Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access
I’ve never agreed with this premise.
I buy things that mostly meet my needs and desires in every other walk of life. I’m personally OK with extending this to computers as well.
And isn't the point in this very situation that people simply can't buy what they want because Google and Apple are a duopoly and now Google is going to follow the path of restricting what you can do with your own property?
But if anything, regular people should have more of the cake.
At least this is probably how people in charge of enshittification think like.
Protecting the bottom quintile from consequences of thier mistakes also protects everyone else if they ever make those mistakes in a momentary lapse
Maybe society shouldn't be structured in such a way that people have to be constantly hyper vigilant to avoid mistakes with high consequences
The courts assumed good faith with a licensing exception, and maybe it was. But that opened the door to essentially completely dismantle the first-sale doctrine. Get rid of that loophole and all this stupidity ends, immediately. Well that and the DMCA. Once you buy something, it's yours to do whatever you want to do with it short of replicating it for commercial benefit.
Of course it's a disingenuous framing. A certain kind of person is both attracted to power and deathly afraid of people voicing unapproved opinions "outside their kitchens".
Things can have multiple justifications, some public, some not: some conscious, some not. Central control and a feeling that a parental figure is in control of the tribe primes, at a primal level, a certain kind of person to like an idea. The specific post-hoc justification is almost incidental.
That said, such things need a semblance of legitimacy to work. It'd be much harder to crack down on general purpose computing under the guise of safety if we had cultural antibodies agains safetyism in general.
Can I use an Android phone without using Google? Yes, of course you can. There are plenty of secure OS's like Graphen, Lineage, Calyx and many others. Do people really care enough to use them? Hardly any, which proves my point.
Same thing here. Most people will just pay the fee to get the seats. Some might just opt out and not get them. Others will shop around and find some legacy cars that are older that have them but don't require a subscription.
At the end of the day? There's ALWAYS a choice. How hard do you want to look to avoid the subscription? Is it really worth your time and effort? Some would say yes, the vast majority really DGAF. People have been lulled into not caring about stuff like personal privacy and having a say in what's being peddled to you.
Lets just call it what it is and what we all want. "The right to modify". It doesn't give you the right to copy, so it will never break any law protecting intellectual property.
The seat heating was apparently shortening the life of the leather seats. Its cheaper to include heated seats in all cars, than it is to maintain 2 different sets of production. The subscription basically offsets the cost of needing to replace the seats more frequently when the heating is enabled.
Likewise, if you manually enabled the seat heaters, then complained that the seats were falling apart quickly, having given you a legal out to get that feature enabled in warranty, would not have to replace your seats for free.
Not to mention, they apparently already ditched the subscription over backlash.
Without commoditized hardware, big capital will surely be in control of software.
They’ll try again, with big business and governments cheering on them.
So it's actually far from trivial to draw a line.
I think the phenomenon is most visible in the United Kingdom. Not just with respect to the recent age verification measures, but also with respect to the government's recent financial misadventures.
We should've nipped it with Apple, but there was so much _whatabout_ing that the conversation always go sidetracked with assertions about the free market and what not. It turns out, there is no free market, and we're just living in someone's managed device walled garden.
There is not much to discover from e.g. not using seatbelts. There is absolutely a need to protect a population from itself which should cover certain stuff, while not others.
Look: in order for a mandate to be justifiable, it needs to at least provide superlinear benefit to linear adoption. That is, it has to solve a coordination problem.
Do seat belts solve any coordination problem? Do they benefit anyone but those wearing them? No. Therefore, the state has no business mandating them no matter the harm prevented.
A certain kind of person thinks differently though. He sees "harm" and relishes the prospect of "protecting" people from that "harm". They don't recognize the legitimacy of individual bad decisions. The self is just another person trying to hurt you. This kind of person would turn the whole world into a rubberized playground if he could.
I never heard of car-manufacturers periodically replacing seats within warranty because of the wear of the material, regardless of being "more frequently" or not. This sounds like a massive oversight in product-design.
Of all the cases I know, the customer had to bear the cost of such "wear and tear" cases.
If you agree that above are edge cases too, I have a Volkswagen to sell you [0].
But the reality (which was correctly identified by Adam Smith himself) is that the effort required to enter a market can sometimes be so high, that we practically end up with oligopolies, see mobile OSs. They require a network effect to make sense, so the entry cost is not just developing the product, but also to somehow convince basically every other player to consider you a target platform - which is a cyclical problem that you can't just bootstrap yourself into. Even Microsoft failed at it, even though they were paying hefty sums to companies for apps working on their OS.
In at least two european countries that I know of (but probably in all of them) cars need to pass periodic technical inspection to be allowed on the road. Breaks are tested, among other things.
GamersNexus' 3 hour documentary about GPU smuggling (which is way more than a vlog as HN commenters like to portray) is struck down by Bloomberg because they didn't want their 30 second clip, which is squarely fair use BTW, of POTUS speaking to be in that. GamersNexus repealed successfully, but Bloomberg tried to bully them [0].
I would want the ability to change that. I actually think I can mess with that on my car.
>enabling the nominal power of your car instead of handicapping it by default?
Big topic for me. My car has a DPF, and appears to have been geared such that despite containing an automatic DPF burn process, the engine never quite reaches the required temperature, so I need to perform manual burns.
I have straight up asked the dealer for a method to enable the auto burn process, manually. And have asked if theres a retune available, to make the gearing just a little bit less efficient, giving me more power and more engine heat.
The issue, pretty much verbatim from their head regional diesel mechanic is that any modifications of that nature would fuck the emissions standards they had to limbo under. So its categorically denied. They also issued me with stern official warnings that anything I do to make the car more reliable may also void my warranty. And the unofficial advice I have received is that the DPF is "f*cked mate" and to "get the petrol hybrid before the government forces it to wear a similar PPF"
The car also very suspiciously moderates the engine output unrelated to gearing/tune. Just sometimes underperforms at random. I believe its computational again, like you say, handicapping it for emissions reasons.
These things are largely optional for me, but I wont mess with them too much until I am out of warranty.
Too much capitalism isn't our problem.
Yes, generally you can disable on demand, but Volkswagen now sells the feature as a subscription. So you need to pay to enable. Maybe this is because it reduces the lifespan of the LEDs. Who knows.
> handicapping it for emissions reasons.
Volkswagen sells you another subscription for that now, at least for their electric vehicles. You can buy the option if you want your EV to perform as it's designed.
Emissions is a completely different beast. However their 140HP and 170HP TFSI engines had no different parts rather than the mapping.
Manipulating engines in a way which alters their carbon footprint is a sensitive topic, and while I was positive towards diesel systems, the particulate matter they emit, the fog they cause (see Paris photos, it's eye opening) and German engineering at its finest (i.e. Dieselgate scandal) soured me from diesel's automotive applications, big time, permanently.
