Comment by bambax
20 days ago
One approach, not ideal by a long shot but one of the easiest, is to only use old devices and old OSes. Things that have been cracked and/or are easy to root.
"But it's not secure!" -- yeah, that really is the point.
20 days ago
One approach, not ideal by a long shot but one of the easiest, is to only use old devices and old OSes. Things that have been cracked and/or are easy to root.
"But it's not secure!" -- yeah, that really is the point.
> only use old devices and old OSes. Things that have been cracked and/or are easy to root.
> "But it's not secure!" -- yeah, that really is the point.
Well, no.
The point isn't just to rail against impositions from someone else wanting what they see as essential for their security, but also to keep things secure and⁰ free¹ for you, the user.
Holding your devices back constrains both your security and your freedom rather than helping you in either manner. Security because you will be missing important updates in that regard, and freedom because your device won't be able to negotiate connections with external services² that you want to use³.
----
[0] And where these two conflict, you should be free to chose your threat model and therefore which compromises to make, except where that could negatively affect others.
[1] The freedom of reasonable action form of free, not monetarily free etc.
[2] We hit this a short while ago with some legacy code+infra using SOCKS via OpenSSH to make unauthenticated HTTPS calls from source addresses we can't fix (authentication is done with SSH, control is by the other end having the fixed address of the SOCKS host in the whitelist) - upgrading the VM running the SOCKS proxy upgraded OpenSSH which deprecated a number of encryption and negotiation options, the old client library used didn't support enough new ones to be able to negotiate a link, newer versions required a later .Net version that is supported inside SSIS, so we had to rearrange how those calls were made (obviously the long term fix is to kill all that legacy SSIS stuff, all SSIS stuff including the people that made it, with fire). The same will happen with parts of what you use your device for, if you keep it back in the way you are suggesting.
[3] Banking facilities being a key area that you'll likely hit problems with first, after that other online commerce flows, and so forth.
I've been largely doing this for other reasons.
It is not a good long term solution, however, because older phones do not support newer versions of the operating systems and gradually you'll notice that fewer and fewer applications work on your phone, because they require a newer operating system.
Utterly pointless. We'll be systematically discriminated against at every turn. We'll lose access to finances, services, communities and even simple sites because our computers aren't corporate owned. We'll become so marginalized we'll only be able to visit places like HN, places that at least try to pay some lip service to everything the word "hacker" stands for.
And then they will make it so our devices need to pass hardware remote attestation to connect to the internet and even that will be taken away from us.
I don't know what to do anymore. The future is bleak. The free computing we love is being destroyed by forces outside our control, forces that cannot be stopped no matter what we do because they have trillions of dollars and their interests are aligned with those of governments the world over.
Get in to woodworking and ham radio I guess
They may try that, sure, but 1/ it will take some time, during which we can still enjoy some amount of freedom and 2/ they may not succeed everywhere, or all of the time.
I've been using an old OS as my daily driver for five years now[1]. You absolutely can do it, but it's a lot of work!
1: https://mavericksforever.com/
This is not enough. Things like banking apps are virtually necessary for many people's daily lives, yet they often require a non-rooted phone with Google Play Services spyware installed at the OS level, or they will simply refuse to open. Never mind the fact that we're so into late capitalist consumerism that it's routine to deprecate support for 2 year old OSes.
This needs law/regulation forcing the duopoly to open up, unfortunately even in the EU we're moving in the opposite direction.
Not just forcing the app store duopoly to open up, forcing banks to open up and prohibiting these kinds of restrictions that are based on "we insist that you trust some large corporation that we also trust".
Exactly. I'm literally penalized because I have control of my own device (which somehow isn't an issue with the much more "insecure", root-wise, browser on a linux desktop)
2 replies →
And the sentiment that I own the things I've bought and paid for and should be able to do what I want with it. That a company shouldn't be able to come in and take away features, that I purchased with the device, away from me for absolutely any reason.
I can't go to Google HQ and reinstall their locks because I think their locks are insecure, and I certainly can't declare myself the arbiter of who should be allowed to open their locks. I'd be charged and put in jail. But they can do the digital equivalent to my device and that's valid business.
> Things like banking apps are virtually necessary for many people's daily lives
I disagree. I think most people could do just fine without them. Some might need to buy a desktop computer or even visit their bank's website using a browser on their phone, but humanity got along just fine without cell phone banking apps for a very long time. Many of the old options still exist for a lot of common banking activities. Options like calling your bank on the phone, using an ATM, or going to a branch in person. If your bank really doesn't allow you to do anything with your money without a cell phone app I'd say finding a new bank is justified. Better yet, try to find a credit union.
Banking apps are convenient, but it's getting to the point where the inconvenience of being abused by the OS outweighs the convenience of a banking app which is probably collecting (and selling/exploiting) data they couldn't get from a visit to their website anyway.
> or even visit their bank's website using a browser
when desktop browsers are considered less trustworthy to the bank than mobile apps (this is approximately now) they'll invert the functionality and limitations surface so mobile will have more authorizations than desktop browser (this is also happening now).
client attestation is a fundamental transfer of freedom from the client to the server. it's nice in theory (I too want my money safe), but at the very least it needs a third party with different incentives, not the OS, hardware and browser vendor.
1 reply →
> Banking apps are convenient
The only need I have for banking apps is created by banks themselves, to verify online payments. But it would work just fine with regular text messages. I don't need a banking app at all.
(And maybe verifications aren't needed either, since in the 40+ years I have been using a credit card, never once have I been asked to verify something that I didn't initiate myself.)
In many regions specific apps are needed for reliable identity verification.
Just because you don’t care about banking apps doesn’t mean I don’t. You might churn your own butter, but that doesn’t mean I don’t need to be able to pick it up from the grocery store. Our lives are different from our parents, whose lives are different than theirs. The answer isn’t “just go back 20 years and live like we used to”. The answer is to life in the modern world and still have our basic freedoms.
> routine to deprecate support for 2 year old OSes
> unfortunately even in the EU
("Save the planet".)
This is not going to be successful once they demand strong authentication of clients on the server side - the banking apps already do this, you can't have your phone rooted or compromised.
Wait until the authorities will require strong client side authentication for social media sites, news sites, and everywhere user generated content is accepted, tied to official ID issued by the government
To be honest I don't see an easy path to escaping the walled garden in our interactions with big companies and governments (banking, traveling, mainstream social networks, etc.).
But at least we can build alternatives for interpersonal communication and other uses independent from big companies, like the late 90s-early 2000s Internet, and access that with free devices.
> But at least we can build alternatives for interpersonal communication and other uses independent from big companies
We mostly can't. The most we can do is grow new big companies.
The internet was carefully reorganized so that it's impossible to do anything without money moving around.
Chat control will make this illegal.
2 replies →
Maybe that would be a good thing. Don't get hooked on social media or news that survive on outrage and echochamers, just... enjoy life.
I maintain a software to aid in installation of Windows 7 to new PCs (FlashBoot Pro): https://www.prime-expert.com/flashboot/ . Recently there was a reduction in sales. You are welcome.