We should have the ability to run any code we want on hardware we own

Even if they ban you for a reason, you're screwed. Granted, the ban may have been warranted, but you're essentially put into a societal prison with no due process or recourse.

Say, if you're blacklisted by a fascist government, for example. Tim Cook's pledge of loyalty was disturbing on many levels.

We've reached the point where people without devices or common online services are so rare that society no longer accommodates them. It's similar to how we need legislation to ensure that disabled people have accessible infrastructure, except I doubt there will ever be legislation mandating offline/off-app accessibility.

I work for some local governments in Belgium and with every system they put in place I keep insisting on a analogous version. Online forms? Great but if anyone chooses the should be able to send in a paper form or get assisted by someone who fills in the online form for them.

That's pretty fucked. It should be utterly illegal to put parents in a triple bind like that. You have my sympathies.

I think I might enjoy the CPS scenario... let them call CPS, and wait for CPS to arrive, and then discuss with CPS who is endangering the child, the parent or the school. I'm pretty sure a judge will quickly decide whether their rule makes sense or not, and I think judges in child protection cases are going to quickly side with what's important for the child.

I HATE this kind of nonsense, and threatening you as a parent is only making things worse. Why not offer a way to handle this on a simple website? It would have lower cost to the school and be more accessible to anyone with any device able to access websites. Nonsense.

If it is a public school, the state should “intervene,” but really it isn’t an intervention, it’s the state’s school they should fix their stupid policy.

For the bank, I don’t really see why it would be preferable to intervene with the bank vs the tech company. Either way the state will have to impose on a private company.

> You need a bank to function--that means the bank should be prohibited by law from tying you to an app from a particular company, whether it's Google or Apple or anyone else. You should be able to access their functions using any client that supports the appropriate open standards (such as web browsers).

Really this is an interoperability problem, so the government would have to impose on both sides. An OS should be mandated to come with a browser than supports some locked down functionality—a subset of HTML, nothing fancy, no scripting or anything like that. The bank should be required to provide a portal that speaks that language.

You mean like if there were a standard (JSON, XML, whatever) format of document that you could cryptographically sign which would order a transaction to take place? Kind of like a digital teller's slip?

I sometimes contemplate that this sort of incidental ToS should be 100% unenforceable.

Here’s what I mean: suppose I want to order a cup of coffee at a cafe. I’ve made a choice to go to that cafe, and it’s at least generally reasonable that the cafe and I should agree to some terms under which they sell me coffee, and those terms should be enforceable.

But if the cafe requires me to use an app, and the app requires me to use a Google account, then using the app and the Google account is not actually a choice I made — it’s incidental to my patronage of the cafe. And I think it’s at least interesting to imagine a world in which this usage categorically cannot bind me to any contract with the app vendor or Google. Sure, I should have to obey the law, and Google should have to obey the law, but maybe that should be it. If Google cannot find a way to participate without a contract, then they shouldn't participate.

I might even go farther: Google and the app’s participation should be non discriminatory. If the cafe doesn’t want to sell me coffee, fine. But Google should have no right to tell the cafe not to serve me coffee.

(For any of this to work well, Google should not be able to incorporate its terms into the terms of the cafe. One way to address this might be to have a rule that third parties like Google cannot assert any sort of claim against an end user arising from that end user’s terms of service with the cafe. If Google thinks I did something wrong (civilly, not criminally) in my use of the app, they would possibly have a claim against the cafe, but neither Google nor the cafe would have a claim against me.)

Clearly the logical threshold is when a single private corporation becomes the gatekeeper to your life. The internet itself is decentralized so that's fine. Mobile phones as a concept is also fine.

> not sure where is the logical correct threshold making it wrong

This can't be more clear: Forcing to use the duopoly is against the competition and is totally wrong.

Only competition can provide a solution. We have lost sight of this principle even though all Western democracies are built on the idea of separation of powers, and making it hard for any one faction of elites to gain full control and ruin things for everyone else. Make them fight with each other, let them get a piece of the pie, but never all of it. That's why we have multiple branches of government, multiple parties etc. That's why we have markets with many firms instead of monopolies.

