←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0s | source
Show context
enriquto ◴[30 Aug 25 12:59 UTC] No.45074254[source]
> Are you allowed to run whatever computer program you want on the hardware you own?

Yes. It is a basic human right.

> This is a question where freedom, practicality, and reality all collide into a mess.

No; it isn't. The answer is clear and not messy. If you are not allowed to run programs of your choice, then it is not your hardware. Practicality and "reality" (whatever that means) are irrelevant issues here.

Maybe you prefer to use hardware that is not yours, but that is a different question.

replies(7): >>45074265 #>>45074374 #>>45074385 #>>45074396 #>>45074529 #>>45074536 #>>45074595 #
conradev ◴[30 Aug 25 13:31 UTC] No.45074529[source]
Control over hardware isn’t actually the issue at stake here: many Android devices can unlock their bootloaders in a moderately safe way. Go nuts.

It’s a more tricky issue where Google and other parties can restrict access to their services to devices they deem legitimate. Their services, their rules. Your hardware. Different arguments required.

It’s everywhere: Widevine is used to prevent stealing 4K content (incl ATSC 3.0), gaming providers use it for anti-cheat, banks use it to rate limit abuse. It’s not just Android.

(I say this as someone with an Apple Vision Pro running visionOS 1.0 with the hope to jailbreak it one day. I’m actually unable to do whatever I want to their hardware, unlike my Pixel phones.)

replies(2): >>45074801 #>>45075137 #
1. mathiaspoint ◴[30 Aug 25 14:04 UTC] No.45074801[source]
There are actually just about no services that genuinely need hardware attestation other than some DRMed music/video and zelle. Everything else pretty much works on Linux in a browser or has some substitute that does.
replies(1): >>45076592 #
2. conradev ◴[30 Aug 25 17:48 UTC] No.45076592[source]
Yes, only some things for now! I hope it stays that way or decreases, but that’s not the way the arrow is pointing.

Providers still implement it where they can, like for blackout restrictions for US sports games: impossible to enforce on the web because I can spoof location. Very possible to enforce on iOS because jailbreaking is not possible. Possible to enforce on Android because you can check if spoofing was made possible.

It’s currently the primary reason I can’t play games online on Linux.