1/13/2025 at 2:27:20 AM
There are a ton of products on the market that are vastly more dangerous than computers: guns, cars, motorcycles, bicycles, chainsaws, table saws, cigarettes, alcohol, junk food. Yes, consumers do sometimes harm themselves by using these products. That's the price of freedom. I think it's bizarre that we treat computers as the most dangerous products in the world that for some reason demand paternalism, when none of these other products are locked down by the vendor.The reason that computers are locked down by the vendors is not that computers are somehow more dangerous than other things we buy. The reason is simply that it's technically possible to lock down computers, and vendors have found that it's massively, MASSIVELY profitable to do so. It's all about protecting their profits, not protecting us. We know that the crApp Store is full of scams that steal literally millions of dollars from consumers, and we know that the computer vendors violate our privacy by phoning home with "analytics" covering everything we do on the devices. This is not intended for our benefit but rather for theirs.
by lapcat
1/13/2025 at 10:15:53 AM
If protection of the casual user was an argument, there would be an easy option to unlock your system, be that phones or desktop computers.But on many systems these options do not exist because the vendor likes people dependent on them. This is why devices like chromebooks or all mobile phones are more or less e-waste in the making. In my opinion it is a waste to use any development capacity for these systems apart from consumer devices offering the next shitty app that hopefully always stays optional.
We even have dysfunctional laws that require banking apps to only run on these shitty systems. In my opinion, these errors need a quick correction.
Also, the most cases of scam still work as they did before and exfiltrating information, e.g. tracking and "diagnostic data" by bad operating systems are an additional security problem.
by raxxor
1/13/2025 at 12:08:26 PM
> If protection of the casual user was an argument, there would be an easy option to unlock your system, be that phones or desktop computers.Making it easy to unlock could make it easy(er) for scammers to get it unlocked:
> I received the same type of call a little later in the day. They were very adamant they were calling from the Bell data centre, on a terrible line and I made them call back three more times while I considered their requests. They wanted to have me download a program that would have given them controI of my laptop. […]
* https://forum.bell.ca/t5/Internet/Call-stating-that-an-issue...
by throw0101a
1/13/2025 at 5:42:29 PM
> Making it easy to unlock could make it easy(er) for scammers to get it unlockedMaking laptops that weigh two pounds instead of 40 pounds could make it easier for thieves to steal them. Making computers less expensive could increase the number of spammers who can afford one and make it easier to send spam. Making encryption widely available could make it easier for bad actors to communicate.
But these things have countervailing benefits, so we do them anyway and then address the problems by a different means. When someone insists on doing it in the way that "incidentally" provides them with a commercial advantage, suspect an ulterior motive.
by AnthonyMouse
1/13/2025 at 5:34:29 PM
Easy doesn't mean without any warning, it just means that the device is unlockable by design and without OEM's approval.It would be reasonable to:
- factory reset the device before unlocking it to protect existing data (like Android phones require)
- display warnings, for example "if someone's asking you to do this, it's probably a scam"
- for the owner to be allowed to permanently disable unlocking, e.g. the commonly cited example of someone setting the device up for their elderly parents
by dns_snek
1/13/2025 at 10:41:27 PM
> for the owner to be allowed to permanently disable unlocking, e.g. the commonly cited example of someone setting the device up for their elderly parentsThis opens a wormhole that warps us back to one of the core issues / battlegrounds in computing: ownership, and specifically, the balance of power and responsibility between the owner and the user, when they're not the same person.
Unfortunately, the same means and the same arguments cited in case of "someone setting the device up for their elderly parents" also apply to employers "setting the device up" for their employees (where "setting the device up" may just mean letting it access the company network), vendors "helpfully" "setting the device up" for the customers (this is basically the whole history of mobile phones - bootloaders now, SIM locks before), etc.
I don't know what the good answer is. I'm personally strongly biased towards "end-user should always be the owner" perspective, and while I recognize there are strong examples where this isn't the case, I can't figure out how to cleanly separate "legitimate interest" from for-profit or for-power abuse.
by TeMPOraL
1/14/2025 at 3:43:51 AM
The balance of power between a company and you, vs you and another person, are vastly different, which IMO makes the issues distinct. Presumably the elderly parents are willingly relinquishing control to someone they trust, and they can always go out and buy their own phone if they don't want that.by rendaw
1/13/2025 at 11:46:28 PM
It seems relatively simple to me. Only the owner is allowed to make these decisions, more or less. Employers can only do it to devices they own and provide. Phone vendors cannot do it, and cannot make any services contingent on doing it. A family member in this situation is reasonably acting on the owner's behalf.And while we're at it, let's not allow apps to refuse to run because of rooting.
by Dylan16807
1/14/2025 at 5:17:51 PM
In that scenario I think employers should have the right to make this decision since they own the device and it likely contains sensitive data and credentials belonging to them. But vendors selling devices to retail customers shouldn't be allowed to make that decision unless the customer explicitly asks for help.I think it's pretty consistent, whoever legally owns the device should be allowed to decide what is and isn't allowed to run on it.
by dns_snek
1/14/2025 at 5:34:06 PM
Yes, my point is that in practice, this gets abused. In particular, the possibility enables vendors to invent business models that rely on denying users ownership, and those happen to outcompete the fair, honest models.by TeMPOraL
1/14/2025 at 12:05:46 PM
> factory reset the device before unlocking it to protect existing data (like Android phones require)I never understood this point. From what threat is it protecting the data from? Surely a thief should not be able to unlock a device without first typing the correct pin/password, and it they can do that they should be able to access the data regardless.
by SkiFire13
1/14/2025 at 5:07:55 PM
In principle I agree but the edge case I think has to be accounted for is that many people have weak PINs protecting highly sensitive apps (financial, banking) on their phones like that could be backdoored with root access.There have been times when I really wished that I could OEM unlock my Android device without wiping but overall I think I sleep better knowing that my PIN isn't sufficient to extract all of its data.
by dns_snek
1/13/2025 at 6:25:06 PM
> Making it easy to unlock could make it easy(er) for scammers to get it unlockedAhh, if only governments would start cracking down on scammers.
Alas, scammers are a feature of modern capitalism. You'd not be wrong if you thought modern businesses are built on scamming people.
by inetknght
1/13/2025 at 6:26:44 PM
Unlocking should require a physical modification, like soldering a jumper or flipping an internal switch requiring disassembly. That would filter out basically all scam victims. If a scammer can teach a complete novice how to do micro soldering, they've earned their pay.by e44858
1/13/2025 at 6:43:12 PM
The Chromebooks that require removing a single internal screw are a fairly civilized example of this approach (might be a little harder to execute in a phone).by blacksmith_tb
1/14/2025 at 3:06:03 AM
Maybe requiring a PC connection dev options enabled and ADB, high enough barrier?by Vilian
1/13/2025 at 8:51:54 PM
The Prusa Mini required you to snap a part of the pcb off to flash custom firmware. I actually like this approach, you have to very deliberately break apart of it to signal that you know what you are doing.by jamesy0ung
1/14/2025 at 6:40:41 AM
I guess you want the equivalent of asking an adult friend to buy booze for a party.by pjmlp
1/13/2025 at 4:53:01 PM
> But on many systems these options do not exist because the vendor likes people dependent on them.Dependent is not exactly the right thing here. Lower support costs probably is. If a vendor gives out root access. If that root access can brick a machine. Then you will get a small percentage of very high touch broken things as returns. Customers like this are in the 'dangerous enough' but not 'good enough to do it correctly' stage of hacking. They will then not claim any responsibility for breaking it. As they are hoping you just fix it for free.
I had one customer who would randomly change out stored procedures on our code. Then yell at our tech support for thing not working or being broken. Wasting hundreds of hours of time until we realized what he was doing. Locking him out is very appealing. Instead we sold him and his management on 'we will do the work for you for a fee'. Which was more along the lines of 'you do this again we will fire the customer'.
That is but one small thing that can/will happen.
by sumtechguy
1/13/2025 at 5:57:11 PM
Damage caused by the customer isn't covered by any warranty anyway, and realistically, how many people would tinker with root access as long as the device worked as intended?I'd be really surprised if the number was more than 1 in 100. And if 1 in 20 brick the device in the process, that's 1 in 2000.
According to [1] the average warranty claims rate for consumer electronics is 1 in 100. I doubt the difference in support load would even register on the scale.
by dns_snek
1/13/2025 at 6:25:15 PM
> Damage caused by the customer isn't covered by any warranty anywayExactly. We charged the guy for what he did. We gave him 'sa' access to the database and he tried to burn us.
I think you may be assuming people act rationally? They do not. Most will but you will always get 'that guy' especially at scale. People will lie about what they have done. Or not even realize what they did goofed things up. In my example the guy was asking us to pay them back for defective software (millions of dollars). Right up until we proved he had broke it on purpose. I later found out he did it on purpose (confirmed by former coworkers of his 'he likes to mess with vendors'). He was not even alone. At least 3 other people tried that trick on us at different companies.
Most service requests are 'easy'. Small tweak/reship and off you go. But someone who has really broken something can be as easy as 'ship them a new one' to weeks of trying to figure out why a device has suddenly started acting out of spec. That means at least 1-2 people working on something for a period of time. That costs money.
> I'd be really surprised if the number was more than 1 in 100.
It is the time you have to put into looking into why did you end up with a defect that is not a defect. The margin on some of these IoT devices is in the couple of bucks range or smaller. You have to dedicate 2 guys for 3 months to figure out what went sideways can eat the entire profit margin of the whole run.
I was just saying I can see why a company would withhold the info. I did not say I agree with it. Especially for things that are out of warrantee. I think companies are using it to basically have no support and basically leave what would be a decent customer hanging and hoping they can covert to another sale. There is no 'one reason' there is a list.
by sumtechguy
1/13/2025 at 6:49:20 PM
That seem extremely frustrating.It does seem like there ought to be a reasonable split between personal software and business stuff. I mean you guys had a big contract, it is some negotiated thing between two peers, it could be reasonable to negotiate root in some subsystems, not in others. In the end you can’t really trust anything a system tells you if somebody has full root of it. It seems like you guys keeping control of the logging would be a reasonable give for them, if they expect support. (But why would you guys have planned around a downright adversarial customer? That guy is weird).
Also, doesn’t this seem like… basically some kind of fraud? I wonder if your annoying user expected to be able to add the savings whatever he got back from the support contract to his “value to the company” somehow.
