Ask HN: Non-duopoly smart phone in Sweden?
I live in Sweden. I do not have a smart phone because I do not agree to the terms of service for the Apple Store or for Google Play, and have the luxury of not needing a smart phone for my life.
It is getting harder because Swish (person-to-person payments) and Mobil BankID are so widely used, while BankID on a computer is not. My gym recently switched from an RFID card to phone QR code to enter, and I get the idea the chain doesn't want to continue to support the handful of people like me without a phone.
A couple of days ago I learned about /e/OS and de-Googled phones. I like the privacy orientation, the EU location of company, and the fact that they haven't been fined 2 billion Euro for abusing monopoly power or found to violate EU privacy laws. I am willing to pay the 800 EUR for a Murena Fairphone 5 ... if I know it will work.
However, BankID says they do not support /e/, and even if it works now, they say all risk is on me if does not work in the future. That is not a risk I want to take. I figure it's easier stay with what I know works than to backtrack in the future.
This requires a political solution. I figure others are working on this. Are there any suggestions for who they are?
Additionally, what laws are in place to require support for those without a smart phone? My barber dropped debit card support in favor of Swish, but still accepts cash. But places are increasingly going cash-free, which may mean Swish-only in the future.
87 comments
[ 1.6 ms ] story [ 147 ms ] thread(Directed at the OP) That said, I don’t think the Swedish government cares much about people like you. I’m not sure how to make them change either. I wish you luck.
But at the same time, at some point it is not feasible to enforce support for non-smartphone by law. You have to realize that your own freedom only goes so far. Society grants you the right to live without a smartphone/car/whatever, but it is your decision, and you can't force the rest of society to put up with it.
What do you mean it’s not feasible? We could certainly enforce it if there were legal will. We enforce society to do many things it wouldn’t do if it weren’t for legislation.
For example, I want the courts to be able to step in in case of a disagreement between me and Apple or Google, while the ToS says the company is free to decide.
I want the law to prohibit the collection of user information other than what is needed for basic functionality. The Google Play ToS specifically says they will develop an advertising profile for my phone even if logged out, and I disagree with it.
I also want the ToS for basic use for daily life to not change unless the government has agreed with the changes, similar to how my bank, power, and phone providers are regulated.
I think I could agree to the ToS with those changes. I do not think it is beyond the pale to consider restrictions which are already applied to other services essential to daily life.
I am happy that such people exist, because I don't have the energy for that lifestyle these days.
The issue isn’t the barber who’s asking for Swish. It’s Swish. This is one of those tricky cases where the service is quasi-governmental, a state-sanctioned monopoly service in partnership with the government, but not run by it.
It’s not an unreasonable take to ask to opt-out of smartphone requirements for daily life. Alternatively, as a society make it clear that this is a requirement for commerce, and be explicit about what protections are in place against misuse/exploitation.
It’s not reasonable for a smartphone to be a de facto necessity for life, but then privately controlled and with no discussion around safety, privacy, etc. — Privacy is a human right in many parts of the world. A government that essentially requires compromises to privacy via unconstrained third parties, in order to engage in basic market transactions, at the very least should be open about this requirement and discuss its trade-offs.
Am I wrong?
"As we want to offer users a way to access apps without tracking, we have an option to sign in to App Lounge Anonymously. With this option, we are able to offer access to commercial applications without requiring a personal Google account: it means no tracking! This option gives only access to the free catalog."
That would work for me, but only if I know that BankID and my bank will support such a system, which I suspect they will not unless forced to by the government.
The status quo sucks. Political solutions are probably years off, and likely entail making Apple and Google behave rather than mandate open standards and allow alternatives. We are stuck with this duopoly for now. (At least desktop and laptop computers don't suffer from this.)
Alternative OSes on the smartphone are pointless if participating in digital society is your goal, because your friends and family will all use WhatsApp or something (this varies by country), and your bank will make banking with them harder if you don't use their app. Your government will increasingly rely on you owning a smartphone for digital access. In the Netherlands, digital access to healthcare records now by law requires that you either use the DigiD app on Android or IOS, or that you resort to begging for a paper copy; there will be nothing in between¹. When travelling, the apps for the larger public transport companies will have all the delays, re-routings, e-tickets, and other useful stuff. All of these require one of the two smartphone software stores, Apple's or Google's.
