Shake it off, because, see point 1, the struggle is the same as it has been even decades ago. Nothing has changed: we fight for it. Only the battles have changed, not the war.
I'm not the person you replied to, but I am in their shoes. I'm tired, too. Trust me, I used to champion your sentiment, keep fighting/keep moving and all that jazz, but...at my age, this War of Attrition that is the fight for user data rights and privacy has gone on so long, against a foe that has a much large reach and seemingly infinite resources.
Many of us are not only exhausted, but exasperated at the fact that the good majority of the consumer market continues to give permission to the very activities we are all supposed to be denying. In the end, we vote with our dollars, so we, the vocal minority can be as loud as we want but if the majority continues to buy, use and comply with the product, it's really just a lot of yelling for no reason, isn't it? That's how it feels, anyway.
I know, I know; can't start a fire without a spark. But I've been at it for two decades, since the first smartphone dropped, something I resist adopting for nearly a decade. I'm seeing my kid's generation growing up in this world, condition by it from the start despite our best efforts and they simply don't seem to care. From where I'm standing, I feel old, brittle and tired from all this, but there's nobody to pass the torch to.
So understand that when one of us comments "I'm so tired and disillusioned," we do so after years of resisting, and those words are not uttered lightly.
> So understand that when one of us comments "I'm so tired and disillusioned," we do so after years of resisting, and those words are not uttered lightly.
My great-grandfather fled France with his family during the second world war. My grandfather fought in the second world war - essentially after he got to Canada, he enlisted and headed back to fight against fascism. He eventually came back to Canada because the rest of his surviving family was here.
I get tired of fighting for privacy, and standing up for users, and pushing back against some of the most egregious abuses of tech companies, including the tech companies I work for. When I think that it's not worth fighting, or I think that I could probably get a promotion and way more money if I just suck it up and start building ad-tech or surveillance tech, I think about how disappointed my grandfather would be with my decision.
Stoicism isn't the shitty memes that folks post online re-enforcing toxic masculinity, it's getting up in the morning after taking a break from the good fight, and continuing to push back despite being tired. Understand that when you wake up in the morning, or feel the need to comment "I'm so tired and disillusioned", remember that there are many, many other people tired and disillusioned along side you or OP continuing the fight. Take a break if you need to, and come back to keep fighting.
They have trillions of dollars to burn. They have expensive lobbyists which they use to essentially buy laws. Governments want them to succeed because they also want to control people's computers.
It's just a matter of time until we lose everything. It's not really a struggle. Look at what just happened. We made sacrifices for years by using Android because it was open and Google just rendered it all moot by introducing hardware remote attestation to discriminate against anyone who's actually enjoying that openness. What's the point?
Right, it's very disheartening when the large majority of smartphone users couldn't give a damn about such matters. As I mentioned elsewhere, the problem has been made much worse by the fact that most smartphone users are addicted to electronic heroin—apps provided by Google, Facebook, et al.
There's no other way of describing the situation other than it's an unmitigated disaster. Tragically, Big Tech hit on a formula that has billions of users glued to their phones many to the point of obsession—it's absurd, nothing like this has ever happened on such a grand scale in all of human history.
When people like us try to fix the problem we're confronted on all sides—we not only have to deal with a money-rich and very hostile Big Tech and also with governments who want to only deal with it (for reasons I mentioned earlier) but also with a large percentage of the world's population who would feel threatened and annoyed at even the mere mention of changes to their phones' ecosystem.
When the enemy goes to the extent of effectively 'parasitizing' those with whom we are trying to help and protect into a zombie-like state of inaction then we've little hope of changing things for the better.
One approach, not ideal by a long shot but one of the easiest, is to only use old devices and old OSes. Things that have been cracked and/or are easy to root.
"But it's not secure!" -- yeah, that really is the point.
> only use old devices and old OSes. Things that have been cracked and/or are easy to root.
> "But it's not secure!" -- yeah, that really is the point.
Well, no.
The point isn't just to rail against impositions from someone else wanting what they see as essential for their security, but also to keep things secure and⁰ free¹ for you, the user.
Holding your devices back constrains both your security and your freedom rather than helping you in either manner. Security because you will be missing important updates in that regard, and freedom because your device won't be able to negotiate connections with external services² that you want to use³.
----
[0] And where these two conflict, you should be free to chose your threat model and therefore which compromises to make, except where that could negatively affect others.
[1] The freedom of reasonable action form of free, not monetarily free etc.
[2] We hit this a short while ago with some legacy code+infra using SOCKS via OpenSSH to make unauthenticated HTTPS calls from source addresses we can't fix (authentication is done with SSH, control is by the other end having the fixed address of the SOCKS host in the whitelist) - upgrading the VM running the SOCKS proxy upgraded OpenSSH which deprecated a number of encryption and negotiation options, the old client library used didn't support enough new ones to be able to negotiate a link, newer versions required a later .Net version that is supported inside SSIS, so we had to rearrange how those calls were made (obviously the long term fix is to kill all that legacy SSIS stuff, all SSIS stuff including the people that made it, with fire). The same will happen with parts of what you use your device for, if you keep it back in the way you are suggesting.
[3] Banking facilities being a key area that you'll likely hit problems with first, after that other online commerce flows, and so forth.
It is not a good long term solution, however, because older phones do not support newer versions of the operating systems and gradually you'll notice that fewer and fewer applications work on your phone, because they require a newer operating system.
Utterly pointless. We'll be systematically discriminated against at every turn. We'll lose access to finances, services, communities and even simple sites because our computers aren't corporate owned. We'll become so marginalized we'll only be able to visit places like HN, places that at least try to pay some lip service to everything the word "hacker" stands for.
And then they will make it so our devices need to pass hardware remote attestation to connect to the internet and even that will be taken away from us.
I don't know what to do anymore. The future is bleak. The free computing we love is being destroyed by forces outside our control, forces that cannot be stopped no matter what we do because they have trillions of dollars and their interests are aligned with those of governments the world over.
They may try that, sure, but 1/ it will take some time, during which we can still enjoy some amount of freedom and 2/ they may not succeed everywhere, or all of the time.
This is not enough. Things like banking apps are virtually necessary for many people's daily lives, yet they often require a non-rooted phone with Google Play Services spyware installed at the OS level, or they will simply refuse to open. Never mind the fact that we're so into late capitalist consumerism that it's routine to deprecate support for 2 year old OSes.
This needs law/regulation forcing the duopoly to open up, unfortunately even in the EU we're moving in the opposite direction.
Not just forcing the app store duopoly to open up, forcing banks to open up and prohibiting these kinds of restrictions that are based on "we insist that you trust some large corporation that we also trust".
Exactly. I'm literally penalized because I have control of my own device (which somehow isn't an issue with the much more "insecure", root-wise, browser on a linux desktop)
now. In general it certainly is; web interfaces will be phased out unless web browsers gain client attestation capabilities (at which point it's game over for the open web).
E.g. Revolut never had a web interface and is doing just fine.
And the sentiment that I own the things I've bought and paid for and should be able to do what I want with it. That a company shouldn't be able to come in and take away features, that I purchased with the device, away from me for absolutely any reason.
I can't go to Google HQ and reinstall their locks because I think their locks are insecure, and I certainly can't declare myself the arbiter of who should be allowed to open their locks. I'd be charged and put in jail. But they can do the digital equivalent to my device and that's valid business.
> Things like banking apps are virtually necessary for many people's daily lives
I disagree. I think most people could do just fine without them. Some might need to buy a desktop computer or even visit their bank's website using a browser on their phone, but humanity got along just fine without cell phone banking apps for a very long time. Many of the old options still exist for a lot of common banking activities. Options like calling your bank on the phone, using an ATM, or going to a branch in person. If your bank really doesn't allow you to do anything with your money without a cell phone app I'd say finding a new bank is justified. Better yet, try to find a credit union.
Banking apps are convenient, but it's getting to the point where the inconvenience of being abused by the OS outweighs the convenience of a banking app which is probably collecting (and selling/exploiting) data they couldn't get from a visit to their website anyway.
> or even visit their bank's website using a browser
when desktop browsers are considered less trustworthy to the bank than mobile apps (this is approximately now) they'll invert the functionality and limitations surface so mobile will have more authorizations than desktop browser (this is also happening now).
client attestation is a fundamental transfer of freedom from the client to the server. it's nice in theory (I too want my money safe), but at the very least it needs a third party with different incentives, not the OS, hardware and browser vendor.
The only need I have for banking apps is created by banks themselves, to verify online payments. But it would work just fine with regular text messages. I don't need a banking app at all.
(And maybe verifications aren't needed either, since in the 40+ years I have been using a credit card, never once have I been asked to verify something that I didn't initiate myself.)
Just because you don’t care about banking apps doesn’t mean I don’t. You might churn your own butter, but that doesn’t mean I don’t need to be able to pick it up from the grocery store. Our lives are different from our parents, whose lives are different than theirs. The answer isn’t “just go back 20 years and live like we used to”. The answer is to life in the modern world and still have our basic freedoms.
This is not going to be successful once they demand strong authentication of clients on the server side - the banking apps already do this, you can't have your phone rooted or compromised.
Wait until the authorities will require strong client side authentication for social media sites, news sites, and everywhere user generated content is accepted, tied to official ID issued by the government
To be honest I don't see an easy path to escaping the walled garden in our interactions with big companies and governments (banking, traveling, mainstream social networks, etc.).
But at least we can build alternatives for interpersonal communication and other uses independent from big companies, like the late 90s-early 2000s Internet, and access that with free devices.