For personal customers who are just buying smartphones, we don’t really have giant support contracts to screw around with.
by bee_rider
1/14/2025 at 1:40:27 PM
It was frustrating. As it was me who got to speed weeks figuring out what this guy did. My group figured out the root cause though was the software was not doing what he wanted. So we made up a new group to sell that custom service to others. Everyone eventually came out ahead there. Because someone in his management chain realized that we had a good breach of contract case. Weird is nice for what he was doing. He was being a jerk because the stuff was forced on him. It broke his small empire of spreadsheets he was holding the company hostage with. Our 'mistake' was assuming our customers were rational. Many are. But you always have a handful that seem to just be in a bad place in life and they like to take it out on others.For IoT devices/cell/etc it could be 'bad' to give out the root password from a company PoV. As there are so many out there with the exact same password on several thousand devices (poor security but you can image a thousand devices in a few hours). So once given out it is written down into some wiki and everyone has it now (welcome to the botnet). So if you get one change whatever you were given and assume everyone else has it. Or maybe the 'secret sauce app' is under some random user account. But give out root and that special secret account is bypassed. Then it is off to china somewhere to be ripped apart and resold under a new brand name and half the cost.
Then on top of that lets say you are a nice company giving the thing out. That means you will need some sort of training for your support guys. Documentation on how to do it. And so on. Those things cost money for a EoL product you no longer make anything on.
Like I said there is a list of things as to why not to do it. There is also an interesting list of why to do it. But the upside is low for the company to allow it. I wish more companies would do it. But it is rare.
If people want companies to do this, the company has to be incentivized to want to spend any time/money on it. If people can make this an upside to companies doing this and not 'shame' and 'you broke the law' the companies will help.
by sumtechguy
1/14/2025 at 4:16:57 AM
It's an old anecdote, but years ago Samsung refused a warranty claim for a _failed USB port_ that would no longer charge the phone _because I had rooted it_ and the fuses were burnt. I think this was unreasonable of them, but it's not like I had any recourse. If vendors were really worried about this aspect, they would/could implement such draconian policies.by error503
1/13/2025 at 5:55:32 PM
That only explains why a company wouldn't want to provide free software support for software they didn't write. There are at least two alternatives to that. First, sell hardware the user can replace the software on, or that doesn't even come with software, and then don't provide software support at all. Second, provide software support and bill by the hour, in which case the customer messing up their stuff and calling your support is the opposite of a problem.You can even combine them if you want. Free support for the software that comes with it but if you replace the boot loader then support calls are billed hourly. There is no excuse for not allowing it -- it's leaving money on the table.
Unless the reason is that locking the user out of the device has the purpose of monopolizing ancillary markets, which should be an antitrust violation.
by AnthonyMouse
1/13/2025 at 2:54:04 PM
Before we put all the blame on vendors, I submit to you, ladies and gentlemen, this: the public finds this tradeoff (privacy for entertainment) completely acceptable. With all the outrage, privacy-centric solutions are out there and relatively easy to find, how come they don't get more traction? Including among the HN crowd?by regnull
1/13/2025 at 4:52:13 PM
There is nothing inherent to the benefits that these companies tout that require them to lock us out of our own devices.What you are describing is not a tradeoff but a magnificent bribe. They bribe us with measly benefits in order to accept the deal that is incredibly favourable for them.
by _aavaa_
1/13/2025 at 11:25:00 PM
I'd argue the general population doesn't even know this trade off exists (not helped by the pros being advertised to users and the cons purposely not mentioned). Even then the minority (us) shouldn't be stopped from doing what we want with our stuff just so some company can make more money.by chainingsolid
1/13/2025 at 3:25:43 PM
> privacy-centric solutions are out there and relatively easy to findReally? Please name them. Over the past 10 or 15 years, I've never seen anything other than the iPhone/Android or Mac/Windows duopoly for sale in any retail store. I've never seen any advertising for other than those duopolies. The HN crowd may be aware of obscure options, but for the vast majority of consumers, they don't exist. And since we as developers make money catering to the vast majority of consumers, we're kind of stuck with the duopoly too, at least as far as our work is concerned.
by lapcat
1/13/2025 at 4:03:41 PM
And as for "why are not selling this in every retail store?", the answer is the same - because if they were, no one would buy them. I found the situation curious, while everyone complains about it, only very few people are trying to do anything about it. Perhaps the breaking point was not reached yet, and something big has to happen to change people's perspective.by regnull
1/13/2025 at 4:24:59 PM
> And as for "why are not selling this in every retail store?", the answer is the same - because if they were, no one would buy them.That's purely hypothetical. How could any prove or disprove the assertion?
The general point, though, is that consumer awareness is essential for sales. People won't buy things that they don't know about. As an indie developer myself, I'm painfully aware of this. It doesn't matter how great one's product is if nobody knows about it. Advertising is very expensive, so it requires vast capital outlays in order to get your products into the minds of consumers and onto the shelves of stores. The big established brands have a massive advantage, making it difficult for competitors to break into the market. Apple itself leveraged its existing brand, with Mac and iPod, in order to promote iPhone. And Apple's primary competitor is Google, who also was already an established brand via search and Chrome.
Remember that back in the day, Microsoft almost destroyed the entire desktop OS market. They almost killed Apple too. Only the Department of Justice put some kind of break on it, and Microsoft let Apple live in order to provide antitrust cover. If MS had for example simply withdrawn its apps from Mac—Office, Internet Explorer (remember that Internet Explorer was originally the default web browser on Mac OS X before Safari!)—Apple likely would have died.
by lapcat
1/13/2025 at 6:16:09 PM
It's not just about familiarity. People are willing to try new things. The actual problems are network effects and vendor lock-in.The hardest part about switching from Facebook isn't installing some other app or anything like that, it's getting everyone else you know to switch from Facebook.
The hardest part about switching from Windows isn't installing Linux, it's getting e.g. game developers to target Linux before it has significant consumer market share.
That isn't to say that doing these thing is impossible, but it certainly isn't trivial, so anyone wondering why it hasn't happened already can't seriously think the only explanation is that nobody cares. It's like saying nobody cares about high healthcare costs -- of course they care, the question is what do we have to do to fix it?
by AnthonyMouse
1/13/2025 at 6:15:26 PM
I'm glad that Fairphones are available in stores right next to Xiaomis, but they cost three times the price for half the specifications. It may plausibly be cheaper to buy a Xiaomi phone and then personally sue Xiaomi to get it unlocked than to buy a Fairphone.by immibis
1/13/2025 at 4:00:29 PM
Here you go: https://us.starlabs.systems/Now, how many of you guys have this? Or anything like this? I bet 95% of the HN crowd happily uses iOS/Android daily.
by regnull
1/13/2025 at 4:18:01 PM
I've never even heard of that before, and I'm terminally online.Anyway, desktop computers aren't really the main problem here. For example, Apple Macs offer vastly more personal freedom than Apple iPhones. If iPhones behaved like Macs in that respect, then we might not be having this debate. To the extent that Macs have been increasingly locked down over the past 15 years, it's mostly just copying the iPhone, porting the "features" over from one platform to the other.
by lapcat
1/13/2025 at 9:27:24 PM
This is the first time I heard about it. Has anyone looked into their claims? Would love to buy an affordable Linux pad or a mini PC.by markus_zhang
1/13/2025 at 10:09:49 PM
FWIW, I have no idea if this is any good. My point is, I found this after maybe 3 minutes searching. If we were to spend 30 minutes, we would definitely find something reasonable.by regnull
1/14/2025 at 9:04:24 AM
I'm using a GNU/Linux phone (Librem 5) as a daily driver, and it has a lot of rough edges. Root access is a no-brainer (it basically runs Debian), but a small company making them can't possibly provide Apple experience.by fsflover
1/14/2025 at 3:23:41 PM
That's fair. What kind of rough edges did you find? I think I'm OK without any Google services, because I can simply keep another phone just for those and banks/trading platforms.by markus_zhang
1/14/2025 at 4:21:58 PM
For me, it's mainly the battery life and the UI lagginess. There are some reviews on the forums: https://forums.puri.sm/t/why-i-stopped-using-my-librem-5-aft..., https://forums.puri.sm/t/librem-5-fatigue/21934.by fsflover
1/14/2025 at 5:45:58 PM
Thanks! Looks like some of the concerns are legit. I guess I'll carry two phones if I buy this one. The web browsing experience is the most concerning one -- if that's bad then I might as well use a dumb phone.by markus_zhang
1/14/2025 at 6:04:07 PM
The web browsing is quite manageable, especially with NoScript. Sent from the phone.by fsflover
1/13/2025 at 11:51:01 PM
> If we were to spend 30 minutes, we would definitely find something reasonable.That's quite an assumption.
by Dylan16807
1/13/2025 at 4:47:33 PM
I have no data to back this up. So what follows is purely my personal opinion.I think the reason people don't care, is because they don't know. The average person either doesn't know or barely knows That anything deeper than what they see in the user interface is happening on their system.
We humans are very much an out of sight out of mind type of creature. If we can't see it, it's hard for us to imagine that it exists.
by freedomben
1/13/2025 at 5:43:03 PM
People know, Facebook and Google getting crap for all their tracking is evidence enough.The reason people don't care is because digital freedom/privacy is largely irrelevant to most people's lives. You can't convince someone to care about something that doesn't affect their life, they're too busy for that.
by Dalewyn
1/13/2025 at 3:11:40 PM
Exactly. Even the people who complain about these things immediately get defensive when you call them out on their uses: "Well, I can't switch because what about my banking app?" or "Well, games don't count as software to me." or "It won't make any difference to the big tech companies if I'm the only one who switches, so why bother?"by ragnese
1/14/2025 at 9:11:08 AM
https://news.ycombinator.com/item?id=20207348by fsflover
1/13/2025 at 3:00:29 PM
“The least bad option in a market oriented against users and designed to maximize profit” is not the same as “completely acceptable.”by pseudocomposer
1/13/2025 at 3:19:36 PM
I believe GP is referring to things like privacy-centric de-Googled Android phones, which definitely are an option. I would not classify those as "least bad" or even bad.GP is correct about Apple products; even among the HN crowd they are likely the most popular devices. I think this is because most readers aren't trying to die on the hill of openness. They're more concerned with software and ubiquity, two areas where Apple is doing very well.
You do get many here enthusiastic about open access to your own hardware, but I think we're talking about a Venn diagram; we're not all the same. (I'm an Android user.)
by MetaWhirledPeas
1/13/2025 at 3:38:24 PM
Actually, I was disagreeing with the GP specifically about Apple products. I'm an Apple user, but very much because they're the "least bad" option. De-Googled Android phones still have awful audio latency (I'm a musician who makes a music app on the side), very limited messaging and notification features, and integrate poorly with desktop OSes. For how I use my devices, open or no, Android simply isn't a viable option.The thing about all this is, Apple's products being well-integrated and well-designed doesn't require them to be locked down the way they are. The EU move to force them to use USB-C/Thunderbolt over Lightning is a perfect example of this. It unilaterally improved things for users, and iPhone 14 vs. 15 sales reflected that pretty clearly.