At least with GrapheneOS you can limit the Play Store to that handful of apps you must grudgingly use. The rest can be gotten from the, excellent, FOSS F-Droid store (like OsmAnd~, OpenCamera, and OrganicMaps), so you can minimize having to deal with the noise and chaos of the Play Store.
The Swish-thing sounds totally dystopic by the way. It's just by a quirk of fate that we don't have that trend in the Netherlands, where paying with a debit card is standard and smartphone payment systems basically just use that same system with a digital debit card. The war on cash is being waged here too though.
1: Use of DigiD, the Dutch digital identity system, without the app is not allowed for healthcare records, and existing healthcare systems are required to migrate to this. It is still allowed to login for other purposes like taxes using a password or SMS confirmation — for now.
Is it the need to identify oneself that you find dystopic?
The difference between the Swedish personnummer and similar system in other countries is basically that the Swedish version functions unusually well.
You can actually get a personnummer without being a citizen.
I'll agree that the system is not optimal and could be better in this regard, but it is hardly dystopian. You have about 2 hoops to jump through to get your ID, and after that you'll have full access to one of the most convenient bureaucracies on earth (and that's probably the first time I've used the words convenient and bureaucracy in the same sentence!)
Having lived in a few different countries, and having friends who have migrated from a few others to Sweden, I'm fairly confident the Swedish bureaucracy is ahead of the curve.
If I may ask, where do you live that has a better system? How does it work over there?
You can get it changed, but only after getting a dysphoria diagnosis and a recommendation letter from a doctor and then applying to a specific committee, a process that currently takes more than five years (I don’t know how much more because I’m still waiting).
And then of course it’s an administrative nightmare to get in touch with everyone and tell them you’ve done something that usually is seen as impossible since personnummer are meant to be primary keys in society’s database.
https://en.wikipedia.org/wiki/Personal_identity_number_(Swed...
> Alternative OSes on the smartphone are pointless if participating in digital society is your goal,
That is not my goal. My goal is to be able to participate in daily, physical society without having large monopolistic companies outside of strong Swedish or EU regulations be part of my daily life in Sweden.
Does anyone know the advantages of only accepting Swish and no card? I thought EU interchange fees were pretty low and also thought EU merchants didn’t generally own/pay for the terminals as well.
Only accepting Swish and cash is kind of a middle finger to visitors. Maybe the barber doesn’t care, but I’m wondering if it’s just laziness or just happens to much cheaper.
It may be cheaper for the merchant, though I'm not aware what the card fees are. It's also just easier to do than accepting cards (especially if you are a small company, or just don't have an "actual" company at all)
It's also instant, which I don't think card payments are.
It’s also important to point out that Swish is a collaboration between the major Swedish banks.
It's free for individuals, companies pay per transaction (somewhere like 1.50 to 2.50 SEK depending on the bank, and usually a fee for the phone number)
Swish charges SEK 2.50 per transaction.
Upfront costs can probably be neglected for any decently sized business, but if your average transaction exceeds 100 SEK, then swish will be cheaper.
I would assume it's also more handy for the merchants, since you with a terminal there is technology for you to maintain and operate, while with swish the tech you operate is literally a QR code.
The swish only approach makes a lot of sense in that context, as the payment processing fees differs by a factor of 10!
Charging a percentage to process a payment doesn't feel right to me, it's not like a 1000 SEK payment is more work than a 5 SEK payment for the banks.
A few years ago I wrote a Times Higher article called something like "Your future is not supported" about exclusion in schools.
"Not supported" is a seemingly innocuous but vicious expression. In almost all cases it has nothing to say about technical interoperability but is an opaque "layer 8" matter of "policy". Hence you are correct identifying it as a "political" problem.
I also wrote in Digital Vegan about how digital lifestyle choices, such as prioritising security, or choosing not to support convicted criminal monopolists and gangsters, rank equally with other kinds of identity and observances.
