We should have the ability to run any code we want on hardware we own

Incorrect.

Choice 2. Empowered user. The end user is free to CHOOSE to delegate the hardware's approved signing solutions to a third party. Possibly even a third party that is already included in the base firmware such as Microsoft, Apple, OEM, 'Open Source' (sub menu: List of several reputable distros and a choice which might have a big scary message and involved confirmation process to trust the inserted boot media or the URL the user typed in...)

There should also be a reset option, which might involve a jumper or physical key (E.G. clear CMOS) that factory resets any TPM / persistent storage. Yes it'd nuke everything in the enclave but it would release the hardware.

Keep in mind one of these third parties would almost certainly be Meta (because users want their stuff), and that would almost certainly be a privacy downgrade.

>big scary message

Open question:

Any idea on making it so difficult that grandma isn't even able to follow a phisher’s instructions over the phone but yet nearly trivial for anyone who knows what they’re doing?

Consider the possibility of an evil maid type attack before a device is setup for the first time, e.g. running near identical iOS or macOS but with spyware preloaded, or even just adware.

Fix the phone system so calls must positively identify themselves.

There is no reason anyone purporting to be from a business or the government should be able to place a call without cryptographically proving their identity.

Stop gatekeeping actually useful apps. Nobody should never need to see the message to do anything they actually want to do, otherwise it leads to normalization of deviance.

False positives from PC virus scanners are very rare.

This.

We need a mobile bill of rights for this stuff.

- The devices all of society has standardized upon should not be owned by companies after purchase.

- The devices all of society has standardized upon should not have transactions be taxed by the companies that make them, nor have their activities monitored by the companies that make them. (Gaming consoles are very different than devices we use to do banking and read menus at restaurants.)

- The devices all of society has standardized upon should not enforce rules for downstream software apart from heuristic scanning for viruses/abuse and strong security/permissions sandboxing that the user themselves controls.

- The devices all of society has standardized upon should be strictly regulated by governments all around the world to ensure citizens and businesses cannot be strong-armed.

- The devices all of society has standardized upon should be a burden for the limited few companies that gate keep them.

Freedom > Privacy > Security

Never give up your freedom.

If you have to give up your privacy to ensure your freedom, so be it.

If you have to give up your security to ensure your privacy, so be it.

This goes for governments and phones.

What are you on about? The last 10 years of computing the only time windows defender pinged was on false positives.

> This goes for governments and phones.

Apple does not have the ability to throw me in prison or take away my freedoms. Only to not grant me extra freedoms subsidized by their R&D budget.

Apple has removed your freedom from day one.

Their R&D budget is at the expense of a free market that would have delivered the same or better products.

Did you ever see how wild and innovative the Japanese mobile phones were before iPhone monoculture took over?

I want crazy stuff like a smartphone that has the form factor of a Raspberry Pi. Or a smartphone with e-Ink. Crazy new categories of devices.

Sadly, the Apple/Google monopoly has turned smartphones into one of the shittiest, most locked down device categories. It's a death place for innovation.

Sure. You ship the device in open mode, and then doing it is easy. The device supports closed mode (i.e. whatever the currently configured package installation sources are, you can no longer add more), and if you put the device in closed mode, getting it back out requires attaching a debugger to the USB port, a big scary message and confirmation on the phone screen itself, and a full device wipe.

Then you put grandma's device in closed mode and explicitly tell her never to do the scary thing that takes it back out again and call you immediately if anyone asks her to. Or, for someone who is not competent to follow that simple instruction (e.g. small children or senile adults), you make the factory reset require a password and then don't give it to them.

I like that! I’m sure it would take a little bit of time for folks to stop trusting calls from personal numbers where highly-capable social engineers do their best work, but eventually I expect nearly all of us would learn the lesson.

And presumably we could set up notifications so our elderly relatives’ phones would alert us to calls from unverified numbers not in their contact list lasting longer than a minute or two.