If you want the whole commerce in the EU collapse and the CEO's wanting to really hurt and then kill Ursula von del Leyen and the associated lobbies, yeah sure. Let them suicide.
I maintain a software to aid in installation of Windows 7 to new PCs (FlashBoot Pro): https://www.prime-expert.com/flashboot/ . Recently there was a reduction in sales. You are welcome.
> We have to keep defending our own freedoms against non-stop assault until the end of time
That's the human condition. The price of liberty.
However, there are easier ways and harder ways to do it. The key concept to think about is sovereignty. What do you own? What do you control that depends on as few externalities as possible?
The big shift people are going to have to start thinking about is abandoning the network, because the enemies of freedom are increasingly locking it down.
- I own PC hardware that runs Linux. I own a copy of Linux which runs entirely offline. To the extent I get updates to it, they are licensed and distributed in such a manner that it's very hard for the bad guys to mess with them, as Microsoft does with Windows 11.
- I own copies of many media, books, music, movies, TV series, games, these reside as non-DRM'ed bits on my SSD that do not phone home, they don't need the network. I have local copies of software that does not require the network to play them. I have physical copies of these things in some cases.
This is not to say that I never use Netflix, Youtube, Spotify, Steam etc. but I keep them at arm's length and cut back on my usage of them at every opportunity. They are all network tools owned by our enemies, and need to be treated as such.
There really isn't shit they can do to me that would sting, short of cut off the electricity. In the event that the Internet purveyors of slop go Full Evil, and they probably will, I am well equipped.
Now of course the topic of sovereignty is far far bigger than consuming media, and we could get into things like desktop applications or where you interact with your friends as well. But the principles are the same. Go offline.
Yep, there are times when I feel like it is best just to let them win to the point it completely break the bottom of the bucket. Rather than a slow creep, a sudden lurch so that everyone can see it.
Y'know what's troubling to me, freedom as a struggle is indirectly related to other people/ social-political issue.
Like, the people if they decide, they want freedom, are almost guaranteed to get it. But nobody demands it in the truest sense and it feels like the govt. isn't controlled by the people but rather almost by lobbying and that social media etc. have made people complacent in the sense that either we think that others will fight for us or that social media has become a propaganda machine.
I almost broke last night realizing that nuclear can be completely green energy but it isn't the issue of technology but rather political. To me, it felt like a lot of really quality of life changes (like water access, clean cities, good air quality index, atleast where I live) are all almost political issues at this point.
But I am not hopeful towards people, I am hopeful towards tech though. It feels like people have free will, so they might actually pick a net negative option for everybody (trump?), so I am not an optimist because I feel like I have to trust people in the process and I feel like people can do both good and bad, so I wonder how much better our lives have been compared to our ancestors. Maybe trade-offs?
I genuinely felt so weird realizing this, its hard to explain. Like it felt like I can do nothing but watch. And to me I feel like I am being a pessimistic because a lot of people in power feel stupid/inefficient man.
We just don't have a choice. WE have a choice b/w 2 parties and call it freedom.
Of course, freedom will be a constant struggle. People have made it as such. Its on all of us, we all need to take accountability. I get it, accountability is hard, but its much better than waiting for a hero to save us all. We can do it if we realize this.
> To me, it felt like a lot of really quality of life changes (like water access, clean cities, good air quality index, atleast where I live) are all almost political issues at this point.
This is why I struggle when discussing anything on this website - these were always political issues. Everything that touches the way society functions is a political issue. Tech is just a vehicle of political agenda. Freedom is purely political notion, this is why different traditions have different concepts of it. And to obtain it, as well as other things, you need political action. Yet, most HN users, at least that is my impression, tend to think that it is about creating yet another software project or founding startup.
And this is why corpos and government are winning.
> Yet, most HN users, at least that is my impression, tend to think that it is about creating yet another software project or founding startup.
I don't think that a startup is sufficient, but it can be an important step in the right direction. I came to my bank, showed them my Librem 5 phone and asked where I can download an app for it. It was a much clearer message than "but Android isn't free!" (which is of course true). I do the same with governmental services.
Well, political action is hard to bring and you would need an average citizen to weigh his vote into action and not just use his vote for his own biases and as I also said, its really depressing when we think of this to be as a reality and I myself, would like to hide or somehow "prove" that this isn't the case if that makes sense.
So no wonder the majority of us techie/hn users feel this way, you aren't wrong for the impression, I also feel like that's true atleast in my opinion being in this community and there is nothing wrong with that but the reality is kinda bitter.
Government in EU will want it once they introduce the Chat Control legislation and observe that it is trivial to circumvent by either modifying clients to not scan or using free open source alternatives. Logical next step is to lock down all devices and thereby also ensure total and utter surrender of all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google).
They are effectively forcing official Android on all smartphones in most countries with digital ID apps using Play Integrity. More and more people are using smartphones as their main computation device now.
They all works fine because Microsoft allows distros to sign their keys. We are a single bad law or a change of corporate politics away from them not doing that and deleting Linux out of existence on personal computers.
Now, maybe you’ll still be allowed to if you have a special license from the government to purchase approved hardware to run it in a datacenter. Which can be promptly revoked if you were found to be running illegal VPN software or something like that.
This isn't a technical problem. It's a political problem. We should be fighting this with our wallets, votes, voices and influence, not technology. Politicians and industrialists should be informed in no uncertain terms that the enaction such draconian measures will result in significant hits to their ambitions.
The only problem is that it's a tiny minority of us which can even grasp the concept of having root access on your owned computer. The majority believe the Apple (and now Google) narrative that "only the manufacturer can keep them safe" and why would they themselves ever have an opinion on the specific code running on their computer?
Weirdly, the answer is politics again. It's up to the experts who can foresee the problem to inform the general public. Lawyers must inform the public about the hidden harms in a new bill. Doctors must inform the public about the implications of health policy decisions. Likewise, it's up to us to inform the public about the misconceptions you mentioned and their impact. Who else is there to speak in their interests? The fact of the matter is, there is no escaping from politics. No matter what line of profession you choose.
Not when vendors you count on require you to use a provably locked down version and when the government makes it a crime to circumvent. At first u
It'll be the banks who are pushing for it now, but why not Amazon and Netflix abd everyone else eventually?
And you can do that, but your bank and all government services will use Web Environment Integrity API to refuse to service you unless you are using a Google-approved flavor of Linux (e.g. ChromeOS) or Windows.
"Government in EU [which is a very marginal part of the production of electronic devices, wants to implement a "Digital Euro" that requires relying] all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)[, completely external yet planned crucial part of the forthcoming monetary system]."
<think>
They do not sound pretty sound to me.
</think>
--
Edit: speak up, snipers (we are in front of a freefall and you play the fool)... I think it is rational in the discourse to show that in malice or stupidity there is a relevant upper level that shows a more radical condition.
The EU is posing towards reliance of «all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)», which is controlled by third parties.
The question of how private property, intellectual property and posession/ownership should work is indeed something humanity hasn't properly figured out yet.
But if anything, regular people should have more of the cake.
We have! The only problem is a very limited amount of legal decisions accidentally paved the way for a massive dystopia. In particular, the first sale doctrine [1] solves everything immediately.
The courts assumed good faith with a licensing exception, and maybe it was. But that opened the door to essentially completely dismantle the first-sale doctrine. Get rid of that loophole and all this stupidity ends, immediately. Well that and the DMCA. Once you buy something, it's yours to do whatever you want to do with it short of replicating it for commercial benefit.
We also need regulation to prevent unbreakable hardware locks. Integrating the locks deep into VLSI makes removing them unrealistic.
As a more specific way to do this, I'd like to see any software that hardware companies make for their own hardware designated (at the choice of the company) as either part of the hardware or a separate product. In the former case, it must be made available under GPLv3 with full anti-tivoization provisions. In the latter case, it must use only public and documented interfaces and must be completely realistic for another company to make a competing product on a level playing field. Ideally the separate products would also need to be highly cross platform if technically feasible where the burden of showing that it isn't is on the developer.
Most users don't understand the higher order effects of lack of ownership, if they care at all when it doesn't impact convenience in an obvious way. This information already exists before purchase, but it doesn't move sales among the masses where the money is made. The result is zero viable ownership respecting products for those of us who care: all modern CPUs have IME or equivalent, all modern cars are infested with proprietary spyware, all phones at reasonable prices¹ don't fully embrace user ownership in various ways. This also has higher order effects that affect everyone, such as car insurance having an involuntary data mine on anyone who drives a modern car.
1: the exception that I'm thinking of here is fair phone, and it isn't much of an exception.
I just don't see a problem with customers ignoring or not caring about the details as long as its clear. If a car manufacturer makes clear, for example, that you aren't allowed to work on the car you are buying yourself and the person still buys it that's their choice.
A practical one is that many industries have extreme barriers to entry and are dominated by a small number of players, with minimal chance of an upstart competitor showing up.
And if it so happens that engaging in some sort of anti-customer behavior is profitable, then it's entirely viable that all major players adopt it, even if they don't necessarily overtly collude.
The problem is that if 95% of people don't care and do this then the 5% who do care are completely fucked and can't work on their cars. This is because no manufacturer will make more money selling to the 5% who care.
Well I'm in that 5%, and I own older cars mainly so I can still work on them myself.
My argument was that manufacturers should have to be clear up front with what they're selling. If 95% of the population doesn't care, and that means the market for maintainable cars isn't viable, why should I impose my will on everyone else? I'd like to buy a new car and be able to work on it but no company should be obligated to serve that desire.
You're being illogical. You'd only be 'imposing your will' on people if somebody preferred it being impossible to work on their car, which is obviously absurd. It's outright anti-customer behavior with no benefit to the customer whatsoever. It's akin to arguing that e.g. price fixing should be legal so long as a business informs the customer that prices are being rigged against them.
