Comment by BrenBarn
1 month ago
I think we could set the bar substantially higher. Don't even bother with discussion of sideloading. Talk about bounded transactions and device control.
What is needed is: Once I have purchased a device, the transaction is over. I then have 100% control over that device and the hardware maker, the retailer, and the OS maker have a combined 0% control.
First thing on the list for me is dramatically reforming the Digital Millenium Copyright Act (DMCA), which currently makes it a federal felony to provide other people any information or tools they might use to control the devices they own, ex:
> Thanks to DMCA 1201, the creator of an app and a person who wants to use that app on a device that they own cannot transact without Apple's approval. [...] a penalty of a five year prison sentence and a $500,000 fine for a first criminal offense, even if those tools are used to allow rightsholders to share works with their audiences.
https://www.eff.org/deeplinks/2020/09/human-rights-and-tpms-...
_____________
In some ways, I think this is even more important than attempting to bar companies from putting in the anti-consumer digital locks in the first place: It's easier to morally justify, easier to legally formulate, and more likely to politically pass. The average person won't be totally stuck lobbing the government to enforce anti-lock rules for them, consumers can act independently to develop lockpicks.
Plus it removes the corporations' ability to bully people using your tax-dollars and government lawyers.
The DMCA stuff is quite annoying for more reasons but all are US; my hoster and internet provider both have standard emails for DMCA and copyright violations from US companies: "We received this, we do not care if you act on it, cheers.".
Also, let's stop using the term "sideloading", as if it's something bad or shady.
It's called "installing apps".
You didn’t read the article?
Of course the poster did. The question is why does everyone else prefer to use the Apple/Google-coined term rather than the standard "installing" verbiage.
"I then have 100% control over that device and the hardware maker, the retailer, and the OS maker have a combined 0% control."
the problem is transaction not done once you own the device, you must use the ecosystem
Google and Apple create this ecosystem and they own it, so even if you have 100% control of your device but you cant live without their ecosystem
OS is just "half the battle", if its so easy Microsoft would not let windows mobile died
Right, so that's what needs to change.
well, we need a platform competitor like Huawei doing for the past years
but Open Ecosystem/Platform
which is likely never happen tbh, since the amount of resources that required is a lot and would need monetization which would end up like at position like this
13 replies →
[dead]
What does this even mean? You don't want software updates? Or strictly only software updates that are 100% aligned with your wishes whatever they may be at the time?
No forced updates, no downgrade prohibition, no bootloader locking, kernel GPL compliance (with drivers that can be loaded in it, even if they are closed source), no remote attestation.
The bare minimum so that I can use the device I bought as I wish, even if the manufacturer later decides to "alter the deal".
Unironically, I want finished software. I don't like it one bit how the vast majority of software products today are in an "eternal beta", so to speak.
Android, in particular, is a finished product. It doesn't need yearly updates. It may need an occasional update to patch a vulnerability, but this whole "we changed the notification shade UI for tenth time because we're so out of ideas" thing has to stop.
Yeah, that's the problem. As soon as it became feasible to push upgrades over the wire, software companies started relying on it. And unfortunately that mentality is viral, because as soon as one thing starts doing that, anything that else that interoperates with that other thing winds up having to do it to some extent. It's a tragedy of the commons.
I don't think software is ever finished.
But I'd definitely love to not be shipped alpha or beta software. MVPs are great when hacking, but why are we shipping hacked together stuff. "It works" doesn't mean it actually works...
26 replies →
On Google Play, it's only finished for a few years at best. If it's not updated to the latest version, eventually it gets delisted.
1 reply →
> You don't want software updates?
Most of the time, software updates remove features, change things around for no good reason (breaking our workflows), or add unwanted features.
We really should separate pure bugfix updates (which include security updates) from feature updates. We nearly always want the former, but not necessarily the latter.
So much this. I totally want security fixes, but I only want security fixes. I don't want UI changes, features removed or altered, or anything with my usability upset.
My computing devices are tools I use to do my job and run my life. I don't want those tools changing without my consent.
4 replies →
I want it exactly as it is in Linux land. This is a solved problem. How are you so dumbfounded?
So why aren't you using GNU/Linux phones?
1 reply →
Maybe I do, maybe I don't. It's for me to decide what updates I want, if any. Apple and Microsoft do not give you a choice. Precisely zero people wanted Copilot on their computers, but it's there anyway whether you want it or not.
You can choose not to update in both Android and iOS. Same with running Windows.
1 reply →
Why would anyone want an update misaligned with them, ever?
You should be able to set auto update, auto update with confirmation, manual update only, for any or all apps.
What someone does with that, and why, isnt something anyone should have to explain or excuse.
It could be as simple as not wanting any new features beyond but what an original version of an app has. Or not wanting an update that takes user data surveillance to another level.
I think this is a good point, even if you're presenting it as a false dichotomy.
Obviously saying "Apple shouldn't be allowed to touch my device after I purchase it" as well as "Apple should be compelled to provide security updates" is nuts.
But I think saying, "Apple shouldn't be allowed to touch my device after I purchase it" as well as "I should be able to provide my own security updates, if Apple doesn't want to" is totally reasonable.