There has never been a utopian past and there will never be a utopian future. The past was riddled with despotism and many things that the average man or woman today would consider horrific. The basic principle of democratic society is to prevent those things from recurring by pitting elite factions against each other. Similarly business elites who wield high technology to gain their wealth must also compete and if there is any sign of them cooperating too closely for too long, we need to break them up or shut them down.

When Apple and Google agree, cooperate, and adopt the same policies - we are all doomed. It must never happen and we must furthermore break them up if they try, which they are now doing.

> A handful of tech-savvy users with rooted devices and open-source software will not make a difference to the giant crushing machine that is the system.

Agreed, although I don't think that's entirely true, its just that post-smartphones we no longer have any political agency over a significant volume of the new traffic. Much of the new traffic represents that faction of people who initially mocked the internet as "nerd shit". But we don't have to get discouraged by our smallness here.

Rather we can offer a sub-system that satisifes our demands and is an open door to those willing to find it. We could try to fight our corner, but unless we're incredibly organised, its unlikely they'll listen due to how less relevant we are, now that all the normies transitioned online.

So we either jump ship to other, more permissive platforms and help make them good by developing software that closes the gap, or we counter by attacking the systems that prevent people from installing software on the device they have bought.

We just shouldn't expect the general population to care about our problems en-masse because they never have and never will. We will make a difference by creating an alternative sub-system that is poised to grow when the giant crushing machine stumbles at some point in the future.

We can't hate people for picking the parental wing of Apple because for most normies they don't enjoy the freedoms of technology, its the choice and difficulty that they conversely find oppressive.

The problem is that tech-savvy users are like bikers, most of us are law-abiding and want the best for society.

Then there's the 1%'ers, people causing trouble, be it by being biker thugs or malware authors or toplevel pirates, actually disrupting the system but often not in a way that's good for the masses and when clashing authoritans the authoritans win due to the masses good.

And yes, the "good" for the masses is more about malware whilst DRM is more of powergrab by media industries that were unwilling to adapt.

I am looking forward for the day I remote ssh into a <insert kvm solution> controlling my iPhone/Android so I can login to my bank app because they stopped allowing web access, and I don't want to compromise on privacy. Shit is nuts.

> What I like about your comment is that it points out that all technical work-arounds are moot if people as a whole are not willing to stand up with pitchforks and torches to defend their freedoms.

If your system requires extraordinary political efforts from large numbers of people, your system will fail. We are the elites, we have to oppose this. If Netflix asks us to implement this kind of DRM, we have to resign. If Facebook asks us to implement sophisticated surveillance, we have to resign. Etc. etc. We can't keep cashing the checks and then point to the body politic like "I beg you to stop me".

Telling people how they have to design their systems is the opposite of freedom.

Most people don't want to have to learn multiple operating systems or ways of doing things.

Your parents are more likely to be a victim of a phone call scam than malware, even on PC. There is also no guarantee that malware will not slip through cracks of official stores or signatures.

You can also choose to do your banking at the physical branch.

We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well; these permissions could be locked or frozen if there is concern about users, just like work devices are provisioned with limitations. It all depends on your threat model.

Everything in life is about trade-offs. Certain trade-offs people aren't going to make.

- If you want to run an alternative operating system, you got to learn how it works. That is a trade off not even many tech savvy people want to make.

- There is a trade-off with a desktop OS. I actually like the fact that it isn't super sand-boxed and locked down. I am willing to trade security & safety for control.

> Personally I think we need to start making computers that provide the best of both worlds. I want much more control over what code can do on my computer. I also want programs to be able to run in a safe, sandboxed way. But I should be the one in charge of that sandbox. Not Google. Definitely not Apple. But there's currently no desktop environment that provides that ability.

The market and demand for that is low.

BTW. This does exist with Qubes OS already. However there are a bunch of trade-offs that most people are unlikely to want to make.

https://www.qubes-os.org/

It is the other way around. The security model of mobile devices seriously inhibits innovation and we end up with ever the same crappy apps we don't really need.

I also don't believe more people get scammed on PC compared to mobile platforms. Scammers go where the most naive people congregate.

A sensibly configured Linux system is very secure compared to your mobile device. No security model can really shield against user stupidity. The people would need completely different devices as they simply aren't fit to use a computer. My parents are the same, but I won't accept a bad compromise of an OS just because they essentially need other devices.

