Comment by craftkiller
21 days ago
Bro, you forbade exactly the reason this is good for average users. Average users get emails that say:
> you have been infected by 3 viruses, click here in the next 5 minutes or the damage will be permanent
And they believe it. Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
I'm deeply concerned about how this will impact users like us, especially since we're such a small minority that our desires could easily be trampled by the masses, but this is a clear win for the average user.
(And don't make the perfectionist fallacy w.r.t. Google not successfully preventing 100% of malware)
Damn we should just give up on this whole computer thing outright then, seems pretty dangerous. There are plenty of other things we could strip away that would make people much safer than just installing software, that's thinking small!
Stripping away computers entirely would have significant negative impacts. For the *average user*, preventing them from side-loading unsigned apps will have no negative impact.
For now, maybe. Like all discussions on freedoms and rights it's usually not about the day to day impact or the average person, if we optimized for the average person, we'd be in a sorry state.
> And they believe it.
Two reasons: they are not educated about devices they use, desktop operating systems are still awful at security (exe from a mail attachment can have a pdf looking thumbnail, executed with two clicks, even if accidental, immediately gets access to all user files... the whole concept of antivirus software...). It has nothing to do with side loading, especially on Android, where sideloading is a very explicit action already, and then you need to allow the application to do harm.
> Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
You are taking away people's agency. Either you get to control your bank account risking that you get scammed, or someone will control it for you.
> very explicit action already, and then you need to allow the application to do harm.
So the email they get which tells them about the 3 viruses also contains a phone number where a "nice tech support person" will walk them through the steps of side-loading the "anti-virus app". You'd be surprised at what warnings/permission boxes people will blindly accept when they think they're talking to someone from Microsoft or Google's tech support.
> You are taking away people's agency.
Agency they don't want and never use. It's taking away agency from people like us but for the average user, Google is taking away nothing they've ever cared about.
> Either you get to control your bank account risking that you get scammed, or someone will control it for you.
I was just saying a couple of days ago that we need a service for old people where any transaction above a certain configurable threshold (for example, $500 in a day) has to be approved by an employee of this service who serves as a neutral 3rd party whose sole function is to try to prevent scams. That way the old folks would still have their agency so they can go out and buy all the hot-rods and transistor radios they want but if they're about to wire money to "Microsoft" then the anti-scam-company would step in and prevent that transaction (or at least require the old person have a discussion about why its an obvious scam first before eventually allowing the transaction through depending on the client).
Whether this change actually takes control away from us remains to be seen. For example, I don't see anything in the article that suggests we wouldn't be able to install a custom ROM with the signature check removed. Personally, I already run GrapheneOS so I expect I actually won't be impacted by this at all.
> You'd be surprised at what warnings/permission boxes people will blindly accept when they think they're talking to someone from Microsoft or Google's tech support.
But I know they do, I've seen this first hand. It's lack of education (except for extreme cases of people who cannot take care of themselves. but that's not the majority)
> Agency they don't want and never use. It's taking away agency from people like us but for the average user, Google is taking away nothing they've ever cared about.
It's agency they don't know they want, until it suddenly becomes useful. I'm not expecting everyone to use side-loaded, unapproved apps every day, it's about keeping OS vendors in check, about limiting their power over devices they don't own. If they act against users, there should be a way to circumvent them. Such ideas take that away.
> I was just saying a couple of days ago that we need a service for old people where any transaction above a certain configurable threshold (for example, $500 in a day) has to be approved by an employee of this service who serves as a neutral 3rd party whose sole function is to try to prevent scams.
Enabling such a service is a choice they would have to make. The default is control. The situation with all side loading restrictions is opposite - you don't get to choose.
Unless you are suggesting that such service should be forced on people that match some vague "old" criteria. Our disagreement goes far besides technology in that case.
2 replies →
> this is a clear win for the average user.
In the short term, yes. In the long term, it means Google can ban any app it doesn't like, and it means governments can compel it to do so.
Governments being able to ban software without easy workarounds could have far-reaching consequences affecting people who don't even use the software in question. This is a Bad Thing even if it helps keep a few people from getting scammed.