Does RYF certification even matter

That’s rather untrue. If it was true, people would not be swayed by marketing. People would not buy products that they later have to return.

In reality, people who don’t care choose the easiest option. The saying “nobody got fired for buying Oracle” comes to mind. Same with paying for Windows and then only using the browser. Same with using Facebook for chats where superior alternatives exist. Buying a used car that turns out to be a lemon.

People regularly buy worse products which are simple visible. That’s why marketing is extremely important. If you don’t know that somethig exists, you won’t know you want it. If people don’t know FSF, it diminishes its importance. Conversely, people who know FSF may even choose worse products because of their endorsement.

I mixed things up. You talked earlier about the FS Foundation while I meant free software with highest standards of freedom.

Definitely.
Pure luck is also very important for anything to succeed.

But what I mean is, that when some free software products are so inferior to non free products that even free software fans don’t use them, then the whole process of recommendations, word of mouth ect. (which is also a form of marketing) does not take place.
Even people who know about Gnome Web, don’t use it and would not recommend it. This is something you can’t just fix by burning through marketing budget.

So having a really good product is essential.

Firefox is not Free Software because is not 100% Libre. Firefox with the propietary icon it is an opensource packages.
So PureOS need wash the Firefox icon to one Libre, like Iceweasel or.

The Firefox logo binaries are now published under the the FOSS MPL license (https://hg.mozilla.org/mozilla-central/rev/99d80bc3f18b) and Debian ships standard Firefox instead of Ice Weasel again now too (though interestingly FDroid still publishes Fennec with the logo changed).

It doesn’t grant you trademark rights but that’s well outside the scope of FOSS as far as I’m aware (and seems reasonable to me).

One of the reasons why I initially ordered the L5 was because Purism said that it intended to get RYF certification for the device, so the certification did matter to me 4 years ago. However, after studying in more detail the RYF certification and reflecting on what it means for the L5, I have concluded that RYF certification is doing little to advance the cause of hardware freedom and the RYF certification requirements and process need to be reformed.

First of all, the language of the RYF requirements is unclear regarding proprietary firmware updates, and when I have written the FSF asking for clarification, they never responded to my repeated emails. I don’t see how any company can work with them, when they don’t respond to requests for clarification on their own requirements.

The second problem is trying to create an arbitrary distinction between hardware which doesn’t change and software which does change. In modern hardware, it is frankly unsafe to not allow hardware to receive proprietary firmware updates, and a modern computing device has half a dozen components that need firmware updates. Basically no modern device can contain WiFi, Bluetooth, cellular modem or GNSS and meet the RYF requirements, so a binary Pass/Fail certification makes little sense. No hardware maker dares release enough info about those components so the community can create FOSS firmware due to the patent situation and I doubt that the FCC would allow hardware makers to ship a wireless transmitting device that users can easily alter to transmit at different frequencies. Now that the POWER10 is using Synopsys’s proprietary DDR4 RAM timing code (just like the NXP i.MX 8M Quad), I wonder if you can even find a modern processor that truly complies with the FSF’s requirements, however there is a huge difference between the normal phone and the L5 and the normal PC and a Raptor system, which is why the binary RYF certification makes no sense in the real world, because it gives no encouragement to companies that are trying to do the right thing.

I posted my ideas about how the RYF certification should be reformed, if anyone is interested. I also like @db579’s suggestion that the FSF make recommendations for what is best available per class.

Bottom line up front: more than it used to; and not enough as it should.

FSF, in my view, is like Consumer Reports for a select group of nerds. The kind of people that would talk to you about operating systems at a party. For the record, I am that guy in my circle of friends and family.

I believe it DOES matter. And properly executed, can mean more than it does now.

I have more non-technical people than ever talking to me about privacy than ever before. More than security even. I get approached unbidden by people wanting to know how they can keep their data from prying eyes.

Bit by bit, people are waking up. The hard part about it is the asymmetry of knowledge. For example - in Mudge’s testimony before the Senate Judiciary Committee, Mudge himself indicated that within 20 minutes they knew key information about a potential malicious actor: location, name, online aliases, device, alternative accounts, etc. But no one is discussing how that data came to be in their hands.

IP and cell tower geolocation and device identification are technical parts of it. But being able to JOIN on data sets to build a dossier on a private person is not being fully discussed. Where are the data sets from? How did Twitter get them?

But bit by bit, people are waking up.

For those of us that are “the nerds of the family/friend group” - I see that we have a responsibility to remain even in our analysis, if we show up with grave accusations we come with demonstrable evidence, and we promote FSF, FOSS, and more where we can by showing that it is the better option.

People want to be secure. But there’s a limit to the sacrifice they’re willing to make. We have to find a way to meet them where they’re at.

The number of questions I get about when I’ll get my L5 is about 1-2 a month. From various parties. It’s been embarrassing to have been repeating, “Not yet. Soon” for three years. But it is what it is. My time will come. As it will for the rest of us.

The interest is there. The curiosity is there. We just need to tap into it and show people it’s possible to get what they want - live a technical life without having to feel as if the world is watching them undress.

So the certification definitely matters at least for new people who do not have time to read a ton of info about the certification and to reflect on that?

I think it would be already a big step to certify the bare Librem 5 device without external cards (WiFi and modem). People will still be free to buy them together and use Librem 5 as a phone, but the certification will definitely attract more enthusiasts.

For such cases, it helped me to show the Pinephone and explain that a more performant and better alternative (Librem 5) is on the way.

This makes sense.

Firefox is Free Software. Please read what the FSF has to say from ( https://www.gnu.org/philosophy/free-sw.en.html “What is Free Software”). It’s about the 4 Freedoms. Note where they say:

Rules about how to package a modified version are acceptable, if they don’t substantively limit your freedom to release modified versions, or your freedom to make and use modified versions privately. Thus, it is acceptable for the license to require that you change the name of the modified version, remove a logo, or identify your modifications as yours. As long as these requirements are not so burdensome that they effectively hamper you from releasing your changes, they are acceptable; you’re already making other changes to the program, so you won’t have trouble making a few more.

The FSF does declare the Firefox License (MPL2) as Free. https://www.gnu.org/licenses/license-list.html

Good suggestion.

I can see this but there is the opposite perspective. Let’s say we allow shades of grey. How do you quantify the greylevel? What if, when comparing two potential devices, one is strongly free in one area and not so good in another? What if two devices are identical in all areas except one but it is not clear which device is “better”?

So you may have a choice between … a simple pass/fail where no device can ever pass or a somewhat arbitrary and potentially quite complex load of information giving some kind of greylevel or greylevels.

Maybe what is needed is to keep the simple choice of pass/fail but change (weaken) the criteria so that passing is actually possible.

Could that be dealt with in hardware? So that, no matter what the firmware says, the actual RF transmitter hardware is limited by frequency (and transmit power).

Sending emails to the FSF for asking might not be a bad idea. They might feel that there is an audience who cares about the RYF certificate for the Librem 5…

Here is an email address (licensing@fsf.org). It is the same email address that should be used for entering the RYF certification program (probably the same that Purism used too), and the same to use “if you have any questions”. It might be the right address for asking politely about the Librem 5.

I already sent two emails to that email address asking for clarification on whether RYF allows updates to proprietary firmware or not, and they never responded. I can send a third email, but I suspect that the response will be the same. See: Does Respects Your Freedom certification allow updating of proprietary firmware?

I really hope the FSF will be able to address this issue.