We no longer see signs in shops that say "No Blacks, No Irish" But today we have the equivalent with the language of "We do not support..."
> This requires a political solution.
Mandated service-level interoperability with the total elimination of all barriers to entry is the only way to go. It will happen. But it's a slow process. Obviously Europe is leading the way.
You can't decide to be black or Irish. You can very well decide to not have a smartphone.
Which is a fine decision and I happen to support it. But it is a very different level of discrimination. Depending on your definition it might not be discrimination at all.
"Discrimination" might be the wrong word, but I think it's reasonable to mandate businesses not depend on clientele owning specific products that do not relate to the business's core service.
For the same reason it's mandated to pay taxes and drive on the same side of the road as everybody else. Social cohesion and minimising harm to others is sometimes more important than self advantage.
Is "no gays" acceptable?
I accept that distinction. But what makes you believe volition plays the role you imply (which I assume is that someone who decides something is somehow on a lower moral footing than someone without choice?)
Many people "decide" to join particular religious denominations. Or as we accept more commonly today choose to "identify" as this or that, Do we/should we afford them any less respect?
There's a good argument that a sane and reasonable person who decides something, should have more weight attached to that choice than the person for whom it is a matter of accident.
For example, murder is a more serious crime than manslaughter, precisely because someone pre-meditated rather than killing by accident.
I'm not suggesting you are not dismissing reasonable choice as if it were a lesser thing, just saying it's worth thinking about, because this is not philosophically/ethically clear.
edit:
There's also another quite strong and very different argument, but it's more complex:
There's a line in John Fowles book on the subject of poverty where the protagonist says "Being poor is not something that we are, it's just something that happened to us"
Many identity distinctions are not self-identifications but are imposed by another or group upon someone (or group). For example someone who was a proud Yugoslavian woke up one day with a "Bosnian" passport. Discrimination that come from "other-regarding" sources despite our choices, may feel as egregious as those of accident of birth.
But I'd actually like to argue against that.
I wrote here [0] that we ought not conflate technology morals with religion.
It's important to give room to traditional religious beliefs, reasonable lifestyle choices and secular ethical stances. All are important.
Saying this as someone who is a practising Christian humanist but was also once an active secular humanist/rationalist-sceptic.
For most of us it would be best (in the face of all sorts of unknowns coming down the pipe in the guise of AI etc) to establish the primacy of secular ethical choice around technology.
I don't boycott Big-Tech because "Jesus told me to". It's because they're dirty criminals and gangsters who I don't want to give money to. I don't go without a smartphone because "God forbids it". It's because I fundamentally object to being under 24/7 surveillance and having to carry "papers" like in some vicious tinpot dictatorship.
These are just common, secular civic and personal moral choices.
I am surprised that we aren't doing more to stand up for them, and very surprised that Sweden (and Finland and Estonia) of all places have such a blind-spot around social rights and respect for different opinions and lifestyles.
[0] https://techwrongs.org/2023/03/06/microsoft-is-not-a-religio...
In one notable case I told a client I couldn't accept their contract because it was incomplete. "What's the problem? Hundreds of other companies have accepted it." "It says that I also agree to the terms at $URL but that URL doesn't work." They told me the correct URL and I was able to sign it. (Real B2B contracts are pleasingly fair, when both companies are on even terms.)
I cannot agree with the Apple ToS because I do not want to give them the sole right to shut down my account. If a mobile phone is critical for daily life, then the government must be able to overrule Apple's whim or mistake, and do so quickly. If there were true competition, with many alternatives and the easy and guaranteed right to transfer to another provider, then I would also not have a problem.
This is nothing to do with religion, or distrust of technology, but of who has the right to control my daily life. I trust the government of Sweden far more than I do the commercial interest of Google or Apple, who have demonstrated they are not eager participants in EU laws regarding privacy and monopoly.
Deeper problem: The average Western adult does not have the capacity to agree to most legal instruments (EULAs. contracts) used around digital technology today.