At some point a user will be asked to allow execution of code they got through some fishy mail. There is no defense against that other than for the user sticking to books.

Good point. The current security model of desktop OSs sucks. I was recently reminded of this by an issue at work. I'm used to devs having admin rights on their laptops, but here they closed that down: you have to request admin rights for a specific purpose, and then you get them for a week.

I recently requested those rights again because I needed to install something new for a PoC I was working on, and that wasn't allowed anymore. But during onboarding I had those rights and installed homebrew to more easily install dev tools, and homebrew keeps its admin rights to install stuff in a directory owned by admin. So that circumvents this whole security model (and I did, for my PoC).

The problem is that it's all or nothing. Homebrew should have the right only to install in a specific directory. Apps shouldn't automatically get access to potentially sensitive data. Mobile OSs handle that sort of thing more granularly. Desktop OSs should too.

Because the overly restrictive security rules at my work are little more than security theatre when it's so easy to circumvent.

As is Android has support for multi user more.

Get some real sandboxing, let me install whatever I want in my sandbox.

That's a bare minimum.

I also want "I am an adult" mode where I get to do what I want. If Google wants to flag secure net, fine. Not every thing is going to work.

> Any program I run is allowed to silently edit, delete or steal anything I own ... there's currently no desktop environment that provides that ability

Putting aside the philosophical issues, that statement isn't true for a few years now. It's not well known, even in very technical circles like HN, but macOS actually sandboxes every app:

• All apps from outside the app store are always sandboxed to a lesser degree, even if they are old and don't opt-in.

• All apps from outside the app store may opt in to stricter sandboxing for security hardening purposes.

• All apps from the app store are forced to opt-in, must declare their permissions in a fine grained way, and Apple reviews them to make sure they make sense.

To see this is true try downloading a terminal emulator you haven't used before, and then use it to navigate into your Downloads, Photos, Documents etc folders and run "ls". You'll get a permission prompt from the OS telling you the app is requesting access to that folder. If you click deny, ls will return a permission error.

Now try using vim to edit the Info.plist file of something in /Applications. ls will tell you that you have UNIX write permissions, but you'll find you can't actually edit the file. The kernel blocks apps from tampering with each other's files.

Finally, go into the settings and privacy/security area. You can now enable full disk access for the terminal emulator, or a finer grained permission like managing apps. Restart the terminal and permissions work like you'd expect for UNIX again.

Note that you won't see any permission popup in a GUI app if you open the file via the file picker dialog box. That's because the dialog box is a "powerbox" controlled by the OS, so the act of picking the file grants the app permission implicitly. Same for drag and drop, opening via the finder, etc. The permission prompt only appears when an app directly uses syscalls to open a file without some OS-controlled GUI interaction taking place.

So, if you want a desktop OS with a strong sandbox that you actually control, and which has good usability, and a high level of security too, then you should be using macOS. It's the only OS that has managed this transition to all-sandboxed-all-the-time.

But you can choose, your parents can have a phone with the "lockdown" setting turned on and I can have it off if I want. How we expose and handle that setting is a UX problem we can solve.

What's wrong with that?

This is where Linux and Apple's centralized repository method shines.

Social engineering is really where the threat is at these days.

Netflix isn't worth to use or pirate even if it was free as in freedom.

Technical solutions and alternatives can provide enough leverage for the common citizen to force the hand of those in power. It might not fully "solve" the issue, but making it easier to route around will always force those in power to bend somewhat.

> as soon as passkeys started popping up the endgame became clear

That's why I'm 100% against passkeys. I'll never use them and I'll make sure nobody I know does.

They're just a lock-in mechanism.

> passkeys started popping up the endgame became clear.

This logical leap puzzles me, as it is completely unrelated to HW lock-in and a rather generic medium.

This is more of a case of OP diverting a topic to shove in his pet peeve on technology they don’t like or understand.

Ironically, if everyone adopted passkeys (the real deal tied to secure enclaves or TPMs), then Android malware could not steal your credentials through any kind of social engineering.

> Maybe conceptually you will be able to run some kind of open operating system with your own code

Why do you think they would even allow this? If you think that governments don't have the incentives or the means to criminalize running non-approved OSes, or the unauthorized use of non-approved hardware, you're insufficiently cynical.