No, there isn't. I'd much rather live in a world where we were able to make our own decisions about personal safety, regardless of how poor those decisions are.
This would also make sense in order to prevent e-waste and put this old hardware to better use.
It's crazy to think how much computing power is just added to a drawer or landfill every day, just because there is no reason for the vendor to allow you to repurpose it.
I would e.g. LOVE a "Browser on everything" OS which just provides a Browser OS for outdated hardware, but the only way this could work on scale would be if the device-vendor would be mandated to provide and document the lower layer...
Please elaborate, with sources.
I understand that GP point was about home-made brakes (like the software counterpart), but software on a smartphone is not (yet) deadly for others if it doesn't work as expected.
Same can be true for phones?
The more measures they take to secure it while allowing the user to decide whether to participate, the more drastic this opt-out user-decision becomes.
In order to now preserve that "open ecosystem", they would have to provide the user an option to disable Google Services entirely, which would turns the device almost into a separate product
All this is unlikely to happen just for the sake of "pleasing the community", I believe we need a general legally binding definition of what functions the user owns if (and when) a device is stripped of any services on top.
If my car loses functions once it loses connection to the manufacturer, this bare set should be communicated as the purchased value ("in exchange for your money"), separately from any on-top "in exchange for your data" business-model
There's always a degree to which the manufacturer has to.
You can also buy "for life" subscription (around £600, if I remember the news about it correctly), so you could also say that the stronger engine costs 600 pounds more when you purchase the car. Not too different to buying the cars in the past: more powerful engine adds to the price tag.
Same is true for the internal combustion engines. Since they already developed the ability to store multiple maps and change the mapping when required. :)
But, where's the value in that, I mean for shareholders, innit?
Cargo van -> Camper van conversions go through this all the time - you add/remove seats, add a lot of weight in the form of beds, water tanks, etc. add/remove windows, put solar panels on the roof... After those changes you have to take it down to the vehicle inspection, and they tell you whether or not your changes have been deemed acceptable to drive on public roads.
No doubt. They only have to win once. We have to keep defending our own freedoms against non-stop assault until the end of time.
I'm so tired and disillusioned.
The question that hasn't fully been worked is how to allow people to think/feel they own something, while having no actual legal rights to it. But, as we see, this is being worked on.
If drivers were the only ones who wore seatbelts, you would have a point. In practice, seatbelts save the lives of the passengers, spouses, kids, etc. who are riding in the car, and hence this is indeed a coordination problem.
I primarily want to be able to unlock the bootloader to install a custom de-googled Android Version (such as GrapheneOS) and then lock the bootloader again (using a custom_avb_key). This is currently possible with Google's Pixel devices, but most Android devices don't even offer this...
What is the point of that? Then app content is the problem.
Ideally if they setup manual review then it would resolve some issues.
For the same reason I relock bootloader after flashing alternative Android flavour on my phone.
Feeling like the optimum solution is to just have two devices. Your phone that has all of your banking, ID, etc. and another device that’s completely open, can install whatever you want on, but doesn’t matter too much if it gets hacked.
Maybe we can make chips at the level of a 386 but they would be freedom respecting.
Starting to sound like Stallman again.
"But it's not secure!" -- yeah, that really is the point.
Like, the people if they decide, they want freedom, are almost guaranteed to get it. But nobody demands it in the truest sense and it feels like the govt. isn't controlled by the people but rather almost by lobbying and that social media etc. have made people complacent in the sense that either we think that others will fight for us or that social media has become a propaganda machine.
I almost broke last night realizing that nuclear can be completely green energy but it isn't the issue of technology but rather political. To me, it felt like a lot of really quality of life changes (like water access, clean cities, good air quality index, atleast where I live) are all almost political issues at this point.
But I am not hopeful towards people, I am hopeful towards tech though. It feels like people have free will, so they might actually pick a net negative option for everybody (trump?), so I am not an optimist because I feel like I have to trust people in the process and I feel like people can do both good and bad, so I wonder how much better our lives have been compared to our ancestors. Maybe trade-offs?
I genuinely felt so weird realizing this, its hard to explain. Like it felt like I can do nothing but watch. And to me I feel like I am being a pessimistic because a lot of people in power feel stupid/inefficient man.
We just don't have a choice. WE have a choice b/w 2 parties and call it freedom.
Of course, freedom will be a constant struggle. People have made it as such. Its on all of us, we all need to take accountability. I get it, accountability is hard, but its much better than waiting for a hero to save us all. We can do it if we realize this.
But I feel the issue is less about malware gathering your banking, ID etc, but malware holding your data hostage, using your (social) network for nefarious purposes or tricking you into something you don't want to do.
And for all those cases, having that "other" device doesn't help.
And then they will make it so our devices need to pass hardware remote attestation to connect to the internet and even that will be taken away from us.
I don't know what to do anymore. The future is bleak. The free computing we love is being destroyed by forces outside our control, forces that cannot be stopped no matter what we do because they have trillions of dollars and their interests are aligned with those of governments the world over.
As a more specific way to do this, I'd like to see any software that hardware companies make for their own hardware designated (at the choice of the company) as either part of the hardware or a separate product. In the former case, it must be made available under GPLv3 with full anti-tivoization provisions. In the latter case, it must use only public and documented interfaces and must be completely realistic for another company to make a competing product on a level playing field. Ideally the separate products would also need to be highly cross platform if technically feasible where the burden of showing that it isn't is on the developer.
Ironically that degraded phones to be just that. Phones with build-in high quality cameras. For everything else there are better alternatives.
Wait until the authorities will require strong client side authentication for social media sites, news sites, and everywhere user generated content is accepted, tied to official ID issued by the government
And if they're actually the cartoon villains it would imply, rather than just banal petty autocrats carelessly fooling around with a toy they deserve to have taken away from them, then we should maybe less be saying "it makes sense that they would want it this way" and more be sticking their heads in a guillotine so we can show the children the proper way to resolve a dispute with a tyrant.
In neither case should a law like that remain on the books.
Google does not care if your data is leaked by an app offered by some nebulously defined verified developer that phones home without reason, or that you develop a problem with online gambling or predatory micro transactions, etc. Blows my mind that we have come this far in the fight for user rights, ownership and accountability and still the majority is going to just trust Google because they're Google. No corporation is your friend. Let the users operate the device they paid for* as they see fit, learning to accept the responsibility for for all the success and failures that come with it and we will suddenly start seeing much, much smarter users.
- Bloomberg has a similar investigation which is deeply undercut by GamersNexus video. GN seen the labs, Bloomberg got their access revoked, so theirs is an empty video, and they want the views.
- The video holds no punches back about anyone, and Bloomberg has an NVIDIA sponsored section dedicated to them.
- There's no other source which recorded POTUS' words, and maybe they don't want these words to be widely available, video argues.
