← Back to context

Comment by palata

1 day ago

I have mixed feelings as well.

The security model of Android and iOS is vastly superior, and for "normal" users it is not so much of a problem if they don't have control they neither need nor want.

On the other hand, I obviously don't like it when I don't have control over my hardware. But what I hate the most is when the manufacturers prevent me from installing an alternative OS. I like being able to install something like GrapheneOS.

Also the fact that I'm forced (in practice) to use the Play Services is not really about the device being locked down.

20 comments

palata

Reply
ece  1 day ago

Vastly superior security doesn't make you give up freedoms for security. But do tell me how successful the war against scams has been for the average user.

  • palata  21 hours ago

    I am not sure what you are trying to say.

    Convincing a user to give their password will always be an issue, that's fundamental. But because phishing exists does not mean that security does not matter.

    Without security, there is no need to phish, because the system does not protect anything. Once you have a good security, then the best attack is phishing because it's easier to trick the human than the system. This means that the security is good, not bad.

    • pluralmonad  18 hours ago

      I think one of the points is that all this attestation stuff does not protect against the majority of the ways users are compromised. Its just remote control with real security benefits, just those benefits largely accrue to companies and at the expense of the user.

      7 replies →

    • ece  21 hours ago

      This level of security exists on open as well as closed platforms, the problem is the closed platforms not allowing you to do things that aren't giving your password away (like installing fdroid or using beeper easily). I just have a hard time believing this is superior in any way.

      6 replies →

    • Borealid  13 hours ago

      You can't provide a passkey to a malicious site without writing your own web browser. And the "password" is a 128-bit integer.

      It completely solves the phishing-password-stealing problem.

      1 reply →

hulitu  5 hours ago

> The security model of Android and iOS is vastly superior

"This app requires access to all your files. OK [X] Close []"