Interesting, mind elaborating a bit/clarifying the first couple of sentences there? A point I’d like to understand

Very nice!

I’m sure I’m missing a problem with the following approach: shipping in _closed_ mode with a sticker on the front notifying the person they should do a factory reset immediately to make sure they can do everything they want to do. During the reset, include a scary message for those who opt in to get to open mode.

Everyone simply goes by defaults so it would only be technical people presumably who would even get into the open mode in the first place. And then require the debugger to leave closed mode like you said.

Edit: this comment worries about solo/asocial/“orphaned” members of our society

The problem with that is the owner has to choose which package sources they want to allow before the device is in closed mode, because after that adding more requires the scary reset, and the vendor of course has the perverse incentive to ship the device in closed mode with only their own store enabled, which has to be prohibited because it's anti-competitive.

We already have that today. And locked down systems don't prevent it, because you can always exploit some part of the supply chain. A determined actor will always find a path.

I like the way Chromebooks do things, initially locking down the hardware but allowing you to do whatever if you intentionally know what you're doing (after wiping the device for security reasons). It's a pity that there's all the Google tracking in them that's near impossible to delete (unless you remove Chrome OS).

Nobody is forcing you to buy their products, so they haven’t taken away anything from you.

If you do decide to buy their products, nothing has changed since the day of your purchase, so they haven’t taken away anything from you.

Their “monoculture” didn’t “take hold” - it beat the Japanese offerings through innovation and a better product.

They operate in a free market, their R&D budget is made possible by their market success. If things change in the market (e.g. AI) the market will vote the way it always does.

Technically for US residents Apple can throw you in prison for attempting to maintain and use your freedoms, thanks to the anti-circumvention parts of the DMCA.

The market has forced us all to buy Apple or Google. There is not a vibrant field of alternatives, and there is certainly a desert of hobbyist tech.

The market is now so depressed that everyone has to jump through these companies' hoops to participate in the most important computing form factor in the world.

Don't apologize for trillion dollar hyperscalers. They don't need your love, adoration, or apology. They do not care about you at all.

Too much power has accrued to these two and it's being leveraged against all of society and the open market. Competition is supposed to be difficult, ruthless, challenging, and frenetic. I see two companies resting on their laurels that are happy to tax us into the next century while we wear their little straightjackets.

Always fun to interact with some internet Thomas Jefferson giving freedom speeches from his mother's basement.

Reality is that people pay a lot of money because they 'trust' Apple (and to a lesser extent Google), but Meta is the sleaziest one of them all. (And I don't use their shit either.) But people want Whatapp and Instagram, and so you are telling them now they have sell-out and go to the "Meta App Store" to talk to their friends. That fucking sucks. And I think you agree with that.

Right now you'd need a zero-day bootrom exploit to do something like this - still a possibility for the average high-level intelligence operative, but not the average white collar citizen. The proposal is making such a thing a feature.

This can be fixed by adding some user-controlled "fuse". For example, with a TPM you will lose access to stored keys if the boot sequence is modified.

Stuxnet did not require a bootrom zero day. Just people's propensity to plug in USB devices out of curiosity.

You don't need the NSA to target someone and replace their device with a malware driven one. Just a porch pirate and your own delivery - two to three years and you're almost guaranteed an attack window.

Do you honestly believe "a free market" would only produce two alternatives?

In that case, the free market sucks and I want government intervention.

And yet you're apparently not losing your mind over Mark Zuckerberg having his products on the web? He's doing everything you claim on the open web - third party trackers embedded on other websites, etc. Do you want to lock down the web?

I think you have a reason for defending Apple. Maybe you love the company, maybe you've got their stock, maybe you've worked for them.

Apple is a trillion dollar behemoth that has distorted the market and removed freedom and choice. They're a menace that needs to be regulated. Period.

I also think Zuckerberg's tracking needs to be regulated, but that's a battle for another day. It's one we haven't so egregiously lost yet.

