Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)

205 points ColinWright | 2 comments | 30 Aug 25 12:03 UTC | HN request time: 0.432s | source

Show context

zdw ◴[30 Aug 25 12:57 UTC] No.45074242[source]▶

Most of this problem is solved by not hiding the trust model.

Do you want an phone where you trust Apple/Google/3rd party to make a "malware or not" decision? Or one where all that is turned off and you can do whatever? Go right ahead in either case - you control the trust, rather than it being made for you by the platform vendor.

Similarly, we have certificate infrastructure where the TLS roots are owned by a small number of people. These are generally trusted, but some people/organizations edit them down (ex: removing roots from state actors deemed untrustworthy). But it's hidden, and generally a lot of choices.

Even linux distros, you pick which package signing keys you trust.

And Docker/K8s... oh wait, there's no default keys and containers remain being developer's puke bags in most cases, and the repos are rugpulled by corporations regularly...

replies(2): >>45074305 #>>45074469 #

Nursie ◴[30 Aug 25 13:25 UTC] No.45074469[source]▶

>>45074242 #

I look forward to you explaining all that to my elderly mother.

Once you’ve explained the difference between Google and “the internet”, you may stand a chance. I wish you luck, I’ve been trying that for a while.

BRB, heading out for popcorn.

replies(1): >>45081659 #

1. error503 ◴[31 Aug 25 09:05 UTC] No.45081659[source]▶

>>45074469 #

They don't even need to know it is a thing that exists. The defaults (ie. the status quo of implied trust in the OS vendor) are fine for this type of user.

replies(1): >>45082842 #

2. Nursie ◴[31 Aug 25 13:03 UTC] No.45082842[source]▶

>>45081659 (TP) #

Sure. Now how are we going to stop them being talked into changing that by scammers, given that we’re not even explaining what that does?

↑