Comment by seba_dos1

6 hours ago

> That alone is a huge and frankly impossible thing to expect from regular people.

The systems used by regular people could just refuse to boot further when detecting a compromise, so I'm not sure where this comes from. We have prior art for that too. This is still orthogonal to letting users who want to patch things patch them, and not letting the apps verify what environment they run in. It's all compatible with each other, and with both regular and power users.

> Then you can't demand those developers trust your device.

Somehow we could for decades. Whether we'll still be able to in the future depends only on how much noise and friction we'll make about it now.

3 comments

seba_dos1

Reply
Avamander  3 hours ago

> This is still orthogonal to letting users who want to patch things patch them, and not letting the apps verify what environment they run in. It's all compatible with each other, and with both regular and power users.

No, they're fundamentally opposed to each other. The entire point is that developers don't want their apps patched by just anyone, especially not malicious actors. Small minority of power users will inevitably get caught in the crossfire.

> Somehow we could for decades. Whether we'll still be able to in the future depends only on how much noise and friction we'll make about it now.

No, you really couldn't. Past lack of technical means doesn't mean anyone trusted your device nor that we had use-cases where this was important. (It was also usually solved with external hardware, physical dongles and whatnot.)

  • seba_dos1  2 hours ago

    > The entire point is that developers don't want their apps patched

    That's exactly what I'm trying to say. The entire point is not to secure the user, it's to secure the apps. It's working against the user's interest, as letting the user lie to apps is essential to user's agency. The technical means used to achieve this could also be used to work for the user and ensure their security without compromising their agency, but that's not what happens on mainstream platforms.

    > No, you really couldn't.

    Yes, you could. Exactly how you describe, so it was used only where it mattered, and in other cases they just had no choice. Today the friction is so low that even McDonald's app will refuse to work on a device it considers untrustworthy. The user does not benefit from that at all.

    • Avamander  8 minutes ago

      > as letting the user lie to apps is essential to user's agency.

      You do understand that in this case the user's agency has a very clear line?

      Tampering with an electronic identity software is not a fundamental right the same way as tampering with your ID-card or passport isn't.

      > [...] and in other cases they just had no choice.

      QED. Not that they wouldn't or didn't want to.