You might be right. We're seeing a paradox of more and more exclusive ownership of property for commercial interests (land, water, airwaves, orbits) and fewer and fewer exclusive ownership for individuals (rented homes, licensed software, subscriptions etc). I too think we're still in a transition stage and humanity has yet to figure this thing out.
Well, I think it was both. He saw the problem (of capital accumulation in capitalism), and predicted a failure of it (due to people wisening up and taking action to fix the problem). Of course he wanted corrective action to happen - he didn't want people to suffer.
And the people did rise up and successfully tried to fix the problem - there was a big socialdemocratic movement that culminated between the world wars.
What he underestimated was the ingenuity with which the capitalism reinvents itself (and creates new forms of private property to gobble up - free computing in RMS's sense just one example). He also overestimated ability of most people to understand the problem (it's lot more lack of emotional rather than intellectual capacity). I would say alienation is central to Marx, unfortunately alienated people can be so indoctrinated to fail to consider the alternatives. Most people seem to prefer to suffer through hardship rather than demand an alternative solution.
> Of course he wanted corrective action to happen - he didn't want people to suffer
That's interesting, this is a pretty generous representation of him in my opinion. Its been a while since I read some of his writings and went down the rabbit hole listening to long form interviews of historians that studied him though, my memory could he failing me!
My understanding what that Marx envisioned a future utopia and saw two revolutions, both presumably violent, as necessary to get to the end goal. At best I could see him being indifferent to the suffering and deaths required in his model, but I never got the feeling that he would regret or would want to avoid the suffering. If I'm not mistaken, one of the revolutions he expected and wanted to see happen would have leaned heavily on the poor and working class turning on the rich and powerful to the point of killing most or all of them.
Again, I hope my representation is accurate here. I don't have time to dig back in to fact check this right now, just sharing my recollection.
Can you be more specific where Marx advocates for a violent revolution in his writings? I don't think word "revolution" (or even his usage of "dictatorship of proletariat") by itself implies violence (cf. "scientific revolution").
But I think there are people who consider forceful redistribution of ownership to be violence, even if no human is actually physically harmed in the process. I don't and I think there is a distinction to be made.
Edit: Nevermind, there's a lot of interesting debate about this on the Internet.
The solution certainly won't be through legislative or judicative powers as they have failed predictably and repeatedly. Sometimes reality must be molded a bit of fait accompli.
What are you proposing if not legislative or judicial means?
Those are the only checks of power on the executive built into our system. Are you expecting we would have to throw out our political system all together, get rid of the top by force, and start over?
The question that hasn't fully been worked is how to allow people to think/feel they own something, while having no actual legal rights to it. But, as we see, this is being worked on.
And the answer is we don't. If we can't run our own software, then we do not own the computer. To run software of our choosing we need the cryptographic keys to the machine and we sure as hell don't own those keys.
Not always. There have been car manufacturers that sold vehicles with features only enabled by a subscription. You may buy a car with heated seats, but the heated seats only work if the manufacturer enables them.
Considering the same law is used to strike a 3 hour GPU documentary over a ~30 second clip, I think it serves to corporate pretty well.
GamersNexus' 3 hour documentary about GPU smuggling (which is way more than a vlog as HN commenters like to portray) is struck down by Bloomberg because they didn't want their 30 second clip, which is squarely fair use BTW, of POTUS speaking to be in that. GamersNexus repealed successfully, but Bloomberg tried to bully them [0].
I don't understand why people think this is something corporations desperately want. It's something they'll abuse if you leave it sitting around for that, but that's just the argument for getting rid of it. How does the ability to be a petulant grouch benefit them? It has negligible monetary value and causes PR damage. It's a footgun that nobody needs and only fools want.
And if they're actually the cartoon villains it would imply, rather than just banal petty autocrats carelessly fooling around with a toy they deserve to have taken away from them, then we should maybe less be saying "it makes sense that they would want it this way" and more be sticking their heads in a guillotine so we can show the children the proper way to resolve a dispute with a tyrant.
In neither case should a law like that remain on the books.
Looks like it's complicated. The video has some theories.
- Bloomberg has a similar investigation which is deeply undercut by GamersNexus video. GN seen the labs, Bloomberg got their access revoked, so theirs is an empty video, and they want the views.
- The video holds no punches back about anyone, and Bloomberg has an NVIDIA sponsored section dedicated to them.
- There's no other source which recorded POTUS' words, and maybe they don't want these words to be widely available, video argues.
- Lastly, they wanted a licensing fee for that 30 seconds to leave their videos alone.
So, when you're a beancounting billionaire corporation, you can have the reasons to go after a bearded guy who manages to do a better job and make you look bad.
That's precisely the "petty autocrats carelessly abusing a footgun" scenario. They've made themselves look bad for negligible benefit while harming innocent people. It's the argument for taking it away from them.
The heated seat is an edge case, but there is also the entirely valid argument that you shouldn't be able to arbitrarily modify your car (e.g. replace the breaks with some home-grown solution), as it can put yourself and others in danger, and I see no evil in that being enforced by the government. A more IT-related example might be what radio frequencies can we use - if anyone could spam the whole spectrum, we would lose more than from the "freedom" of being able to do that.
You are permitted to change whatever you like on your car, subject to a roadworthiness inspection by the relevant transit authority.
Cargo van -> Camper van conversions go through this all the time - you add/remove seats, add a lot of weight in the form of beds, water tanks, etc. add/remove windows, put solar panels on the roof... After those changes you have to take it down to the vehicle inspection, and they tell you whether or not your changes have been deemed acceptable to drive on public roads.
> there is also the entirely valid argument that you shouldn't be able to arbitrarily modify your car
In at least two european countries that I know of (but probably in all of them) cars need to pass periodic technical inspection to be allowed on the road. Breaks are tested, among other things.
On top of that, you totally can modify your car (even the brakes) provided that you use some certified part that's good enough for your type of car. And you should pass the inspection that tests everything.
I understand that GP point was about home-made brakes (like the software counterpart), but software on a smartphone is not (yet) deadly for others if it doesn't work as expected.
Technical inspections are mandatory across the board in all of the European Union, although the rules (such as the interval between inspections), may differ between countries. The minimum is every two years, some countries do yearly. This is actually governed by a European mandate.
In much of the EU you are also required to request an additional technical inspection if you have made major changes to the car - for example, I had to take mine in when I had a tow hitch installed, and a friend had to take their camper in when they installed an additional seat.
> replace the br[ake]s with some home-grown solution
Funny you mention the brakes, because a friend of mine told me just days ago that he used to change his own brakes consumables (pads) until the new car, which "throws an error" if you replace the part - you have to go to an official service office for the computer configuration.
Now, do not forget that the need for the intervention of third parties lowers the car reliability ("far away", "too expensive", "device too old", "operation failure", "inexperienced operator" etc.).
This should show that your argument has difficult sides. Of course you should be able to act on your critical possessions. It should be within a good framework, but it should be fully, practically possible.
John Deere tractors have been terrible about this for years now. Not just for brakes, effectively any problem with the tractor requires specific software to diagnose and the tractor electronics are designed to keep the tractor immobilized until a Deere technician plugs the right software in and then repairs whatever broke in the first place.
Vanishingly few people want to crash their car due to sub-par breaks. If someone is malicious, the physical access to the car is going to be enough to not stop them and murder is already illegal. So, is this a real issue? If it is, is regulating this the most effective choice for what to regulate to increase safety or are other things more hazardous? Removing freedom and creating mandatory bureaucracy shouldn't be done over imaginary issues.
It's trivially easy to draw the line. If it's to be illegal to make some modification to your car then that law is to be enforced by the government rather than the manufacturer.
> but there is also the entirely valid argument that you shouldn't be able to arbitrarily modify your car (e.g. replace the breaks with some home-grown solution), as it can put yourself and others in danger,
That is a nonsensical argument.
"You shouldn't be able to put anyone else in danger" - agreed.
"You shouldn't be able to modify your car" - wtf does that have to do with danger?
"Modifying brakes (not breaks)" is not the same thing as "Putting people in danger". Sometimes we modify them to have better braking than the standard.
What countries actually do is test the end-result, i.e. Does the car conform to the legally mandated required braking performance?
Rather than campaign to stop people from owning property anymore, maybe just enforce the existing laws (which, as far as I know, are enforced already anyway).
This campaign to divide people into an owning class and a servile class is pretty damn repugnant, and "Because someone can be harmed if we allow people to own things" is just the new "But think of the children" nonsense.
I just tried to come up with a feasible example - maybe gas pipe installation would have been a better one?
But even for cars, it's quite clear that a modify-test cycle there is on the order of months/years (also, has a money burden that probably the owner has to pay). But this would 100% fail to scale to IT - like should I go to the government on each commit? Do I get a signature from them for releases?
> I just tried to come up with a feasible example - maybe gas pipe installation would have been a better one?
The problem is any feasible example you come up with are already regulated, for the same reason you came up with it - there's danger to others!
Where I am, gas pipes, even inside your own house, can only be legally installed and maintained by a certified technician. You also have to get an annual clearance certificate done.
Just about everything dangerous is already regulated; further restrictions "just in case" are not warranted.
It should be up to the individual to decide whether they want to modify their car.
Say you put aftermarket brakes on your car and they fail, causing an accident that harms someone else. The person who changed their brakes should be held liable legally, its as simple as that. Owners that choose to change their car and do a piss poor job of it are held accountable for their actions and others considering similar modifications can choose to learn the lesson.
