←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 5 comments | 30 Aug 25 12:03 UTC | HN request time: 0s | source
Show context
mzajc ◴[30 Aug 25 13:40 UTC] No.45074619[source]
> The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. /../ I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."

But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like? Am I allowed to accept calls from people they haven't vetted or is it too much of a risk to the bank's bottom line that they might talk me into a scam.

I suppose we should also write off the inevitable privacy and freedom violations in the name of "security".[0] I don't have anything to hide after all.

[0]: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

replies(3): >>45075816 #>>45080831 #>>45081011 #
avianlyric ◴[30 Aug 25 16:16 UTC] No.45075816[source]
> But should they? Should we also accept Google's browser signing and ban all browsers the bank doesn't like?

If you want to hold the banks liable for fraud committed against you (which is exactly what happens in many countries), then it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.

You can put forward the argument that banks simply shouldn’t be responsible for fraud committed against their customers. But we only need to look at world of cryptocurrencies to see how well that works in reality.

replies(2): >>45080941 #>>45080948 #
1. creata ◴[31 Aug 25 06:49 UTC] No.45080948[source]
> it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.

Of course it's reasonable? You can give someone a job and also ask them to do it a certain way.

replies(2): >>45081424 #>>45086955 #
2. richardwhiuk ◴[31 Aug 25 08:17 UTC] No.45081424[source]
It's unreasonable to ask them to do a job, and then tie both their hands behind their back and tell them they have to accept being punched in the stomach and that they should be happy about this.

If you want to tax banks and pay the money directly to fraudsters, I guess that's a model you can aim for.

3. avianlyric ◴[31 Aug 25 20:49 UTC] No.45086955[source]
> You can give someone a job and also ask them to do it a certain way.

And they can say “no”. Which is pretty much what the banks do.

replies(1): >>45087040 #
4. creata ◴[31 Aug 25 21:00 UTC] No.45087040[source]
Obviously I'm talking about potential regulation, not individuals walking up to the bank and asking them nicely.
replies(1): >>45092141 #
5. avianlyric ◴[01 Sep 25 12:19 UTC] No.45092141{3}[source]
That’s a different kettle of fish, and to that I say, good luck.

Regulators are one of the entities pushing for these types of limitations. It’s a natural consequence of doing a risk assessment, very hard to justify not applying these limits when explaining to a regulator how you keep your customer funds safe. I’m speaking from experience here having worked with a team that attempted exactly that, but ultimately ended up adding jailbreak/rooting detection anyway.