← Back to context

Comment by rickdeckard

21 days ago

It's a tricky balance-act to secure their ecosystem.

The more measures they take to secure it while allowing the user to decide whether to participate, the more drastic this opt-out user-decision becomes.

In order to now preserve that "open ecosystem", they would have to provide the user an option to disable Google Services entirely, which would turns the device almost into a separate product

All this is unlikely to happen just for the sake of "pleasing the community", I believe we need a general legally binding definition of what functions the user owns if (and when) a device is stripped of any services on top.

If my car loses functions once it loses connection to the manufacturer, this bare set should be communicated as the purchased value ("in exchange for your money"), separately from any on-top "in exchange for your data" business-model

6 comments

rickdeckard

Reply
Gigachad  21 days ago

The problem is phones became too important. They get trusted more than desktops for things like banking and ID verification.

Feeling like the optimum solution is to just have two devices. Your phone that has all of your banking, ID, etc. and another device that’s completely open, can install whatever you want on, but doesn’t matter too much if it gets hacked.

  • rickdeckard  21 days ago

    If this is a reasonable direction, it could still be achieved on the same device. There would be sufficient security architecture available to completely isolate those two areas.

    But I feel the issue is less about malware gathering your banking, ID etc, but malware holding your data hostage, using your (social) network for nefarious purposes or tricking you into something you don't want to do.

    And for all those cases, having that "other" device doesn't help.

    • michaelt  21 days ago

      > If this is a reasonable direction, it could still be achieved on the same device. There would be sufficient security architecture available to completely isolate those two areas.

      The problem here is: Who controls the means of input and output - the screen and keyboard? The trusted identity thingy sometimes needs to show the user some details, have them key in a pin number, things like that. So they know whether they're approving a $2 in-app purchase, or a 10-bitcoin transfer.

      If the free and open part of the system controls the screen and keyboard, the details could be shown wrong and the pin number could be keylogged and replayed later.

      If the secure-and-locked-down part of the system controls the screen and keyboard, the free and open part of the system is basically reduced to an app or website.

      And if the secure-and-locked-down part of the system has its own separate screen and keyboard - it's hardly the same device.

      3 replies →