I include myself as a computer scientist who even read a bit of law at university and has helped draft and analyse contracts. No "reasonable person" is expected to read them. Tacit and coerced "agreement" to patently egregious terms is already normalised, and this makes a complete mockery of law in our culture.
At some point, if we want to rescue "the law" we must change the way people relate to technology legally.
By the way, HUGE shout out to the OmniGroup, who have the absolute best commercial+proprietary license agreement I've ever read. They even allow some reverse engineering, just not to avoid the licensing system. That strongly influenced my own proprietary license to allow the same.
When I have these discussion with the government and political parties, I will be asking if the high school curriculum is being updated to include more training in reading ToS, and to ask if it's really reasonable to be personally bound to terms that no one reads.
Personally I think there needs to be the equivalent of the Uniform Commercial Code, though to harmonize, standardize, and regulate app service ToS. But that's a wild idea that I cannot pursue, only wonder about.
All I can focus on is that we should not require the permission of Apple or Google to be a citizen living a simple life in Sweden.
Wondering what if anything you thought of that story of the woman who claimed a religious objection to using Microsoft?
(Perhaps you can read my article and follow the links to the original story... I also wonder if this would fly in Britain and think about talking to church ministers about it. I deeply and sincerely cannot bring myself to enrich these crooked bastards, but I feel uncomfortable "cloaking" that in religion even though it may inform my ethics. hope that makes sense)
I of course did. It takes more than a minute to read. It's pretty standard, except that it require binding arbitration in the US, with no ability to opt out.
I signed it, despite being against binding arbitration, because I had no real choice, and because I felt the underlying intentions of ORCID are decently aligned with what I wanted, unlike the underlying intentions of Google.
Plus, I know the editor of the journal I publish in, so if it gets to lawsuit time I think they will make an exception.
In Germany, I know they prefer physical cash the last time I checked. Maybe move there?
When I visited Germany last fall, smartphone use was very common.
Because it is convenient, but you are not forced to use Mobilt BankID because pretty much every service will still work with desktop bankid or the physical device (säkerhetsdosa) your bank gives you.
> However, BankID says they do not support /e/, and even if it works now, they say all risk is on me if does not work in the future. That is not a risk I want to take. I figure it's easier stay with what I know works than to backtrack in the future.
Yes, not officially supported, but if it's just Android it will most likely work just fine.
If you moved here from another country then I can certainly say you picked the wrong country, everything is digital, there is no "privacy", and as you said cash is disappearing rapidly.
Personally I quite like the bankid and swish system, it just makes my life so much easier.
When I applied for citizenship for my kids, it did not work for me to sign the form that my wife filled in.
I got a letter a few days ago saying Swedbank was going to stop using paper for pension information and switch to digital. The site they gave only supports Mobil BankID. (They say they will add BankID på fil at some point.)
I have tried to order things online which only support Mobil BankID, not BankID på fil.
> if it's just Android it will most likely work just fine.
That is a technical workaround to what requires a political solution. As BankID cranks up the security level, they are likely to prohibit alternative solutions unless required to by law, in the name of security, but also because it's easier.
> I can certainly say you picked the wrong country
Oh? Which country is better?
What surprised me is the willingness to let a US company become the gatekeeper to daily life. The government should demand more oversight and more restrictions on what Google and Apple are allowed to do, as a matter of sovereignty, as both countries have proven averse to following EU regulations.
I like Bank-Id and Swish too. I want to use them. I don't like the ToS I am required to agree to in order to use them, and I think the government could and should fix that.
Ugh, typical Swedbank. Easily the worst bank in Sweden in my opinion...
What is the best bank in Sweden? I guess I should say, what is the best one with an office in Trollhättan?
Also, I live above the Swedbank. In the worst case scenario I can easily (with some wait time, because Swedbank) do my banking in person.
Totally understandable
> What is the best bank in Sweden? I guess I should say, what is the best one with an office in Trollhättan?
Sadly don't have any personal recommendations as I also use Swedbank and do not live in Trollhättan, though I see a lot of people who like Handelsbanken or Skandia.
> Also, I live above the Swedbank.
That sounds really convenient, don't know about your office but mine is such a nightmare, only open 3 days a week 9am-12pm!
