Comment by paulmd
2 years ago
> And yet no one would ever want or think of locking down MacOS like they have locked down iOS.
https://en.wikipedia.org/wiki/Security-Enhanced_Linux
the delightful irony is you’re literally so wrong they put it right in the name. Security Enhanced.
The military knows damn well that limiting unprivileged users to running a limited selection of vetted and approved apps and restricting their ability to make tools that might aid their ability to jump the sandbox increases security. They literally built the canonical OS extension to do it. It’s not sufficient for security by itself, but it does additively increase security vs a non-policy-enforced environment with higher freedom.
It is, however, necessary for security. Literally every enterprise sysadmin, every single one, windows or Linux or otherwise, knows that letting users set policies on their own devices decreases security. And in the real world, those policies/access control are either: (a) mandatory, or (b) ineffective. If you allow a mechanism for users to opt out - they will opt out 100% of the time, and it’s ineffective. There is no middle ground, if there is a way to go around then users will do it, it's either a matter of policy or it functionally doesn't exist.
Facebook et al will certainly exploit their network power to push users to do that, just like any other attacker. No different than Chinese agents going after a debt-laden private. They literally already got caught using their dev credentials trying to pull a sneaky and tunnel users data via a VPN for data mining purposes.
https://arstechnica.com/gadgets/2019/01/facebook-and-google-...
But I’m sure you know infosec better than the NSA. This is HN after all.
And again - such escape valves already exist. You can sideload apps on an iphone without paying any extra money. Altstore/Appstore++ exist to refresh your app notarization automatically etc.
Almost as if this is really all about the transaction fees and apple's cut of money that tim sweeney sees as rightfully his, and not user freedom at all... but I'm sure there's a very good, very pro-consumer reason Sony and Microsoft exempted themselves from the DMA?
it's amusing how you can miss his point so badly and still think that's he is wrong and not you for applying a false analogy and making the false conclusion.
The example you mentioned is fundamentally different, why? The owner has the option to completely disable anything they dislike or install a different OS, especially on linux which prides itself on maximum user choice. And even then it's asinine to compare features that are for enhanced security and Apple's version of "security" which just limits user choice to products that have to pass Apple's gate so they have to pay a tax to enrich Apple.