We should have the ability to run any code we want on hardware we own

It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.

This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.

power asymmetry

Maybe conceptually you will be able to run some kind of open operating system with your own code, but it will be unable to access software or services provided by corporate or governmental entities.

This has been obvious for some time, and as soon as passkeys started popping up the endgame became clear.

Pleading to the government definitely can't save us now though, because they want the control just as much as the corporations do.

Edit: i mean to say this is true whether or not you've even heard of the company.

There's a lot of media worth studying, analyzing, and preserving. And in that sense, between the constant churn of catalog items, exclusive content, and the egregious DRM, I think these sorts of streaming services are, unfortunately, kind of harmful.

Why do you think they would even allow this? If you think that governments don't have the incentives or the means to criminalize running non-approved OSes, or the unauthorized use of non-approved hardware, you're insufficiently cynical.

Now, if you want to do an in-depth study of film and television material as a whole, you're actually better off avoiding Netflix and making use of archives such as public libraries, university libraries, and the Internet Archive.

What if I want to require (for anti-piracy reasons) that to use my software you must also give me complete access to your computer, all the data on it, and all your communications. You might say, "Well, if anyone is stupid enough to make that deal, let them." But it's easy to sugar coat what you're doing, especially with less technical users. I think it's better to say, "That's just not something you are allowed to do. It's trampling on rights more important than your anti-piracy rights."

In the same way, you cannot murder someone even if they agree to be murdered (an actual case in Germany).

The reason is that the desktop PC security model is deeply flawed. In modern desktop operating systems, we protect user A from user B. But any program running on my computer is - for some reason - completely trusted with my data. Any program I run is allowed to silently edit, delete or steal anything I own. Unless you install special software, you can't even tell if any of this is happening. This makes every transitive dependency of every program on your computer a potential attack vector.

I want computers to be hackable. But I don't also want my computer to be able to be hacked so easily. Right now, I have to choose between doing banking on my (maybe - hopefully - safe) computer. Or doing banking on my definitely safe iphone. What a horrible choice.

Personally I think we need to start making computers that provide the best of both worlds. I want much more control over what code can do on my computer. I also want programs to be able to run in a safe, sandboxed way. But I should be the one in charge of that sandbox. Not Google. Definitely not Apple. But there's currently no desktop environment that provides that ability.

I think the argument against locked down computers (like iphones and androids) would be a lot stronger if linux & friends provided a real alternative that was both safe and secure. If big companies are the only ones which provide a safe computing experience, we're asking for trouble.

Theres nothing stopping a hardware vendor from being able to delete the system installed keys/certificates, breaking trust to allow you to install your own. Sure netflix might not like it but you still have the right to run your own code and netflix has the right not to trust your OS.

>Governments shouldn't be able to prevent me from end to end encrypting things.

Agreed.

That's exactly what happens with anti-cheat kernel modules. As one might expect, ordinary people couldn't care less, as long as it works good enough.

Purists always forget this point :) What is best for 99% of people.

And dumb Euro bureaucrats.

I say "know-how" and "access" because, while I'd still argue decrypting, say, Widevine L3 is not exactly super common knowledge, decrypting things like 4K Netflix content, among other things, generally requires you to have something like a Widevine L1 CDM from one of the Netflix-approved devices, which typically sits in those hardware trusted execution environments, so you need an active valuable exploit or insider leaks from someone at one of the manufacturers.

But also on top of all of that, you also need to hope other people kept the upload alive by the time you decide to access it, and then you also often need to have access to various semi-elitist private trackers to consistently be able to even find some of this stuff.

The legal issues with DRM here are hardly exclusive to Netflix and other streaming services, but at least in the case of things like Blu-rays or whatever — even if it is technically illegal in most countries to actually make use of virtually any backed-up disc due to AACS — you usually don't have the same time-pressure problem nor the significant technical expertise barrier.

>If streaming services like Netflix are harmful then we should avoid using them. Thus it should not be important for our freedom-preserving computers to be able to access Netflix.

I generally do avoid them whenever possible, though, yes. And I've explicitly disabled DRM support in Firefox on my computer. But I am just one person and I don't think my behavior reflects the average person, for better or for worse.

As I understand it, Netflix wishes to authenticate the device, and DRM their content. I'm not aware of anything beyond that (but I'm also not paying attention. )

Now you may have used the example of what might happen, but then Netfix seems a strange example. Surely Apple and/or Google are more likely players in that example?

But once it touches the money-extraction path, like DRM, things expectedly lock up.

Main way people around me get scammed by far like 90% is social engineering

The only reason we have convenient banking, gov and streaming apps today is because of guaranteed and enforced mobile security by big boys Apple and Google. (Google being Ad company is another matter, not relevant here).

You can also choose to do your banking at the physical branch.

We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well; these permissions could be locked or frozen if there is concern about users, just like work devices are provisioned with limitations. It all depends on your threat model.

- If you want to run an alternative operating system, you got to learn how it works. That is a trade off not even many tech savvy people want to make.