Yes that means people could be harmed in the process, but regulations themselves harm people too. There's no way around the fact that one way or another people may get harmed during their lifetime. In the long run regulations just guarantee that, should the wrong people take power, the regulations and authority that originally allowed regulations will be abused.
I'm actually surprised I haven't seen more push back on government authority given everything Trump is either doing or claiming he will do. The president should be largely an anemic office acting more as a figurehead than anything else. We've given them the power to effectively legislate with no oversight, that why he may be able to do so much harm.
This is the same argument people make between Apple and Android.
Can I use an Android phone without using Google? Yes, of course you can. There are plenty of secure OS's like Graphen, Lineage, Calyx and many others. Do people really care enough to use them? Hardly any, which proves my point.
Same thing here. Most people will just pay the fee to get the seats. Some might just opt out and not get them. Others will shop around and find some legacy cars that are older that have them but don't require a subscription.
At the end of the day? There's ALWAYS a choice. How hard do you want to look to avoid the subscription? Is it really worth your time and effort? Some would say yes, the vast majority really DGAF. People have been lulled into not caring about stuff like personal privacy and having a say in what's being peddled to you.
There's always a choice… unless you want to access your bank account that is. In which case there is no choice but to use the official unrooted android OS.
You can still find banks that have physical buildings for retail customers as well as online portals to login and manage your account. Mobile apps aren't absolutely a must.
Am I the only one that found that to be a reasonable edge case?
The seat heating was apparently shortening the life of the leather seats. Its cheaper to include heated seats in all cars, than it is to maintain 2 different sets of production. The subscription basically offsets the cost of needing to replace the seats more frequently when the heating is enabled.
Likewise, if you manually enabled the seat heaters, then complained that the seats were falling apart quickly, having given you a legal out to get that feature enabled in warranty, would not have to replace your seats for free.
Not to mention, they apparently already ditched the subscription over backlash.
> The subscription basically offsets the cost of needing to replace the seats more frequently when the heating is enabled
I never heard of car-manufacturers periodically replacing seats within warranty because of the wear of the material, regardless of being "more frequently" or not. This sounds like a massive oversight in product-design.
Of all the cases I know, the customer had to bear the cost of such "wear and tear" cases.
That tracks. Dodge seats from the 90s and early 00s were absolutely terrible. I swear half of them came from the factory torn on the outside of the drivers seat just from the delivery driver getting in to drop the truck off at the dealership.
I would want the ability to change that. I actually think I can mess with that on my car.
>enabling the nominal power of your car instead of handicapping it by default?
Big topic for me. My car has a DPF, and appears to have been geared such that despite containing an automatic DPF burn process, the engine never quite reaches the required temperature, so I need to perform manual burns.
I have straight up asked the dealer for a method to enable the auto burn process, manually. And have asked if theres a retune available, to make the gearing just a little bit less efficient, giving me more power and more engine heat.
The issue, pretty much verbatim from their head regional diesel mechanic is that any modifications of that nature would fuck the emissions standards they had to limbo under. So its categorically denied. They also issued me with stern official warnings that anything I do to make the car more reliable may also void my warranty. And the unofficial advice I have received is that the DPF is "f*cked mate" and to "get the petrol hybrid before the government forces it to wear a similar PPF"
The car also very suspiciously moderates the engine output unrelated to gearing/tune. Just sometimes underperforms at random. I believe its computational again, like you say, handicapping it for emissions reasons.
These things are largely optional for me, but I wont mess with them too much until I am out of warranty.
> I would want the ability to change that. I actually think I can mess with that on my car.
Yes, generally you can disable on demand, but Volkswagen now sells the feature as a subscription. So you need to pay to enable. Maybe this is because it reduces the lifespan of the LEDs. Who knows.
> handicapping it for emissions reasons.
Volkswagen sells you another subscription for that now, at least for their electric vehicles. You can buy the option if you want your EV to perform as it's designed.
Emissions is a completely different beast. However their 140HP and 170HP TFSI engines had no different parts rather than the mapping.
Manipulating engines in a way which alters their carbon footprint is a sensitive topic, and while I was positive towards diesel systems, the particulate matter they emit, the fog they cause (see Paris photos, it's eye opening) and German engineering at its finest (i.e. Dieselgate scandal) soured me from diesel's automotive applications, big time, permanently.
> Volkswagen sells you another subscription for that now, at least for their electric vehicles. You can buy the option if you want your EV to perform as it's designed.
You can also buy "for life" subscription (around £600, if I remember the news about it correctly), so you could also say that the stronger engine costs 600 pounds more when you purchase the car. Not too different to buying the cars in the past: more powerful engine adds to the price tag.
Instead, you can sell the cars at increased (nominal, actually) power and remove the lower tier altogether while keeping the cost savings of removing another production line and logistics for the lower powered motor. Moreover you can allow users to have a choice of power from get go (i.e. Reduce to 150KW for more range). It's a couple of variables at most. Will changing the variables too much will wear down storage that faster?
Same is true for the internal combustion engines. Since they already developed the ability to store multiple maps and change the mapping when required. :)
But, where's the value in that, I mean for shareholders, innit?
FWIW, the traditional engineering argument in this case is:
By selling the same hardware with multiple tiers of functionality artificially locked behind increased prices, it becomes profitable to develop and manufacture products that would otherwise not make economic sense. This occurs when there aren't enough potential buyers of the full-featured version at a price that makes the full-featured version on its own profitable, but the sum of all customers at all price/functionality tiers is profitable. i.e. this model results in products that would otherwise not exist.
I have mixed feelings about that argument. The main one being that it's not much of a stretch to go from that to "the full-featured version sold at price X would be profitable, but because most customers are willing do do without the higher tiers of functionality, we can make even more money by selling a reduced-functionality version at price X, and charge a premium for the extra features", and it sure seems like that's what a lot of American businesses do. But I assume at least some of the time, it really is the former and not the latter.
The thing is most people do not want to mess with computers. They are terrified they are going to break them. Frankly they are not wrong. I spent yesterday just trying to get a div tag to flow correctly with all the objects around it, a whole day down the drain. I have a pretty good idea what I am doing. However, for others these things we call computers are inscrutable devices that just 'decide' to do something wrong. We have built this https://xkcd.com/2347/ and expect everyone to be cool with it. Most people most certainly are not, and are willing to give away whatever just to make it easier to use, and not randomly screw up. Apple and Google can take whatever they gave away now because well most people really do not care. The rest of us can pound sand for all they care. We effectively have a duopoly and they are acting exactly in the manor of that.
Computing devices hardware and operating systems should be treated as essential digital infrastructure, with laws in place to ensure that the owner of the device retains full control over it and to prevent manufacturers or developers from over-imposing their control.
Computing devices hardware and operating systems should be treated as a consumer's choice.
If a company offers some benefit at the cost of some restriction, then users should decide if that benefit is worth the cost. For most Android users, it will be - my grandma isn't interested in the freedom of indie devs to develop for her phone, she's interested in not accidentally installing malware.
I don't like that as much as you don't - for my own devices. But like anyone else who cares about that, I can root it and get past the digital nanny state.
I would agree of there was a choice or actual free market. But there isn't, and your argument is fundamentally flawed. Because there often is no actual choice, the options are artificially restricted. Starting with, many phones cannot be rooted. Then, if you can root, multiple functions are suddenly unavailable, not because of a fundamental technical problem, but because Google, the phone OEM or the app dev decided to not give you the options you wanted.
If you treat it as a consumer choice, there's a rather uncomfortable marketing question - "What, precisely, is the value proposition of a locked down Android device?"
A few years ago "A smartphone so intuitive that grandma can understand it." used to literally be one of the arguments cited for picking iOS over Android. The UX is far more polished and you are far more likely to find an interesting iOS-exclusive app than an Android-exclusive.
Further, as a hardware manufacturer, Apple is far more likely to manage its walled garden in the consumer's interest, as compared to Google - an advertising company.
If Android gets locked up, all the high-end Android manufacturers, especially Samsung, are going to face a slow, but inevitable death.
The Play Store doesn’t protect your grandma from installing malware. Using that as an excuse for transferring control is weak and carries much bigger consequences.
Owner having full control over the device does not prevent a company to offer same benefits and restrictions. But these restrictions need to be optional, so the owner can decide whether to enable or disable them.
Yep. I don't need/want root access, as it is too much of a security risk IMO. But of course the possibility to install a `su` binary should be there.
I primarily want to be able to unlock the bootloader to install a custom de-googled Android Version (such as GrapheneOS) and then lock the bootloader again (using a custom_avb_key). This is currently possible with Google's Pixel devices, but most Android devices don't even offer this...
I think there is also still room to legally require a common SW-layer with respective documentation to utilize features of underlying hardware (optional without the shipped OS on top, disconnecting the device from the shipped ecosystem).
This would also make sense in order to prevent e-waste and put this old hardware to better use.
It's crazy to think how much computing power is just added to a drawer or landfill every day, just because there is no reason for the vendor to allow you to repurpose it.
I would e.g. LOVE a "Browser on everything" OS which just provides a Browser OS for outdated hardware, but the only way this could work on scale would be if the device-vendor would be mandated to provide and document the lower layer...
Even with Coreboot on anything vaguely modern, there is a 'Management Engine' or 'Platform Security Processor' you can't practically control.
On the better understood Intel versions, this is running a full MINIX 3 operating system and controls the network card in ways the BIOS and operating system root cannot monitor. It runs a significant amount of code; with hardware obfuscation that has not yet been broken.
No traditional banking at your parts? Actually I am informed those at your site can provide more services (more open) than the banks I have around now.