So I'd especially describe Apple as the "least bad" rather than "completely acceptable." They're specifically what I had in mind saying that.
by pseudocomposer
1/13/2025 at 4:50:21 PM
> Apple's products being well-integrated and well-designed doesn't require them to be locked down the way they are.That's definitely true, and it's what has made me favor Google over Apple for decades now. Google's deal has been free software for the price of your user data, but I've accepted that deal because Google has never practiced predatory lock-in. Apple makes claims to value your privacy (I wouldn't know) while making predatory lock-in fundamental to everything they do. Denying access to your own device is part of this.
The irony is that I loathe the data economy. I think it has gone far beyond what Google ever envisioned (for years it seemed they had yet to discover a way to make money at all). The privacy aspect matters, but I also hate the way it makes companies and their products behave; the way it feels like every click results in an attempt to directly advertise to you. And it's all clumsy and broken. How often are ads even correctly targeted? I feel about conglomerated user data the way I feel about meme coins: it's all built on speculation, hopes, and dreams, and has less to do with people actually buying your product. I can't wait for the bubble to burst and/or for a global ban on the sale and purchase of user data.
by MetaWhirledPeas
1/13/2025 at 5:50:39 PM
I think we're very much in agreement on most of these things, and our "platform loyalty" led us to perceive different options as the "least bad" - that's totally okay, though! I was an Android user from 2009-2020 because I agreed with you, up until I started working on my own music software, which pushed things the other way for me.For your last sentence, though... user data and its utilities are arguably not a "bubble." And as we've seen with AI training, use of data being illegal doesn't really stop companies from doing it. I think we'll have better actual results from governments forcing Apple to let us run our own software on the hardware we buy, as opposed to governments trying to prevent Google, Meta, et. al. from abusing customer data.
A lot of this has to do with the fact that the former is about regulating our rights with hardware, while the latter is about software. Hardware is just easier for governments to regulate. When you try to regulate software, companies will do things like the deliberately-annoying cookie popups we got after GDPR/CCPA, because it's cheap to produce lots of bullshit to experiment with ways around those regulations.
by pseudocomposer
1/13/2025 at 3:27:59 PM
This isn't about privacy. Not directly anyway. This is about your right to have control of your own property.You make a fair point though; the case does need to be made as to why this is a market failure and not just consumer choice working as expected. Why _do_ consumers tolerate manufacturers retaining ultimate control of consumer's property after the sale? It certainly doesn't seem to be that important to them. Maybe greater awareness of the issue would help somewhat?
by Ajedi32
1/13/2025 at 5:01:57 PM
> Why _do_ consumers tolerate manufacturers retaining ultimate control of consumer's property after the sale?Just my opinion from many conversations with normies about this: It's because most of them don't know (the marketing material from these companies certainly doesn't advertise it), and the ones who do know don't care because they wouldn't be able to (technical knowledge) or want to root/unlock and utilize the capabilities.
by freedomben
1/13/2025 at 5:24:42 PM
> the ones who do know don't care because they wouldn't be able to (technical knowledge) or want to root/unlock and utilize the capabilitiesThis is a good point. Some of that is perhaps self-perpetuating: Why root if there's nothing you can do with root? And why develop stuff you can do with root if there's nobody who can use it? If there weren't so much active suppression of software freedom by manufacturers maybe the situation would change and the benefits of consumers having full control of their devices would be more apparent.
by Ajedi32
1/13/2025 at 5:38:15 PM
And ironically, it was the jailbreakers who demonstrated to Apple why the company needed to add third-party apps to its platform that originally didn't allow them.by lapcat
1/13/2025 at 3:59:22 PM
> This isn't about privacy. Not directly anyway.Agree fully. Don’t know why you’re being downvoted. I accept the risk or tradeoff of Apple or MS spying on me. It’s not that, but the right to repair, to tinker, to hack. Those things have brought us so much interesting wonderful things. My entire generation (millennial) has superior tech literacy to both those that came before and after (no shade to the older gen - some of you are better than us, but with millennials it’s so much more widespread than eg gen X). Many younger gens never use ”real” computers (only tablet & phone). The gilded age was an anomaly, and is over.
> the case does need to be made as to why this is a market failure and not just consumer choice working as expected
I swear this consumer choice navel gazing will be the death of innovation. The US is obsessed with this narrative, that the magic market hand will self-correct, without any justification or scrutiny. Yes, consumer choice is necessary, but not sufficient. Just look at the developments in tech over the last decade+. I don’t have the solution but anyone who’s not entirely lost in dogma should be able to see the failures.
by klabb3
1/13/2025 at 5:49:25 PM
Market failures do happen, so I'm not claiming consumer choice is the perfect solution in every case. But consumers aren't stupid either; if this _were_ a mainstream concern the market _would_ self-correct. But it hasn't self-corrected on this issue, because most consumers don't really care that much. So I think you have to carefully consider why that is before you start thinking you know what they want better than than they do and eliminating certain choices by government decree.There are costs to any regulation, and lots of possible unintended consequences. So even though I'm personally a strong advocate for user control and software freedom, I'm wary of acting without strong justification and careful consideration of the underlying reasons behind the status quo.
> I accept the risk or tradeoff of Apple or MS spying on me.
For what it's worth, I do think this issue has indirect effects on privacy. If you have ultimate control of the software on your device, you can use that control in ways that help protect your privacy. Otherwise you're limited to whatever protections the manufacturer decides to grant you.
There are lots of similar positive possible downstream effects of software freedom, which is why I think this is an issue worth serious consideration despite my misgivings.
by Ajedi32
1/13/2025 at 7:06:12 PM
> if this _were_ a mainstream concern the market _would_ self-correct.The underlying premise here is that the alternative is available for consumers to choose, i.e. that you can buy something which is otherwise equivalent to an iPhone but supports third party app stores or installing a third party OS. But that isn't the case.
What you get instead is e.g. Fairphone, which has the specs of a $200 phone but costs $800 and if you actually have root your bank app might break etc. And still many people buy it. So all you can conclude from this is that the price the mass market places on freedom is less than $600 plus some non-trivial usability issues, not that they value it at zero and don't care about it at all.
On top of this, it's a threshold issue. If the median phone was rooted, people would develop apps that need root. When the percentage is some low single digit if not a fraction of a percent, they don't, and then taking the trade offs of a phone that can be rooted isn't buying you what it should because you need a critical mass in order to achieve the expected benefits, but you need the benefits in order to achieve the critical mass. This is the sort of situation where a mandate can get you over the hump.
> There are costs to any regulation, and lots of possible unintended consequences.
A good way to handle this is through anti-trust, because then you can do things like exempt any company with less than e.g. 5% market share. That means not Apple or Google or Samsung, but if there is any major problem with the rule then the market can work around it by having 20+ independent companies each provide whatever it is that people actually want. Meanwhile that level of competition might very well solve the original problem on its own, because now a couple of them start selling unlocked devices without any countervailing trade offs and that's enough to make the others do it.
by AnthonyMouse
1/13/2025 at 3:19:21 AM
Not only profits, but control. Remember the whole CSAM scanning debacle from Apple?by userbinator
1/13/2025 at 4:13:48 PM
was that when they said “instead of uploading the images to our servers to do the CSAM scan, we’ll do a quick once over in the privacy of your own phone to see if we can allow-list your photo” ?And then the whole world suddenly went apeshit, so Apple basically shrugged, said “fine, we’ll do it just like everyone else and put your photos in the relatively unprotected server domain to do the scan”. Sucks to be you.
Understand that at no point was there an option to not do the scan on upload, like all cloud providers, Apple scans for CSAM on any uploaded photos to stay out of any government grey areas.
by spacedcowboy
1/13/2025 at 8:42:00 PM
A server is someone else's device. Your phone is your own device. So no, doing the scan on your own device and making your device your potential adversary is not better than doing it on the server. You can always choose not to use the server.by feanaro
1/14/2025 at 12:44:08 AM
This doesn't follow.Apple only ever scanned images being uploaded to the server. They were only ever going to scan images (even if it was done on the local device) if they were uploaded to the server.
On the one hand you have:
- do the scan in private, get a pass (I'm assuming we all get a pass), and no-one outside of your phone ever even looks at your images.
On the other hand, you:
- do the scan on upload. Some random bloke in support gets tasked with looking at 1 in every 10,000 images (or whatever) to make sure the algorithm is working, and your photo of little Bobby doing somersaults in the back garden is now being studied by Jim.
If you never uploaded it, it was never scanned, in either case.
So yes, you've lost privacy because faux outrage on the internet raised enough eyebrows. Way to go.
by spacedcowboy
1/13/2025 at 6:35:20 AM
It also significantly hampers progress and the utility of tools themselves.This is hacker news after all. What made the computer great was programs. What made the smart phone great (smart) is applications. It's insane to me that these companies are locking down their most valuable assets. The only way this works is if you're omniscient and can make all the programs users could want yourself. This is impossible considering both individuality and entropy (time). Both in the sense that time marches on and the fact that you don't have time nor infinite resources to accomplish all that. I mean we're talking about companies that didn't think to put a flashlight into a phone but it was one of the first apps developed. You could point to a number of high utility apps, but I'm also sure there's many you all use that you're unlikely to find on most people's phones.
We can also look at the maker community. Its flourished for centuries, millennia even. People are always innovating, adapting tools to their unique needs and situations. To some degree this is innately human and I'm not embellishing when I say that closed gardens and closed systems are dehumanizing. It limits us from being us. That person obsessed with cars and makes a sleeper Honda civic, that person that turns trash into art, that person that finds a new use for every day objects. Why would you want to take this away? It even hurts their bottom lines! People freely innovate and you get to reap the rewards. People explore, hack, and educate themselves, dreaming of working on your tech because of the environment you created. By locking down you forgo both short term and long term rewards.
I also want to add that we should not let any entity claim to be environmentally friendly or climate conscious that does not create open systems. No matter how much recycling they do. Because it is Reduce, Reuse, Recycle. In that order. You can't reuse if your things turn to garbage and reusing certainly plays a major role in reducing.
by godelski
1/13/2025 at 8:41:30 PM
this!!! sustainability is a huge aspect that seems to be getting lost in the broader discussion. locked devices are leading to an incredible amount of e-waste and it's entirely preventable.by medhir
1/13/2025 at 12:57:39 PM
A chainsaw does not introduce an opportunity for thousands of remote criminals to steal money from your bank account.by invalidlogin
1/13/2025 at 2:10:51 PM
It does introduce an opportunity to lose a limb, though. I think I'd rather have my bank account hacked.by Retr0id
1/13/2025 at 2:57:40 PM
> It does introduce an opportunity to lose a limb, though. I think I'd rather have my bank account hacked.Exactly!
by lapcat
1/13/2025 at 1:13:08 PM
But like a gun or a knife it may give local criminals an opportunity to threaten (or worse) you into giving them money from your wallet.by logicchains
1/13/2025 at 2:03:23 PM
You are 100% spot-on with the "local" thing here.People living in "bad neighborhoods" have to spend more energy and money on locks, fences, security cameras, self-policing as to not go out alone after dark, etc.
