Merlijn Wajer - Maemo Leste

Modernise open source real-time communications stack

icon of terminal Operating systems, firmware and virtualisation

Can you introduce yourself and your project?

My name is Merlijn Wajer, I am from the Netherlands, studied computer science in Amsterdam and currently reside in Eastern Europe. By day I am a contractor for the Internet Archive, by night I work on Maemo Leste - since Maemo Leste’s very inception in 2017.

Maemo Leste is a mobile operating system (like Android and iOS), but it is community developed, open source and built entirely on open (software) foundations, which stem from Nokia’s “Maemo” project. We have built upon Nokia’s work by modernising the project as well as creating open source software for the parts of Nokia’s Maemo that were not open source.

Nowadays, Maemo Leste is pretty usable, and I use it on a daily basis, without falling back on any other phone or smartphone operating system. At the same time, there are still a lot of things that we need to work on, or even things that are simply missing, but we are dedicated to keep pushing ourselves to make Maemo Leste an even greater alternative mobile operating system.

What are the key issues you see with the state of the internet today?

I can identify four key issues:

(1) The majority of mobile devices are controlled by a duopoly of Google and Apple, who by the nature of a duopoly mostly control how users access the Internet on their mobile devices. This has an immensely negative effect on the Internet as these two companies can push for poor new technologies/standards that lead to more lock-in (Google’s Web Environment Integrity attempts at remote attestation to further control how users access the Internet) or actively harm the privacy of the users (CSAM which would scan the contents of the users phones against their will using inept technology).

(2) The “App”ificiation of our digital lives. There are many more side effects of this duopoly – many private companies offering services to users will only provide users with an “app” that runs on either system of the duopoly and provide no other way to access their services – for example some banks require the usage of a mobile banking “app” to access their Internet (web browser based) banking. This “app”ification is an affront to the users ability to choose an alternative platform (like Maemo Leste, or otherwise) – I personally experience this very frequently, as companies assume everyone has a smartphone with Android or iOS, period. This is a significant downgrade from being able to access the web from a platform and browser of the user’s choice. The “app”ification of (digital) services also unfortunately means that users usually have to run closed source (non-FOSS) code on their devices – in some sense this is analogous to proprietary javascript from websites, but many websites still function quite well without a lot of proprietary javascript. We’re basically back to having to run a proprietary operating system on our hardware just to run more proprietary software to access services that now provide no other way to access them.

(3) The centralisation of services on the Internet is a significant problem, both due to the lock-in effects (which the EU is attempting to tackle with the Digital Markets Act) and the reliance on a few external parties’ services to be able to (safely) communicate at all. If WhatsApp, or any other major platform, decides to remove a user from their platform today, how will the user keep in touch with their social contacts that are only on WhatsApp? And where would the user appeal the decision? Thelock-in of such a platform and the resulting reliance on these platforms as users is a very unhealthy balance. The amount of power that the modern internet has given to a small number of companies presents significant privacy challenges – even if messages are end to end encrypted, the metadata (who is talking to who at which point) is usually not, and having a central party control access to this data comes with its own challenges. In short, forcing these systems to be more federated or decentralised (like XMPP) would be a great improvement (most of the successful and long-lasting parts of the Internet have been decentralised: e-mail, the World Wide Web, and so on).

(4) Legislative challenges to our right to privacy. This final point doesn’t necessarily touch so much on the current state of the Internet, but more on the current state of our legislative branches: the repeated attempts by significant parts of the EU to weaken or outright ban end to end encryption is incredibly worrying. As of writing the current “Chat Control” proposal has been put on hold again, but if such a draconian law would ever be passed the negative impact of the law on the Internet would be severe, especially with other pre-existing laws in some countries. The Netherlands for example has already created a surveillance “dragnet” (which was rejected by the population in a referendum, but the government ignored the outcome of the referendum) which allows for indiscriminate mass surveillance of Dutch citizens online. If end-to-end encryption would be weakened this would significantly enhance this pre-existing privacy-adverse law.

How does your project contribute to correcting some of those issues?

The duopoly of Google and Apple is so strong at this point that I don’t believe that the solution to this problem will be of a (purely, disruptive) technical nature. Nevertheless, Maemo Leste aims to provide an alternative to users who do not want to be at the mercy of either Google or Apple – the user can decide to run Maemo Leste on their device instead (assuming the device is supported by Maemo Leste, of course).

Maemo Leste makes decentralised platforms and privacy enhancing technology an integral part of the operating system:

Maemo Leste is based on Debian-derivate Devuan, which ensures that there is a big community supporting its underlying software foundations;
We offer Tor (see torproject.org) integration as well as the option to easily use Wireguard. Users can update their device using our Tor hidden service;
Our default browser comes with tracker-/ad-blocking by default (our browser is still in development) – users can also install other browsers such as Firefox with no limitations;
We support decentralised/federated protocols such as XMPP (and to a lesser degree Matrix and IRC) as-first class citizens. Maemo Leste also supports other (centralised) chat protocols but integrates them in a single piece of software, so one does not need to use “apps” from their respective vendors, which often tracks users;
Maemo Leste puts the user in control and does not artificially limit or track the user in what they can and cannot do;

Maemo Leste is also (as mentioned earlier) FOSS (Free and Open Source Software) so anyone can inspect what the operating system does, modify it to their liking or otherwise submit improvements.

What do you like most about (working on) your project?

What I like the most is that I now have the ability to use Maemo Leste on a daily basis for my (smart)phone needs. When we started the project in 2017 we did not believe we would make as much progress as we have. We humbly realised that we still have a long way to go, however.

Where will you take your project next?

We will keep working on the real-time communication stack for the next few months, but we hope to start supporting more devices, especially more modern devices. This will require us to rework a few core parts of our operating system to better accommodate devices that only have a touchscreen and no physical keyboard. We also hope to extend our user base by porting Maemo Leste to more devices.

How did NGI Assure help you reach your goals for your project?

The NGI Assure funding that we got from NLnet helped us focus on, develop and extend our real-time communication stack as well as extend the list of supported devices that Maemo Leste runs on. As a result, we have been able to integrate XMPP and Matrix in our operating system using the Telepathy communication framework – while also improving the Telepathy framework. We were able to hire a small amount of contractors to help us work on our project as a direct result of the funding and we’re very thankful for this opportunity.

Do you have advice for people who are considering to apply for NGI funding?

This is a hard question. I have personally tried to very clearly answer the questions laid out in the guidelines and elaborate on the positive impacts of our project.

Do you have any recommendations to improve future NGI programmes or the wider NGI initiative?

I wonder if the NGI initiative could support federated and decentralised technologies beyond just user-facing software. If the programme could help get ordinary users on platforms such as XMPP or Matrix, I believe that would be a significant improvement to our privacy and security. This could be done by supporting companies that provide federated services or otherwise popularise those protocols. Another way to further this goal would be to push for making it easier to contact a company (or an agency of the government) using decentralised technologies such as XMPP – which would be much better than the status quo where companies offer using “WhatsApp” as a direct communication line to their support staff.

Acknowledgements

Image: courtesy of Merlijn Wajer.

Published on September 23, 2024

Maemo Leste Telepathy received funding through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.