I have had zero issues with Norwegian banking apps on my Pixel running GrapheneOS, so I'm inclined to believe OP would be fine with such a setup, if that is sufficiently de-googled in their opinion.
A question to OP: Does Sweden not give the option to use BankID-based services with a separate OTP device, instead of having it provided by your SIM? This was the default in Norway until recently, and is still an option over here.
EDIT: Oh I see the neighboring comment from OP mostly answered this already.
In Finland, Danske Bank's Mobilepay app is widely used for p2p and online payments, but not so much for businesses, with the exception of tiny ones like pop-up stores. And I think they just raised their rates.
Online ID by banking app is pervasive, but doesn't require a smartphone if you bother your bank about it. If requested, Nordea gives you a Gemalto keypad and Danske Bank a small authenticator fob. I'm sure other banks have something similar, I'm just familiar with these two.
I agree that this is an important issue. Your smartphone is effectively your primary ID online now and can also be used to track you as you carry it around. And more and more commerce and official matters are now primarily handled online. Constant small steps towards a cashless society, with potential for control via CBDCs and/or social credit scores.
I believe so too, according to Internetstiftelsen, as of 2019 almost 80% of the population uses Swish.
Yes, in that regard I've have the luxury of being self-employed and not caring about social media, games, or instant access to anything. I don't travel much, and usually to places I know.
Every one I know got a smart phone because there were things they wanted from it, and they were okay not reading the ToS and simply accepting it. Including my wife, who is able to Swish things at flea markets and the like.
But when alternatives are shut down, so that smart phones are the only option for daily life, rather than the easier option, that's when the ToS need to be regulated by the government to ensure citizen privacy and maintain access despite the whims or mistakes of the company operating that essential service.
I'm also kind of at a loss for how to work this situation, living without Swish and BankId is certainly possible, but it's incredibly impractical, and continuously getting harder. I think we should be allowed to choose whether to agree to contracts written up by private companies, but most people don't seem to care.
I want to right a letter to the appropriate ministry and political parties to raise awareness about the issue and see what their positions are.
However, while my Swedish is decent, I can't express complex issues like this well, and my grammar is clearly that of an immigrant. I would like to work with someone like you, who understands the technology and has an interest in the technology, to help me write these letters.
https://www.regeringen.se/rattsliga-dokument/statens-offentl...
It doesn't affect using Swish, being able to enter my gym, using an unstaffed kiosk which requires a mobile phone to enter, etc.
Lineage OS offers a Google-free Android operating system that also runs on a wide range of devices. https://lineageos.org/
BankID says the risk is entirely mine. That is not a risk I want to take. I figure it's easier stay with what I know works than to backtrack in the future from a temporary technical workaround.
This requires a political solution, not technical one.
That such solutions exist can help inform the political decision. The government could require BankID, etc. to support additional options, and in the interest of national sovereignty could even provide funding for that goal. If the banks require a higher level of security on the servers, the government could provide those servers instead of a non-EU monopolist.
Did you consider using a GNU/Linux phone (Librem 5 or Pinephone)? They run a desktop, libre OS, so you do not have to accept the duopoly's Terms and still you can scan QR codes whenever you want. It should be easier to argue with the government concerning other locked-to-duopoly services to run as web apps, and you wouldn't look like an anti-progress person to them. Sent from my Librem 5.
I do not believe a technological work-around like this will work for the rest of my life. I can easily envision BankID in the future not working, due to "security concerns" about Google service emulation.
I do not like modding.
I still think the Swedish government should ensure the right of access and privacy.
It's cheaper for them to support only two phone systems/ecosystems, and from discussions on the /e/ list I'm sure BankID knows these exist.
I read yesterday that Mozilla's location services will be shut down, which /e/ uses. What if BankID says they need an accurate location service for security reasons, and refuse to connect to a new alternative? What BankID switches to a encrypted service API which cannot be emulated?
I don't like modding hardware nor want to figure out how to do this.
I want my kids, when they get a phone when they are older, to have their right of access and privacy rights maintained by Swedish law without having to learn the tech first.
The status quo won't change unless people start complaining.
