We have moved to a new Sailfish OS Forum. Please start new discussions there.
16

Why do I need an account to access Jolla Store? [answered]

asked 2015-01-22 19:36:54 +0200

pichlo gravatar image

updated 2015-01-23 10:27:03 +0200

eric gravatar image

As title. Just wondering, why is an account needed at all? The common tradition in the Linux community is that you do not need an account to access the software repositories. Nokia continued that tradition with the Maemo platform. According to this thread, there is no probnlem with multiple Jollas sharing the same account so it is clearly not for statistical purposes (popularity contests etc). So, what is it for, then?

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by pichlo
close date 2015-01-28 13:20:00.078089

3 Answers

Sort by » oldest newest most voted
21

answered 2015-01-23 12:06:03 +0200

eric gravatar image

In a nutshell :)

The Jolla account is required in order to serve better updates and of course roll them out as we've been doing with the First Ones. Another extremely important aspect is performance to access the store fast. The private repository only add the packages of the repository metadata that the user has actively selected/"installed" in the UI. This helps reduce the duration of repository transaction. on the N900 e.g. you often had to wait 2 minutes after every installation or uninstallation because the repositories contained everything.

And as we've said before, privacy is important to us so rest assured this very limited amount of data we collect about our users with the Jolla account will not end up elsewhere.

As for the paid app support, we will in fact deploy a payment method and we keep working on this very topic since it's a corner stone of our developer story.

I hope this clarifies a bit on why the account is needed (not to mention this current service, or the ability to comment and vote in the Jolla Store, etc...)

We will very soon communicate specifically on that topic, stay tuned, thanks!

edit flag offensive delete publish link more

Comments

2

Thanks for the answer. I am not quite sure I completely understand though. Your first paragraph seems to talk about selective updates and performance, but would't reusing the same account on multiple phones negate that?

Besides, you already have the phones' IMEIs to uniquely identify them. My first Jolla was a second-hand from the First One batch and I received Vaarainjärvi along with other First Ones, suggesting that updates' rollout is based on identifying the handset, not the account (which was created much, much later).

As for the repository metadata, that is something I would expect resolved with some kind of a cookie mechanism stored on each device (or the IMEI if it is server-based) as, yet again, reusing the same account by multiple handsets would throw a spanner in the works.

pichlo ( 2015-01-23 14:51:38 +0200 )edit
2

Connecting the repository with just the IMEI is not enough. Devices can be sold or lent, so you cannot assume that an IMEI is always connected to the same person.

pycage ( 2015-01-23 15:09:03 +0200 )edit
2

Not to the person, to the device. That was the point. What is installed on the phone is the property of the phone, not its owner. At least in terms of performance in refreshing the repository metadata, one of the arguments @eric used in his answer.

But you have a point too. A phone can be reflashed, making the metadata database out of sync. Which again points in the direction of prefering a cookie mecahnism for that purpose.

pichlo ( 2015-01-23 15:29:04 +0200 )edit
1

I'm in full agreement with Pichlo on that point -- repository metadata needs to be associated with the _device_, not with a human being. The device can be modified without the knowledge of the owner!

And, if you're really worried about privacy, the N900's awfully, enormously, horrendously slow mechanism is really the only way to go -- if you send everything to the user, you don't need to know anything about the user. :) (I suspect that won't make most users happy, though...)

Copernicus ( 2015-01-23 16:02:43 +0200 )edit
3

I don't understand where are you people (@pichlo, @Copernicus) getting the idea that apps (personal repositories in this case) should be tied to a device. If I sell my Jolla, the new owner would not want to see my apps. When I get the tablet, I do want to see the apps I installed on the phone, even though both have different IMEI. Once/if profiles are introduced (multiple user accounts on one device - people have been asking for that for a while), do you want to see the same apps on all account, because it is tied to an IMEI? I don't think so...

nodevel ( 2015-01-27 13:50:03 +0200 )edit
7

answered 2015-01-28 13:18:28 +0200

pichlo gravatar image

updated 2015-01-28 13:21:39 +0200

Big thanks to @w00t who has finally provided the answer on TMO in this post and, crutially, in this follow-up.

In a nutshell,

  1. The account is used for creating a "virtual repository" with a subset of the packages in the repository.
  2. This subset is a union of the application sets of all devices using the same account. (For example, you have packages A, B, C on one phone and A, C, D, E on another. You use the same account on both. In this case, the "virtual repository" contains packages A, B, C, D, E.)
  3. When checking for updates, the application manager asks for any updates from this subset and discards anything that is not relevant. (In the above example, if there is a new version of package D, then your phone 1 will ignore it and phone 2 will present it as an update.)