But here, no, only some bad players require a smartphone and an account to OS providers to make the bank account work.
I'm holding on to my rolling token generator like it is made of gold, they won't give me another one and force me to use their app. But the app requires a non-rooted phone or it will refuse to function. I've already asked them to give me a free phone just like they gave me a free token generator. So far no dice. Oh, and better still, for large transactions you are not allowed to use the phone app.
> I've already asked them to give me a free phone just like they gave me a free token generator
It's not a matter of free, it's a matter of "certified": they make you use third party devices, but if anything happens they may make it your fault on the legal side. If a device is part of the banking agreement, the device must come from the bank and the responsibility must rely entirely on the bank.
> app
In all of this: how can it be remotely possible to think that in order to get a critical service - accessing your money - one could be supposed to have a contract with some remote alien party (the "App Store")? Because I am guessing your bank does not directly give you the "app". Already this makes me wonder about how the population can be blind to unbelievable levels to the systemic insanity.
Some of them do not require any smartphone - but some of them require that you make a contract with an uncontrolled firm on a different continent to have a money deposit account. And the amount of people who will go "are you mental?!" in front of them are presumably (evidently) negligible.
https://github.com/x653/xv6-riscv-fpga is a fully open RISC-V core, using fully open tools written to tiny FPGA. It betters 386 performance, is practical for an individual to recreate, and it is almost inconceivable that the underlying hardware could have compromised this usage.
If your security posture cares about ME et al. you also shouldn't be running any form of speculation, so 'modern' performance would be off the table even if you bought Nvidia and TSMC. I would more judge a concerted effort comparable to larger open source projects could design verifiable hardware for processes that it readily available to crowdfunded projects that are more efficient and performant then anything released in the previous millennium.
We live in a world where the top chip makers are being shaken down by the US government to keep access to markets because embargoes and tariffs. And where software developers have to have a live feed of what every user is doing to Brussels or be arrested.
Conditioning such rights on the device being "owned outright" will just push the same bad actors to rent you the phones instead of buying them, the same as they did with software licenses. The only way to really fix it is to break up the wealth and power of individuals and corporations based on their total effective power, regardless of the source from which that power is derived.
>The only way to really fix it is to break up the wealth and power of individuals and corporations based on their total effective power
That simply transfers the power to the one doing the breakup, which in most cases, are the Governments, which are notoriously known to invade user's privacy under the guise of protection of children or whatever.
This is not related to malware or scams, and using that is nothing but a PR smoke screen.
While Android is vulnerable, especially to user stupidity, people mostly get scammed by fake credit card charges or by giving access to their notifications and contacts allowing for spam.
And yes, while there are "infected" APK's for popular apps , this again isn't the case here.
The real case here is money.
Apple earns $27B from commision on apps, while Google earns about $3B. Why?
Because Android users are "less willing to pay", which includes pirated APK's and "unlocked" app versions. Eliminating the possibility of using these for 99% of the people will be enough to force them to pay for that app/service in the end, raising the Play store revenues.
Do not trust Google when it comes to "doing it for the user" - their mission is to establish as strong of a monopoly on the platforms and extract as much value as possible. They spent more money on lawyers & policy lobbyists in the last 10 years trying to keep Android closed than some S&P500 companies are worth.
Their incentive is even stronger: most users of ReVanced for example unlock YouTube, which belongs to Google. In that case we are talking about 100% revenue loss, not 30% app commission. This goes for NewPipe, etc.
I wonder if OsmAnd, Termux, F-Droid would survive this or will be casualties. Who will authenticate for a decentralized open source app that has 100 active contributors?
Locking down Chrome and killing ad blockers is not some huge effort, it's closer to the flick of a wrist. Neither is locking down android. They can just do it. And if they think there is nothing anybody can do about it, they will, to get that last 0.01%.
But no doubt they are under an enormous amount of pressure to do this from a variety of corporations and governments as well.
Forcing users to pay for apps rather than install pirated APK's and unlocked apps both raises Google's revenue and reduces the risks of malware and scams.
The consequence is naturally, the savvy users who know how to avoid risks lose the ability to have more control over their phone.
This assumes that Google actually does reduce malware and scams within their garden, but they do not. They are just as prevalent (perhaps more so) within the apps that Google certifies.
So the only thing it kills is the risks to Google's revenue, not the risks to users' security.
My opinion on this changed as we helped elderly parents with declining capabilities. The internet is an extremely dangerous place for those less cognitively able.
It is extremely hard to live without the internet - it's almost impossible - everything from your bank to your doctor to restaurants to the barber that wants to be paid by Venmo. Taking away your parent's internet connection is even harder than taking away their driver license. (And also more isolating.)
There is no law enforcement; there's no consequence for scammers; there's no technology stack that is safe for the less able. It's a brutal Wild West where the weakest are attacked without recourse, flooded with misinformation and lies, and targeted by significant financial scams.
Okay and how does play protect and play integrity prevent this? Anyone?
Hint: it does not. Look around the play store, it's 80% malware and scams.
Why is this the case? Because it has to be or Google goes bankrupt. Google is an inherently parasidic company. They make their money off of advertisement, scams, and conjobs. The more shit the digital world is for you, the better for them. You will always have an adversarial relationship with Google.
They don't want ads that don't lie. They don't want apps that are honest. They don't want to limit notifications. They don't want to get rid of email spam.
The reason Apple devices are so much more pleasant for everyday use and there's so much less scams and adware isn't because Apple is a saint. Its because ultimately Apple doesn't give much of a fuck if they screw over con artist, because that's not the thing keeping them from bankruptcy.
Thank you! Apple is just as evil as the next company. The difference is in how they make their money and what their incentives are.
Google has chosen the path of duping their customers by selling them to the highest bidder. That's their business model across the board.
Apple has chosen to sell devices at a significant markup with the inherent agreement that they won't sell their customer to the highest bidder. After building trust in that arena for years, it wouldn't take much to destroy that credibility. So far, they know this. I'm getting concerned about them starting to plug ads into their core applications, so only time will tell if they get MBA'd to shit.
Yes, but this doesn't do absolutely anything to prevent this.
I've helped elderly family members and non-techie ones who barely know how to open a facebook account - none of them had "malware apps" installed. Their problems were mostly these:
- Websites asking for notification permission just to spam with unrelated malware or porn notifications
- Their calendars being filled with events that are nothing but links to porn or gambling sites, leading to constant notifications
- Apps that don't work yet are filled with ads - blood pressure meter on your phone, sugar level measurements, step trackers - filled with ads and trying to get 1000$ purchases
- An app actually being a launcher filling your screen with ads.
- Hell, even I, as someone who has deep intimate knowledge of Google Play Billing, got scammed by an app when upgrading from their weekly to their monthly offer, with them now charging both.
Google can intervene at any point here, they have reviewers, they control the store, they control the browser, hell, they basically control the device. And they have rules and policies for it, but it's convenient for them to ignore it. They have their cash cows and will fight tooth and nail to protect them as long as it makes them profit.
> Websites asking for notification permission just to spam with unrelated malware or porn notifications
People have been giving Apple shit forever for not supporting this "web standard" in Safari, but it's 99% used nefariously for this exact purpose. Websites should not be able to send push notifications.
I do not want websites to have equal capabilities to apps. Installing an app on my device is a very purposeful decision I make that I only do if I'm trusting it and willing to manage its permissions. Visiting a website is not.
I set my parents up with a computer and locked it down nice and good. A few months later they called me asking me about this full screen message they couldn't figure out how to make go away that was demanding they call Apple or Google for tech support.
I was able to remote in and close it. Then I noticed the message saying uBlock Origin had been disabled in Chrome (because Google broke ad blocking).
I actually filed a complaint with the WA Attorney General over that. My older parents got hit by that exact process. So there’s at least a public record complaint that Google is now actively blocking cybersecurity technology (because that’s what adblocking software ultimately is).
Driving is also extremely dangerous for the less congnitive able, that doesn't mean that we should let BMW decide where and when you are allowed to drive.
We also don't trust old people to live on their own, that doesn't mean we force every adult into dormitories.
Driving is licensed and regulated by the government. Are you suggested internet licenses that required semi-regular tests and strict enforcement by governments?
Interesting choice to cherrypick and then straw man one part of one example.
They didn't say the government should get to decide where someone drives; it was the OEM, BMW in their example. That is basically what Google is doing here by locking down a previously open-ish platform.
Having a license doesn't mean you are restricted in where you can go unless we start considering the fringes like provisional (learners') permits complete with curfew. Therefore, your example doesn't fit. But OP's does, because it is equivalent to asking "do you think your refrigerator should refuse to cool items manufactured by an entity it doesn't like... to Keep You Safe(tm)?" Maybe you buy from non-verified cottage industry workers at the local farmers market. People who maybe didn't upload their PII and licenses to the refrigerator manufacturer, so it refuses to operate until you remove the offending item. Out of the utmost respect for your safety, of course.
Imagine if Charter Communications/Spectrum decided to block you from using their service and modem/routers from accessing any media created by Universal (owned by their rival, Comcast). It doesn't really have anything to do with safety, but they could pearl clutch and blame it on some risqué content that Universal releases via its imprints.
Then maybe it should be more opt-in. We're losing settings and configurability as time goes on. And like encryption it can be a one way street, requiring a full reset to turn it off. That's open security. This is a cash grab
you're describing the dangers of the open internet, but this is about the dangers of non-app-store apps. android already makes it quite difficult to side-load non-app-store apps; certainly not something a tech-illiterate user could do by accident.
Completely agree. We seem to have forgotten the word "spyware", I don't see it used anymore because it became the norm. But let's call things by what they are.