Problem is, Internet (and international phone system, to a lesser degree) makes everything so much closer, that scammers from half-way around the globe are "local" for all intents as purposes. Thus, online, every neighborhood is a "bad neighborhood".
by kees99
1/13/2025 at 3:00:44 PM
> Thus, online, every neighborhood is a "bad neighborhood".This is like the exaggerated crime coverage on the local news.
I've lived in the so-called "bad internet neighborhood" for 30 years, and I'm fine. It's not so bad.
by lapcat
1/13/2025 at 7:42:42 PM
Just like in a bad neighborhood, there's safety in numbers and keeping a low profile.by HPsquared
1/14/2025 at 6:39:20 AM
And there are plenty of laws in many countries on how to use them, seatbelts, helmets, chain gloves, plastic cover, minimum age, access exam,...Failure to obey them, might get jail time on those countries if caught disobeying, or an hefty fine, not counting what misuse might bring in, regardless of the country.
by pjmlp
1/13/2025 at 7:03:17 PM
> I think it's bizarre that we treat computers as the most dangerous products in the world that for some reason demand paternalism, when none of these other products are locked down by the vendor.That's because there are people behind every product, and the people behind computers tend to be the paternalistic, nanny-state type. Just read through the histrionics in any HN thread about leaf blowers, they want every landscaper locked up and their tools of the trade taken away. Someone once suggested they should be forced to use rakes. Imagine if some landscaper insisted what laptop you should use.
As you wouldn't expect to find many in-the-Army buzz-cut guys roaming the Google campus as you would at a gun company, you wouldn't expect some blue-haired face-pierced sales engineer selling you table saws.
It's a cultural thing, nothing more.
by likeabatterycar
1/13/2025 at 4:00:52 PM
> think it's bizarre that we treat computers as the most dangerous products in the worldWe do not? You don't even need a license to buy /operate a computer unlike with some other examples on your list
by eviks
1/13/2025 at 4:13:50 PM
By "we" I meant online commenters debating the issue of tech company device lockdown.I didn't mean "the law". To the contrary, the submitted article author was proposing that we pass laws giving greater individual consumer rights over their devices. But the big tech companies have been viciously fighting against consumer rights, such as the right to repair.
by lapcat
1/13/2025 at 4:20:59 PM
This is also strange as the commenters don't propose the measures that would correspond to viewing computers as more dangerous than guns (lockdown aren't that), but unlike with the law, I don't have a good simple illustration of that.by eviks
1/13/2025 at 4:48:22 PM
> lockdown aren't thatVendor lockdown is that. Defenders of vendor lockdown argue that computer users need to be protected paternalistically from themselves.
For some reason we accept that for computers, but nobody would accept refrigerators and ovens that only allow you to eat healthy foods, nobody would accept homebuilders controlling the doors of your house and having to approve anyone who comes in, etc. Why do computers get this special treatment of vendor lockdown, but not any other product?
by lapcat
1/13/2025 at 5:02:31 PM
Wow, ok, if you think this is on par with the lockdowns that the commenters support for guns (which I've previously proxied as ~ existing restrictions), then I'm not sure what to say> Why do computers get this special treatment of vendor lockdown, but not any other product?
Of course they don't, plenty of other products are treated much more seriously by "us" (supporting lockdowns that limit your own use without supervision), some of them you've already listed
by eviks
1/13/2025 at 5:31:06 PM
You appear to be conflating two different things: legal mandates and vendor lockdown.There are legal mandates regarding the sale and use of certain products. For example, you have to be a minimum age to buy cigarettes and alcohol, stores in some localities can only sell alcohol during certain hours, bars have to close at a certain time, you can't drive drunk, you must wear a seatbelt, you can't exceed the speed limit, etc.
But there are no vendor lockdowns in this regard. A cigarette will allow anyone to smoke it, a container of alcohol will allow anyone to drink it, you car still works if you're drunk and don't put on your seatbelt, etc. If your car made you take a breathalyzer test whenever you wanted to drive, or it didn't allow you to exceed the speed limit, that would be vendor lockdown.
I discussed the issue in another comment: "The equivalent would be if you could only use specific brands of replacement chains, blades, tires, or bullets that are approved by the manufacturer, for which the manufacturer gets a cut of the sales of those replacements." https://news.ycombinator.com/item?id=42684134
by lapcat
1/14/2025 at 3:45:14 AM
A cigarette will not allow anyone to smoke it if the vendor locked down sales and can't sell it to you, so you don't have it. This is a much more serious restriction of consumer freedoms than if anyone can buy and use, but can't smoke when drunk and in bed (fire safety) due to some other lockdown mechanism built into the cigarette itself. More people are affected, and the effect of full exclusion is stronger even though the "lock" mechanism is built differentlySo here is your mistake when you only accept something almost literally identical to computer lockdown (same with your fridge example), but brushing off more serious usage "lockdowns" that don't exist with computers
> The equivalent would be if you could only use specific brands of replacement chains, blades, tires, or bullets that are approved by the manufacturer, for which the manufacturer gets a cut of the sales of those replacements."
Yes, this exists and is common in complex mechanical things, e.g., you lose warranty if you use unapproved parts, or for some parts there is actually not even an alternative, so manufacture is the only one getting a cut
So again, there is nothing unique or "most dangerous" about computers in either reality or people's prescriptions
Although since your argument isn't about real restrictions, but about what commenters support, you'd need to ask them which of these existing restrictions they support vs computers
by eviks
1/14/2025 at 10:21:31 AM
> A cigarette will not allow anyone to smoke it if the vendor locked down sales and can't sell it to you, so you don't have it.You're equivocating on the word "vendor". You know full well that in this context, the vendor means the manufacturer of the computer, for example, Apple, and not the retail store selling the computer, which may not be Apple but rather Best Buy, for example. Likewise, in my analogy, vendor lockdown of a cigarrete would mean lockdown from the manufacturer of the cigarette, for example, Philip Morris, and not the retail store selling the cigarette.
> This is a much more serious restriction of consumer freedoms than if anyone can buy and use, but can't smoke when drunk and in bed (fire safety) due to some other lockdown mechanism built into the cigarette itself. More people are affected
This is actually false, because the only restriction on the sale of cigarettes is that you can't buy them if you're under age 18. Anyone age 18 or older is free to buy and smoke as many cigarettes as they want. Adults have full, unrestricted freedom. And that's what they should have for computers too. For better or worse, children have a huge number of legal restrictions on them.
Computer vendor lockdown affects all adults, no matter how old. Indeed, some people claim that the point is to protect your grandma, yadda yadda.
This is actually my point about being "dangerous". That is, we seem to consider computers as the most dangerous product for fully grown adults who have no age-related restrictions on purchasing things, because nobody is proposing or defending manufacturer lockdowns on other products for fully grown adults. We think that fully grown adults get to decided whether to smoke cigarettes, drink alcohol, eat junk food, etc., but for some reason fully grown adults can't decide to install software on their own computer.
> So here is your mistake when you only accept something almost literally identical to computer lockdown (same with your fridge example), but brushing off more serious usage "lockdowns" that don't exist with computers
I wasn't "brushing off" legal restrictions. I was merely distinguishing them from restrictions that come from the manufacturer.
The difference, of course, is that computer vendor lockdown is not legally mandated, and thus they don't have to lock down the devices. They're doing it totally voluntarily, and I believe the reason is increased profit rather than increased security.
> Yes, this exists and is common in complex mechanical things, e.g., you lose warranty if you use unapproved parts, or for some parts there is actually not even an alternative, so manufacture is the only one getting a cut
And this malicious practice is being challenged by "right to repair" laws.
> So again, there is nothing unique or "most dangerous" about computers in either reality or people's prescriptions
You're missing the entire point here. There are a lot of people who defend computer vendor software lockdown, in the name of "security", but there aren't nearly as many people who defend the warranty practices you just mentioned.
by lapcat
1/14/2025 at 11:55:05 AM
> Likewise, in my analogyI find the limitations of your analogy artifical and thus irrelevant. Other people thinking about the trade-offs aren't bound by whether you decide that in the whole supply chain only the manufacturer's limits should be considered. So while you're free to arbitrarily limit your thinking, that won't help you answer questions like "Why do computers get this special treatment of vendor lockdown, but not any other product?"
> reason is increased profit rather than increased security.
That's fine, but we shouldn't rely on vendor motivation anyway, so the validity of your assessment doesn't help us decide when the increased security is worth it
> You're missing the entire point here
You've cut your quote off to make it seem so. I've explicitly mentioned the perception in the very next sentence
> but there aren't nearly as many people who defend the warranty practices you just mentioned.
