Comment by medhir

> We have to keep defending our own freedoms

As always.

> I'm so

Shake it off, because, see point 1, the struggle is the same as it has been even decades ago. Nothing has changed: we fight for it. Only the battles have changed, not the war.

One approach, not ideal by a long shot but one of the easiest, is to only use old devices and old OSes. Things that have been cracked and/or are easy to root.

"But it's not secure!" -- yeah, that really is the point.

> We have to keep defending our own freedoms against non-stop assault until the end of time

That's the human condition. The price of liberty.

However, there are easier ways and harder ways to do it. The key concept to think about is sovereignty. What do you own? What do you control that depends on as few externalities as possible?

The big shift people are going to have to start thinking about is abandoning the network, because the enemies of freedom are increasingly locking it down.

- I own PC hardware that runs Linux. I own a copy of Linux which runs entirely offline. To the extent I get updates to it, they are licensed and distributed in such a manner that it's very hard for the bad guys to mess with them, as Microsoft does with Windows 11.

- I own copies of many media, books, music, movies, TV series, games, these reside as non-DRM'ed bits on my SSD that do not phone home, they don't need the network. I have local copies of software that does not require the network to play them. I have physical copies of these things in some cases.

This is not to say that I never use Netflix, Youtube, Spotify, Steam etc. but I keep them at arm's length and cut back on my usage of them at every opportunity. They are all network tools owned by our enemies, and need to be treated as such.

There really isn't shit they can do to me that would sting, short of cut off the electricity. In the event that the Internet purveyors of slop go Full Evil, and they probably will, I am well equipped.

Now of course the topic of sovereignty is far far bigger than consuming media, and we could get into things like desktop applications or where you interact with your friends as well. But the principles are the same. Go offline.

Yep, there are times when I feel like it is best just to let them win to the point it completely break the bottom of the bucket. Rather than a slow creep, a sudden lurch so that everyone can see it.

Freedom is a constant struggle

So, people who need can always use linux and can even just compile everything from source.

Can I tweak it? Can I simulate a NN autocomplete?

"Government in EU [which is a very marginal part of the production of electronic devices, wants to implement a "Digital Euro" that requires relying] all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)[, completely external yet planned crucial part of the forthcoming monetary system]."

<think> They do not sound pretty sound to me. </think>

--

Edit: speak up, snipers (we are in front of a freefall and you play the fool)... I think it is rational in the discourse to show that in malice or stupidity there is a relevant upper level that shows a more radical condition.

The EU is posing towards reliance of «all our digital infrastructure to the current duopoly in the mobile device market (Apple and Google)», which is controlled by third parties.

We have! The only problem is a very limited amount of legal decisions accidentally paved the way for a massive dystopia. In particular, the first sale doctrine [1] solves everything immediately.

The courts assumed good faith with a licensing exception, and maybe it was. But that opened the door to essentially completely dismantle the first-sale doctrine. Get rid of that loophole and all this stupidity ends, immediately. Well that and the DMCA. Once you buy something, it's yours to do whatever you want to do with it short of replicating it for commercial benefit.

[1] - https://en.wikipedia.org/wiki/First-sale_doctrine

You might be right. We're seeing a paradox of more and more exclusive ownership of property for commercial interests (land, water, airwaves, orbits) and fewer and fewer exclusive ownership for individuals (rented homes, licensed software, subscriptions etc). I too think we're still in a transition stage and humanity has yet to figure this thing out.

It's not we haven't figured it out. It is that gov and corp prefer to be shepherds and we are OK to be sheep. We figured it out a long time ago.

The solution certainly won't be through legislative or judicative powers as they have failed predictably and repeatedly. Sometimes reality must be molded a bit of fait accompli.

No - private property is clear.

The question that hasn't fully been worked is how to allow people to think/feel they own something, while having no actual legal rights to it. But, as we see, this is being worked on.

Throwing your hat in the political ring?

Not always. There have been car manufacturers that sold vehicles with features only enabled by a subscription. You may buy a car with heated seats, but the heated seats only work if the manufacturer enables them.

In a legal sense, yes. In a practical and technical sense, no.

Ok, let's say you own an iPhone. Please try install alternative OS on your iPhone, if you succeed, you own your phone.

The contention point will be whether you purchased the device or not.

This is a ridiculous take.

I would agree of there was a choice or actual free market. But there isn't, and your argument is fundamentally flawed. Because there often is no actual choice, the options are artificially restricted. Starting with, many phones cannot be rooted. Then, if you can root, multiple functions are suddenly unavailable, not because of a fundamental technical problem, but because Google, the phone OEM or the app dev decided to not give you the options you wanted.

If you treat it as a consumer choice, there's a rather uncomfortable marketing question - "What, precisely, is the value proposition of a locked down Android device?"

A few years ago "A smartphone so intuitive that grandma can understand it." used to literally be one of the arguments cited for picking iOS over Android. The UX is far more polished and you are far more likely to find an interesting iOS-exclusive app than an Android-exclusive.