No, it won't but then again - what will? App life time is measured in months, not in years let alone ´for the rest of your life'. I used to run BankID on my Linux laptop but that is no longer supported either. Things change all the time so it is what works here and now that is important. I will soon no longer be able to use BankID because I'm not a Swedish citizen and the new version insists on scanning a Swedish ID (driver's licence excluded since that does not contain an RFID transponder yet), let alone the fact that none of my devices has RFID capability.
Location services can be spoofed if BankID insists on being nosy.
There is no 'emulation' involved in running BankID, it just runs as intended on my devices (several of them, running different versions of LineageOS, all of them Google-free).
I think we're talking past each other here. You want the future to be free from proprietary lock-ins. So do I. You are looking for a way to escape the 'duopoly' of Ggl and the fruit factory. So do I. These things do not happen without people acting in some way which is where we seem to be on different tracks. You want people to (I paraphrase) start complaining where I want them to start acting. Actions speak far louder than words after all. It also helps in giving access to services here and now instead of maybe, later. This is how Linux and the BSDs arrived on the scene as well, not because people complained but because they started acting.
As to your children getting phones I'd say it is up to you to lead by example in the hope that some of what you show them sticks. Speaking from experience I can only say "good luck" seeing how as social pressure is a stronger force than parental advice. All of their friends and peers will have tons of privacy-leeching apps on their duopoly-devices which they also will want to have because that is how those peers communicate. Thus far I have been able to keep the worst offenders at bay by offering self-hosted alternatives which they now use, e.g. a self-hosted XMPP server with Conversations on their phones instead of Whatsapp/Telegram, self-hosted Nextcloud instead of Google, self-hosted Peertube servers (several for different types of content) instead of Youtube for publishing their own content, self-hosted mail instead of Gmail, etc.
BankID is a special case because it ties a state-issued ID to commercial services (banks). I want the Swedish state - to be specific either Skatteverket (the tax department, responsible for the population register) or the police (responsible for issuing passports and ID cards) - to start issuing an alternative electronic ID which is not tied to any specific commercial service, i.e. which can be used with any device. It can be in the form of a transponder in the ID card, driver's licence or passport, in the form of something like a Yubikey or in that of a certificate which can be used in any browser but it should be useable as long as the user agent follows the required open standards. Something like the Dutch DigiD system [1] or the Belgian CSAM [2] can be used as a starting point.
[1] https://www.digid.nl/en
[2] https://www.csam.be/en/index.html
> I will soon no longer be able to use BankID because I'm not a Swedish citizen and the new version insists on scanning a Swedish ID
I am a Swedish citizen and I do not own a device which is able to scan a Swedish ID.
What are they going to do? Force me to buy a smartphone with terms of service I do not agree with? Shut off my bank services?
Have you gone to the bank and said that you are going to get rid of your smartphone, and want to switch to BankID on a file? I'm curious if that's even a valid option. It seems everyone who has a smartphone is so addicted to it that they can't give it up.
> Actions speak far louder than words after all. It also helps in giving access to services here and now instead of maybe, later.
People have been using your suggestion for years. Has it improved the situation?
No. You said BankID no longer works on Linux (even with Wine?).
Because the rejoinder has been "if you don't like it, you don't need a smart phone." For you, a smart phone was important enough that you accepted the risk of future problems.
For me, a smart phone is not that important, and I don't want to accept the risk of future problems. It isn't like what I'm asking is impossible - there are existing phone providers with terms I can agree to, but only if I know that it's a viable long-term solution. Which it isn't now, as you've said.
It requires forcing Swedbank, etc. to support alternative, which I can't do but the state might. Especially since the state want to have a contactless id card, which mongol mentioned at https://news.ycombinator.com/item?id=39727561 . The document is clear that depending on commercial interests like BankID is one of their concerns.
Or Sweden can pass laws saying that mobile store operators selling in Sweden must follow strict privacy laws against targeted marketing and advertising, and that privacy cannot be opted out.
Or Sweden can pass laws which say businesses must have comparable options for those who do not have a smart phone. (For all I know, that already exists.)