Should have made open-source components in some key nodes of the ecosystem popular and profitable. But that was a tall order.

Most politicians would find that argument confusing and not agree with you. I don't think the outcomes of running to government would be what you expect. It could easily backfire.

Politics is a spectrum. Some claim that model is oversimplified but it's not. Here you're making a left wing argument that individual bad actors must be regulated for the good of the collective. However, left politicians would look at the situation and see the opposite. They prioritize an authoritarian safety-first victim-first mindset, in which individual freedoms are sacrificed to help the weakest. But companies like Google and Apple are already doing that. And whilst you're trying to hammer this situation into a left wing framing, the number of individuals who care about the freedom to install apps from anonymous developers is very small. Trivial, on the scale of a country. They do not represent the "consumer interest" in any meaningful way.

So if you lobbied politicians this way, Google/Apple would lobby back and they'd say, we are exactly what you always demand! We're acting proactively to protect the victims by limiting the freedoms of bad guys for the greater good. And the left would be not only highly receptive to that message, but having suddenly become aware of what is technically possible would likely demand they go much further! We already see this with left wing governments banning VPNs and DNS resolutions so they can better control the internet in order to keep this or that group safe.

Which sort of politicians care about the rights of freedom-loving minorities over the safety of the collective? Libertarian politicians do. But they are themselves in a minority, and would not be receptive to an argument framed as "we must regulate the big evil corporations for the greater good", because regulation is always about removing freedoms: in this case, the freedom to design a computing device as you see fit. They probably would be receptive to an argument of the form "it is important to be able to distribute code and communicate anonymously", but prioritizing something so few people care about is exactly why they don't tend to win elections.

So there's no direct solution in politics, but the closest approximation is to support politicians who are more libertarian than average. They won't solve the problem but they will at least not make it worse, and might be open to very targeted regulations that can be framed as protecting market competition e.g. requiring unlockable bootloaders can be framed as protecting competition in the operating systems market. Meanwhile you can try and increase the popularity of platforms that prioritize freedom over safety. In practice that means demonstrating some sort of use case that the big vendors disallow, which is valuable, morally positive and requires anonymous app distribution.

Netflix is right in its prime right now, K-Pop Demon Hunters is a smash hit and probably the biggest cultural thing going on right now, it has like 4 songs from it in the top 10. Wednesday is coming back this weekfor the end of season 2. Stranger Things is wrapping up in November,

You could just not watch Netflix.

The digital hermit argument is not going to resonate with 99.9% of users. People buy devices because they want to do stuff. Telling them they shouldn't do what they want to do is never going to convince anyone.

The real question is where are the representatives who are supposed to be acting in the interests of their people while all this is happening? We seem to have regulatory capture on a global scale now where there isn't really anyone in government even making the case that all these consumer-hostile practices should be disrupted. They apparently recognize the economic argument that big business makes big bucks but completely ignore the eroding value of technology to our quality of life.

You could also not bother with any of it and return to a dumb phone. That's not a solution though.

> My car already allows me to do this. My phone should too.

If you're referring to CarPlay and/or Android Auto you should know that it's not actually running on your car. It's basically RDPing your phone onto your car screen. You can already install RDP apps on your phone and connect to systems that provide more freedom, of course.

Your phone can allow that. Many Android devices allow exactly that. Google Pixel devices do, for instance, exactly because Google's Android team has always agreed with you.

The digital sovereignty angle will end up quilling the platform lockdown.

There is no way countries agree to have American companies getting so much control on key infrastructures especially in the current context.

Not really. Many countries emit digital signatures that could be used to prove that someone signed something. We would just need to convince countries to use that same infra for companies. So it may be possible to require everything to be properly signed, without requiring everyone to be bound to certain company wishes.

> So let’s treat them like the state owned corporations

If they were state owned, we could vote for how the profits get used and we would have larger budgets for healthcare and education.