- There is a trade-off with a desktop OS. I actually like the fact that it isn't super sand-boxed and locked down. I am willing to trade security & safety for control.

> Personally I think we need to start making computers that provide the best of both worlds. I want much more control over what code can do on my computer. I also want programs to be able to run in a safe, sandboxed way. But I should be the one in charge of that sandbox. Not Google. Definitely not Apple. But there's currently no desktop environment that provides that ability.

The market and demand for that is low.

BTW. This does exist with Qubes OS already. However there are a bunch of trade-offs that most people are unlikely to want to make.

https://www.qubes-os.org/

again, no incentive to improve it. its either unpaid work or the OS vendor has a stake in it being insecure. (both exists)

You can do manually like the old days, EXPLICTLY ALLOWING NON GOOGLE/APPLE to do banking in their own mobile phone meaning THERE ARE MILLIONS OF USERS that can fall victim to scammer+cracker

how cant you see all of that???? ITS JUST NOT ABOUT YOU

edit: please educate first, y'all need to know differences between mobile banking and internet banking

You can downvote me all you want, but I don't want to hear lecture from non-security compliant engineer about what to do about security

We need to make that illegal. Classify it as discrimination. They should be obligated to treat any client that tries to connect the same as they would treat their own software. Anything else is illegal discrimination against users, a crime comparable to racial discrimination.

Anything short of this means they've won. Everything the word "hacker" ever stood for will be destroyed. Throw all FOSS into the trash. None of it matters anymore. What's the point of free software that we can't run? That can't actually do anything useful because it fails remote attestation? Completely useless.

This stuff is not just for the elderly and computer illiterate. It's for you as well. You think they're going to stop?

You're giving up freedom for safety. You will have neither.

There is no "just works" technical solution for a problem caused mainly by naivete and gullibility. Governments and the private sector know this, of course; as others have said, the real purpose is to control users, not to protect them.

I found my parents to install random crappy adware apps from official stores too. What protects their banking application is granular permissions, not root access.

- If you want to run something other than iPadOS or Google TV, go for it. (Smart TVs are just tablets with a don’t-touch screen.)

- If you want to install spyware on someone’s phone, you can’t; the HSM keys held by their OS are lost when you try to install a patched version and restore from a backup, and their backup doesn’t restore properly because half of it depends on the HSM or the cloud and everything is tagged with the old OS’s signature.

- If you want to patch macOS and then deploy it to your fleet, you can; it won’t be Signed By Apple but you’re an enterprise and don’t care about the small losses of functionality from that.

- If you want to dual boot, go ahead; the issues with the HSMs not permitting you to host two OSes worth of partitioned keystones can be resolved by regulatory pressure.

This satisfies all the terms of “let me install whatever I want”, while allowing the OG App Store to continue operating in Safe Mode for everyday users in a way that can’t be entrapped without the scammer on the phone telling them to delete everything, which destroys the data the scammer wants.

My car already allows me to do this. My phone should too.

This was just useful for them.

Users on Apple and Windows are not safer because a bank has chosen to block Linux.

This is why they limit service to certain devices or OS versions, even when it comes at the expense of convenience.

Get some real sandboxing, let me install whatever I want in my sandbox.

That's a bare minimum.

I also want "I am an adult" mode where I get to do what I want. If Google wants to flag secure net, fine. Not every thing is going to work.

AI voice and video cloning scams are also only going to increase. Why would scammers need to get people to install random APKs when they can just impersonate a family member and tell them what to give directly?

To me it seems very much like the classic "think of the children" type argument. It's not going to really fix anything in the end but it will benefit Google.

One of the articles: https://palant.info/2023/01/02/south-koreas-online-security-...

Establishing trust with hardware, firmware, and operating system software is currently an intractable problem. Besides the halting problem and the reflections on trusting trust problem (i.e., supply chain problems) the sheer size of these codebases and object code (since you'll need to confirm that the object code is not altered as in the reflections on trusting trust paper) is just too big for the public to be able to understand it. Sure, maybe we could use AI to review all of this, but... that's expensive if every person has to do it, and... that's got a bootstrapping problem.

Basically the walled garden is unlikely to go away anytime soon. It would be easier to change the rules politically to do things like reduce transaction fees, but truly allowing the wide public to run anything they want seems difficult not just politically but technically, because the technical problems will lead to political ones.

its just browser/internet banking

also mobile banking has much more capabilites in forms of app than just "web page"

Disagree. No banking app can resist root access owned by attacker.

Another though; if we were actually able to pass laws that helped people, one that I’d like to see would be: for a totally locked down proprietary device, everything done with it should be the legal liability of the vendor. If your bank account gets broken into via the device, you can’t audit what happened, you couldn’t have have broken it, so it ought to be their responsibility.

If you're referring to CarPlay and/or Android Auto you should know that it's not actually running on your car. It's basically RDPing your phone onto your car screen. You can already install RDP apps on your phone and connect to systems that provide more freedom, of course.

With the iPhone they get the risk of answering to a scam call or scam sms and giving them the access of their bank account.