- Lastly, they wanted a licensing fee for that 30 seconds to leave their videos alone.
So, when you're a beancounting billionaire corporation, you can have the reasons to go after a bearded guy who manages to do a better job and make you look bad.
Because, monies.
This needs law/regulation forcing the duopoly to open up, unfortunately even in the EU we're moving in the opposite direction.
As always.
> I'm so
Shake it off, because, see point 1, the struggle is the same as it has been even decades ago. Nothing has changed: we fight for it. Only the battles have changed, not the war.
> unfortunately even in the EU
("Save the planet".)
Funny you mention the brakes, because a friend of mine told me just days ago that he used to change his own brakes consumables (pads) until the new car, which "throws an error" if you replace the part - you have to go to an official service office for the computer configuration.
Now, do not forget that the need for the intervention of third parties lowers the car reliability ("far away", "too expensive", "device too old", "operation failure", "inexperienced operator" etc.).
This should show that your argument has difficult sides. Of course you should be able to act on your critical possessions. It should be within a good framework, but it should be fully, practically possible.
The problem here is: Who controls the means of input and output - the screen and keyboard? The trusted identity thingy sometimes needs to show the user some details, have them key in a pin number, things like that. So they know whether they're approving a $2 in-app purchase, or a 10-bitcoin transfer.
If the free and open part of the system controls the screen and keyboard, the details could be shown wrong and the pin number could be keylogged and replayed later.
If the secure-and-locked-down part of the system controls the screen and keyboard, the free and open part of the system is basically reduced to an app or website.
And if the secure-and-locked-down part of the system has its own separate screen and keyboard - it's hardly the same device.
"Government in EU [which is a very marginal part of the production of electronic devices, wants to implement a "Digital Euro" that requires relying] all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)[, completely external yet planned crucial part of the forthcoming monetary system]."
<think> They do not sound pretty sound to me. </think>
--
Edit: speak up, snipers (we are in front of a freefall and you play the fool)... I think it is rational in the discourse to show that in malice or stupidity there is a relevant upper level that shows a more radical condition.
The EU is posing towards reliance of «all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)», which is controlled by third parties.
If a company offers some benefit at the cost of some restriction, then users should decide if that benefit is worth the cost. For most Android users, it will be - my grandma isn't interested in the freedom of indie devs to develop for her phone, she's interested in not accidentally installing malware.
I don't like that as much as you don't - for my own devices. But like anyone else who cares about that, I can root it and get past the digital nanny state.
And get judged for their reactions, as is proper procedure.
Why am I reading today articles that present an apocalypse without clearly specifying if there is a "way out OS flag" (allow installation of unverified APK)?
It is not a good long term solution, however, because older phones do not support newer versions of the operating systems and gradually you'll notice that fewer and fewer applications work on your phone, because they require a newer operating system.
> "But it's not secure!" -- yeah, that really is the point.
Well, no.
The point isn't just to rail against impositions from someone else wanting what they see as essential for their security, but also to keep things secure and⁰ free¹ for you, the user.
Holding your devices back constrains both your security and your freedom rather than helping you in either manner. Security because you will be missing important updates in that regard, and freedom because your device won't be able to negotiate connections with external services² that you want to use³.
----
[0] And where these two conflict, you should be free to chose your threat model and therefore which compromises to make, except where that could negatively affect others.
[1] The freedom of reasonable action form of free, not monetarily free etc.
[2] We hit this a short while ago with some legacy code+infra using SOCKS via OpenSSH to make unauthenticated HTTPS calls from source addresses we can't fix (authentication is done with SSH, control is by the other end having the fixed address of the SOCKS host in the whitelist) - upgrading the VM running the SOCKS proxy upgraded OpenSSH which deprecated a number of encryption and negotiation options, the old client library used didn't support enough new ones to be able to negotiate a link, newer versions required a later .Net version that is supported inside SSIS, so we had to rearrange how those calls were made (obviously the long term fix is to kill all that legacy SSIS stuff, all SSIS stuff including the people that made it, with fire). The same will happen with parts of what you use your device for, if you keep it back in the way you are suggesting.
[3] Banking facilities being a key area that you'll likely hit problems with first, after that other online commerce flows, and so forth.
It appears to transfer the guilt of a successful deception that manufactures consent to public morality and the vulnerable. The real issue is it couldn't succeed without mendacious officials that suffer no consequences and uncritical/supportive media pushing the ball across the line.
It's also a much broader phenomenon than "protect the vulnerable". There are many other overused buttons they press to seek consent e.g. fear being the most common. Fear of terrorism, fear of job losses or tax rises, prejudice of others etc.
I disagree. I think most people could do just fine without them. Some might need to buy a desktop computer or even visit their bank's website using a browser on their phone, but humanity got along just fine without cell phone banking apps for a very long time. Many of the old options still exist for a lot of common banking activities. Options like calling your bank on the phone, using an ATM, or going to a branch in person. If your bank really doesn't allow you to do anything with your money without a cell phone app I'd say finding a new bank is justified. Better yet, try to find a credit union.
Banking apps are convenient, but it's getting to the point where the inconvenience of being abused by the OS outweighs the convenience of a banking app which is probably collecting (and selling/exploiting) data they couldn't get from a visit to their website anyway.
But at least we can build alternatives for interpersonal communication and other uses independent from big companies, like the late 90s-early 2000s Internet, and access that with free devices.
But here, no, only some bad players require a smartphone and an account to OS providers to make the bank account work.
That's the human condition. The price of liberty.
However, there are easier ways and harder ways to do it. The key concept to think about is sovereignty. What do you own? What do you control that depends on as few externalities as possible?
The big shift people are going to have to start thinking about is abandoning the network, because the enemies of freedom are increasingly locking it down.
- I own PC hardware that runs Linux. I own a copy of Linux which runs entirely offline. To the extent I get updates to it, they are licensed and distributed in such a manner that it's very hard for the bad guys to mess with them, as Microsoft does with Windows 11.
- I own copies of many media, books, music, movies, TV series, games, these reside as non-DRM'ed bits on my SSD that do not phone home, they don't need the network. I have local copies of software that does not require the network to play them. I have physical copies of these things in some cases.
This is not to say that I never use Netflix, Youtube, Spotify, Steam etc. but I keep them at arm's length and cut back on my usage of them at every opportunity. They are all network tools owned by our enemies, and need to be treated as such.
There really isn't shit they can do to me that would sting, short of cut off the electricity. In the event that the Internet purveyors of slop go Full Evil, and they probably will, I am well equipped.
Now of course the topic of sovereignty is far far bigger than consuming media, and we could get into things like desktop applications or where you interact with your friends as well. But the principles are the same. Go offline.