People don't need Meta. People need smartphones. And smartphones are draconian dictatorships that the government has been too asleep and too lax to regulate.

> Do you honestly believe "a free market" would only produce two alternatives

No. A free market will eventually produce a single monopolistic winner.

If you have ability to buy your competition, and most of people consider it a job and not some religious calling, monopoly is the most logical outcome.

Same way a black hole is the most logical outcome of gravity.

I wonder if full device wipe would be the solution to "annoying enough that regular users don't do it even when asked by a scam, but power users can and will definitely use it".

That's how bootloader unlocking has worked on Android phones for ages, and I've never heard of it being abused, so I think it's a good model.

It's possible to make this detectable, and chromebooks already do.

On a chromebook, if you toggle to developer mode you get a nag screen on early-boot telling you it's in developer mode every time, and if you're not in developer mode you can only boot signed code.

Basically, just bake into device's firmware that "if any non-apple keys have been added, forcibly display 'bootloader not signed by Apple, signed by X'", and if someone sees that on a "new" device, they'll know to run.

If that comes to pass I hope that one would be able to install a regular firmware with full DRM support / banking app support which only differs by allowing one to install apps freely. I don't think that's the case currently with firmwares that allow root. The security implications are somewhat different (root is more permissive) but I guess that the kind of person that wants to run arbitrary apps also prefer root access (maybe not at the cost of access to everyday apps with bullshit protections however).

With the root of trust and original software wiped, what used to be, say, an iPhone stops being an iPhone. It becomes a generic computer with the same hardware. All the software designed to run on iPhones like the App Store is likely to stop working. You won't fool the user for long.

And this attack is already doable by simply replacing the iPhone with a fake. It won't fool the user for long either, but you get to steal a real iPhone in exchange for a cheap fake.

Make it an obscure option in the first time setup so all the users that click next next next will end up with the secure mode, while the open mode requires fiddling.

This isn’t a gdpr opt out where both alternatives need to be equally easy. We (as a society) absolutely need the devices to default to the current model when purchased.

I agree, if Google's going to disallow "normal users" from installing apps from unknown sources, I'd like there to be some escape hatch other than the (increasingly blocked) nuclear option of rooting/bootloader unlock.

You can have TPM with your own hardware key, which allow to verify the integrity of the BIOS. Works fine on my Librem laptop with a Librem Key.

> They operate in a free market

They operate in the illegal duopoly, where you have the "free choice" between a tiny amount of freedom with unlimited telemetry and no freedom with convenience for a big buck.

Incorrect. For us as tech people this is an option. My older family members will definitely install malware and send all their data to China.

Please don’t let me go back to the early days of the internet where my mother had 50 toolbars and malware installed

> Please don’t let me go back to the early days of the internet where my mother had 50 toolbars and malware installed

I removed hundreds of toolbars from my mother/grandmother/anyone computer.

I still prefer that to techno-fascism where it's ok for companies to brick my hardware remotely, to lock me out of all my hardware because I have a picture of my kid in a bath, to read all my messages for whatever reason, to extract value from my personal files, pictures, musical tastes, to not allow me to install an app I bought because it have been removed from the store, to not allow me to install an app my friend created, to not allow me to create an app and sell it myself, to not allow me to not do the action ever but just "Later this week", and so on and so on.

This toolbar thing is a wrong excuse. And it was 90% because Windows was shitty.

Most mothers would have easily downloaded and installed crapware embedded with whatever they downloaded, but most mothers aren't doing to go to "Settings > About > Tap 10 times on OS version > Bootloader > Disable Bootloader protection > "Are you sure because your phone will become insecure ?" > Yes > Fucking yes.

And if they still do it to purposefully install malware, I'm sorry to say they are just stupid and I cannot care less about the toolbars.

Under such topics there are always comments about each vendor making their own store, yet it didn't happen on Android, where it's currently perfectly possible.

Yes. So both options should be allowed to exist. One of them shouldn’t be banned because you don’t like it.