I am sure this is what @eric meant when he mentioned performance but it was not immediately obvious from the way he composed his answer. Particularly points 2 and 3 are not obvious to someone coming from a different angle.

edit flag offensive delete publish link more
4

answered 2015-01-22 20:35:20 +0200

Copernicus gravatar image

I would think the difference is between a "repository" and a "store". A repository, such as Maemo Extras, exists merely to distribute software. A store, on the other hand, exists to sell software. In most current marketing systems, intellectual property is "sold" by restricting access to it to those who have paid to receive a license; therefore, all users of a "store" must be able to present some form of authentication in order to manage their licenses. (And yeah, this really needs to be done even for "free" software, as most stores retain the right to change the price on the software they offer, or otherwise restrict the ability of users to download intellectual property; e.g., explicit or violent material.)

A repository doesn't need to manage user licenses, and therefore doesn't need any form of authentication.

edit flag offensive delete publish link more

Comments

3

Thank, @Copernicus, but I would prefer an official statement from Jolla ;)

Besides, that answer sounds like, "because Apple and Google does it." I thought Jolla was supposed to be "unlike", whatever that means.

My local HMV and PC World also sell other people's intellectual property but do not require me to register an account.

pichlo ( 2015-01-22 21:39:22 +0200 )edit
1

??? Ok, I just tried to purchase an album from HMV's website. The first thing they asked for was my username and password. They certainly seem to be doing everything the same way as Google & Apple...

Do you mean a brick-and-mortar store? So far as I know, the Compact Disc was the last physical form of digital media that you could get without some form of explicit DRM attached to it. (And yeah, I do still purchase music in the form of CDs when I can get it. :) ) Pretty much everything else now attempts to restrict your usage of the IP to a device that contains the physical media you purchased...

Copernicus ( 2015-01-22 22:10:20 +0200 )edit

Yes, I meant a brick-and-mortar store. But now you mention it, I have purchased quite a few things from online shops without having to create an account. Flight tickets are the most common example, but also other things (an inflatable canoe would be the most exotic example I guess). And yes, I have also purchased software from online stores that did not require an account. For example, Handango (RIP).

Some online shops offer the option to create an account as a convenience, to keep your personal details for your next visit. But they do not require it.

Jolla Store is not such a shop. For at least two reasons.

  1. It has no support for paid content. All apps in the store are free. The support for paid apps has been requested a number of times but we have not even had an official confirmation that it has at least been considered. So all I can assume is that it has not.
  2. The amount of data Jolla collects (i.e. userame and password) is useless to keep your personal data as a convenience for your next visit anyway. Which again brings up the question, what is it for?

The rest is off-topic, but since you touched upon it, I think you are confusing identification of you as a customer and restricting what you can do with the purchased intellectual property. A glaring example is MP3s purchased from Amazon. An account is required but the content comes without any DRM of any sort.

pichlo ( 2015-01-23 00:14:42 +0200 )edit

Well, hmm. I've gotta say, services (such as a seat on a flight) are by nature restricted to a specific individual; and physical objects (such as a canoe) are generally not copyable after purchase. As such, the purchase of a single instance of these items tends not to affect subsequent sales of the items. (I've looked up Handango; I can't seem to find a lot of info about it, other than folks stating that it pioneered the model later used by Apple's App Store and Google Play. So, I'm not sure what to think about that...)

And, I'll have to admit that I've never used Jolla's store. (Jolla doesn't sell anything in the US yet, anyway.) But, I would have to assume that, even if Jolla doesn't yet sell software, the fact that they call it a "store" would indicate that they have every intention of creating a service in the same vein as Apple, Google, Microsoft, and honestly pretty much every other app store in existence today. As such, I'm sure they're going to want to exercise every feature required by such stores, including associating an individual with a license to use a unit of intellectual property.

And yeah, I've gotta imagine that Amazon is always going to insist upon an account for all purchases, even DRM-less MP3s, to at least record that you've made a payment.

(And really, why are you forking over any money at all to Amazon for an MP3? You know you could just download it for free off the net somewhere. ;) )

Copernicus ( 2015-01-23 01:44:40 +0200 )edit
3

@pichlo, paid app support got confirmed as urgent goal for store since over a year. No clue how you get your facts.... https://lists.sailfishos.org/pipermail/devel/2013-November/001035.html more recent here https://www.mail-archive.com/devel@lists.sailfishos.org/msg04020.html

It was also part of discussion in several community meetings. You can read the logs of those.

Morpog ( 2015-01-23 10:44:40 +0200 )edit

Question tools

Follow
3 followers

Stats

Asked: 2015-01-22 19:36:54 +0200

Seen: 1,552 times

Last updated: Jan 28 '15