Further, as a hardware manufacturer, Apple is far more likely to manage its walled garden in the consumer's interest, as compared to Google - an advertising company.

If Android gets locked up, all the high-end Android manufacturers, especially Samsung, are going to face a slow, but inevitable death.

The Play Store doesn’t protect your grandma from installing malware. Using that as an excuse for transferring control is weak and carries much bigger consequences.

Owner having full control over the device does not prevent a company to offer same benefits and restrictions. But these restrictions need to be optional, so the owner can decide whether to enable or disable them.

It's lawyers all the way down :)

No matter what runlevel you’re on, judges are lower still.

https://en.wikipedia.org/wiki/Runlevel

But I want" secure boot. It makes me* safer.

For the same reason I relock bootloader after flashing alternative Android flavour on my phone.

You didn't write the code for the bios, nor could you.

There's always a degree to which the manufacturer has to.

Sorry, no banking for you then.

https://github.com/x653/xv6-riscv-fpga is a fully open RISC-V core, using fully open tools written to tiny FPGA. It betters 386 performance, is practical for an individual to recreate, and it is almost inconceivable that the underlying hardware could have compromised this usage. If your security posture cares about ME et al. you also shouldn't be running any form of speculation, so 'modern' performance would be off the table even if you bought Nvidia and TSMC. I would more judge a concerted effort comparable to larger open source projects could design verifiable hardware for processes that it readily available to crowdfunded projects that are more efficient and performant then anything released in the previous millennium.

> And where software developers have to have a live feed of what every user is doing to Brussels or be arrested.

Please elaborate, with sources.

Sounds like if US citizens hope for that, we can get it.

Corporations are also notorious for doing that, except with governments you can vote them out.

Their incentive is even stronger: most users of ReVanced for example unlock YouTube, which belongs to Google. In that case we are talking about 100% revenue loss, not 30% app commission. This goes for NewPipe, etc.

I wonder if OsmAnd, Termux, F-Droid would survive this or will be casualties. Who will authenticate for a decentralized open source app that has 100 active contributors?

Well of course they are not "doing it for the user" but that would be a different discussion if scams and malware were out of the picture.

Doesn't this kill two birds with one stone?

Forcing users to pay for apps rather than install pirated APK's and unlocked apps both raises Google's revenue and reduces the risks of malware and scams.

The consequence is naturally, the savvy users who know how to avoid risks lose the ability to have more control over their phone.

My opinion on this changed as we helped elderly parents with declining capabilities. The internet is an extremely dangerous place for those less cognitively able.

It is extremely hard to live without the internet - it's almost impossible - everything from your bank to your doctor to restaurants to the barber that wants to be paid by Venmo. Taking away your parent's internet connection is even harder than taking away their driver license. (And also more isolating.)

There is no law enforcement; there's no consequence for scammers; there's no technology stack that is safe for the less able. It's a brutal Wild West where the weakest are attacked without recourse, flooded with misinformation and lies, and targeted by significant financial scams.

Completely agree. We seem to have forgotten the word "spyware", I don't see it used anymore because it became the norm. But let's call things by what they are.

My 75 year old mother has root access, and she is perfectly fine.

> You need to allow it in settings, you need to enable developer mode, you need to agree to each individual source as a trusted source. If people are still blaming malware on this, when malware exists in the actual Play store, then they're delusional.

To be fair to the security folks at Google, people will follow these steps like clockwork. The only thing they care about is getting the app on their device.

The root cause of all of this: banking/finance/payment apps figure they can trust your device, because no one has regulated a universal trust root into existence. Google encouraged this with SafetyNet/Play Integrity, and convincing Visa/MasterCard that devices can be trusted for contactless payments.

Now there's one gaping hole left: you can still install unverified software from anywhere, and said software will use all tricks possible to convince users to grant accessibility permissions and give up the keys to the kingdom. There have been many attempts over the years to make this harder, but malicious apps are getting even more sophisticated, to the point of installing shortcuts to entire fake versions of your banking app on the home screen.

So Google is being pressured by governments and markets to make it harder to produce installable malware, when a better way to prevent malware while protecting user freedom is already here: passkeys. You cannot steal passkeys with a third-party app, no matter what tricks you try, because they are tied to domains and APK signatures. Stop trusting stealable credentials and you stop needing to trust the entire hardware and software stack behind the app calling your backend.

well, as someone working in a department that also has Fraud detection responsibilities, the amount of users that lose tons of money because of scam apps, spoofed apps, identity stealing apps, is big. Like insanely big. I am all for it that these apps get significantly harder for the average joe to install or run on their phones.

It's a considerable number well into the 8 figures $/year that we have to cover (Granted this number is not specifically smartphones, also includes desktops, but I know smartphones is the bigger piece nowadays.)

(insuring this is near impossible, there is always a large part risk we have to pay ourselves and cannot cede to a reinsurer)

it's very common in india

… who know about it.

