So you want a $100 feature phone that has serious security features like monthly security patches and dedicated security coprocessors? It's tough to make the economics of that work out. All the serious security features costs money to implement, either in the form of development costs or added costs to the BOM. Those costs can be absorbed if you're selling a $600 phone, but not a $100 phone. If you try to add those features to a $100 phone, it'll end up making the phone more expensive, which means nobody but security freaks would buy your phone, and you lose economies of scale that's needed to make a phone at all.
Back to your point, there's already a "split of hardware and software" in the PC market, and we know how it works out. Security there is a joke. Windows might be getting monthly security patches, but the same can't be said of the panoply of third party drivers/firmware. Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM.
You missed my point, a simpler hardware/software phone needs less resources to maintain. No eyecandy/cushy features to maintain, security becomes easier to maintain by the community. No constantly added features and gimmicks which break and introduce weak points.
Let's not forget that all these "features" which enable corporations like Google take complete control over the project also end up driving price up, constantly. Cheap phones are a sh*t iteration of more expensive phones, instead of being simpler more basic implementations of must have features without the "quality of life" bloat on the top tier models. They should have a different tier OS rather than the same one.
I would also not make the parallel between comms devices and PCs, they're different beasts.
>a simpler hardware/software phone needs less resources to maintain
And a such a product is going to absolutely niche, which means no economies of scale producing or maintaining it. You try to justify that by saying it'll be maintained by "the community", but who's going to want to do unglamorous work fixing security issues, compared to developing features? Mainstream phones have dedicated security teams and freelance vulnerability researchers going after them for fame/clout. Who would want to do security research for what's essentially a glorified nokia 3310 that maybe 1000 people use?
>Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM.
Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features".
The computer was meant to be as a calculator. An unassuming tool to automate the mundane, not as a link in the chain of techno-fascism/feudalism/tyranny. The only thing that will ward off that eventuality is how we as people embrace and guide it's further usage & implementation.
The tech is currently here for every bad ending. I want to make that clear. It has already arrived. The knowledge of it's configuration to bring those ends are the part that isn't quite realized yet. I pray that it won't be unearthed, but with the way things are currently going, I have serious doubts.
>Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features".
Like it or not, TPM was meant to increase security by deterring evil maid attacks. If you can't stop this sort of attack, your device doesn't offer serious security, and a feature phone with wifi/bluetooth/cellular data turned off probably has similar security. Moreover TPMs were introduced over a decade ago and there's still no DRM that's based on it. People did forget about SGX though, which came and went but had actual DRM built for it. I've also never heard a peep about HDCP which is specifically for DRM purposes and is built into every GPU/monitor.
So you want a $100 feature phone that has serious security features like monthly security patches and dedicated security coprocessors? It's tough to make the economics of that work out. All the serious security features costs money to implement, either in the form of development costs or added costs to the BOM. Those costs can be absorbed if you're selling a $600 phone, but not a $100 phone. If you try to add those features to a $100 phone, it'll end up making the phone more expensive, which means nobody but security freaks would buy your phone, and you lose economies of scale that's needed to make a phone at all.
Back to your point, there's already a "split of hardware and software" in the PC market, and we know how it works out. Security there is a joke. Windows might be getting monthly security patches, but the same can't be said of the panoply of third party drivers/firmware. Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM.
You missed my point, a simpler hardware/software phone needs less resources to maintain. No eyecandy/cushy features to maintain, security becomes easier to maintain by the community. No constantly added features and gimmicks which break and introduce weak points.
Let's not forget that all these "features" which enable corporations like Google take complete control over the project also end up driving price up, constantly. Cheap phones are a sh*t iteration of more expensive phones, instead of being simpler more basic implementations of must have features without the "quality of life" bloat on the top tier models. They should have a different tier OS rather than the same one.
I would also not make the parallel between comms devices and PCs, they're different beasts.
>a simpler hardware/software phone needs less resources to maintain
And a such a product is going to absolutely niche, which means no economies of scale producing or maintaining it. You try to justify that by saying it'll be maintained by "the community", but who's going to want to do unglamorous work fixing security issues, compared to developing features? Mainstream phones have dedicated security teams and freelance vulnerability researchers going after them for fame/clout. Who would want to do security research for what's essentially a glorified nokia 3310 that maybe 1000 people use?
6 replies →
>Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM.
Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features".
The computer was meant to be as a calculator. An unassuming tool to automate the mundane, not as a link in the chain of techno-fascism/feudalism/tyranny. The only thing that will ward off that eventuality is how we as people embrace and guide it's further usage & implementation.
The tech is currently here for every bad ending. I want to make that clear. It has already arrived. The knowledge of it's configuration to bring those ends are the part that isn't quite realized yet. I pray that it won't be unearthed, but with the way things are currently going, I have serious doubts.
>Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features".
Like it or not, TPM was meant to increase security by deterring evil maid attacks. If you can't stop this sort of attack, your device doesn't offer serious security, and a feature phone with wifi/bluetooth/cellular data turned off probably has similar security. Moreover TPMs were introduced over a decade ago and there's still no DRM that's based on it. People did forget about SGX though, which came and went but had actual DRM built for it. I've also never heard a peep about HDCP which is specifically for DRM purposes and is built into every GPU/monitor.
1 reply →