Do you think regular desktop computer should be locked down like this too? Scammers can also tell people to run Windows programs. Should that be banned too?
I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
Exactly. There's a sucker born every minute. I'm not saying people deserve to be taken advantage of. The reality is that there will always be people who can be lead off a cliff with minimal effort. There will always be people who believe that a guy with a thick Indian accent and broken English is a representative of Microsoft and that he can fix their computer in exchange for gift card codes. There comes a point where society sacrifices too much under the pretense of protecting the gullible. Prevent people from using technology at all and they'll go back to buying actual snake oil.
Keep in mind that Android has like a billion users who have never touched a Windows computer. (And unmanaged Windows was/is also a disaster zone.) Coming at this from a internet forum perspective is missing the scope of the problem.
> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
There is a big difference between opt-in and opt-out that isn't semantics. You can't slowly discourage, deprecate and delete the default the way you can an opt-in, because too many people keep using it.
Maybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
The scams are more sophisticated than getting gift cards to pay the IRS. A number saying that it’s from the bank will say they need to verify some account information.
I have had to actually verify my “investment profile” with a major broker in order to unfreeze some trades, in a high friction process. To the extent that a sideloaded app that looks exactly like the bank app has a low friction install, then people can get fooled and irrevocably lose savings.
If the lock-down is opt-in, almost nobody will opt in to it. If the lockdown is opt-out, then whether scams still happen depends on how much friction there is in opting out.
Freedom to install other unsigned sandboxed apps has a solution: Banks could use passkeys and other non-phishable methods. Sideloaded apps in Android can’t get to the bank app’s passkey.
Passkeys or hardware tokens get worries about the enshittification of the theoretical recovery process. Which, if that’s the case, I guess we should hope for/pay a better world, at least with banks and brokers. For them specifically, for account recovery allow either showing up in person or using ID checks.
Both for personal accounts and business accounts (i.e. with Business Email Compromise), I believe the onus should be on the bank to use non-phishable methods to show the human-readable payee from their app for irrevocable transfers.
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the key
Would you support Microsoft doing the same thing to Windows?
These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
Microsoft is doing the same thing, they call it S-mode. A surprisingly large amount of computers are sold with Windows S. Thankfully S-Mode can usually be disabled even if your computer shipped with it enabled.
Windows S mode is a streamlined version of Windows designed for enhanced security and performance, allowing only apps from the Microsoft Store and requiring Microsoft Edge for safe browsing.
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.
I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscated
F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid.
I think compared to the alternatives, this is the best answer.
Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.
Not the parent or agreeing/disagreeing with them, but to your question: if you get creative, there are a lot of things you could do, some more unorthodox than others.
Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
The people falling for social engineering now won't be protected by this either. You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
> You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
That's unfortunate if true but it isn't a convincing argument to force the rest of society to live in proverbial padded cells. There's a minimum bar here. Some people probably shouldn't have online accounts and aren't responsible enough to manage their own finances. The rest of us are (hopefully at least marginally) functional adults.
If I proposed putting mandatory cameras in all homes and you objected, would it then be fair for me to demand that you justify your position by proposing a better alternative to combat domestic violence?
Locking down computing is just fundamentally wrong and leads to an unfree society.
The choice is not between "individuals are on their own against scammers" and "users are locked into Google vetting their phone". Users should be able to choose another organisation to do the vetting. They bought a phone, they didn't sell their life to Google.
Enable unknown sources in developer options, have the user type out in order to proceed "If I am typing this and don't know what I am doing, I am likely being scammed".
I suppose you could make the cooldown apply to the actual installed app. Like... when it's first installed it won't work for 24 hours and the clock doesn't start until you reboot. And then on boot it scares you again before starting the clock. And then "scares" you again after the cooldown.
Force the phones to be open so I can install my own OS on them.
Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
China just executed couple of them that operated in Myanmar. Since we are hurling towards the bad parts in their dystopia anyway, why not also get the good ones?
Like the ones constantly advertising across Google's plethora of platforms without any repercussions or possibility of recourse with Google? For my safety, of course.
You can’t feasibly protect someone that believes the person on the phone is their family member or the chief of police.
This kind of thing has to be verified like how they try drugs. Just randomly doing things will surely be useless, similar to how randomly optimizing parts of a program is generally worthless.
Are scammers using sideloaded apps when they can use whatever remote connexion the apps in the store allow ?
I think a big warning in red "Warning :If you don't personally know the person asking you to install this app, you are getting scammed. No legitimate business or Institution will ask you to install this app"
Why would you need to sideload anything when scammers can just use Teamviewer or any remote operation software, readily available in the Play Store, that will surely pass whatever "checkmark" process Google uses to validate "safe" apps?
As if Google Play itself isn't a cesspool full of scammers, or Google ads, or Youtube. As long as Google get their cut they don't give a shit about scams. For a reality check, turn off your adblockers and you'll see how much Google profits from scams. Any solution to scamming can't involve Google, since they long have been a willing tool for scammers.
