←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0.001s | source
Show context
enriquto ◴[30 Aug 25 12:59 UTC] No.45074254[source]
> Are you allowed to run whatever computer program you want on the hardware you own?

Yes. It is a basic human right.

> This is a question where freedom, practicality, and reality all collide into a mess.

No; it isn't. The answer is clear and not messy. If you are not allowed to run programs of your choice, then it is not your hardware. Practicality and "reality" (whatever that means) are irrelevant issues here.

Maybe you prefer to use hardware that is not yours, but that is a different question.

replies(7): >>45074265 #>>45074374 #>>45074385 #>>45074396 #>>45074529 #>>45074536 #>>45074595 #
rikafurude21 ◴[30 Aug 25 13:18 UTC] No.45074396[source]
It seems that this is another one of those things where the lowest common denominator sets the rules for everyone. Most people arent tech savvy programmers so giving them the freedom to do 'whatever they want' will lead them to hurt themselves in some way. Of course this is not an excuse for locking down your hardware. Smartphones just came into being as a consumer-first product and didnt require many of the freedoms that programmers needed, which is why computers are fundamentally more open than smartphones. Apple of course is trying to change that with their Macs
replies(2): >>45074418 #>>45074440 #
gr4vityWall ◴[30 Aug 25 13:22 UTC] No.45074440[source]
> this is another one of those things where the lowest common denominator sets the rules for everyone

In that case, the solution should be to raise the lowest commmon denominator. Lots of issues like that could be prevented by investing in education to increase technology literacy. But long term investments (even public ones) do not match well with quarterly reports.

replies(1): >>45074917 #
rikafurude21 ◴[30 Aug 25 14:21 UTC] No.45074917{3}[source]
I would say young people grow up with tech and usually are very tech literate.
replies(2): >>45075252 #>>45075332 #
shagie ◴[30 Aug 25 15:10 UTC] No.45075332{4}[source]
Tech... a "maybe" yes.

However, this isn't entirely a tech problem - it's a social/human one.

Not every mechanic has a driver's license. Sure, they may enjoy working on cars and the technology of cars... but for one reason or another they may have never gotten or have lost their driver's license.

Not everyone who is tech literate is similarly socially literate. I have programmer co-workers who have been scammed into sending gift card authentication codes or installed malware (or allowed the installation) onto their personal computing devices.

It isn't possible to prevent someone from accessing the internet any more than it is possible to prevent them from accessing a phone.

I am not saying that one should have a license to access the internet. Rather, I am saying that a device that holds and maintains the authentication mechanism for doing banking transactions, it is not unreasonable for the maker of that device and its software to attempt to mitigate the possibility that they are held liable for negligence in allowing user installed software to do banking without the owner's consent.

With the uncertainty that everything in the operating system and hardware is locked down to the point where no-consent access by malware to those banking capabilities is completely restricted (and thus they're not liable for negligence) - the wall that is being put up to try to prevent that is "no software that has not been vetted can be run on this device."

Consider that the phone is often the authentication mechanism and second factor for authorization to restricted systems. Authy, Microsoft Authenticator, and other 2nd factor applications typically do not run on general computing devices.

Technical literacy does not imply social or security literacy.

replies(2): >>45075593 #>>45075861 #
Hizonner ◴[30 Aug 25 16:23 UTC] No.45075861{5}[source]
> Technical literacy does not imply social or security literacy.

Indeed. And people were falling for scams long before the Internet. What's new is the push to make that the fault of bystanders... thus causing those bystanders to intervene. It's neither the bank's fault, nor Google's fault, if somebody falls for a scam. Or installs malware. Or whatever. If you try to make it their fault, they're going to do really annoying things that you don't want.

Sure, you can sell security tools, or curation, or whatever. Many people will even want to buy them, but things break when that starts being a duty. And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.

replies(1): >>45075953 #
1. shagie ◴[30 Aug 25 16:37 UTC] No.45075953{6}[source]
> And the only way to prevent it from becoming a duty is to accept that people own their own mistakes.

This tends to be counter to consumer protection laws or data privacy laws.

A company that can be held to strict liability for their actions can be sued (and be found liable) even if they presented that the action is unreasonable or dangerous.

In saying a consumer who buys a 100% "you can do anything on it" device liable for every action that that device takes no matter what initiated that action?

To me, the argument that you should be able to do anything on the device and be held liable for all the actions that device allows is very similar to that of "the maker of the device has no liability for providing a device that can be misused."

If that is the case, then (to me) this would need to be something that would need to be changed by the courts and the laws (and such a company would need to pull completely out of Europe).

replies(1): >>45076123 #
2. Hizonner ◴[30 Aug 25 16:58 UTC] No.45076123[source]
Indeed, the bad attitude I'm talking about has found its way into some laws, as well as into other kinds of norms and expectations. That doesn't make it good.

You may be exaggerating it, but insofar as you're right, you're just describing the problem.