> "void warranties if you want "

Please don't push the Overton Window any further. Installing my own software on my own PC should never void the hardware vendor's warranty. That delegitimizes the core concept of a PC.

(A horrific possible dystopia just flashed through my mind: "I'd love to throw out Chrome and install Firefox so that I could block ads, but, the laptop is expensive, and I can't afford voiding the warranty". I bet Google would *love* that world. Or, a UK version: "I'd love to use a VPN, but, regulation banned them from the approved software markets, and anything else would permanently set the WARRANTY_VIOLATED flag in the TPM").

> You just have to inform user of the risks

Warnings aren't always enough, sometimes we have to lock people down and physically prevent them from harming themselves.

It's not always people being stupid. I recall reading an article by someone who got scammed who seemed generally quite knowledgeable about the type of scam he fell for. As he put it, he was tired, distracted, and caught at the right time.

Outside of that, a lot of the general public have a base assumption of "if the device lets me do it, it's not wrong," and just ignore the warnings. We get so many stupid pop-ups, seemingly silly warning signs (peanuts "may contain nuts") that it's easy to dismiss this as just one example of the nanny state gone mad.

Even if it's illegal? (like transmitting on forbidden frequencies)

It's not always the user who's installing software. Lots of people depend on other people to manage their devices. Manufacturers like the hardware they delivered to be trusted so users trust it regardless of who handled it.

Yes, very clear warnings; I could live with a small permanent icon in the status bar (via the GPU firmware) etc. But absolutely should not void warranties (overclocking might but never just root).

I don't think users understand the risks. I'm broadly accepting of the protection of end users through mechanisms. Peoples entire lives are managed through these small devices. We need much better sandboxing to almost create a separate 'VM' for critical apps such as banking and messaging.

The problem is Dunning Kruger effect.

The people who shouldn't disable these security features tend to be the first to do so. And then complain the loudest when the enter the "find out" phase.

The thing is, even if Google has a hidden motive in this case, the prevailing public morality doesn't allow you to argue against a measure designed to protect the weakest and poorest among us. Once a vulnerable group has been invoked, the public stops caring about their rights, the cost-benefit balance and most other rational concerns.

I think the phenomenon is most visible in the United Kingdom. Not just with respect to the recent age verification measures, but also with respect to the government's recent financial misadventures.

> You're buying a disingenuous framing

Of course it's a disingenuous framing. A certain kind of person is both attracted to power and deathly afraid of people voicing unapproved opinions "outside their kitchens".

Things can have multiple justifications, some public, some not: some conscious, some not. Central control and a feeling that a parental figure is in control of the tribe primes, at a primal level, a certain kind of person to like an idea. The specific post-hoc justification is almost incidental.

That said, such things need a semblance of legitimacy to work. It'd be much harder to crack down on general purpose computing under the guise of safety if we had cultural antibodies agains safetyism in general.

It's just not possible to prevent mistakes while letting people color outside the lines. Most brilliant ideas look like stupidity at first. I want to live in a world that biases towards discovery over safety.

Agreed. The store are unnecessary and sold under the guise of "protecting" the user, when it's really about controlling user use, keeping them ignorant and spying on them.

Google does not care if your data is leaked by an app offered by some nebulously defined verified developer that phones home without reason, or that you develop a problem with online gambling or predatory micro transactions, etc. Blows my mind that we have come this far in the fight for user rights, ownership and accountability and still the majority is going to just trust Google because they're Google. No corporation is your friend. Let the users operate the device they paid for* as they see fit, learning to accept the responsibility for for all the success and failures that come with it and we will suddenly start seeing much, much smarter users.

App stores are riddled not only with spyware and malware, but also with harmful content like gambling apps targeted at kids. And they claim some moral high ground as an excuse to ever more pervasive spying and control? Fuck me, Stallman was right all along.

The problem is phones became too important. They get trusted more than desktops for things like banking and ID verification.

Feeling like the optimum solution is to just have two devices. Your phone that has all of your banking, ID, etc. and another device that’s completely open, can install whatever you want on, but doesn’t matter too much if it gets hacked.

It's so that when someone installs a fake banking app and gets their money taken they can point the authorities to the right person to arrest.

> How do meet your own needs and desires if you can't use your own property the way you want?

My needs and desires aren’t that complicated. There’s nothing that I really want or need to do that I can’t do on my phone or iPad.

If I were in the 0.01%, savings wouldn't be a thing. I wouldn't even need a home. Just go around staying wherever I like for as long as I like doing whatever I want. I wouldn't really care about what google or apple does with their devices, who attacked or defeated whom and all that bs because I wouldn't be in survival mode.

At least this is probably how people in charge of enshittification think like.

> This is based on the false assumption that the free market solves every problem.

I assure you it is not.

How can I lose something that I don’t have any interest in having?

Neat! That’s why I said, “I’m personally OK with…” rather than “You’re personally OK with…”

Oh it’s intentional.