What is wrong with its implementation? All the cookie banners aren't in the law; their basically malicious compliance.

> I would care if my data is (1) available to Apple to read by virtue of not being e2e encrypted, and (2) used to train models and target those advertisements.

Here we go:

Apple fined $8.5M for illegally collecting iPhone owners' data for ads (gizmodo.com)

https://news.ycombinator.com/item?id=34299433

Keeping your data from Apple is harder than expected (aalto.fi)

https://news.ycombinator.com/item?id=39927657

Apple silently uploads your passwords and keeps them (lapcatsoftware.com)

https://news.ycombinator.com/item?id=42014588

Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself (theregister.com)

https://news.ycombinator.com/item?id=43047952

Apple memory holed its broken promise for an OCSP opt-out (lapcatsoftware.com)

https://news.ycombinator.com/item?id=41184153

Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media) [but Apple still collects a lot!]

https://news.ycombinator.com/item?id=26639261

If you choose non-e-ink displays, than the best longevity will be for GNU/Linux devices like Librem 11.

They likely won't support the Kindle app, however, and the users won't be able to access the books they paid for but don't really own thanks to DRM.

> just ipx8/9

Do you actually need it? For what?

Kinda weird to argue for longer life via battery replacement and against longer life via contaminant protections. My phone is regularly covered in chalk dust, sawdust, water, …

Because people don't understand the security implications of non-updated software?

Phones cannot have non-updated software due to another EU Regulation: Cyber Resilience Act. You need to support devices at least for 5 years starting from December 2027.

And after 5 years? My phone runs mainline Linux and thus will have lifetime updates, just like my laptop.

If it's a choice between no phone and an old, software-EOL phone I can't blame them.

Frankly so long as my browser, VPN and mail app are updated I'm happy.

Some of us have already done that.

"You need to enable JavaScript to run this app." - really?

> the claim that open source is automatically better than closed source, when it comes to security, is also strange. Remember xz utils backdoor?

The XZ attack is an extremely rare event coming likely from a state actor, which actually proves that FLOSS is a big target not easy to attack without huge effort. It was also caught not least thanks to the open nature of the repository. Also, AFAIK it wasn't even a change in the repo itself.

In short, using FLOSS is the way to ensure security. Whenever you touch proprietary staff, be careful and use compartmentalization.

Yeah I found this comment to be weird. At least the XZ backdoor was found before it went live anywhere. How many companies were hit by the Solarwind supply chain attacks?

Unless this is AGPL.

Nope. You can never verify they run the same code from their repo. You cannot physically access their system after all.