That simply transfers the power to the one doing the breakup, which in most cases, are the Governments, which are notoriously known to invade user's privacy under the guise of protection of children or whatever.
when desktop browsers are considered less trustworthy to the bank than mobile apps (this is approximately now) they'll invert the functionality and limitations surface so mobile will have more authorizations than desktop browser (this is also happening now).
client attestation is a fundamental transfer of freedom from the client to the server. it's nice in theory (I too want my money safe), but at the very least it needs a third party with different incentives, not the OS, hardware and browser vendor.
I think initiatives like this are a form of "marketing" to show that "hey, app stores are important because we protect the users. We shouldn't be regulated away."
Owner having full control over the device does not prevent a company to offer same benefits and restrictions. But these restrictions need to be optional, so the owner can decide whether to enable or disable them.
It's not a matter of free, it's a matter of "certified": they make you use third party devices, but if anything happens they may make it your fault on the legal side. If a device is part of the banking agreement, the device must come from the bank and the responsibility must rely entirely on the bank.
> app
In all of this: how can it be remotely possible to think that in order to get a critical service - accessing your money - one could be supposed to have a contract with some remote alien party (the "App Store")? Because I am guessing your bank does not directly give you the "app". Already this makes me wonder about how the population can be blind to unbelievable levels to the systemic insanity.
Some of them do not require any smartphone - but some of them require that you make a contract with an uncontrolled firm on a different continent to have a money deposit account. And the amount of people who will go "are you mental?!" in front of them are presumably (evidently) negligible.
Most of users are not able to keep themselves safe in the internet - they want to install all kind of crap without thinking too much.
All of this is companies making it possible that average Joe could just click links, install any kind of crap and still be somewhat secure.
Many of us are not only exhausted, but exasperated at the fact that the good majority of the consumer market continues to give permission to the very activities we are all supposed to be denying. In the end, we vote with our dollars, so we, the vocal minority can be as loud as we want but if the majority continues to buy, use and comply with the product, it's really just a lot of yelling for no reason, isn't it? That's how it feels, anyway.
I know, I know; can't start a fire without a spark. But I've been at it for two decades, since the first smartphone dropped, something I resist adopting for nearly a decade. I'm seeing my kid's generation growing up in this world, condition by it from the start despite our best efforts and they simply don't seem to care. From where I'm standing, I feel old, brittle and tired from all this, but there's nobody to pass the torch to.
So understand that when one of us comments "I'm so tired and disillusioned," we do so after years of resisting, and those words are not uttered lightly.
The very few I know that have had this happen where all computer users, and virtually all victims of social hacking such as "hey, I'm from IT department, sending you an email, could you please...". A friend of mine exposed sensible data of thousands of customers of her bank like this.
I'd love to install OpenWRT on my portable 5g modem currently running Android - . but I can't and likely never will. Same for my IoT automated blinds
This is why I struggle when discussing anything on this website - these were always political issues. Everything that touches the way society functions is a political issue. Tech is just a vehicle of political agenda. Freedom is purely political notion, this is why different traditions have different concepts of it. And to obtain it, as well as other things, you need political action. Yet, most HN users, at least that is my impression, tend to think that it is about creating yet another software project or founding startup.
And this is why corpos and government are winning.
so somehow my friends and family got hacked, lost money but don't know about it?
actually i know of one case where my mom got billed for airbnb even tho she didn't book the ticket but pretty sure I had her password in a text file so might've been me that got hacked on my PC.
Airbnb refunded her and then had no more issues. So 1 case in my entire life and it probably wasn't on a mobile device.
Please don't push the Overton Window any further. Installing my own software on my own PC should never void the hardware vendor's warranty. That delegitimizes the core concept of a PC.
(A horrific possible dystopia just flashed through my mind: "I'd love to throw out Chrome and install Firefox so that I could block ads, but, the laptop is expensive, and I can't afford voiding the warranty". I bet Google would *love* that world. Or, a UK version: "I'd love to use a VPN, but, regulation banned them from the approved software markets, and anything else would permanently set the WARRANTY_VIOLATED flag in the TPM").
All those are things normal people wont notice.
While Android is vulnerable, especially to user stupidity, people mostly get scammed by fake credit card charges or by giving access to their notifications and contacts allowing for spam.
And yes, while there are "infected" APK's for popular apps , this again isn't the case here.
The real case here is money.
Apple earns $27B from commision on apps, while Google earns about $3B. Why?
Because Android users are "less willing to pay", which includes pirated APK's and "unlocked" app versions. Eliminating the possibility of using these for 99% of the people will be enough to force them to pay for that app/service in the end, raising the Play store revenues.
Do not trust Google when it comes to "doing it for the user" - their mission is to establish as strong of a monopoly on the platforms and extract as much value as possible. They spent more money on lawyers & policy lobbyists in the last 10 years trying to keep Android closed than some S&P500 companies are worth.
It's a considerable number well into the 8 figures $/year that we have to cover (Granted this number is not specifically smartphones, also includes desktops, but I know smartphones is the bigger piece nowadays.)
(insuring this is near impossible, there is always a large part risk we have to pay ourselves and cannot cede to a reinsurer)
It's not always the user who's installing software. Lots of people depend on other people to manage their devices. Manufacturers like the hardware they delivered to be trusted so users trust it regardless of who handled it.
The only need I have for banking apps is created by banks themselves, to verify online payments. But it would work just fine with regular text messages. I don't need a banking app at all.
(And maybe verifications aren't needed either, since in the 40+ years I have been using a credit card, never once have I been asked to verify something that I didn't initiate myself.)
The entire Android OS has about as much access to radios than your average PC, if not less. In fact, even on recent android devices, wireless modems still tend to show up to the OS as serial devices speaking AT (hayes) (even if the underlying transport isn't, or even if the baseband is in the same chip). Getting them to transmit illegal frequencies is as much easy or hard as is getting a 4G USB adapter to do it.
That's why people can buy TX/RX SDRs and Yaesu transceivers without a license.
AFAIK the radioamateur world, serious violations of frequency plans are rare and are usually quickly handled by regulators. OTOH, everyone is slightly illegal, e.g. transmitting encrypted texts or overpowering their rigs, but that's part of the fun.
I wonder if OsmAnd, Termux, F-Droid would survive this or will be casualties. Who will authenticate for a decentralized open source app that has 100 active contributors?
Fair enough, but besides mail spam which is filterable and DDos for which there are counter services, does it really impose that big of an issue to justify such a strict lockdown?
> mine crypto
Considering how little mining power mobile devices have and how anyone would figure out pretty fast there's a problem with heat / battery issues from it idk if that's really realistic these days. Hard to keep this one hidden while also profitable
> work files gets stolen
I think this has already been solved by corporations on PCs, there are already solutions for locking down a work issues laptop as for phone I think that's rarely an issue since people mostly use it for communications so probably rare for really sensitive info to be on there.