That would depend entirely on the specific tech involved and other factors. Are you sure people defending software vendor lockdowns would not defend some limits for parts for nuclear plants? For guns? Also why did you skip the "for some parts there is actually not even an alternative" practice? Would fewer people defend the right of a manufacturer to also manufature parts for sale (forcing some kind of divestment so that the "vendor" doesn't get an extra "fee" from the parts business)?
by eviks
1/13/2025 at 10:43:12 PM
Computers can be dangerous, but the solution is not to let the vendor control security. It is to allow third parties to provide security products.by amelius
1/13/2025 at 12:40:40 PM
Actually, chainsaws, table saws, cars, motorcycles, and even guns all have safety mechanisms installed by the manufacturers and tampering with them voids the warranty.by skywhopper
1/13/2025 at 3:03:52 PM
Nobody is arguing that computers shouldn't have safety mechanisms. But the manufacturers of those devices don't have remote control over what I do with them. There's no equivalent of a "curated App Store" (and one that requires a 30% cut to the manufacturer, which is the real point behind it).The equivalent would be if you could only use specific brands of replacement chains, blades, tires, or bullets that are approved by the manufacturer, for which the manufacturer gets a cut of the sales of those replacements.
by lapcat
1/13/2025 at 5:31:24 PM
Tampering with safety mechanisms on your car voids the warranty on the safety mechanism, not on your whole car. Otherwise using third party mechanics would be impossible.by sudosysgen
1/13/2025 at 3:05:00 PM
Only computers let bad people drain bank accounts at scale.by jshen
1/13/2025 at 3:27:41 PM
Please cite the statistics on the volume of bank account draining before you claim that it happens "at scale".by lapcat
1/13/2025 at 4:15:10 PM
I mean, the nigerian prince scam is almost a meme these days…by spacedcowboy
1/13/2025 at 6:41:09 PM
Interesting example. How does denying root to the user mitigate this attack?by dTal
1/14/2025 at 1:46:08 AM
Much harder to install a key logger or other such shenanigans.by jshen
1/14/2025 at 2:13:28 PM
Install a key logger, when they already have someone on the end of the line willing to install and run whatever software they request? Why?I think the marginal security value of denying root on the computer when you have already wangled root on the human is small.
by dTal
1/14/2025 at 10:37:25 PM
Prior to modern AI, one could be done at scale, now I suppose both can which may change my calculus on this one. I hadn't thought about that until your comment. Thanks!by jshen
1/14/2025 at 1:23:24 AM
This scam is much older than the Internet or even computers. It was called a Spanish Prisoner scam in the 19th century but I would be surprised if it wasn't happening in the ancient world via cuneiform tablets.by ElevenLathe
1/13/2025 at 4:50:52 PM
A meme is not a statistic. Exactly how many people have fallen for the scam, out of all computer users.And how exactly does device vendor lockdown stop this particular scam?
by lapcat
1/13/2025 at 5:04:37 PM
> Exactly how many people have fallen for the scam, out of all computer usersWho the fuck knows ? And how is that even remotely a useful question to ask - it's not answerable, those who commit the scam are the only people with the figures, and there's no "register of fuckers who scam other people" where they have to tell you how well they do.
> how exactly does device vendor lockdown stop this particular scam
Premise 1: All (for a suitable definition of "all") computer users are clueless when it comes to internet security
Premise 2: You are not trying to help any given individual's security, because some of them violate premise #1. You are trying to raise the bar for the clueless hurting themselves.
Premise 3: It is not about "personal freedom". It is about preventing the clueless (by no fault of their own, this shit is complicated) becoming drones and mules for attacks on others. It is an attempt to increase the greater good at the expense of placing restrictions on what any individual can do on their own phone. Those restrictions can be mitigated mainly by coughing up $100/year, which is a sufficient bar to prevent bad guys from doing it en-masse, but not so high as to prevent the people who want to do stuff from doing it.
Stopping people doing stupid stuff because they don't know any better is the goal, and that inevitably gets more and more restrictive as time progresses, because an arms race is instituted between the truly evil arseholes who prey on the clueless, and the manufacturers who don't want their produces seen as vehicles leading the clueless to the slaughter.
Personally I don't give a crap. The iPhone is fine for me as-is, I can install my own software on my own phone, and sure it costs $100/year. That's not a big deal IMHO, in terms of outgoings it barely registers above the noise floor. YMMV.
by spacedcowboy
1/13/2025 at 5:35:46 PM
> Who the fuck knows ? And how is that even remotely a useful question to ask - it's not answerable, those who commit the scam are the only people with the figures, and there's no "register of fuckers who scam other people" where they have to tell you how well they do.Um, why do crime statistics have to come from the perpetrators rather than from the victims? The victims report the crimes, duh.
Anyway, you spent a lot of words avoiding my question, which is how exactly does vendor lockdown stop the Nigerian prince scam? You're arguing that vendor lockdown is supposed to protect consumers, but you can't seem to explain how or how often.
by lapcat
1/13/2025 at 8:10:36 PM
> Um, why do crime statistics have to come from the perpetrators rather than from the victims? The victims report the crimes, duh.You asked for (quoting) "Exactly how many people have fallen for the scam, out of all computer users". Not every crime is reported, duh.
> Anyway, you spent a lot of words avoiding my question
Nope. I can't answer the question because it's non-answerable. If you believe that nobody has ever fallen for phishing, Nigerian-prince, etc. etc. scams, well, I don't know what colour the sky is on your world, but it's not the same as on mine...
If you further believe that allowing everyone root access to devices that are also linked directly to their bank accounts, social security numbers, driving licenses, etc. etc. Then again, sky colour becomes an issue.
You seem technically savvy. I do not believe you are typical of the average phone user. I think the restrictions in place are a necessary tragedy of the commons, to prevent the destruction of trust in the system as a whole.
As I said, YMMV, and I'm not saying I particularly like the situation, just that I think it's necessary, and opening up everything to everyone is a foolish, idealistic, and hopelessly naive idea.
by spacedcowboy
1/13/2025 at 8:25:50 PM
> You asked for (quoting) "Exactly how many people have fallen for the scam, out of all computer users". Not every crime is reported, duh.Not every crime is reported, but it's indisputable that a lot of crimes are reported. So give me a statistic, any reported statistic.
> If you believe that nobody has ever fallen for phishing, Nigerian-prince, etc. etc. scams, well, I don't know what colour the sky is on your world, but it's not the same as on mine...
How do you know this, except from reports by victims? That's what I'm asking for.
And once again, you haven't explained the mechanism by which vendor lockdown prevents this scam. However many or few victims there are of the scam, precisely zero of them are helped by vendor lockdown. I'm not going to stop asking how to explain how vendor lockdown is event relevant here.
> If you further believe that allowing everyone root access to devices that are also linked directly to their bank accounts, social security numbers, driving licenses, etc. etc.
This is hand waving, and it's not clear how root access by the owner of the device somehow exposes userland data to criminals. Moreover, all of this data is on desktop computers, and it's mostly fine.
by lapcat
1/14/2025 at 12:40:13 AM
[sigh] fine. You believe whatever you want.As I said, I don't care about the current OS situation, I think it's actually pretty well reasoned out. I'm not spending my time tracking down statistics for you to "prove" some point to some other person on the internet.
I don't care enough to argue. Have a nice life.
by spacedcowboy
1/14/2025 at 1:11:44 AM
> I'm not spending my time tracking down statistics for you to "prove" some point to some other person on the internet.A simple Google search would do: "Nigerian prince’ email scams still rake in over $700,000 a year" https://www.cnbc.com/2019/04/18/nigerian-prince-scams-still-...
$700k a year as an excuse to lock down over a billion smartphones? Not to mention that once again, this is an email scam, and thus vendor lockdown is irrelevant and doesn't prevent it.
It appears that you're the one believing whatever you want to believe, despite the empirical facts. The problem is that proponents of vendor lockdown always make gross exaggerations to defend it, pure fearmongering.
by lapcat
1/13/2025 at 11:24:24 AM
> There are a ton of products on the market that are vastly more dangerous than computersThe thing with chainsaws and motorcycles is that they look and feel dangerous, and people have an intuitive understanding of how to approach those dangers.
If you ask a random person on the street about safe motorcycle riding, they'll probably tell you about respecting speed limits, wearing protective gear, only doing it when sober, not pulling stunts / showing off etc. I've never been on a motorcycle, have 0 interest in them, and I know those things.
Computers don't work that way. People can't distinguish between a real banking app and a fake banking app that looks real, an update pop-up and a fake "you need to update Adobe Flash Player" pop-up on a phishing website etc.
I've done plenty of "helping non-technical people out with computers" during my middle / secondary school days. That was when people still used Windows a lot, as opposed to doing everything on their phones. Most computers I've seen back then had some app that hijacked your start page, changed your search engine to something strange, would constantly open random websites with "dpwnload now free wallpapers and ring tones for your mobile now" etc. You didn't even have to fall for a scam to get something like that, plenty of reputable software came with such "add-ons", because that's how you made money back then.
I feel like that era of "total freedom" has somehow been erased from our minds, and we're looking at things through rose-tinted glasses. I, for one, vastly prefer the world of personalized ads and invasive surveillance over one where I constantly have to be on alert for my default browser being changed to Google Chrome for the hundredth time this year, just because I decided to update Skype.
by miki123211
1/13/2025 at 3:15:27 PM
> If you ask a random person on the street about safe motorcycle riding, they'll probably tell you about respecting speed limits, wearing protective gear, only doing it when sober, not pulling stunts / showing off etc. I've never been on a motorcycle, have 0 interest in them, and I know those things.How did this matter? People may know these things, but they nonetheless ignore speed limits, don't wear helmets, drive drunk, pull stunts, etc. And the motorcycle manufacturer can't stop them. They have the freedom to harm themselves.
> Computers don't work that way. People can't distinguish between a real banking app and a fake banking app that looks real
Guess what, people can't distinguish between the real and fake apps in the crApp Store either. Let's stop pretending that it's safe, when we've seen over and over that it's not.
> That was when people still used Windows a lot, as opposed to doing everything on their phones.
People still use Windows a lot. Smartphones have not replaced desktop computers but rather added to desktop computers. Almost every desktop computer owner also has a smartphone I believe that desktop computer sales are as high now as ever; I know that's true for Apple Macs, specifically.
> I feel like that era of "total freedom" has somehow been erased from our minds, and we're looking at things through rose-tinted glasses.
It hasn't been erased. The desktop never left. It's been surpassed in volume by smartphones, of course, but let's not pretend that desktops were somehow made obsolete and removed from the Earth. The people who have enough money buy smartphones and desktops. Many even have a smartphone, a desktop/laptop, and a tablet. The choice is not about security, it's about money and form factor. When I leave home, I put a phone in my pocket. When I'm on the couch, I use a laptop. When I'm reading an ebook, I use a tablet.
by lapcat
1/13/2025 at 12:04:29 PM
> You didn't even have to fall for a scam to get something like that, plenty of reputable software came with such "add-ons", because that's how you made money back then.That's why you never blindly clicked "next" in installers. Everyone got one of those IE toolbars accidentally at some point, but it usually only took doing it once to learn the lesson.
by grishka
1/13/2025 at 1:06:40 PM
Why don't they let you firewall your phone?by m463
1/13/2025 at 2:20:06 PM
> There are a ton of products on the market that are vastly more dangerous than computersAn irrelevant "whaddabout" argument.
It doesn't change that we need security and privacy for our information handling devices, as well as personal control. The real conversation is about how to best balance these.
by jmull
1/13/2025 at 3:20:07 PM
> It doesn't change that we need security and privacy for our information handling devices, as well as personal control. The real conversation is about how to best balance these.An irrelevant false dichotomy argument. There's no inherent conflict between security/privacy and personal control. I would argue that a device which has to phone home to the vendor to get approval for everything results in both less privacy and less personal control.
by lapcat
1/13/2025 at 2:51:42 PM
> It doesn't change that we need security and privacy for our information handling devices, as well as personal control.I can do online banking on my PC as root user if I so choose, but I cannot do online banking on my phone because my bank's app employs a rooting detector SDK that as of now even Magisk+a host of (questionable) modules can't bypass.
by mschuster91
1/13/2025 at 4:58:10 PM
> The real conversation is about how to best balance these.How do you even formulate these values so that they're in conflict in the first place?
by PittleyDunkin
1/13/2025 at 5:24:05 PM
I guess people are unaware of the various malicious rootkits that have cropped up?If you're serious about this stuff binary thinking is a mistake. It's not a question of whether rooting is possible or impossible. It's a question of under what circumstances it can be done, and under whose control.
