Comment by cesarb
21 days ago
> People have no "control" over their own device if they have malware on it.
You are inadvertently reaching the true core of the question. The ones who have "control" over a device, are those who control the software running on it. Be it the bad guys (in the case of a malware-infested device), a giant corporation (in the case of a locked-down device), or yourself (when you can install and replace any software you want on the device).
Their point stands, though. The vast majority of users do not have either kind of control, so it is a very small concession to them in favor of securing their device against a malicious actor taking control.
I think this is what commenters here are missing. I agree politically with the notion that people should own their devices (having full control), but the reality is not and will never be that the majority have anything but the illusion of control. Meanwhile, as these devices become increasingly necessary for people to exist at all, and the data they store becomes increasingly sensitive, the ability to theoretically install your own software is completely irrelevant compared to the risk of anything bad happening.
Things that would be compromised if my phone is compromised: All private communication, bank accounts, stock portfolio, medical history, driver's license, criminal record, sexual history, grocery habits, all communication between my government and me, real estate deeds and mortgages, two-factor authentication keys, and I suppose my Steam library.
Like, that's a lot. People can lose their homes. The stakes are unfathomably high here.
The horse is driving the carriage here.
Why and how is this protecting against a malicious actors? You can't skip that part.
What about malicious actors that are entrenched, like Meta and even Google? Does this not strengthen them?
It's pretty clearly an attempt to establish a clear chain of trust. If you are making a malicious app, the first thing you want to do is hide your identity. It is incredibly important that users can know whose code they are running, and who is responsible for the behavior of the malicious app that destroyed their life.
I can't say whether the specific implementation will be an improvement, but that is clearly the intent.
Meta and Google have not shown themselves to be "malicious" in sense that is relevant to this discussions. Whatever shady practices they may or may not have is very likely entirely within the law, and they are strongly motivated to protect people's personal data, because they will not have users (i.e., their product) if their platforms are insecure.
3 replies →
Exactly.
"Free" devices exist. Linux computers. Linux phones. No codesigning, minimal sandboxing, none of that "malevolent" stuff from macOS/Windows/Android. Knock your socks off. You have a choice. Ideologically wanting everyone's devices to be like this is not sensible.
This isn't like anticompetitive behavior (bundling, lock-in, fees) where "you have a choice" is irrelevant because corporate power should be minimized and competition and consumer surplus should be maximized. Tradeoffs between security and nerd-fantasy "freedom" are valid.
I still remember that piece about the tween girl getting her nudes exposed because of a RAT. True "freedom" with technology, for non-nerds, means being able to use technology to pursue your passions, learn singing, fashion, dancing, without having to be terrified that this computer might destroy your life. That's "freedom" for 99% of folks. But the high-empathy folks here will respond "user error", "personal responsibility", "you should have known not to click that". You aren't entitled to be care-free, to have a life, to pay no attention to boring nerd stuff. Become a dead-inside geek like us, you bottom-quintile person, or else.