Exactly this; the vast majority of people cannot be trusted with root access. And for those that can, the majority won't need or want it.
While I do believe root access should be possible, it shouldn't be easy. Because I'm confident my dad who wants to pirate F1 instead of pay for whichever overpriced premium streaming platform bought the rights this year would root his ipad and install a dodgy stream player if it was easy.
> Tell that to all those assholes that are making malware and scamming society on billions.
And then? I don't know how many times I've downloaded APKs, including obviously malicious ones by accident. But not once has it ever been installed - not even when it was deliberate. The only way I ever 'sideloaded' anything is using 3rd party stores (just fdroid and aurora in my case), which themselves had to be installed via ADB after enabling developer mode. If you have that much skill, you're almost surely skilled enough to understand the security implications of sideloading and choose wisely.
And there are far worse malware available on play store than anything on fdroid repositories, if anything at all - anonymous or not. I hope you remember the SimpleMobileApps fiasco. People who installed it from fdroid were safe from the malicious update, but those who did it from play store were not, when the entire suite was turned into a spyware overnight. Not to mention the tea and boxscore apps scandal. Neither would have made it into fdroid. Google cares the least bit about security, if that isn't clear from the spyware tht each new android phone comes bundled with.
In all, Google's claim of security here is deceptive and farcical. The actual target is going to be the patched apps like revanced, root access software and anything else similar that allows the savvy user to escape the unfair and arbitrary limitations imposed by Google. The ultimate target is the users' pockets. This entire discussion is full of people reaffirming that conclusion. But scapegoats will be found and sacrificed regardless. Let's just not for once. Google deserves the atmost and undiluted contempt and condemnation for their greed and their willingness to erode consumer rights that underlie such dishonestly worded hostile and unilateral decisions.
To install 3rd party APKs on Android involves deliberately removing some guard rails. You need to allow it in settings, you need to enable developer mode, you need to agree to each individual source as a trusted source. If people are still blaming malware on this, when malware exists in the actual Play store, then they're delusional.
Right now, the average Joe can't click a link and install a 3rd party app. Meanwhile, you can install malware from the actual authorised sources, or even just come across a vulnerablity in chrome.
Keeping your devices up to date with security patches will save orders of magnitude more people from malicious software than stopping 3rd party app installation.
I occasionally develop Android apps for myself (mostly out of curiosity and experimentation, but sometimes out of a need for some particular functionality). I'm not going to apply for some developer permit and verification just to do this. I may as well buy a damn iPhone.
> You need to allow it in settings, you need to enable developer mode, you need to agree to each individual source as a trusted source. If people are still blaming malware on this, when malware exists in the actual Play store, then they're delusional.
To be fair to the security folks at Google, people will follow these steps like clockwork. The only thing they care about is getting the app on their device.
The root cause of all of this: banking/finance/payment apps figure they can trust your device, because no one has regulated a universal trust root into existence. Google encouraged this with SafetyNet/Play Integrity, and convincing Visa/MasterCard that devices can be trusted for contactless payments.
Now there's one gaping hole left: you can still install unverified software from anywhere, and said software will use all tricks possible to convince users to grant accessibility permissions and give up the keys to the kingdom. There have been many attempts over the years to make this harder, but malicious apps are getting even more sophisticated, to the point of installing shortcuts to entire fake versions of your banking app on the home screen.
So Google is being pressured by governments and markets to make it harder to produce installable malware, when a better way to prevent malware while protecting user freedom is already here: passkeys. You cannot steal passkeys with a third-party app, no matter what tricks you try, because they are tied to domains and APK signatures. Stop trusting stealable credentials and you stop needing to trust the entire hardware and software stack behind the app calling your backend.
Google themselves promotes malware - take a look at the play store. Adware, adware, adware, name meant to confuse people, more adware, probably has a keyloggers, adware adware, probably steals your data, adware adware.
For fucks sake, Meta is at the point they're pulling malware tactics to sell ads.
Circumventing permissions for app to browser talking? Really? FOR ADS? Thats where we're at?
I'm over it. Anyone who thinks this has even the faintest thing to do with malware is legitimately delusional. Not misinformed, delusional.
Malware is not a huge problem that requires restructuring the entire ecosystem to be closed and authoritarian. Nobody I know has ever had problems with malware or scams on Android.
This has nothing to do with malware, and has everything to do with locking down the Android ecosystem to keep out competitors to Google's services.
I know literally 0, 0 people who have installed malwares or had their smartphones hacked in their life times.
The very few I know that have had this happen where all computer users, and virtually all victims of social hacking such as "hey, I'm from IT department, sending you an email, could you please...". A friend of mine exposed sensible data of thousands of customers of her bank like this.
well, as someone working in a department that also has Fraud detection responsibilities, the amount of users that lose tons of money because of scam apps, spoofed apps, identity stealing apps, is big. Like insanely big. I am all for it that these apps get significantly harder for the average joe to install or run on their phones.
It's a considerable number well into the 8 figures $/year that we have to cover (Granted this number is not specifically smartphones, also includes desktops, but I know smartphones is the bigger piece nowadays.)
(insuring this is near impossible, there is always a large part risk we have to pay ourselves and cannot cede to a reinsurer)
The problem isn't play protect or whatever the fuck, because 80% of the play store is malware, adware, and spyware anyway.
The problem is actually Google and other big tech.
Let's consider: why are users installing so many apps?
Because, on desktop, this doesn't happen. We don't ask people to download and run an EXE to look at their friends funny cat photos. No, we open the web browser.
The reason we have so many apps on mobile is because we require the malware. Google requires the malware. We need to be able to run privileged and unsandboxed code on users devices and this is the world that Apple and Google have created.
Users shouldn't be fucking downloading apps for 90% of the stuff they do anyway - including the non malicious apps! But they do, because they have no choice.
Think about it. Provide a web interface and miss out on juicy spyware? Or install executables on your customers systems? Apps are far too enticing for big tech.
so somehow my friends and family got hacked, lost money but don't know about it?
actually i know of one case where my mom got billed for airbnb even tho she didn't book the ticket but pretty sure I had her password in a text file so might've been me that got hacked on my PC.
Airbnb refunded her and then had no more issues. So 1 case in my entire life and it probably wasn't on a mobile device.
You can get hacked without losing money. If you devices gets used in a bot net, if your computer gets used to mine crypto, etc. Your work files gets stolen by hackers and sold to competitors in china, etc.
Fair enough, but besides mail spam which is filterable and DDos for which there are counter services, does it really impose that big of an issue to justify such a strict lockdown?
> mine crypto
Considering how little mining power mobile devices have and how anyone would figure out pretty fast there's a problem with heat / battery issues from it idk if that's really realistic these days. Hard to keep this one hidden while also profitable
> work files gets stolen
I think this has already been solved by corporations on PCs, there are already solutions for locking down a work issues laptop as for phone I think that's rarely an issue since people mostly use it for communications so probably rare for really sensitive info to be on there.
Overall those issues don't really hit me as that critical to impose such measures and there are ways to severely limit impact for people that care about security
> Considering how little mining power mobile devices have and how anyone would figure out pretty fast there's a problem with heat / battery issues from it idk if that's really realistic these days. Hard to keep this one hidden while also profitable
I mean, check out HiddenMiner, ADB.Miner, HummingBad, WireX…
I agree that this is an overreaction, but the problem is real, and the fact you don’t know anyone who knows they’ve had a malware infection doesn’t mean that that is reality.
You don't have to prevent root access. You just have to inform user of the risks, void warranties if you want but let users do whatever they want with the hardware that they own.
Please don't push the Overton Window any further. Installing my own software on my own PC should never void the hardware vendor's warranty. That delegitimizes the core concept of a PC.
(A horrific possible dystopia just flashed through my mind: "I'd love to throw out Chrome and install Firefox so that I could block ads, but, the laptop is expensive, and I can't afford voiding the warranty". I bet Google would *love* that world. Or, a UK version: "I'd love to use a VPN, but, regulation banned them from the approved software markets, and anything else would permanently set the WARRANTY_VIOLATED flag in the TPM").
It depends on what your software does; if it removes hardware protections then your warranty should be voided. Of course, those protections are either hardware or impossible to remove, like emergency cooling / lowering voltage when stuff overheats.
Warnings aren't always enough, sometimes we have to lock people down and physically prevent them from harming themselves.
It's not always people being stupid. I recall reading an article by someone who got scammed who seemed generally quite knowledgeable about the type of scam he fell for. As he put it, he was tired, distracted, and caught at the right time.
Outside of that, a lot of the general public have a base assumption of "if the device lets me do it, it's not wrong," and just ignore the warnings. We get so many stupid pop-ups, seemingly silly warning signs (peanuts "may contain nuts") that it's easy to dismiss this as just one example of the nanny state gone mad.
The idiotic statement is yours. If the "sometimes" is important to you, you can have it - you're not the first person on the internet to play word games.
But unless you can come up with a very detailed list of when it's acceptable "to lock people down and physically prevent them from harming themselves" and when it's not acceptable (it never is, it's a crazy statement), and I don't think you have such a list, your "sometimes" just means "whenever I, as the person writing the software judge", rendering it completely meaningless.
I’ll take a real world example where I watched someone start to climb over the side of a bridge. Luckily my words stopped him but I did consider whether I should pull him back and pin him to the ground for his own good.
Is your position that it would be better for his freedom for me to let him jump if I couldn’t dissuade him?
> sometimes we have to lock people down and physically prevent them from harming themselves
So where does my statement suggest we should make locking people up for their own good the norm?