Pretending that this is about anything but Google's greed is giving them far too much credit.
But this has nothing to do with combating scammers in the first place, have you never used the play store before? It's overwhelmingly scam apps with the most intrusive ad/tracking shit imaginable. There are scammers openly buying sponsored search results for names of popular apps so their malicious app with similar name appears as the first result.
is is the shit people are exposed to when they go through the Play Store. You don't find that on F-droid.
The second thing I'd do to combat scammers is the same thing I'd do to combat child porn and disinformation: educate people. This silly process is a technical answer to a social problem, and those rarely work well.
You didn't even slightly research the topic of phone malware, browse /r/isthisascam for starters.
I don't say the problem is an "epidemic" and it doesn't have to be an epidemic to be addressed.
It's very obviously not irrelevant. Google is not going to let their main phone app product become associated with Grandma losing her savings! That's not going to help the free software folks... it's going to send everyone over to iOS.
> Google is not going to let their main phone app product become associated with Grandma losing her savings!
How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
Do you think regular desktop computer should be locked down like this too? Scammers can also tell people to run Windows programs. Should that be banned too?
I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
Exactly. There's a sucker born every minute. I'm not saying people deserve to be taken advantage of. The reality is that there will always be people who can be lead off a cliff with minimal effort. There will always be people who believe that a guy with a thick Indian accent and broken English is a representative of Microsoft and that he can fix their computer in exchange for gift card codes. There comes a point where society sacrifices too much under the pretense of protecting the gullible. Prevent people from using technology at all and they'll go back to buying actual snake oil.
Keep in mind that Android has like a billion users who have never touched a Windows computer. (And unmanaged Windows was/is also a disaster zone.) Coming at this from a internet forum perspective is missing the scope of the problem.
> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
There is a big difference between opt-in and opt-out that isn't semantics. You can't slowly discourage, deprecate and delete the default the way you can an opt-in, because too many people keep using it.
4 replies →
Not really. With opt-out, if I buy a new phone or even just reinstall OS, I will now have to wait 24 hours before doing anything useful with it.
Maybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
If "they" is Google, this is just a really pointless middleman proposal. Android does all the cert stuff.
Also Chrome trusts like 300 CAs. Does that work? Probably not if you live in 200 of those countries.
The scams are more sophisticated than getting gift cards to pay the IRS. A number saying that it’s from the bank will say they need to verify some account information.
I have had to actually verify my “investment profile” with a major broker in order to unfreeze some trades, in a high friction process. To the extent that a sideloaded app that looks exactly like the bank app has a low friction install, then people can get fooled and irrevocably lose savings.
If the lock-down is opt-in, almost nobody will opt in to it. If the lockdown is opt-out, then whether scams still happen depends on how much friction there is in opting out.
Freedom to install other unsigned sandboxed apps has a solution: Banks could use passkeys and other non-phishable methods. Sideloaded apps in Android can’t get to the bank app’s passkey.
Passkeys or hardware tokens get worries about the enshittification of the theoretical recovery process. Which, if that’s the case, I guess we should hope for/pay a better world, at least with banks and brokers. For them specifically, for account recovery allow either showing up in person or using ID checks.
Both for personal accounts and business accounts (i.e. with Business Email Compromise), I believe the onus should be on the bank to use non-phishable methods to show the human-readable payee from their app for irrevocable transfers.
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"
let's say I put a lock on an office door. You say "Why? Bazookas will get through the door anyways".
I don't know how I feel about this change but context does in fact matter about whether something is a good idea or not
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.
4 replies →
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the key
'Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.' - Benjamin Franklin
'essential' means can't be bothered to wait 24 hours (once)?
>"'essential' means can't be bothered to wait 24 hours (once)?"
Essential means to get fucking lost and let me do with the hardware I paid for whatever I want.
2 replies →
You are missing the part that new 24 hour process was a response to backlash. It was not even in their plan.
1 reply →
To do what I want with my own property seems pretty essential to me.
15 replies →
Boiling the frog.
7 replies →
Stockholm syndrome is so pity when detected.
1 reply →
Why not wait 3 months just to be safe? Or 3 years?
I paid for my phone.
1 reply →
Would you support Microsoft doing the same thing to Windows?
These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
Microsoft is doing the same thing, they call it S-mode. A surprisingly large amount of computers are sold with Windows S. Thankfully S-Mode can usually be disabled even if your computer shipped with it enabled.
Which is frankly hilarious because the Microsoft Store is the worst offender when it comes to hosting straight-up scams.
I'm not the only one who has noticed: https://www.reddit.com/r/windows/s/6y39VNaLUh
2 replies →
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.
I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscated
F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid.
3 replies →
I think compared to the alternatives, this is the best answer.
Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
That's absurd.
No more absurd than letting a megacorp control what I install on my own device.
1 reply →
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.
5 replies →
Not the parent or agreeing/disagreeing with them, but to your question: if you get creative, there are a lot of things you could do, some more unorthodox than others.
Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
The people falling for social engineering now won't be protected by this either. You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
> You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
2 replies →
That's unfortunate if true but it isn't a convincing argument to force the rest of society to live in proverbial padded cells. There's a minimum bar here. Some people probably shouldn't have online accounts and aren't responsible enough to manage their own finances. The rest of us are (hopefully at least marginally) functional adults.
6 replies →
Nothing is perfect, but by what percentage would you think scams that leverage sideloading would drop? 1%? 10%? 50%? 90%? 99%?
8 replies →
I'm going to break your kneecaps. Oh, what's that? You don't like it? Well, what's your solution to P=NP?
If cooldowns work, put them on granting permissions.
There are just as many scam apps in play store and this system does nothing to help with those.
If I proposed putting mandatory cameras in all homes and you objected, would it then be fair for me to demand that you justify your position by proposing a better alternative to combat domestic violence?
Locking down computing is just fundamentally wrong and leads to an unfree society.
The choice is not between "individuals are on their own against scammers" and "users are locked into Google vetting their phone". Users should be able to choose another organisation to do the vetting. They bought a phone, they didn't sell their life to Google.
Tell the unsophisticated users that they would be safer inside the ecosystem that has always been a walled garden.
Why destroy the ecosystem that gives you the freedom to shoot yourself in the foot?
Turning Android into another walled garden removes user choice from the equation.
So there's no scamming happening in Apple's fully walled garden, "Only approved apps allowed" system, right?
https://blog.lastpass.com/posts/warning-fraudulent-app-imper...
Oh, turns out they just let you pretend to be the real company to sell your scam app.
What a load of good that "Approval" process does.
Enable unknown sources in developer options, have the user type out in order to proceed "If I am typing this and don't know what I am doing, I am likely being scammed".
I suppose you could make the cooldown apply to the actual installed app. Like... when it's first installed it won't work for 24 hours and the clock doesn't start until you reboot. And then on boot it scares you again before starting the clock. And then "scares" you again after the cooldown.
Force the phones to be open so I can install my own OS on them.
Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
China just executed couple of them that operated in Myanmar. Since we are hurling towards the bad parts in their dystopia anyway, why not also get the good ones?
Like the ones constantly advertising across Google's plethora of platforms without any repercussions or possibility of recourse with Google? For my safety, of course.
Education is the only solution to this.
You can’t feasibly protect someone that believes the person on the phone is their family member or the chief of police.
This kind of thing has to be verified like how they try drugs. Just randomly doing things will surely be useless, similar to how randomly optimizing parts of a program is generally worthless.
Are scammers using sideloaded apps when they can use whatever remote connexion the apps in the store allow ?
I think a big warning in red "Warning :If you don't personally know the person asking you to install this app, you are getting scammed. No legitimate business or Institution will ask you to install this app"
Why would you need to sideload anything when scammers can just use Teamviewer or any remote operation software, readily available in the Play Store, that will surely pass whatever "checkmark" process Google uses to validate "safe" apps?
We need to remove the play store from Android phones. People have been scammed there more than any other store.
"Warning: if someone is talking to you and walking you through this screen, you may be being scammed!"
Done.
As if Google Play itself isn't a cesspool full of scammers, or Google ads, or Youtube. As long as Google get their cut they don't give a shit about scams. For a reality check, turn off your adblockers and you'll see how much Google profits from scams. Any solution to scamming can't involve Google, since they long have been a willing tool for scammers.
Pretending that this is about anything but Google's greed is giving them far too much credit.
Something called personal responsibility and intelligence.
...which clearly companies don't want, because complacent mindless idiots are easier to brainwash, control, and milk.
But this has nothing to do with combating scammers in the first place, have you never used the play store before? It's overwhelmingly scam apps with the most intrusive ad/tracking shit imaginable. There are scammers openly buying sponsored search results for names of popular apps so their malicious app with similar name appears as the first result.
> what's your solution to combat scammers?
I'd wipe the Play Store off the face of the earth. Have you looked at the garbage on there that Google considers legit?
This: https://news.ycombinator.com/item?id=47447600
is is the shit people are exposed to when they go through the Play Store. You don't find that on F-droid.
The second thing I'd do to combat scammers is the same thing I'd do to combat child porn and disinformation: educate people. This silly process is a technical answer to a social problem, and those rarely work well.
Arrest the scammers
I wonder how this will help combat scammers. Do you really think they don’t have $25 for a fee?
Furthermore, this verification system also functions as a US sanction mechanism—one that can be triggered against any entity the US decides to ban.
education
Don't install crap on your phone
[flagged]
You didn't even slightly research the topic of phone malware, browse /r/isthisascam for starters. I don't say the problem is an "epidemic" and it doesn't have to be an epidemic to be addressed.
It's very obviously not irrelevant. Google is not going to let their main phone app product become associated with Grandma losing her savings! That's not going to help the free software folks... it's going to send everyone over to iOS.
> Google is not going to let their main phone app product become associated with Grandma losing her savings!
How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
3 replies →
I wonder whether scammers will switch to using PWA.