What worries me is that Google has a fairly legit argument to say "then Apple should as well". But we've accepted Apple's status for so long now, a lot of consumers are stockholmed into thinking giving away control is the only way to have a good phone (evidence: see any thread discussing that maybe Apple should allow other vendors to also use their smartwatch hardware to offer services in non-smartwatch-hardware markets that Apple also offers services in. Half the users seem like they're brainwashed by the marketing material they put out). I don't know that we can convince the general public anymore that 1984 is bad (thinking of Apple's own 1984 ad, specifically) and, without general public, there can theoretically also not be political will

I was part of this problem. I've accepted what Apple is doing because I had Android. I didn't think they'd come for me next so I didn't speak up

[dead]

Well, an umbrella for nations or a sledgehammer for companies. I'd say just start shredding large companies left and right.

"And that is what is wrong here. Even the smallest nation should be far more powerful than the largest corporation"

Since nations can be really small, I don't agree.

These are basics of capitalism.

Company aims for profit.

Bigger scale allows for better efficiency.

So companies naturally grow big. The bigger they are, the easier for them to compete.

Big companies have access to tremendous resources, so they can push laws by bribing law makers, advertising their agenda to the masses.

There's no way around it, not without dismantling capitalism. Nations will serve to the corporations, no other way around.

There are natural boundaries of the growth scale, which are related to the inherent efficiency of communications between people and overall human capability. Corporations are controlled by people and people have limited brains and mouths. I feel that with AI development, those boundaries will move apart and allow for even greater growth eventually.

> To push further, Google and Apple have basically as much power as the US.

If this is true then why is Tim Cook visiting Trump? Shouldn’t it be the other way around.

> It's just a question of what is overall best and fairest.

If only it were so. But it's not just that. It's also a question of which section of society has the power to demand or prevent the creation of such a system.

Whether enacting labor protections or the Magna Carta, these beneficial restrictions require some leverage. Otherwise what is overall beat and fairest won't be coming up.

>Restrictions can both help and hinder innovation

I'm not sure innovation is really impacted when restricting the private sector. Traditionally, innovation happens in public (e.g, universities) or military spaces.

>I don't understand why mobile systems do not attract OS builders.

My guess would be that it's a continuously moving target. There's no point in spending years working to support some weird integrated wifi adapter+battery controller when by the time you're done the hardware is already obsolete and no longer being manufactured. Repeat that for every device on the phone. The only ones who can keep up with that pace are the manufacturers themselves. It'd be different if there was some kind of standardization that would make the effort worthwhile, though.

> I don't understand why mobile systems do not attract OS builders.

They're graphical consumer devices, the quality bar is so high nobody can reach it except huge well funded teams. It's like asking why desktop Linux doesn't still attract OS builders, or for that matter, why the PC platform doesn't attract OS builders. Occasionally someone makes an OS that boots to a simple windowed GUI as a hobby, that's as far as it gets now.

A lot of these HN discussions dance around or ignore this point. When people demand the freedom to run whatever they want, they never give use cases that motivate this. Which OS do they want to dual boot? Some minor respin of Android with a few tweaks that doesn't disagree with Google on anything substantial (Google accepted a lot of PRs from GrapheneOS people).

Nobody is building a compelling new OS even on platforms that have fully documented drivers. There's no point. There are no new ideas, operating systems are mature, it's done, there's nothing to do there. Even Meta gave up on their XROS and that was at least for a new hardware profile. Google did bend over backwards to let people treat phones like they were PCs but it seems regular Android is in practice open enough for what people want to do.

> I don't understand why mobile systems do not attract OS builders.

Cellphones are not very useful as programming tools (too small), which is what Open Source excels at.

Also, cellphones need to handle some annoying things, like it should always be possible and easy to call emergency services. Which is to say, the UI work seems stressful.

I’m fairly sure the modem firmware on the Pixels was never open. There’s some hardware that will never have open firmware to it. Especially when that firmware deals with regulated airwaves like cell signals.

With the right trusted computing modules, it will be impossible. As far as I am concerned, the asahi developers are building on a foundation of sand because Apple could just lock down the bootloader for the iMac laptops or whatever next generation

Have at least two phones. One with corporate OS for banking, commerce. Another with user-chosen OS for experimentation, able to boot from external media.

Yes but in the phone space the sacrifice is too much. You often times forgo the ability to even participate in many aspects of society, e.g. banking. It's not your typical "rough around the edges open source alternative", it's just not even a comparison.

There are power rankings where these top companies are considered more influential than many nations.

https://www.realbusinessrescue.co.uk/advice-hub/companies-wo... https://techcrunch.com/2023/06/29/so-who-watches-the-watchme... https://www.theguardian.com/business/2024/sep/23/amazon-tesl...