Overall those issues don't really hit me as that critical to impose such measures and there are ways to severely limit impact for people that care about security
now. In general it certainly is; web interfaces will be phased out unless web browsers gain client attestation capabilities (at which point it's game over for the open web).
E.g. Revolut never had a web interface and is doing just fine.
Basically this give Google the way to blacklist any app you release now, in or out the play store for the sake of "security".
It's just about control and finally squashing the app that aren't to Google taste.
A few years ago "A smartphone so intuitive that grandma can understand it." used to literally be one of the arguments cited for picking iOS over Android. The UX is far more polished and you are far more likely to find an interesting iOS-exclusive app than an Android-exclusive.
Further, as a hardware manufacturer, Apple is far more likely to manage its walled garden in the consumer's interest, as compared to Google - an advertising company.
If Android gets locked up, all the high-end Android manufacturers, especially Samsung, are going to face a slow, but inevitable death.
And then? I don't know how many times I've downloaded APKs, including obviously malicious ones by accident. But not once has it ever been installed - not even when it was deliberate. The only way I ever 'sideloaded' anything is using 3rd party stores (just fdroid and aurora in my case), which themselves had to be installed via ADB after enabling developer mode. If you have that much skill, you're almost surely skilled enough to understand the security implications of sideloading and choose wisely.
And there are far worse malware available on play store than anything on fdroid repositories, if anything at all - anonymous or not. I hope you remember the SimpleMobileApps fiasco. People who installed it from fdroid were safe from the malicious update, but those who did it from play store were not, when the entire suite was turned into a spyware overnight. Not to mention the tea and boxscore apps scandal. Neither would have made it into fdroid. Google cares the least bit about security, if that isn't clear from the spyware tht each new android phone comes bundled with.
In all, Google's claim of security here is deceptive and farcical. The actual target is going to be the patched apps like revanced, root access software and anything else similar that allows the savvy user to escape the unfair and arbitrary limitations imposed by Google. The ultimate target is the users' pockets. This entire discussion is full of people reaffirming that conclusion. But scapegoats will be found and sacrificed regardless. Let's just not for once. Google deserves the atmost and undiluted contempt and condemnation for their greed and their willingness to erode consumer rights that underlie such dishonestly worded hostile and unilateral decisions.
It is extremely hard to live without the internet - it's almost impossible - everything from your bank to your doctor to restaurants to the barber that wants to be paid by Venmo. Taking away your parent's internet connection is even harder than taking away their driver license. (And also more isolating.)
There is no law enforcement; there's no consequence for scammers; there's no technology stack that is safe for the less able. It's a brutal Wild West where the weakest are attacked without recourse, flooded with misinformation and lies, and targeted by significant financial scams.
My needs and desires aren’t that complicated. There’s nothing that I really want or need to do that I can’t do on my phone or iPad.
I assure you it is not.
That is a nonsensical argument.
"You shouldn't be able to put anyone else in danger" - agreed.
"You shouldn't be able to modify your car" - wtf does that have to do with danger?
"Modifying brakes (not breaks)" is not the same thing as "Putting people in danger". Sometimes we modify them to have better braking than the standard.
What countries actually do is test the end-result, i.e. Does the car conform to the legally mandated required braking performance?
Rather than campaign to stop people from owning property anymore, maybe just enforce the existing laws (which, as far as I know, are enforced already anyway).
This campaign to divide people into an owning class and a servile class is pretty damn repugnant, and "Because someone can be harmed if we allow people to own things" is just the new "But think of the children" nonsense.
That's not relevant here. If frequencies are illegal, it should be impossible to program it in such a way. But even otherwise, it's the responsibility of the user to follow local laws. If I have a PTT phone, it's not legal for me to use forbidden frequencies just because it's possible. Why do these manufacturers care about what doesn't concern them when they violate even bigger laws all the time?
> It's not always the user who's installing software. Lots of people depend on other people to manage their devices.
That should be up to the user. Here we are talking about users who want to decide for themselves what their device does. You're talking as if giving the user that choice is the injustice. Nope. Taking away the choice is.
> Manufacturers like the hardware they delivered to be trusted so users trust it regardless of who handled it.
I see what you did here. But here is the thing. Securing a device is not antithetical to the user's freedom. That was what secure boot chain was originally supposed to accomplish until Microsoft managed to corrupt it into a tool for usurping control from the user.
Manufacturer trust is a farce. They should be deligating that trust to the user upon the sale of the device, through well proven concepts as explained above. They chose to distrust the user instead. Why? Greed!
Each country would need a locally maintained OS they can force on people
So like Google?
Software that acts against the wishes of the user is malware, let's not forget that.
The people who shouldn't disable these security features tend to be the first to do so. And then complain the loudest when the enter the "find out" phase.
We also don't trust old people to live on their own, that doesn't mean we force every adult into dormitories.
For fucks sake, Meta is at the point they're pulling malware tactics to sell ads.
Circumventing permissions for app to browser talking? Really? FOR ADS? Thats where we're at?
I'm over it. Anyone who thinks this has even the faintest thing to do with malware is legitimately delusional. Not misinformed, delusional.
Warnings aren't always enough, sometimes we have to lock people down and physically prevent them from harming themselves.
It's not always people being stupid. I recall reading an article by someone who got scammed who seemed generally quite knowledgeable about the type of scam he fell for. As he put it, he was tired, distracted, and caught at the right time.
Outside of that, a lot of the general public have a base assumption of "if the device lets me do it, it's not wrong," and just ignore the warnings. We get so many stupid pop-ups, seemingly silly warning signs (peanuts "may contain nuts") that it's easy to dismiss this as just one example of the nanny state gone mad.
Hint: it does not. Look around the play store, it's 80% malware and scams.
Why is this the case? Because it has to be or Google goes bankrupt. Google is an inherently parasidic company. They make their money off of advertisement, scams, and conjobs. The more shit the digital world is for you, the better for them. You will always have an adversarial relationship with Google.
They don't want ads that don't lie. They don't want apps that are honest. They don't want to limit notifications. They don't want to get rid of email spam.
The reason Apple devices are so much more pleasant for everyday use and there's so much less scams and adware isn't because Apple is a saint. Its because ultimately Apple doesn't give much of a fuck if they screw over con artist, because that's not the thing keeping them from bankruptcy.
Your response reminds me of Snowden's quote, which I'll likely butcher because it's from memory, but roughly: "Saying you don't care about privacy because you have nothing to hide is like saying you don't care about freedom of speech because you have nothing to say".
The problem is actually Google and other big tech.
Let's consider: why are users installing so many apps?
Because, on desktop, this doesn't happen. We don't ask people to download and run an EXE to look at their friends funny cat photos. No, we open the web browser.
The reason we have so many apps on mobile is because we require the malware. Google requires the malware. We need to be able to run privileged and unsandboxed code on users devices and this is the world that Apple and Google have created.