Also, "conflict" is the wrong word here. It's a question of competing concerns not conflicting ones.
We probably want root access to be under the end-user's control, but in such a way that minimizes the ability of malicious parties to exploit it.
e.g., one way would be to allow anyone to easily install any root they want, but to disallow software from, say, the Apple app store from running on such "rooted" devices. While that gives end-users control and would mostly prevent malicious actors from getting things they want, it's probably not what most user's would want. They probably want to run all their regular software along side the root software.
Another way would be to allowing people to easily install software as root, and allow software from popular app stores to run on it. That gives users max control, but is pretty easy for malicious actors to exploit too. People aren't going to be too happy with this when some coupon clipping app starts emptying people's bank accounts.
These are just examples to give the idea of the range of possibilities. The real answer needs to be a lot more nuanced than this. The point is, pretending there aren't issues doesn't get us anywhere. You might as well have no opinion on this.
by jmull
1/13/2025 at 5:33:11 PM
I just don't have this paternalistic instinct to try and protect people from rootkits. Even if I did, this is certainly the wrong way to do so—you need to hold companies accountable for the flaws in their software (for which we have basically no legislation at the moment) or they have no incentive to make the regulations meaningfully protective. Otherwise you just end up with shipping hardware that's still insecure, but checks the right regulatory checkboxes, and still restricts people from using the hardware they bought, and still no way to remediate when something inevitably does slip past the regulatory controls.by PittleyDunkin
1/13/2025 at 5:30:48 PM
Bringing up whataboutism is even less relevant. Comparisons aren't suddenly bad because of an overused buzzwordby mardifoufs
1/13/2025 at 8:37:35 PM
Locking them down also makes supporting them *FAR* simpler.by cpuguy83
1/13/2025 at 5:20:18 AM
Thanks, but no. I'm never buying a device with easy root access for a non technical family member ever again. Freedom is great, and I'm using this freedom to buy something with exactly the capabilities I need.by golergka
1/13/2025 at 9:44:30 AM
So they'll never use a PC or laptop or anything of that ilk again?To use the same logic, they shouldn't be given anything with a visible screw, or are you going to tell me they _wouldn't_ take a screw driver to an appliance because that would be silly for someone who doesn't know what they're doing in there?
by alias_neo
1/13/2025 at 3:28:00 PM
If there were a multi-billion dollar industry of scammers always trying to trick them into taking the screws out of things so they could steal from them, then no I probably wouldn't buy them anything with visible screws.by thinkharderdev
1/13/2025 at 4:10:16 PM
This is a strange argument, kind of like, "We can't defund the police, because look at all of the crime out there!" If there's so much crime occuring already, then what in the world are the police doing?To an extent, crime can't be eliminated. You can't even eliminate crime by instituting a strict authoritarian regime, because power corrupts, and those in power become criminals themselves. That's why turning big tech companies into paternalistic device authoritarians doesn't work. The big tech companies have become massively corrupt, demanding a 30% cut of everything that happens on your devices, in return for what? Some low paid, low skill reviewer spending a few minutes to approve or reject a third party app submission? That's not security, it's security theater.
There were phone scams before there were smartphones. Before there were mobile phones, when everyone had a landline. There's no technical solution for crime and scams, much as tech people want there to be. Education and viligence have always been the only effective resistance. Unfortunately, the big tech companies don't want to do education; to the contrary, they want consumers to be eternally technically ignorant—despite the increasing importance of computers in our lives—because that's more profitable. At least with cars, we have mandatory driver's education.
by lapcat
1/13/2025 at 5:08:23 PM
Which is probably fine, that's not the same as taking away everyone's screwdrivers.The problem is that a line is being drawn in an arbitrary place; if scammers are the worry, don't let them have a phone, or internet or email either, in fact just don't let them talk to any strangers in person or otherwise, but that would be awfully inconvenient for them.
Everyone is willing to make a compromise somewhere so long as the compromise isn't something they care about. Some readers probably think the suggestion of taking away their phone or email is absurd to protect them from scammers, and I'd place preventing root-access in the same category; not disabling it by default, I'm ok with that, but preventing it entirely.
My opinion is that everything should be secure by default, but when it's something you own, there should be reasonable, measured steps to "unsecure" it, whether that's removing a couple of screws, or accepting a disclaimer to gain root access to the device you own.
If I don't own it, let's cut the bullshit and tell me I'm merely licensing or renting it, and we'll adjust the price I'm willing to pay accordingly.
by alias_neo
1/13/2025 at 6:32:45 AM
It doesn’t have to be easy enough to let through a person who doesn’t understand what they’re doing (aka blindly click through the annoying popups - that’d be bad).And non-owners shouldn’t be able to have access solely based on their physical possession - quite the contrary, owner should have means to fully use hardware security features for their personal benefit, locking their own device as tight as they want (within the device’s technical capabilities).
by drdaeman
1/13/2025 at 10:48:38 AM
I take it you mean easily unlockable bootloader, not really out-of-the-box root access which no phone have.I have taken the opposite stance on that. Never again will they be left with some Samsung bloatware which hardly receives any Android updates when phones such as Nexus, Nokia and Nothing costs the same and has excellent LineageOS support.
Lineage is stable, bloat-free self-updating and requires no maintenance from my side.
by xorcist
1/13/2025 at 6:31:01 AM
Just because the device is capable of root access does not mean all users need to beby shortrounddev2
1/13/2025 at 9:48:14 AM
And here is (in effect) a completely legitimate reason for manufacturers to wall off root access. They did not want to sell and support a full-access, general-purpose computer. Nor provide liability coverage for anyone who reprograms their toaster and starts a fire.by bell-cot
1/13/2025 at 8:56:23 AM
It’s impressive how many people downvote this actually über reasonable opinion…by frizlab
1/13/2025 at 10:19:32 AM
Because it isn't at all reasonable. There is no argument to not allow root access. You don't have to use it, perhaps most users would be safer with a conventional user account, but it is not reasonable to outright deny full system right to the owner of a device since there are so many disadvantages connected to that.by raxxor
1/13/2025 at 12:55:15 PM
My thinking is that if I have device that doesn't allow me root access, then what I have is more than likely a device designed to keep making money for the company that made it or wrote the software for it.by DoubleGlazing
1/13/2025 at 12:58:19 PM
But you know you don’t have root access before buying. Why would you buy it if you want root access?by frizlab
1/13/2025 at 1:01:38 PM
I'm willing to stand corrected, but I can't think of a single smartphone on the market from a reputable manufacturer that is sold with root access. If I want a smartphone I have to accept that the manufacturer will have the bootloader locked down, I don't have a choice.by DoubleGlazing
1/13/2025 at 1:17:19 PM
I have zero experience in the android world, but a quick search tells me that Xiaomi Devices, Google Pixel Phones, OnePlus Devices, Redmi Note 4, Samsung Devices and MediaTek Devices at least are rootable, with some rules with various degrees of freedom for the procedure (in particular warranty is voided pretty much all the time when device is rooted).by frizlab
1/13/2025 at 2:17:01 PM
Google Pixels are the few devices that enable not only to unlock the bootloader but also the ability to flash your own keys and still have secure boot together with full kernel sources availability (which is why Grapheneos only support them as far as I know).As far as I know Mediatek (and vendors that use those chips) are usually not good with regards to GPL Compliance, which means no Lineageos if kernel sources are not available...
by karteum
1/13/2025 at 9:41:42 AM
That's because the opinion presents a strawman position. From the linked-to page :> I agree with the premise that consumer devices, such as mobile phones, should be as secure as they can by default. This can even go so far as shipping new devices with locked bootloaders and blocking access to root. ..
> But this shouldn’t come at the expense of being able to make an informed choice to unlock these privileges to install any software you want, even if that means adopting a higher level of risk.
One does not require "easy root access" to make that informed choice - complicated root access (within reason, as pulling out the soldering iron might be a step too far) should be enough for tasks like installing a new OS because the company no longer supports the hardware.
by eesmith
1/13/2025 at 5:14:24 PM
"The reason that computers are locked down by the vendors is not that computers are somehow more dangerous than other things we buy "It makes sense to allow the _buyer_ to responsibly lock out others. This is common in other products that could be dangerous. But allowing the _seller_ to lock out others, e.g., competitors or the buyer, is a recipe for malfeasance, at the buyer's expense. Interestingly, with computers and pre-installed software, there is no option to lock out the sellers such as Apple or the companies that partner with sellers and pre-install software on the computers, such as Microsoft, Google, etc.
"It's all about protecting their profits, not protecting us."
It is interesting that the "protections" are not optional. It assumed _every_ buyer wants the protections from others _and also from themselves_ enabled by default, and also for protections from so-called "tech" companies to be _disabled_ by default. A remarkable coincidence.
Perhaps if buyers were given the option to login as single user and change the default protections some (not all) might disable phoning home to Silicon Valley or Redmond. They might block unwanted access to their computers by so-called "tech" companies who sell them out as ad targets. The so-called "tech" companies and their customers (advertisers) from other peoples' computers might be locked out.
Indeed letting buyers lock out whomever they choose might diminish the profits of so-called "tech" companies.
