Comment by dataflow
4 days ago
It really feels like you're replying to a completely different comment than mine? Absolutely nothing you're responding to here is consistent with what I wrote (except your very first sentence)...
> What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
There's nothing to challenge here. The method I proposed keeps you fully in control and owning your device. Anybody can follow that process if they want. It's not like I said each person has to get approval from Google before enabling developer mode on their phone.
> Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%?
This is not some kind of paradox like you're making it out to be. A very reasonable starting point would be "get this scam rate down to match {that of another less-common scam}". Iterate until/unless new data comes along suggesting otherwise.
> Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users?
"Too"?! Where did I ever suggest root should be "completely unavailable" to all Android users?
> Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
Where did I suggest any of this?
I think there has been a fundamental misunderstanding. I am not accusing you of having suggested any of this - these are escalating hypotheticals about what lengths it is appropriate to go to in the name of protecting vulnerable users.
When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?
What I am asking you to do, as a thought exercise, is to define that threshold, and then to consider that if we never meet that threshold, how far are you willing to go with iterating and adding more friction, stripping user control in pursuit of it?
It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero. All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
> When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?
All it means is "keep reevaluating the situation and your approach based on the data." I can't possibly claim to have all the answers for every hypothetical available right here.
> It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero.
Replace "will...near zero" with "has a reasonable chance of...low enough that the fish becomes too small to fry" and you might be capturing my thoughts better.
> All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
I am not a prophet (or a dictator). I'm an engineer. I see a potential solution or mitigation, I evaluate the trade-offs, and if it seems worthwhile, I suggest/try it. If it works out well, great. If not, I reevaluate everything based on the facts at that point. "I don't have any good idea anymore" is certainly a possibility I could reach, as is "I have another idea"...
Clearly there are a million factors to consider in each situation. Some predictable, some not. Just to list a few obvious ones off the top of my head: how fast we get there, how users react, how governments and lawmakers react, the magnitude of the scamming (not just rate! but also monetary amount), what other threats pop up in the meantime, what threats go away, what other mitigations or alternatives are available to try next, what the financial system even looks like at that point... these are all relevant. I can't predict what we should do in a vague, underspecified hypothetical where the only concrete premise seems to be that my predictions are wrong. (!) What I can see and suggest some solution for is the reality right now.