Users shouldn't be fucking downloading apps for 90% of the stuff they do anyway - including the non malicious apps! But they do, because they have no choice.
Think about it. Provide a web interface and miss out on juicy spyware? Or install executables on your customers systems? Apps are far too enticing for big tech.
Right now, the average Joe can't click a link and install a 3rd party app. Meanwhile, you can install malware from the actual authorised sources, or even just come across a vulnerablity in chrome.
Keeping your devices up to date with security patches will save orders of magnitude more people from malicious software than stopping 3rd party app installation.
I occasionally develop Android apps for myself (mostly out of curiosity and experimentation, but sometimes out of a need for some particular functionality). I'm not going to apply for some developer permit and verification just to do this. I may as well buy a damn iPhone.
By selling the same hardware with multiple tiers of functionality artificially locked behind increased prices, it becomes profitable to develop and manufacture products that would otherwise not make economic sense. This occurs when there aren't enough potential buyers of the full-featured version at a price that makes the full-featured version on its own profitable, but the sum of all customers at all price/functionality tiers is profitable. i.e. this model results in products that would otherwise not exist.
I have mixed feelings about that argument. The main one being that it's not much of a stretch to go from that to "the full-featured version sold at price X would be profitable, but because most customers are willing do do without the higher tiers of functionality, we can make even more money by selling a reduced-functionality version at price X, and charge a premium for the extra features", and it sure seems like that's what a lot of American businesses do. But I assume at least some of the time, it really is the former and not the latter.
Having a license doesn't mean you are restricted in where you can go unless we start considering the fringes like provisional (learners') permits complete with curfew. Therefore, your example doesn't fit. But OP's does, because it is equivalent to asking "do you think your refrigerator should refuse to cool items manufactured by an entity it doesn't like... to Keep You Safe(tm)?" Maybe you buy from non-verified cottage industry workers at the local farmers market. People who maybe didn't upload their PII and licenses to the refrigerator manufacturer, so it refuses to operate until you remove the offending item. Out of the utmost respect for your safety, of course.
Imagine if Charter Communications/Spectrum decided to block you from using their service and modem/routers from accessing any media created by Universal (owned by their rival, Comcast). It doesn't really have anything to do with safety, but they could pearl clutch and blame it on some risqué content that Universal releases via its imprints.
You know there's a very fine line between hardware and software in this case so you're actually advocating for drm like control here.
> They should be deligating that trust to the user upon the sale of the device, through well proven concepts as explained above.
That same user who forgets passwords and recovery keys all the time and loses all access to documents when a device breaks? And you're presuming giving that kind of person who doesn't understand sh*t about backups, device security etc full access to their devices will not result in a lot of compromised devices?
I'm not sure manufacturers are the best party to trust but they have an interest in a secure reputation, which the majority of dumb users or eavesdropping governments do not have.
> They chose to distrust the user instead. Why? Greed!
There are more reasons to distrust the user. I don't buy greed is the only relevant one.
Google has chosen the path of duping their customers by selling them to the highest bidder. That's their business model across the board.
Apple has chosen to sell devices at a significant markup with the inherent agreement that they won't sell their customer to the highest bidder. After building trust in that arena for years, it wouldn't take much to destroy that credibility. So far, they know this. I'm getting concerned about them starting to plug ads into their core applications, so only time will tell if they get MBA'd to shit.
I'd also much rather live in a world where everyone does the right thing, there's no greed, stupidity and short-sightedness. Unfortunately I have to make do with our current one. The fact is that a lot of people are stupid. Even very clever people often act irrationally and against their own interests. In the end, we have to strike a balance between personal freedom and the need to protect people from themselves.
Let's look at the case of mandatory seatbelts, and entertain your proposition that people don't need to be protected from themselves. What will happen?
Well, quite a few things are basically inevitable:
1. The issue will be politicized and there'll be hardliners who refuse to wear seatbelts. There are people who are vehemently against wearing full face helmets while riding motorbikes, even though the injuries from faceplanting into the road at speed are truly ghastly. 2. Once the number of people not wearing seatbelts goes up, a whole slew of interesting negative externalities pop up (and you seem to be gleefully ignoring these): 2.a) Simple fender benders will suddenly result in severe and fatal injuries instead of scuffs and bruises. 2.b) Insurance costs increase to cover the higher likelihood of injuries. 2.c) Fewer people can afford insurance. 2.d) Society has to bear the burden of treating and supporting people who get maimed and need lifelong care.
So what is your proposal to do here? What would you do with a person who didn't wear a seatbelt and got severely brain damaged due to this? Just abandon them to die? It was their choice after all. Who should bear the burden of treating these people? Do we now have tailor made insurance for those who don't wear seatbelts? What if these people will simply opt out of insurance?
At the end of the day, a society has to make a few pragmatic tradeoffs and limit certain freedoms as the cost is just not worth it.
While I do believe root access should be possible, it shouldn't be easy. Because I'm confident my dad who wants to pirate F1 instead of pay for whichever overpriced premium streaming platform bought the rights this year would root his ipad and install a dodgy stream player if it was easy.
But no doubt they are under an enormous amount of pressure to do this from a variety of corporations and governments as well.
I don't think that a startup is sufficient, but it can be an important step in the right direction. I came to my bank, showed them my Librem 5 phone and asked where I can download an app for it. It was a much clearer message than "but Android isn't free!" (which is of course true). I do the same with governmental services.
Forcing users to pay for apps rather than install pirated APK's and unlocked apps both raises Google's revenue and reduces the risks of malware and scams.
The consequence is naturally, the savvy users who know how to avoid risks lose the ability to have more control over their phone.
> We have to lock people down and physically prevent them from harming themselves.
You can apply this argument to literally anything, and taken to its logical conclusion, this is exactly what will happen.
I've helped elderly family members and non-techie ones who barely know how to open a facebook account - none of them had "malware apps" installed. Their problems were mostly these:
- Websites asking for notification permission just to spam with unrelated malware or porn notifications
- Their calendars being filled with events that are nothing but links to porn or gambling sites, leading to constant notifications
- Apps that don't work yet are filled with ads - blood pressure meter on your phone, sugar level measurements, step trackers - filled with ads and trying to get 1000$ purchases
- An app actually being a launcher filling your screen with ads.
- Hell, even I, as someone who has deep intimate knowledge of Google Play Billing, got scammed by an app when upgrading from their weekly to their monthly offer, with them now charging both.
Google can intervene at any point here, they have reviewers, they control the store, they control the browser, hell, they basically control the device. And they have rules and policies for it, but it's convenient for them to ignore it. They have their cash cows and will fight tooth and nail to protect them as long as it makes them profit.