In the past HN commenters often sidestepped the question of these "protections" as self-serving and argued that so-called "tech" companies serve the "majority" of computer users and in fact these "protections" are what computer users want even though these users were never asked or given the choice to opt-out. If that were true then allowing a "minority" of users to control the protections themselves, i.e., operate as root, would only affect a minority of profits.
by 1vuio0pswjnm7
1/13/2025 at 6:55:33 AM
half of those things have computers in them nowby femiagbabiaka
1/13/2025 at 10:56:24 AM
my fuel injected chain saw, has a data port, but luckily, my back woods repair shop showed me the computerless,seasonal re-tune procedure that only requires a stop watch, works a charm As to other devices....phones, we need a whole re write of the privacy and publishing laws, to allow each person to regulate themselves. With an ultra basic "standard" set up for the masses who do want to be entertained, while having buying "oportunites" presented to them. But it has to be consentual, and basics like a phone number, email address, and personal/comercial web space, a non alienable birth right.Ban utopian concepts outright, and get back to bieng the quarlsome and somewhat violent species, that we are. I am starting to wonder, is the root cause of all of the ancient civilisations, lying in there own dust, what we are doing now, and the vast echoing silence from the stars, the same.by metalman
1/13/2025 at 2:18:52 PM
You've left out one important player here: it's not just about the manufacturers and the masses yearning for entertainment, but also about the surveillance industry. Phones in particular, but computers in general, are increasingly important for surveilling the population in novel ways that AI opens up. Giving people root access on their tracking equipment would jeopardize its surveillance functions, because people might elect to give themselves privacy.by Telemakhos
1/13/2025 at 2:30:51 AM
There's a difference between being able to buy something dangerous and being forced to do soby mixdup
1/13/2025 at 9:40:20 AM
We're heading the opposite way of not being able to buy anything "dangerous" thanks to consumers that you're describing. I've been using a Xiaomi phone that stopped receiving updates in 2020, and have since been running LineageOS, which was made possible by the unlocked bootloader. Xiaomi has since changed its policy and it's basically impossible to unlock the bootloader on newer devices.If not for the "dangerous" unlocking, I would have to run with dozens of severe vulnerabilities right now, all five years worth of them. A decent phone costs large amounts of money here, the hardware on mine is still very good, and so I would have used it regardless. (Yes, I understand that the firmware does not receive updates, but it's still much better than nothing.)
by homebrewer
1/13/2025 at 2:54:07 AM
Forced? I'm not sure I understand.My guess is that you're assuming, wrongly, that vendor locked devices are "safe" and unlocked devices are "unsafe".
All computers that are connected to the internet are unsafe in some ways. The most dangerous apps on your computer are the vendor's own built-in web browser and messaging app.
Also, the vendor-controlled software stores are unsafe cesspools. You will never find a more wretched hive of scum and villainy. Moreover, the vendors deliberately make it impossible for you to protect yourself. For example, iOS makes it difficult or impossible to inspect the file system directly, and you can't install software such as Little Snitch on iOS that stops 3rd party apps—as well as 1st party apps!—from phoning home.
In any case, most computers, including Apple computers, have parental controls and the like, so you can lock down your own device to your heart's content if you don't trust yourself, or you don't trust the family member that you're gifting the device.
by lapcat
1/13/2025 at 3:31:13 AM
Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point standsAnd the assumption you refer to, there are varying definitions for "safe". Is a device with a locked bootloader 100% safe in all use cases and all circumstances? Of course not. But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
If Apple, or anyone else, were precluded from locking the boot loader yes, I would be forced to buy a device that the FBI or anyone else could in theory poke around on enough to try to get at my data
by mixdup
1/13/2025 at 3:37:09 AM
> Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point standsYou're scared of the wrong thing. The greater danger isn't arbitrary software but rather your son running up massive App Store charges on IAP of exploitative games and other scams. And if you think Apple will refund you, think again. Locking the device to the crApp Store isn't the solution. To the contrary, the solution is to enable parental controls to prevent access to the crApp Store.
> But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
These are possible without vendor lockdown. Devices can be and are designed so that the consumer can lock the device down and prevent modification, etc. Of course you can't constrain yourself, if you have the credentials to unlock the device, but you can constrain everyone else, whether they're children on the one hand or thieves/attackers on the other.
by lapcat
1/13/2025 at 6:44:09 AM
> but if it can be unlocked to run arbitrary software then he can in theory unlock it.
by godelski
1/13/2025 at 4:57:19 PM
> Yes, consumers do sometimes harm themselves by using these products. That's the price of freedom."Freedom" is also a terrible argument for this. What does it even mean? Freedom from what? Freedom to do what? It's such a meaningless word you're going to lose half your audience just by bringing it up.
by PittleyDunkin
1/13/2025 at 6:27:45 PM
"Freedom - the condition of being free; the power to act or speak or think without externally imposed restraints"When the context is "digital devices", it becomes pretty clear what it means. You should be free to use it however you want, without externally imposed restraints.
Locking down the device so much so users cannot run applications they've written themselves without the approval of the company who made it, isn't "freedom" as the required approval from the company breaks the "without externally imposed restraints" part.
by diggan
1/13/2025 at 7:24:42 PM
> "Freedom - the condition of being free; the power to act or speak or think without externally imposed restraints"Yea, this is a nice thought if you don't live in society. However, it falls apart pretty rapidly once you realize "your freedom to stops at my freedom from". So it's a non-starter.
by PittleyDunkin
1/13/2025 at 7:32:37 PM
> Yea, this is a nice thought if you don't live in societyWell, democracies are societies, and you have much freedom in (most of) those. Not sure where you live, but if possible, you can always try to vacation in one to experience it yourself :)
> "your freedom to stops at my freedom from"
I don't understand what this means, nor how it relates to having root access on your digital devices. Could you possibly explain this again? I want to understand.
by diggan
1/13/2025 at 10:50:50 PM
Probably means something like: if you eat this donut then I cannot eat it, ergo your freedom and my freedom are at odds.by amelius
1/13/2025 at 2:36:16 AM
This is a very popular HN opinion; but not a very popular real world opinion.The average customer wants a device that works consistently, every day, that is easy to use, with a collection of 3rd party apps who won’t steal their life savings.
Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror. The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
We can also see this in the console market. Windows exists; old gaming PCs exist; the locked down console market will be with us forever because even Windows can’t deliver a simple experience that reliably works.
by gjsman-1000
1/13/2025 at 2:41:55 AM
The average customer wants a car that doesn't explode because you installed a sketchy spark plug. Does that mean the manufacturers should install locks on the hood of every new car, with the threat of jail time if you pick the lock and look underneath?by do_not_redeem
1/13/2025 at 2:43:01 AM
A sketchy spark plug does not have the ability to make a car explode, so the analogy is pointless.On that note, even if someone stole your car, at least your car does not have access to your bank account, your passwords, your messages, and even your sexual history. The personal and reputational cost of losing a car is not comparable.
Many people would actually probably prefer their car to be stolen than the contents of their phone be public.
I think a more accurate comparison would be to an electrician. In Australia, doing your own electrical work is a crime even for the homeowner, because it can cause physical death, and is too likely to be done wrong. Yes, you will possibly go to jail for replacing $2 light switches. I assure you that most people’s phones have things they would prefer physical death over being publicly distributed.
by gjsman-1000
1/13/2025 at 2:47:33 AM
> On that note, even if someone stole your car, at least your car does not have access to your bank account, your passwords, your messages, and even your sexual history. The personal and reputational cost of losing a car is not comparable.You're conflating vendor lockdown with device encryption. The latter does not require the former.
by lapcat
1/13/2025 at 9:46:25 AM
While cars don't have access to your complete sexual history, note that https://foundation.mozilla.org/en/blog/privacy-nightmare-on-... points out:"The very worst offender is Nissan. The Japanese car manufacturer admits in their privacy policy to collecting a wide range of information, including sexual activity, health diagnosis data, and genetic data — but doesn’t specify how. They say they can share and sell consumers’ “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties."
by eesmith
1/13/2025 at 5:54:25 AM
> In Australia, doing your own electrical work is a crime even for the homeowner, because it can cause physical death, and is too likely to be done wrong. Yes, you will possibly go to jail for replacing $2 light switchesAnd do you find this reasonable, and a good thing to expand to smartphone use?
by seszett
1/13/2025 at 8:12:32 AM
It’s bullshit, there are no laws banning you from replacing a light switch in Australia. At worst you might invalidate your home insurance.by mattclarkdotnet
1/13/2025 at 10:56:53 PM
There's a lot of it about, mate. The other day I had an American tell me with a straight face that we can get jail time for flying a Union Flag here in Blighty - I guess there's a big industry for convincing people that everywhere else is a hellhole over there.by jwmcq
1/13/2025 at 8:10:45 AM
It’s not a crime to do your own electrical work in Australia, it just invalidates your insurance unless you get the work signed off. The websites saying it “could be illegal” strangely never reference the actual law you’d breach.by mattclarkdotnet
1/13/2025 at 7:28:59 AM
> I think a more accurate comparison would be to an electrician. In Australia, doing your own electrical work is a crime even for the homeownerIn this comparison Google and Apple have the role of the government, if you believe that argument, that also implies that you believe they should be broken apart for antitrust
by realusername
1/13/2025 at 9:49:42 AM
Sounds a lot like "We don't need free speech because I have nothing to say".Just because you don't need or want it, doesn't mean it's not an important right to protect. Considering the influence of computers these days, the right of general purpose computing is probably at least as important as the right to free speech.
by _Algernon_
1/13/2025 at 2:38:35 AM
And consumers can have that. That doesn't mean I should be unable to unlock my phone and do whatever I want with it.by stavros
1/13/2025 at 2:40:28 AM
The problem is not the ability to unlock your phone.The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).
There is a reason malware is over 50 times as prevalent on Android.
by gjsman-1000
1/13/2025 at 6:01:54 AM
> The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).Why would you think that?
Many Android phones can be unlocked, so it's not a hypothetical situation. I does not enable software piracy, since piracy doesn't depend on root. I know a few persons would install of sort of shit on their phone, including obvious malware, and they lack the knowledge to root their phones.
The data extraction problem happens today on unrooted phones in a "legal" way, it's done by your regular friendly companies like TikTok, Google or Meta. Rooting enables limiting this which is likely why they are against it.
If you look around on forums that discuss the topic of unlocking/rooting Android phones you will see that there is little discussion of piracy and people seem mostly driven by the will to control their own machine instead.
by seszett
1/13/2025 at 3:39:26 AM
Having worked on catching Android malware, I can assure you that Android malware does not proliferate because people can unlock their phones.by saagarjha
1/13/2025 at 3:45:27 AM
Given that the vast majority of Android devices aren't rooted, bootloader unlocked, or even installing apps from outside the store(s) that they ship with, what exactly do you think is the reason for more malware on Android? (Taking the claim at face value)by yjftsjthsd-h
1/13/2025 at 2:30:55 PM
>The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).The first point is irrelevant once I've bought a thing. Once I own a thing it is mine to do with what I want, and the company's interests ought to be irrelevant. As for your second point, that is mitigated by making the process sufficiently annoying (eg. hiding it in the developer menu).
by _Algernon_
1/13/2025 at 2:45:57 AM
Why do I give a shit about the company? I bought the phone, it's mine, I should be able to unlock it. If I catch malware, I'm an adult and I'll live with my choices.> There is a reason malware is over 50 times as prevalent on Android.
What's the reason for that bogus-sounding statistic?
by stavros
1/13/2025 at 9:51:31 AM
Let's say for a second it was accurate (It's probably not), perhaps it's because Android has a far higher market share globally, and it's much cheaper and easier to get started writing apps (or malware) for Android than say iOS.You also don't need to buy a single device from Google to get started. You can take the PC you're at and get started right away, and publish that app (or malware) without spending a penny (though I don't recall whether they still charge that nominal fee to get a developer account).