> I like the way Chromebooks do things, initially locking down the hardware but allowing you to do whatever if you intentionally know what you're doing

Did you hear? Google's not allowing "sideloading" (whitewashing the meaning of installing) third party apps by unknown developers.

> after wiping the device for security reasons

Think of the ~~children~~ data!

> This isn’t a gdpr opt out where both alternatives need to be equally easy. We (as a society) absolutely need the devices to default to the current model when purchased.

I feel like this is completely the opposite. The case for closed devices is that if grandma is senile she can't be trusted to make sound choices and needs a piece of hardware to limit her options, whereas that isn't the case for random chemists and college students and farmers, i.e. the general population.

It's one of the cases where tech people can't see the forest for the trees. The vast majority of people can make reasonable decisions about their own lives, but then if a tiny percentage make mistakes, those are the ones who come to you with problems and then it seems like everyone who comes to you is having problems because only the people having problems come to you.

Then megacorps use that false perception that everyone is incompetent to try to weasel their way in as a middle man taking a thick margin while locking the doors so the average person can't go to the competition, which is the option that needs to be not just preserved but actually used by ordinary people.

And not just because of the margins. Centralizing everything is a skeleton key for authoritarians. If you want to ban a social media app because people are using it to find out about something you want to censor or organize opposition to your administration and having it banned from Google Play and Apple makes it so 99% of people can't use it, you'd win when we need you to lose.

We keep mocking and laughing at the "internet Thomas Jefferson"s of the world but they seem to be getting increasingly prescient about the dystopian world where we are giving bad actors disproportionate control over our lives on the pretext of keeping us or children safer.

Sorry, I haven't had an Android phone since the original Nexus, so hopefully you can clarify. Could you install some hypothetical 'Meta Store' from the Google Store? Or do you mean more like Meta could just sell their own phone (eg Amazon)?

> I think you have a reason for defending Apple.

Guilty as charged. My parents had a Windows laptop and all sorts of evil shit was "sideloaded", and when I started reformatting it, some indian 'microsoft tech support' guy was actually screaming at them through the speakers. This is what happens in your world.

I bought them an iPad (and another) and it's now been almost 15 years with zero tech support calls, zero problems, zero scammers. That is fucking great for me. Money well spent. So yeah, I wish you guys could just buy a free software phone with no ABI and go away to recompile your software. But it is fucking terrible idea on a societal level.

I will agree with your point, and will also say a lot of the "bad actors" are actually in the house here. So don't take anything on face value. Hacker news has some straight computer criminals, adware types, cryptobros, dubious startup types, whoever is vibe-coding these crawlers, and etc. So of course they all believe in "maximum freedom" (to scam people).

I don't think the centralization and security must be mutually exclusive. So long as the alternative is _also_ secure, it's a win-win. But that's the big problem.

Both are possible.

You can have alternative app stores on Android without any restrictions — the most famous example would be F-Droid which hosts free software. Nothing stops Epic, Meta or any company from also having such a store.

When you ship a certified Android, it has to come pre-installed with the Google Play Store but some vendors like Amazon and Huawei ship an alternative OS with their own stores to replace the Google one. It's not officially Android but can be based on the Android Open Source Project.

Very few companies have chosen to do either and it was usually because they were forced to (Huawei).

Suppose Apple makes devices and has an app store, but you're not required to use their app store, and then if someone can coerce Apple to censor something, anyone can route around it by using one of the others who can't be coerced, e.g. because they operate in a different jurisdiction. That's not centralized; there is no single party who can serve as a chokepoint for the bad guys to set up their nefarious surveillance/censorship apparatus.

Now suppose that only one company has an app store for a given platform, or the alternatives only exist on paper because there are too many barriers for ordinary people to use something else and then the one store still has 99% market share, or they use their control over the device to exclude apps even if you use a different store. That's still centralized and that type of centralization has to be broken in order to solve the problem.