Maybe this is a bit of a hot take, but I think any government that has the ability to absolutely prevent people from breaking the law is a government with far too much power. I'm all in favor of law enforcement, but at some point it starts to cross over the line from enforcement to violation of people's free will.
I was able to remote in and close it. Then I noticed the message saying uBlock Origin had been disabled in Chrome (because Google broke ad blocking).
Thanks Google.
Even now, I don't really use a bank app for 90% of my needs.
Seriously ill people as an exceptional last resort though, right? Or just everyone?
This has nothing to do with malware, and has everything to do with locking down the Android ecosystem to keep out competitors to Google's services.
Yes, they will. So what? That's the price of freedom. I've never been a fan of slave morality.
> Who should bear the burden of treating these people?
You're arguing that we're all the hook if we let people do dangerous things and clean up after them when they screw up. There are two ways out of this situation, not one.
People have been giving Apple shit forever for not supporting this "web standard" in Safari, but it's 99% used nefariously for this exact purpose. Websites should not be able to send push notifications.
I do not want websites to have equal capabilities to apps. Installing an app on my device is a very purposeful decision I make that I only do if I'm trusting it and willing to manage its permissions. Visiting a website is not.
We mostly can't. The most we can do is grow new big companies.
The internet was carefully reorganized so that it's impossible to do anything without money moving around.
Absolutely not. I'm saying that the hardware shouldn't have that capability at all in the first place. But whatever. Don't restrict it. Those functionalities are usually under the control of the kernel. If the user is smart enough to tinker with the subsystems at that level, they're also smart enough to deal with the consequences of its misuse. That isn't a good justification to just lock down devices like this. The harm that comes out of that is much worse than what anyone can do with an RF baseband chip.
> That same user who forgets passwords and recovery keys all the time and loses all access to documents when a device breaks? And you're presuming giving that kind of person who doesn't understand sh*t about backups, device security etc full access to their devices will not result in a lot of compromised devices?
Yeah, so? It's not like such a person is ever going to unlock a complex safety lock. Examples for that exist already. Who can sideload an app into a fresh Android device without enabling the developer mode and then installing the APK through ADB? Dumb users won't ever persist enough to reach there. To take it further, the user can be given the root key to the secure boot chain on a piece of paper with the explicit instruction to not share it with anyone or even use it if they don't know how to. Ordinary users can then go on about their day as if it is fully locked down. It's unfair to deny the control of the device to the smart user, when such a security is possible. The existence of a dumb user is not an excuse to lock out smart users.
> but they have an interest in a secure reputation, which the majority of dumb users or eavesdropping governments do not have.
I guess you haven't seen the spyware that OEMs ship with the android devices. Even Samsung is notorious for it - especially on their smart TVs. I'm not going to talk at all about the Chinese OEMs. For that matter, it's very hard for a normal user to even uninstall facebook - an app that's known to collect information from the device that it doesn't need. Manufacturers caring for their security reputation was some 20 years ago. Only Apple does it these days, just because it's their highlight feature. But even they tried once to ship off images on the phone to iCloud without the users' permission to 'check it for csam'. The rest treat it like a portable spying device on steroids.
> There are more reasons to distrust the user. I don't buy greed is the only relevant one.
Trusting the user isn't the manufacturer's prerogative. It's supposed to be the user's property once they pay for it. You are insisting on the manufacturer retaining control even afterwards - something I and many others vehemently oppose as unfair and scummy. Now if you are worried about the security reputation, proven methods exist that allow the smart users to take full control of the device while preventing regular users from shooting their own foot. But OEMs and their apologists pretend that the problem is entirely on the user side and the only solution is to lock it down in a block of glue. And there is one good reason for this ignorance, oversight and denial - greed. Retaining control over the end device forever allows them to squeeze users for their every last penny. I will need another epic post just to enumerate the ways in which the control over the end devices allows them to do so. But I'm not going to do that because HN has entire stories and discussions on each of those topics.
Now, maybe you’ll still be allowed to if you have a special license from the government to purchase approved hardware to run it in a datacenter. Which can be promptly revoked if you were found to be running illegal VPN software or something like that.
So the only thing it kills is the risks to Google's revenue, not the risks to users' security.
My great-grandfather fled France with his family during the second world war. My grandfather fought in the second world war - essentially after he got to Canada, he enlisted and headed back to fight against fascism. He eventually came back to Canada because the rest of his surviving family was here.
I get tired of fighting for privacy, and standing up for users, and pushing back against some of the most egregious abuses of tech companies, including the tech companies I work for. When I think that it's not worth fighting, or I think that I could probably get a promotion and way more money if I just suck it up and start building ad-tech or surveillance tech, I think about how disappointed my grandfather would be with my decision.
Stoicism isn't the shitty memes that folks post online re-enforcing toxic masculinity, it's getting up in the morning after taking a break from the good fight, and continuing to push back despite being tired. Understand that when you wake up in the morning, or feel the need to comment "I'm so tired and disillusioned", remember that there are many, many other people tired and disillusioned along side you or OP continuing the fight. Take a break if you need to, and come back to keep fighting.
I can't go to Google HQ and reinstall their locks because I think their locks are insecure, and I certainly can't declare myself the arbiter of who should be allowed to open their locks. I'd be charged and put in jail. But they can do the digital equivalent to my device and that's valid business.
“In the broader conversation of right to repair regulations, we also need to be thinking about a "right to root access" for computing devices.” :)
I mean, check out HiddenMiner, ADB.Miner, HummingBad, WireX…
I agree that this is an overreaction, but the problem is real, and the fact you don’t know anyone who knows they’ve had a malware infection doesn’t mean that that is reality.
It's just a matter of time until we lose everything. It's not really a struggle. Look at what just happened. We made sacrifices for years by using Android because it was open and Google just rendered it all moot by introducing hardware remote attestation to discriminate against anyone who's actually enjoying that openness. What's the point?
To be fair to the security folks at Google, people will follow these steps like clockwork. The only thing they care about is getting the app on their device.
The root cause of all of this: banking/finance/payment apps figure they can trust your device, because no one has regulated a universal trust root into existence. Google encouraged this with SafetyNet/Play Integrity, and convincing Visa/MasterCard that devices can be trusted for contactless payments.
Now there's one gaping hole left: you can still install unverified software from anywhere, and said software will use all tricks possible to convince users to grant accessibility permissions and give up the keys to the kingdom. There have been many attempts over the years to make this harder, but malicious apps are getting even more sophisticated, to the point of installing shortcuts to entire fake versions of your banking app on the home screen.
So Google is being pressured by governments and markets to make it harder to produce installable malware, when a better way to prevent malware while protecting user freedom is already here: passkeys. You cannot steal passkeys with a third-party app, no matter what tricks you try, because they are tied to domains and APK signatures. Stop trusting stealable credentials and you stop needing to trust the entire hardware and software stack behind the app calling your backend.