But Apple would never allow that. So allowing sideloading seems like a reasonable amount of pain Apple should be forced to put up with...
I don't think Apple should be compelled to provide security updates. I think Apple should be held accountable for security vulnerabilities in anything they release. You can't evade liability by patching it later.
I'll take that deal 9 times out of 10. Why would I want updates tied to a phone if I'm going to be installing my own software with its own updates? This is already done on most software, browsers, etc. CVE on text messages? Cool, wasn't using the manufacturer's app anyway.
>only software updates that are 100% aligned with your wishes whatever they may be at the time?
wild that you seem to think this is a gotcha question. yes, all the software I want on my devices, and only software I want on my devices
Pure security updates are often better than the status quo, but yes I'd prefer to have zero updates instead of the current mess.
Maybe software updates could contain things users actually want, that provide a competitive incentive for users to choose to buy the phones from specific makers?
> Or strictly only software updates that are 100% aligned with your wishes whatever they may be at the time?
Um, yes? Constant push-updates are one of the worst tech trends of the last 10-20 years.
why does having software updates mean giving up control of the device ?
Security Updates - They should be considered as in warranty servicing of faulty software.
Software Updates - These are turning out to be a scam in some ways. The decision to regularly introduce new APIs and forcefully obsolete old APIs/features is theirs. Consumers don't have to pay for it with the control. The cost of it should be baked into the initial purchase cost. A new feature that restricts access is an anti-feature.
GNU/Linux provides the updates and yet lets you own the device.
That bar would require infinitely good software on the hardware. Then it will be your device. Otherwise, they will constantly need to improve it. then it will be their software on your device.
Would you consider Microsoft Windows or Linux infinitely good software? The scenario described by the GP applies 100% to most personal desktop and laptop computers.
I don't think it matters if it's their software on your device, just like it's their chips inside the box. The key is that you choose whether or not to buy the product, or install their software.
People always say things like these, and I wish it were that way too. Maybe if history had gone a little differently.
But what's the point of defining these standards now? Is the world where this is the reality still feasible? It seems nearly impossible, unless you're an extremely wealthy and influential individual. What I'm seeing is that we never will move to a world where a device that you bought is truly "yours" anymore. Instead, we'll be renting one of the approved devices, ran by one of the tech megacorporations and overseen by your government. They will give no real way to execute any random code that you want, unless you're also licensed and vetted as a developer. They will be tightly surveilled, all information will be saved, every interaction between these devices will be controlled for the sake of security. It will be an entire web of trust, defined by the powers that be. We're seeing early attempts at it now, but we still haven't hit full centralization. But once we do, what happens then?
I said it elsewhere in the thread, but the current model is already falling apart: it has led to random IoT devices becoming parts of widespread botnets, affecting Internet functioning, and putting unwitting consumers at risk.
Fixing that problem might turn out to be cheaper for competitors by making their platforms more open and avoiding the full responsibility as a vendor.
Basically, combine current and future legislation about electronic waste, cybersecurity of IoT and connected devices, and the carve-outs for free software and open source platforms, and suddenly it becomes much cheaper to ship a product that will run for 20 years (say a washing machine) if you as a vendor can guarantee some of this for the warranty period (1-5 years), and open up the platform to consumers and shift the responsibility at that point. Also imagine the case of a vendor going under which needs to be covered too (this would make subscriptions infeasible too).
If legislation demands this (imagine no insecure devices for 20 years), markets will do the rest.
> I said it elsewhere in the thread, but the current model is already falling apart: it has led to random IoT devices becoming parts of widespread botnets, affecting Internet functioning, and putting unwitting consumers at risk.
But isn't this also exactly how the pitch will sound for what I proposed? You know, "The internet is too important and random people are allowed to upload and run random dangerous code within it with no oversight, this has to be stopped." The manufacturers will never bear the consequences of their choices, the consumers will. There might be a push to make the internet watertight by requiring all major websites and services to only allow access to "secure" devices and block all other traffic. After all, why spend money on cybersecurity when everyone can only use the (important parts of the) internet with their real names, and developers are de-anonymized?
Will this actually improve security? It seems very unlikely. But despite it, this move seems like exactly the kind of thing that's coming, because it massively benefits both companies and governments.
1 reply →
I mean, maybe, but I think what you're describing is a view so bleak and fatalistic that it amounts to saying the world may as well self-destruct because there's nothing we can do about it.
Ubuntu for android?
How's Ubuntu (or hell, any Linux distro) for mobile going to change what I outlined? It's not going to matter what OS you're running once all the important websites and services you use every day (up to and including government services) start requiring some form of attestation or other layers of security that will no doubt only be provided by a few locked-down vendors. Once that happens, your Ubuntu Touch phone will be about as useful as a Nokia 3310, at least online. After all, it's <0.01% of the market and open (therefore dangerous), Google or Microsoft or Apple aren't going to sign off on that. A natural consequence of that will be that "unsecured" devices will be stamped out, perhaps not by force, but just economically. That's the day when what I described will just become mundane reality.
5 replies →