I like the way Chromebooks do things, initially locking down the hardware but allowing you to do whatever if you intentionally know what you're doing (after wiping the device for security reasons). It's a pity that there's all the Google tracking in them that's near impossible to delete (unless you remove Chrome OS).

Consider the possibility of an evil maid type attack before a device is setup for the first time, e.g. running near identical iOS or macOS but with spyware preloaded, or even just adware.

Incorrect. For us as tech people this is an option. My older family members will definitely install malware and send all their data to China.

Please don’t let me go back to the early days of the internet where my mother had 50 toolbars and malware installed

This.

We need a mobile bill of rights for this stuff.

- The devices all of society has standardized upon should not be owned by companies after purchase.

- The devices all of society has standardized upon should not have transactions be taxed by the companies that make them, nor have their activities monitored by the companies that make them. (Gaming consoles are very different than devices we use to do banking and read menus at restaurants.)

- The devices all of society has standardized upon should not enforce rules for downstream software apart from heuristic scanning for viruses/abuse and strong security/permissions sandboxing that the user themselves controls.

- The devices all of society has standardized upon should be strictly regulated by governments all around the world to ensure citizens and businesses cannot be strong-armed.

- The devices all of society has standardized upon should be a burden for the limited few companies that gate keep them.

Keep in mind one of these third parties would almost certainly be Meta (because users want their stuff), and that would almost certainly be a privacy downgrade.

>big scary message

Open question:

Any idea on making it so difficult that grandma isn't even able to follow a phisher’s instructions over the phone but yet nearly trivial for anyone who knows what they’re doing?

If the user cannot be trusted to maintain the hardware and software, then the only responsible thing is to rely on the manufacturer to do so. In those cases, if the support is dropped you buy the newest device.

Government maybe rather than legislating big companies stores could not back up smaller open HW/SW vendors? It seems we gave up increasing competition on HW and what is left is app store level...

Plenty of barriers around circumventing such obstacles hinge on IP legislation.

The original copyright from the 1700s was 14 years. You could file for an additional 14 years after that. It was extended starting in 1909 until the monstrosity it is today.

We're far from the promotion of useful arts and sciences and instead guarding the likeness of a cartoon mouse.

> The real problem is that @gmail.com or @icloud.com are now required to participate in society

They absolutely are not, though. I've been fully bought into the Apple ecosystem for nearly 2 decades and have used a Fastmail email address with it for the last decade (when I ditched my MobileMe email address). Similarly, I have never had an @gmail.com email address, though I've used various Google products.

>How come I can do what I want with my computer, but not my phone?

It kind of started because phones interact with phone networks and the network companies didn't want hacked software mucking up their networks. I realise the baseband part is separate from the rest of the phone but it's always been that way with every cell phone I've had over 30 years, that they are part locked down.

Whereas none of the regular computers and laptops have been especially locked down.

It would be cool if you could just connect your laptop to a radio and connect to cell networks but I don't think any of them allow that?

Your smartwatch is probably more powerful than some of your past computers too. Same with your DSLR camera. Even your smart fridge. These are specialized hardware+software gadgets designed to a particular purpose, which is very different from being a development platform. Same with a phone.

> Because I did. How come I can do what I want with my computer, but not my phone? Why are phones so inferior in this area?

Apple and Microsoft are constantly working on fixing the issue with their appstores and requiring app signing in more places. The way industry going is to lock down more of laptops, than allowing phones to be like computers.

A very profitable instance of market segmentation

> $50m to build a modern OS from scratch

heh.

Its only the manufacturers interests because they dont want people to brick their phone on accident. Really theyre only a secondary party of interest, the real interested party is grandma/anyone who can fall victim to malware. Apples decision to ban sideloading is a huge part of how they became the most popular phone maker in the us

that has never been true, your phone contains a radio, governed by the relevant laws of your locale.

Op here: The point I'm trying to make in the piece is that this is less authoritarian than the common suggestion that Apple and Google be forced to change how iOS and Android works. The piece is meant to be a juxtaposition to that idea.

That's not what they wrote at all.

Is it authoritarian to stop other people from being authoritarians?