I know what I do on computers/phones/iPads. I know that every computer/phone/iPad I've ever owned has done more or less what I wanted. I'm usually the weak link, not the device.
I don't go to bed worried that the sun is going to rise in the West. I've got things that seem likely to happen to worry about.
Right, it's very disheartening when the large majority of smartphone users couldn't give a damn about such matters. As I mentioned elsewhere, the problem has been made much worse by the fact that most smartphone users are addicted to electronic heroin—apps provided by Google, Facebook, et al.
There's no other way of describing the situation other than it's an unmitigated disaster. Tragically, Big Tech hit on a formula that has billions of users glued to their phones many to the point of obsession—it's absurd, nothing like this has ever happened on such a grand scale in all of human history.
When people like us try to fix the problem we're confronted on all sides—we not only have to deal with a money-rich and very hostile Big Tech and also with governments who want to only deal with it (for reasons I mentioned earlier) but also with a large percentage of the world's population who would feel threatened and annoyed at even the mere mention of changes to their phones' ecosystem.
When the enemy goes to the extent of effectively 'parasitizing' those with whom we are trying to help and protect into a zombie-like state of inaction then we've little hope of changing things for the better.
It's all very depressing.
No thanks.
I highlighted the word you missed, deliberately in my opinion, as it completely changes the meaning to exclude your frankly idiotic assertion.
Is your position that it would be better for his freedom for me to let him jump if I couldn’t dissuade him?
Informed consent goes a long way.
I.e. a warning would be if he didn't want it to happen, but my understanding is that he very much did.
That said, I think suicide is a complicated case because some people want to be stopped, and some people will just try again the next night.
And the people did rise up and successfully tried to fix the problem - there was a big socialdemocratic movement that culminated between the world wars.
What he underestimated was the ingenuity with which the capitalism reinvents itself (and creates new forms of private property to gobble up - free computing in RMS's sense just one example). He also overestimated ability of most people to understand the problem (it's lot more lack of emotional rather than intellectual capacity). I would say alienation is central to Marx, unfortunately alienated people can be so indoctrinated to fail to consider the alternatives. Most people seem to prefer to suffer through hardship rather than demand an alternative solution.
That's interesting, this is a pretty generous representation of him in my opinion. Its been a while since I read some of his writings and went down the rabbit hole listening to long form interviews of historians that studied him though, my memory could he failing me!
My understanding what that Marx envisioned a future utopia and saw two revolutions, both presumably violent, as necessary to get to the end goal. At best I could see him being indifferent to the suffering and deaths required in his model, but I never got the feeling that he would regret or would want to avoid the suffering. If I'm not mistaken, one of the revolutions he expected and wanted to see happen would have leaned heavily on the poor and working class turning on the rich and powerful to the point of killing most or all of them.
Again, I hope my representation is accurate here. I don't have time to dig back in to fact check this right now, just sharing my recollection.
Those are the only checks of power on the executive built into our system. Are you expecting we would have to throw out our political system all together, get rid of the top by force, and start over?
Say you put aftermarket brakes on your car and they fail, causing an accident that harms someone else. The person who changed their brakes should be held liable legally, its as simple as that. Owners that choose to change their car and do a piss poor job of it are held accountable for their actions and others considering similar modifications can choose to learn the lesson.
Yes that means people could be harmed in the process, but regulations themselves harm people too. There's no way around the fact that one way or another people may get harmed during their lifetime. In the long run regulations just guarantee that, should the wrong people take power, the regulations and authority that originally allowed regulations will be abused.
I'm actually surprised I haven't seen more push back on government authority given everything Trump is either doing or claiming he will do. The president should be largely an anemic office acting more as a figurehead than anything else. We've given them the power to effectively legislate with no oversight, that why he may be able to do so much harm.
But even for cars, it's quite clear that a modify-test cycle there is on the order of months/years (also, has a money burden that probably the owner has to pay). But this would 100% fail to scale to IT - like should I go to the government on each commit? Do I get a signature from them for releases?
1: the exception that I'm thinking of here is fair phone, and it isn't much of an exception.
And yes, if those people have no way to pay for extreme medical treatments to save their life, they shouldn't be provided further assistance. They should bare the consequences of their decisions. Future generations will hopefully make smarter decisions as a result.
My point is only that there's already a system that lets you run whatever apps you want, and to heavily customize the OS, and also make your bank happy by running a secure OS. It's just out of the box Android. You can replace all the built in apps, including the base "desktop" GUI, keyboard and browser. So this discussion revolves around an edge case: someone who wants to customize security-critical OS primitives like the kernel or compositor, AND who isn't doing this as part of a project big enough to partner with Google, AND who wants their bank to accept their changes as secure enough, AND who doesn't want to provide such institutions with some non-Google managed evidence of that, AND who doesn't want to tolerate using two devices.
There's very few use cases for that. The only one anyone can seem to muster in this thread is to prepare for a hypothetical future in which Google prevents ad blocking at the OS level, which hasn't happened in more than 15 years of Google being an ad company. So today there is a vanishingly small number of people for whom Android's existing mechanisms are insufficient, and for those people, there is dual boot - again, because the Android team planned for this and built a secure boot system that allows alternative OS installs on a phone.
So where does my statement suggest we should make locking people up for their own good the norm?
I can come up with even more mundane examples of where we physically prevent people from harming themselves. High barriers to stop people getting into the tiger enclosure. If a member of staff saw someone dumb enough to try and climb in, rest assured they'd be physically dragged out for their own safety.
Or do you suggest we allow the general public to wander into the tiger exhibit to pet the animals? Personal freedom and all that.
But I think there are people who consider forceful redistribution of ownership to be violence, even if no human is actually physically harmed in the process. I don't and I think there is a distinction to be made.
Edit: Nevermind, there's a lot of interesting debate about this on the Internet.
The problem is any feasible example you come up with are already regulated, for the same reason you came up with it - there's danger to others!
Where I am, gas pipes, even inside your own house, can only be legally installed and maintained by a certified technician. You also have to get an annual clearance certificate done.
Just about everything dangerous is already regulated; further restrictions "just in case" are not warranted.
And if it so happens that engaging in some sort of anti-customer behavior is profitable, then it's entirely viable that all major players adopt it, even if they don't necessarily overtly collude.
My argument was that manufacturers should have to be clear up front with what they're selling. If 95% of the population doesn't care, and that means the market for maintainable cars isn't viable, why should I impose my will on everyone else? I'd like to buy a new car and be able to work on it but no company should be obligated to serve that desire.
But unless you can come up with a very detailed list of when it's acceptable "to lock people down and physically prevent them from harming themselves" and when it's not acceptable (it never is, it's a crazy statement), and I don't think you have such a list, your "sometimes" just means "whenever I, as the person writing the software judge", rendering it completely meaningless.