I can come up with even more mundane examples of where we physically prevent people from harming themselves. High barriers to stop people getting into the tiger enclosure. If a member of staff saw someone dumb enough to try and climb in, rest assured they'd be physically dragged out for their own safety.
Or do you suggest we allow the general public to wander into the tiger exhibit to pet the animals? Personal freedom and all that.
Even if it's illegal? (like transmitting on forbidden frequencies)
It's not always the user who's installing software. Lots of people depend on other people to manage their devices. Manufacturers like the hardware they delivered to be trusted so users trust it regardless of who handled it.
I always hear as the excuse but it is ridiculous. If the user wants to transmit on "illegal" frequencies, all he has to do is to change the country setting in their Wi-Fi router, et voilà, illegal transmissions.
The entire Android OS has about as much access to radios than your average PC, if not less. In fact, even on recent android devices, wireless modems still tend to show up to the OS as serial devices speaking AT (hayes) (even if the underlying transport isn't, or even if the baseband is in the same chip). Getting them to transmit illegal frequencies is as much easy or hard as is getting a 4G USB adapter to do it.
At least in EU, transmitting is illegal, having hardware to transmit is not.
That's why people can buy TX/RX SDRs and Yaesu transceivers without a license.
AFAIK the radioamateur world, serious violations of frequency plans are rare and are usually quickly handled by regulators. OTOH, everyone is slightly illegal, e.g. transmitting encrypted texts or overpowering their rigs, but that's part of the fun.
And in some locations, quickly handled by the local amateur community, with foxhunts and community outreach to frequency violators - only getting regulators involved when just talking to the offenders fails.
> Even if it's illegal? (like transmitting on forbidden frequencies)
That's not relevant here. If frequencies are illegal, it should be impossible to program it in such a way. But even otherwise, it's the responsibility of the user to follow local laws. If I have a PTT phone, it's not legal for me to use forbidden frequencies just because it's possible. Why do these manufacturers care about what doesn't concern them when they violate even bigger laws all the time?
> It's not always the user who's installing software. Lots of people depend on other people to manage their devices.
That should be up to the user. Here we are talking about users who want to decide for themselves what their device does. You're talking as if giving the user that choice is the injustice. Nope. Taking away the choice is.
> Manufacturers like the hardware they delivered to be trusted so users trust it regardless of who handled it.
I see what you did here. But here is the thing. Securing a device is not antithetical to the user's freedom. That was what secure boot chain was originally supposed to accomplish until Microsoft managed to corrupt it into a tool for usurping control from the user.
Manufacturer trust is a farce. They should be deligating that trust to the user upon the sale of the device, through well proven concepts as explained above. They chose to distrust the user instead. Why? Greed!
> If frequencies are illegal, it should be impossible to program it in such a way.
You know there's a very fine line between hardware and software in this case so you're actually advocating for drm like control here.
> They should be deligating that trust to the user upon the sale of the device, through well proven concepts as explained above.
That same user who forgets passwords and recovery keys all the time and loses all access to documents when a device breaks? And you're presuming giving that kind of person who doesn't understand sh*t about backups, device security etc full access to their devices will not result in a lot of compromised devices?
I'm not sure manufacturers are the best party to trust but they have an interest in a secure reputation, which the majority of dumb users or eavesdropping governments do not have.
> They chose to distrust the user instead. Why? Greed!
There are more reasons to distrust the user. I don't buy greed is the only relevant one.
> so you're actually advocating for drm like control here.
Absolutely not. I'm saying that the hardware shouldn't have that capability at all in the first place. But whatever. Don't restrict it. Those functionalities are usually under the control of the kernel. If the user is smart enough to tinker with the subsystems at that level, they're also smart enough to deal with the consequences of its misuse. That isn't a good justification to just lock down devices like this. The harm that comes out of that is much worse than what anyone can do with an RF baseband chip.
> That same user who forgets passwords and recovery keys all the time and loses all access to documents when a device breaks? And you're presuming giving that kind of person who doesn't understand sh*t about backups, device security etc full access to their devices will not result in a lot of compromised devices?
Yeah, so? It's not like such a person is ever going to unlock a complex safety lock. Examples for that exist already. Who can sideload an app into a fresh Android device without enabling the developer mode and then installing the APK through ADB? Dumb users won't ever persist enough to reach there. To take it further, the user can be given the root key to the secure boot chain on a piece of paper with the explicit instruction to not share it with anyone or even use it if they don't know how to. Ordinary users can then go on about their day as if it is fully locked down. It's unfair to deny the control of the device to the smart user, when such a security is possible. The existence of a dumb user is not an excuse to lock out smart users.
> but they have an interest in a secure reputation, which the majority of dumb users or eavesdropping governments do not have.
I guess you haven't seen the spyware that OEMs ship with the android devices. Even Samsung is notorious for it - especially on their smart TVs. I'm not going to talk at all about the Chinese OEMs. For that matter, it's very hard for a normal user to even uninstall facebook - an app that's known to collect information from the device that it doesn't need. Manufacturers caring for their security reputation was some 20 years ago. Only Apple does it these days, just because it's their highlight feature. But even they tried once to ship off images on the phone to iCloud without the users' permission to 'check it for csam'. The rest treat it like a portable spying device on steroids.
> There are more reasons to distrust the user. I don't buy greed is the only relevant one.
Trusting the user isn't the manufacturer's prerogative. It's supposed to be the user's property once they pay for it. You are insisting on the manufacturer retaining control even afterwards - something I and many others vehemently oppose as unfair and scummy. Now if you are worried about the security reputation, proven methods exist that allow the smart users to take full control of the device while preventing regular users from shooting their own foot. But OEMs and their apologists pretend that the problem is entirely on the user side and the only solution is to lock it down in a block of glue. And there is one good reason for this ignorance, oversight and denial - greed. Retaining control over the end device forever allows them to squeeze users for their every last penny. I will need another epic post just to enumerate the ways in which the control over the end devices allows them to do so. But I'm not going to do that because HN has entire stories and discussions on each of those topics.
Especially if it's illegal (like speaking against the government, in some countries).
Maybe this is a bit of a hot take, but I think any government that has the ability to absolutely prevent people from breaking the law is a government with far too much power. I'm all in favor of law enforcement, but at some point it starts to cross over the line from enforcement to violation of people's free will.
Yes, very clear warnings; I could live with a small permanent icon in the status bar (via the GPU firmware) etc. But absolutely should not void warranties (overclocking might but never just root).
Easy enough to have an efuse blow if you overvolt; then an dificult conversion on a warrenty claim. Whilst ideologically this is ceeding some control I can accept it.
I don't think users understand the risks. I'm broadly accepting of the protection of end users through mechanisms. Peoples entire lives are managed through these small devices. We need much better sandboxing to almost create a separate 'VM' for critical apps such as banking and messaging.
The people who shouldn't disable these security features tend to be the first to do so. And then complain the loudest when the enter the "find out" phase.
That's not what it's ever actually about. You're buying a disingenuous framing that pins blame on the bottom when all these harmful trends come from the top. This isn't to protect grandma, it's to protect Google. This is always what happens when you allow pockets of power with interests misaligned from those of most people. The pockets of power get their way, and people are worse off.
The thing is, even if Google has a hidden motive in this case, the prevailing public morality doesn't allow you to argue against a measure designed to protect the weakest and poorest among us. Once a vulnerable group has been invoked, the public stops caring about their rights, the cost-benefit balance and most other rational concerns.
I think the phenomenon is most visible in the United Kingdom. Not just with respect to the recent age verification measures, but also with respect to the government's recent financial misadventures.
That's not entirely wrong but I dislike the framing.
It appears to transfer the guilt of a successful deception that manufactures consent to public morality and the vulnerable. The real issue is it couldn't succeed without mendacious officials that suffer no consequences and uncritical/supportive media pushing the ball across the line.
It's also a much broader phenomenon than "protect the vulnerable". There are many other overused buttons they press to seek consent e.g. fear being the most common. Fear of terrorism, fear of job losses or tax rises, prejudice of others etc.
Of course it's a disingenuous framing. A certain kind of person is both attracted to power and deathly afraid of people voicing unapproved opinions "outside their kitchens".
Things can have multiple justifications, some public, some not: some conscious, some not. Central control and a feeling that a parental figure is in control of the tribe primes, at a primal level, a certain kind of person to like an idea. The specific post-hoc justification is almost incidental.
That said, such things need a semblance of legitimacy to work. It'd be much harder to crack down on general purpose computing under the guise of safety if we had cultural antibodies agains safetyism in general.
I have a friend from college who once clicked on a link to download more RAM for his PC. He has a PhD now and deserves it - the PhD just isn’t in anything tech-adjacent. Bottom quintile is a floating signifier.
It's just not possible to prevent mistakes while letting people color outside the lines. Most brilliant ideas look like stupidity at first. I want to live in a world that biases towards discovery over safety.
There is not much to discover from e.g. not using seatbelts. There is absolutely a need to protect a population from itself which should cover certain stuff, while not others.
> There is absolutely a need to protect a population from itself which should cover certain stuff
No, there isn't. I'd much rather live in a world where we were able to make our own decisions about personal safety, regardless of how poor those decisions are.
In a perfect world, nobody would be forced to wear a seatbelt and yet everyone would eagerly wear one.
I'd also much rather live in a world where everyone does the right thing, there's no greed, stupidity and short-sightedness. Unfortunately I have to make do with our current one. The fact is that a lot of people are stupid. Even very clever people often act irrationally and against their own interests. In the end, we have to strike a balance between personal freedom and the need to protect people from themselves.
Let's look at the case of mandatory seatbelts, and entertain your proposition that people don't need to be protected from themselves. What will happen?
