way" and "you're not supposed to want this." And sometimes it "just works (but not in a way you think it does)".

I agree. Grandma is worried that the NSA is spying on her. I told her to switch to Android and read the source code.

I've never understood the idea that there's all these "regular" people out there with "regular" concerns. Sounds absurd to me.

They "just want it to work" is a lazy generalization that comes from lack of effort in finding out what the real concerns, motivations and thoughts are of the people in our communities.

I'm quite sure it was "regular" people behind the class action lawsuit against Apple for allowing misleading or rip-off practices around in-app purchasing in otherwise so-called "free" games targeted at children. Slow clap for the "curated" protective measures from Apple on that one.

In the end, it turns out that "regular" people are not passive drones, wanting nothing more than for something to "just work". Regular people are complex. Try having a conversation with a regular person, you'll soon find they have all sorts of interesting and complex opinions and concerns about the world they live in

Sometimes, even people who love open source and can code themselves still want things that "just work." I'm one of those people, and I enjoy being able to hack a lot of my electronic equipment, but my phone is something I'd rather have "just work."

They could have canceled the feature and launched the product without it. They could have referenced the privacy implications and their role in it, but they chose not to. The fingerprint scanner is clearly not a reaction to recent events, but we can't honestly pretend it has an existence outside their context.

No matter how ineloquent the FSF may be, we need some people out there leading our introspection, driving us to answer questions for ourselves about the potential tradeoffs. We need multiple groups out their stirring people like us to communicate to "regular people in restaurants" and whatnot what the tradeoffs and technical capabilities are.

This goes double for the new Google phone announced in the wake of the NSA scandal. One if it's new features? A single core is listening 24/7 for key phrases. We have to tell people why this is could be hazardous to their well-being.

> Even if you flash your own os, you still aren't going to know if any backdoors have been added.

CyanogenMod for example is open source. There might still be bugs, whether intentional or not, and you rely on the same hardware but I'd say that it's a definite improvement.

> Android phones aren't anymore transparent. The carrier or phone manufacture can add whatever they like to android.

Correction: most Android phones aren't transparent. But you can get a Google Experience phone (HTC One or Galaxy S4) or a Nexus device (4, 7, 10) and install a 3rd party ROM free of any closed-source software. This is also often possible with other, non-GE/Nexus phones.

Hardware backdoors are a separate issue.

The announcement recommended Replicant and FDroid. Perhaps in the future a Firefox OS or Ubuntu phone could be the basis for a free phone OS?

Of course, rms himself doesn't even use any cell phone at all, so if you are as concerned as he is, you may be out of luck.

FSF offers multiple alternatives to which you could add Firefox OS and Ubuntu, although you would have to trust the hardware is not betraying you.

The backdoors for mobile hardware is at the hardware level. I get the feeling that Google couldn't care less what you actually run inside of the VM that it android, what matters is how it manages access to resources like bandwidth and the associated meta/data required.

I'm sure there is some kind of way to profile what the VM is doing and send it out remotely, but the real security concern is using the phone itself as a platform. People already have secure computing systems, what they don't have is secure (or insecure depending on perspective) network access.

That's pretty much exactly what it says: "... Instead, Apple has given us new hardware with the same old restrictions. ...". Their quip about the fingerprint scanner is mostly just an example as I read it.

No, this isn't "news". The FSF position on Apple's products hasn't changed significantly in decades. That said calling attention to that position and discussing it seems worthwhile in context to me.

Presumably the fingerprinting issue is more of privacy than essential freedoms. Even if we believe Apple when it says that fingerprint data (and authentication?) will remain solely on the device, it's potentially only one vulnerability before someone collects or accidentally exposes millions of iPhone users' fingerprints. And unlike your private keys, you can't change your fingerprints.

Yes, I think they failed to make a strong point in their blog post.

I will be glad if Apple makes fingerprint scanning mandatory, as it will at least introduce the concept of securing your device to the 50% of iPhone users that currently do not use a passcode. I'm really surprised Apple have implemented this before Google.

Agreed. Browsing the Play store is like looking at one of those download pages that has 7 download links--one of which is the real link.

Most people are giving up a freedom that they can't exercise anyway, in exchange for something that the "free" alternative doesn't provide.

Wait, what? You can't coordinate a protest on WP7/8 (or with dumbphones)? Why?

And what's so bad about the camera flash on Android phones (or is it unpopular in Syria)? This comment sounds like a bad advertisement, and is completely meaningless.

"Bashar Assad gassed his country at night"

The matter is under investigation. Stop defaming him without publicly available proof.