Saying 90% of people root for piracy is hilarious, I rooted every Android device I owned until the last one or two, and I've never pirated anything, why did I root? Mainly for customisation and host-based ad-blocking.
I can't understand the thought process of these people who think the things you own should be locked down to protect you.
We should stop selling screwdrivers too in case someone's granny tries to open their toaster and electrocutes themselves, after all, a screwdriver is the pre-tech root access to all things electrical and electronic. I suspect those same people who argue in favour of locking these devices down would also say "don't by silly, my granny wouldn't open her toaster with a screwdriver, because she's not an engineer".
by alias_neo
1/13/2025 at 10:03:40 AM
Yeah, agreed. This "I don't want to own my things because I want Big Brother to protect me" attitude is really frustrating, especially when you can have protection without Google holding all the keys. GrapheneOS isn't less secure than stock Android.by stavros
1/13/2025 at 12:03:40 PM
It's a kind of madness people only have towards our (technology/IT) industry.I don't know if it's because they don't understand it, and that's scary, so they think it's safer for the big boys to hold the keys, but imagine if people acted the same in other contexts?
"The bank should keep hold of the keys because otherwise I might accidentally lock myself out, or lose my keys, or leave the door unlocked for a bad guy to come in and steal my stuff".
That's fine if you can't trust yourself to look after them, let someone else handle your keys for you, perhaps someone "trust worthy" could offer it as a service, but I'll keep my keys in my own pocket thanks.
by alias_neo
1/13/2025 at 1:26:01 PM
It came out in the Apple vs Epic trial that 90% of all App Store revenue comes from in app purchase for games - mostly pay to win games.If they all went out of business, nothing of value would be loss.
Then you have apps that are free clients for services.
There is very little legitimate money being made by mobile from people actually buying apps
by scarface_74
1/13/2025 at 10:54:25 AM
Where does the 50x figure come from and what types of malware does it include? It doesn't really match neither my experience or pricing on the grey exploit market.Malware has a wide definition however, and if you include all the spyware included with phones that aren't sold outside China and to a degree also India, you could probably hit that mark. But as they aren't allowed to access Google services or the official Play store, it's also a bit misleading.
by xorcist
1/13/2025 at 10:31:23 AM
There would be no piracy on smartphones. That would require desirable applications. Those don't exist because the environment is that shitty.by raxxor
1/13/2025 at 6:36:54 AM
> The average customer wants a device that works consistently, every day, that is easy to useAnd it can only be archived with a fully locked down hardware?
Of course not. The modern OS archives system security through permission and isolation, which don't require bootlock etc to work. In fact, it worked well too even after the device is unlocked & rooted.
> Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror
Windows (and Linux for that matter) is not modern OS. They're classic OS that offers the entire computer as playground for the program running on top of it. That's why Windows can be contaminated with a single malice EXE, but not Android or iOS.
OSs are not the same, don't try get the water muddy that way.
by nirui
1/13/2025 at 7:45:54 AM
Android is Linux. :-/by oneshtein
1/13/2025 at 7:58:10 AM
Android is built on top of Linux. Android the OS has a lot of permissions layers between an app and the bare metal.by lukevp
1/13/2025 at 1:28:06 PM
Still, those permissions are standard Linux permissions. So the argument that Linux is less secure than Android is a little hard to understand. A little more specificity might help.by xorcist
1/13/2025 at 5:18:41 PM
They're definitely not "standard Linux permissions." Yes Android does use many of those (such as standard user IDs, file system permissions, and now SELinux) to implement some of its permissions, but it adds a ton of permissions on top that are not part of Linux.by freedomben
1/14/2025 at 7:48:58 AM
They are part of what then? Android is built on top of Linux.by oneshtein
1/14/2025 at 3:35:42 PM
They're part of Android. Android is not Linux and Linux is not Android, anymore than a car is a wheel and a wheel is a car. Don't confuse the foundation with the building.Here's the API reference if you'd like details [1]. They are very much not just standard Linux permissions. Android includes a huge set of APIs on top of Linux
[1] https://developer.android.com/reference/android/Manifest.per...
by freedomben
1/14/2025 at 5:19:46 PM
KDE and Gnome also implement tons of API on top of Linux ecosystem. Android is Linux system, because it based on Linux.by oneshtein
1/13/2025 at 12:40:09 PM
There's nothing wrong with wanting that, but as the author said those of us who want to opt-out should have the choice to do so.If I buy an iPhone, I should have the option to completely disconnect it from Apple and be able to replace the OS with whatever I want. If I do not have the option to do that do I REALLY own the device? The answer is no bacause what I have is a device that I can only use the way Apple allows. When the phone is obsolete and Apple stops updates then all I can do is send it off for recycling since Apple won't allow me to repurpose it with new software.
You are putting a lot of trust in the manufacturers as well. For example, they have the technical capabilities to kill the second hand market in their devices if they simply decided to refuse to allow a new user to login to a device. Sure, you could still sell the hardware, but it wouldn't be much use if the manufacturer stopped it from connecting and autorizing. I know this is an extreme example and no sane manufacturer would implement it, but I think it demonstrates why having to option to disconnect is a good thing.
The same applies to all other devices that are locked down, things like smart TVs, IP cameras and appliances. Just look at how many early smart TVs are now dumb because the manufacturer stopped updating the on-board apps. There should be no reason why the owner of such devices should be allowed to do whatever they want with them to try and bring them back to life.
by DoubleGlazing
1/13/2025 at 2:44:40 AM
> with a collection of 3rd party apps who won’t steal their life savings.This is blatant unempirical scare mongering. How many desktop computer users have had their life savings stolen by 3rd party apps? Citation needed.
> The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
This is a false dichotomy. Almost all desktop computer users have a smartphone too. The people who have enough disposable income buy both smartphones and desktop computers. There's no inherent conflict between the two.
> the locked down console market will be with us forever because even Windows can’t deliver a simple experience that reliably works.
That's a competely ahistorical interpretation. Originally, the gaming consoles had no third-party games: the games were all written by the vendors. The first third-party game development company was Activision, a group of former Atari programmers who learned that their games were responsible for most of Atari's revenue, but Atari refused to give them a cut, so they left and formed their own company. There was a lawsuit, and it was ultimately settled, allowing Atari to get a cut of Activision while allowing Activision to otherwise continue developing console games. It had nothing to do with "reliablity" or "security" or any kind of made-up excuse like that.
by lapcat
1/13/2025 at 2:46:50 AM
[flagged]by gjsman-1000
1/13/2025 at 2:57:33 AM
> You’re kidding, right? You seem to have completely forgotten, or put the drunk glasses, on what living in the 2000s was like.Again, citation needed. I made it through the 2000s just fine, thank you.
> What a stereotypical HN comment. Cite something that only applied to the 2nd generation of consoles to prove me wrong, even though my point spans almost all console generations.
No, I was explaining the historical origin of the game console business model. Of course the business model continued, as these things usually do, through a combination of monetary incentives and inertia.
by lapcat
1/13/2025 at 2:05:11 PM
> Again, citation needed. I made it through the 2000s just fine, thank you.Playing devil's advocate: banking trojans used to be really common here in Brazil back in the pre-smartphone era of the early 2000s (smartphones already existed, but weren't very commmon; most people who used online banking did it through their home computers). They're the reason why, for a long time, it was hard to use online banking on Linux: banks required (and still require) the use of an invasive "security plugin" on the browser (nowadays, there's also a Linux version of that plugin, which IIRC includes a daemon which runs as the root user), which attempts to somehow block and/or detect these banking trojans.
by cesarb
1/13/2025 at 2:55:16 PM
> Playing devil's advocateWhat does this even mean? Do you stand behind what you say? If so, then just say it without hiding behind the devil. And if you don't stand behind what you say, then why in the world are you saying it?
by lapcat
1/13/2025 at 3:02:38 AM
Of course. As we all know here, any business that gets started will go on forever regardless of market fit.by dullcrisp
1/13/2025 at 3:13:14 AM
This is a silly criticism. After all, as we all know here (right?), Atari itself fell on hard times. I was talking about the business model, not a specific business. Vendor lockdown and taking a cut of 3rd party software is clearly quite lucrative for vendors, and that's why they do it. There's of course no guarantee of success, but it's obvious why other vendors have emulated that business model.It may be only for historical reasons that desktop computers aren't completely locked down too. It's a lot easier to lock down a new device class, like smartphones, than it is to lock down an existing open device class, without causing consumer outrage and rebellion.
by lapcat
1/13/2025 at 7:07:30 AM
I worry about the long term health of general-purpose computing. It's not going anywhere today, but I fear for future generations that will likely eventually never know the joy of bending a computer entirely to their will, because they'll have never known computing without guardrails.by LocalH
1/13/2025 at 3:59:13 PM
> Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror. The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.Yet that trust is, for the most part, unfounded. There's a ton of malware in app stores - you can assume any app that contains ads is sending data about you to some shady server, for example. You can't even trust the most popular apps not to be malware [0].
by throwaway7623
1/13/2025 at 10:27:46 AM
If you explain all details about the advantages and disadvantages to them, I am sure they would think differently.There are much more "hostile" smartphone apps that exfiltrate your data and sell it to the largest bidder than there are compromised executables these days. Also there are more profitable scams than compromising a PC system outside of industrial espionage.
PC in contrast to consoles always were a cost or usage factor. The difficulties of operating a PC isn't significant. It also heavily increases digital competency of the user for computer systems. If you really don't want that, you have other options.
by raxxor
1/13/2025 at 8:27:04 AM
The average customer only exists in marketing people's heads.by tliltocatl
1/13/2025 at 11:57:16 AM
You can stop saying this now, those numbers (of ignorant users) no longer serves the argument. We did our job in informing the majority.by sans_souse
1/13/2025 at 3:49:55 AM
that's a, frankly, stupid argument. the conclusion doesn't follow the premise.then don't root your phone or download an .exe. having the ability to do something doesn't mean you are forced to do it.
not safe enough for you? fine! make the current status quo comfortable walled-garden-of-illusionary-fake-safety the default. for example, there's no reason windows needs to by default allow unsigned code to run. hell, even make it really annoying to turn off.
but the "safety" and "easy to use" arguments against right-to-repair, digital rights, ownership, etc. is simply nonsense. there is literally ZERO negative safety or usability impact to anyone else's device because i'd like to own mine.
it's also an insulting and disingenuous argument to hear anyone on this forum make: our careers and entire segment of the economy would not exist if it were not for open systems. and it's insulting to basically say "bubba/granny is too dumb to be trusted" with owning their own device.
by fargle