Well, quite a few things are basically inevitable:
1. The issue will be politicized and there'll be hardliners who refuse to wear seatbelts. There are people who are vehemently against wearing full face helmets while riding motorbikes, even though the injuries from faceplanting into the road at speed are truly ghastly.
2. Once the number of people not wearing seatbelts goes up, a whole slew of interesting negative externalities pop up (and you seem to be gleefully ignoring these):
2.a) Simple fender benders will suddenly result in severe and fatal injuries instead of scuffs and bruises.
2.b) Insurance costs increase to cover the higher likelihood of injuries.
2.c) Fewer people can afford insurance.
2.d) Society has to bear the burden of treating and supporting people who get maimed and need lifelong care.
So what is your proposal to do here? What would you do with a person who didn't wear a seatbelt and got severely brain damaged due to this? Just abandon them to die? It was their choice after all. Who should bear the burden of treating these people? Do we now have tailor made insurance for those who don't wear seatbelts? What if these people will simply opt out of insurance?
At the end of the day, a society has to make a few pragmatic tradeoffs and limit certain freedoms as the cost is just not worth it.
For the issue of people not wearing seat belts causing insurance premiums to rise for all, a solution is for insurance companies to be allowed to refuse compensation in cases where seat belts weren't properly used.
And yes, if those people have no way to pay for extreme medical treatments to save their life, they shouldn't be provided further assistance. They should bare the consequences of their decisions. Future generations will hopefully make smarter decisions as a result.
Your comment is a perfect example of the worldview I described. Your argument is essentially that without rules stupid people will do foolish things and get hurt.
Yes, they will. So what? That's the price of freedom. I've never been a fan of slave morality.
> Who should bear the burden of treating these people?
You're arguing that we're all the hook if we let people do dangerous things and clean up after them when they screw up. There are two ways out of this situation, not one.
There's a direct line from mandating seatbelts to mandating developer certificates. If you accept in one domain that it's legitimate for power to reduce freedom to protect people from themselves, you'll accept it in every domain.
Look: in order for a mandate to be justifiable, it needs to at least provide superlinear benefit to linear adoption. That is, it has to solve a coordination problem.
Do seat belts solve any coordination problem? Do they benefit anyone but those wearing them? No. Therefore, the state has no business mandating them no matter the harm prevented.
A certain kind of person thinks differently though. He sees "harm" and relishes the prospect of "protecting" people from that "harm". They don't recognize the legitimacy of individual bad decisions. The self is just another person trying to hurt you. This kind of person would turn the whole world into a rubberized playground if he could.
> Do seat belts solve any coordination problem? Do they benefit anyone but those wearing them? No. Therefore, the state has no business mandating them no matter the harm prevented.
If drivers were the only ones who wore seatbelts, you would have a point. In practice, seatbelts save the lives of the passengers, spouses, kids, etc. who are riding in the car, and hence this is indeed a coordination problem.
I see no other way than regulation to force the two to provide drivers and manuals for alternative OS makers.
We should've nipped it with Apple, but there was so much _whatabout_ing that the conversation always go sidetracked with assertions about the free market and what not. It turns out, there is no free market, and we're just living in someone's managed device walled garden.
Why do we need app stores in the first place?!? No app stores => no vetting, let users download whatever apps they choose, and deal with the consequences.
Agreed. The store are unnecessary and sold under the guise of "protecting" the user, when it's really about controlling user use, keeping them ignorant and spying on them.
Google does not care if your data is leaked by an app offered by some nebulously defined verified developer that phones home without reason, or that you develop a problem with online gambling or predatory micro transactions, etc. Blows my mind that we have come this far in the fight for user rights, ownership and accountability and still the majority is going to just trust Google because they're Google. No corporation is your friend. Let the users operate the device they paid for* as they see fit, learning to accept the responsibility for for all the success and failures that come with it and we will suddenly start seeing much, much smarter users.
Mostly it's about milking app sales with the app store fees. Apple for instance get's about 15-20% of it's gross profit from app store fees. For Google it has been estimated that play store fees make up about 13% of their Google services profit.
I think initiatives like this are a form of "marketing" to show that "hey, app stores are important because we protect the users. We shouldn't be regulated away."
App stores are riddled not only with spyware and malware, but also with harmful content like gambling apps targeted at kids. And they claim some moral high ground as an excuse to ever more pervasive spying and control? Fuck me, Stallman was right all along.
It's a tricky balance-act to secure their ecosystem.
The more measures they take to secure it while allowing the user to decide whether to participate, the more drastic this opt-out user-decision becomes.
In order to now preserve that "open ecosystem", they would have to provide the user an option to disable Google Services entirely, which would turns the device almost into a separate product
All this is unlikely to happen just for the sake of "pleasing the community", I believe we need a general legally binding definition of what functions the user owns if (and when) a device is stripped of any services on top.
If my car loses functions once it loses connection to the manufacturer, this bare set should be communicated as the purchased value ("in exchange for your money"), separately from any on-top "in exchange for your data" business-model
The problem is phones became too important. They get trusted more than desktops for things like banking and ID verification.
Feeling like the optimum solution is to just have two devices. Your phone that has all of your banking, ID, etc. and another device that’s completely open, can install whatever you want on, but doesn’t matter too much if it gets hacked.
If this is a reasonable direction, it could still be achieved on the same device. There would be sufficient security architecture available to completely isolate those two areas.
But I feel the issue is less about malware gathering your banking, ID etc, but malware holding your data hostage, using your (social) network for nefarious purposes or tricking you into something you don't want to do.
And for all those cases, having that "other" device doesn't help.
> If this is a reasonable direction, it could still be achieved on the same device. There would be sufficient security architecture available to completely isolate those two areas.
The problem here is: Who controls the means of input and output - the screen and keyboard? The trusted identity thingy sometimes needs to show the user some details, have them key in a pin number, things like that. So they know whether they're approving a $2 in-app purchase, or a 10-bitcoin transfer.
If the free and open part of the system controls the screen and keyboard, the details could be shown wrong and the pin number could be keylogged and replayed later.
If the secure-and-locked-down part of the system controls the screen and keyboard, the free and open part of the system is basically reduced to an app or website.
And if the secure-and-locked-down part of the system has its own separate screen and keyboard - it's hardly the same device.
No, but I find the supported options to customize Android sufficient for my needs so that wouldn't happen to me personally.
My point is only that there's already a system that lets you run whatever apps you want, and to heavily customize the OS, and also make your bank happy by running a secure OS. It's just out of the box Android. You can replace all the built in apps, including the base "desktop" GUI, keyboard and browser. So this discussion revolves around an edge case: someone who wants to customize security-critical OS primitives like the kernel or compositor, AND who isn't doing this as part of a project big enough to partner with Google, AND who wants their bank to accept their changes as secure enough, AND who doesn't want to provide such institutions with some non-Google managed evidence of that, AND who doesn't want to tolerate using two devices.
There's very few use cases for that. The only one anyone can seem to muster in this thread is to prepare for a hypothetical future in which Google prevents ad blocking at the OS level, which hasn't happened in more than 15 years of Google being an ad company. So today there is a vanishingly small number of people for whom Android's existing mechanisms are insufficient, and for those people, there is dual boot - again, because the Android team planned for this and built a secure boot system that allows alternative OS installs on a phone.
And get judged for their reactions, as is proper procedure.
Why am I reading today articles that present an apocalypse without clearly specifying if there is a "way out OS flag" (allow installation of unverified APK)?
Very true and this was predictable. That said, I haven't installed any apps for months now since I don't consider Android to be a usable OS anymore. It could be technically, but I have no will to fight Google and manufacturers on their lock down ambitions.
Ironically that degraded phones to be just that. Phones with build-in high quality cameras. For everything else there are better alternatives.
Sure. You will have the right to root, unless on a device with a locked bootloader. /s
Lets just call it what it is and what we all want. "The right to modify". It doesn't give you the right to copy, so it will never break any law protecting intellectual property.
That doesn't make sense. How do meet your own needs and desires if you can't use your own property the way you want?
And isn't the point in this very situation that people simply can't buy what they want because Google and Apple are a duopoly and now Google is going to follow the path of restricting what you can do with your own property?
The logic here seems to be "I don't care about freedom because my jail cell is large enough." What if you wake up one day and it isn't?
Your response reminds me of Snowden's quote, which I'll likely butcher because it's from memory, but roughly: "Saying you don't care about privacy because you have nothing to hide is like saying you don't care about freedom of speech because you have nothing to say".
I'm 45 years old. I've woken up 16,000+ times and it's been fine.
I know what I do on computers/phones/iPads. I know that every computer/phone/iPad I've ever owned has done more or less what I wanted. I'm usually the weak link, not the device.
I don't go to bed worried that the sun is going to rise in the West. I've got things that seem likely to happen to worry about.
If I were in the 0.01%, savings wouldn't be a thing. I wouldn't even need a home. Just go around staying wherever I like for as long as I like doing whatever I want. I wouldn't really care about what google or apple does with their devices, who attacked or defeated whom and all that bs because I wouldn't be in survival mode.
At least this is probably how people in charge of enshittification think like.
This is based on the false assumption that the free market solves every problem.
But the reality (which was correctly identified by Adam Smith himself) is that the effort required to enter a market can sometimes be so high, that we practically end up with oligopolies, see mobile OSs. They require a network effect to make sense, so the entry cost is not just developing the product, but also to somehow convince basically every other player to consider you a target platform - which is a cyclical problem that you can't just bootstrap yourself into. Even Microsoft failed at it, even though they were paying hefty sums to companies for apps working on their OS.
Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access