Ubuntu is almost bullet proof for beginners.

In fact, that's what I've done for my parents and I had to retire the computer and get another one because it's the hardware which became too old after 15 years of running Ubuntu without any problem.

Security for users isn't just about bootloader expoits.

Unfortunately for now it seems our representatives are letting them have it so personally I'm rooting for a snake-eating-its-tail moment as a result of Windows 10 losing support. There will inevitably be erosion of security and support for applications on Windows 10 once Microsoft declares it yesterday's OS - as we've seen with past versions of Windows. This time there is the added complication that a lot of perfectly good hardware can't run Windows 11 - largely because of the TPM/verification issue we're discussing.

So probably a lot of people who haven't moved to 11 yet aren't going to unless their current computer breaks and they get 11 by default when they buy a replacement. If the charts are correct then 11 only recently overtook 10 in user numbers. After all this time and despite all the pressure from Microsoft and the imminent EOL of Windows 10 over 40% of Windows users are still running that version. (https://gs.statcounter.com/os-version-market-share/windows/d...) So how exactly do the big organisations that want to control the client plan to deal with that over the next few years?

Unfortunately unless there is also some sort of intervention to deal with the collusion and market manipulation by vested interests I doubt enough Windows 10 refugees will jump to open platforms when their current devices fail for those open platforms to reach a critical mass of users. If five years from now Windows 10 user levels are negligible and almost all of the former users are now on Windows 11+ by default then the controlled client side probably wins effectively forever. I think it would take something dramatic happening that increased the desktop market share of open alternatives like Linux to say 10+% to avoid this fate. The only likely source of that drama I can see is if Valve's support for gaming on Linux encourages significant numbers of home users to switch and then general public awareness that you don't have to run Windows or macOS increases.

The ones banks that do have physical presence are closing left and right? Also, I don’t think I can money transfers at the physical office of my bank.

The digital hermit argument is not going to resonate with 99.9% of users. People buy devices because they want to do stuff. Telling them they shouldn't do what they want to do is never going to convince anyone.

The real question is where are the representatives who are supposed to be acting in the interests of their people while all this is happening? We seem to have regulatory capture on a global scale now where there isn't really anyone in government even making the case that all these consumer-hostile practices should be disrupted. They apparently recognize the economic argument that big business makes big bucks but completely ignore the eroding value of technology to our quality of life.

like if there are OS utopia exist that has all the advantage without the downside then everybody would use that

but people complaining don't live in reality

Even on an iPhone without a sim card, they can download one of the scam casino games from the appstore and give away a lot of money, on Ubuntu they can't do that.

There's more to security than just bytes.

The threats to your average user isn't a bootloader exploit built by some Israeli firm but privacy breaches, social engineering and scams.

OP said "What if", it's clearly a hypothetical scenario and not something Netflix is doing or planning to do

I don't think you can really solve this problem as long as there's an operating system monopoly, or even duopoly/triopoly. The lure of total control is just too great. Every operating system vendor, hell every intellectual property vendor will always dream of it. A company that becomes powerful enough to put chains on its users will do so.

From the British Raj to Standard Oil to IBM and Microsoft, monopolies are some of the most powerful forces in history. There is a case to be made that we were on a similar path with Microsoft until a combination of the Internet and a half-assed but not completely ineffective anti-trust campaign made them hit the brakes, for a while.

I think that the solution is to highlight the abuses perpetrated by the biggest tech giants specifically, and advocate for radical government action on multiple levels. #1 to break up these companies. #2, to shackle them and anyone who gets as large as them so that they can't do anything like this again. #3, publicly fund the development of competing, open operating systems.

If you are a US citizen then #1 and #2 are the more realistic paths and you should be watching the various anti-trust cases against Big Tech like a hawk, the celebrity du jour is really Amit Mehta who is scheduled to release his Google remedies any day now. You need to make it clear to your representatives that this is your top issue at the ballot box. We need a second American Progressive Era that's seasoned with digital rights and anti-megacorp sentiment and with "doomscroll" and "Luigi" having entered the vernacular I think we could be closer than many here believe.

If you are an EU or Chinese citizen you should support the development and adoption in those polities of alternative, Linux-based operating systems. In the way the South Korean government specifically encouraged the growth of Samsung into a company with a global footprint, you should do that for local companies which develop OSes that compete with Apple and Google's. These geographies fundamentally can't do much to influence the American legal system so they should instead lean into public sentiment around nationalism and sovereignty and tie these to software freedom because that is likely the only elemental, emotional force that will capture enough public attention and support. Use state-scale resources to create competition for the American tech giants and establish a balance of power, because they are assuredly your enemies at this point.

And lastly for the ten millionth time I'll say it - Stallman predicted this. He saw it all coming. He warned us. He told us what would happen and what we needed to do. It's time to listen and to think big.

That's why I'm 100% against passkeys. I'll never use them and I'll make sure nobody I know does.

They're just a lock-in mechanism.

No! Which is why I don't want every npm package I install to have unfettered access to my internet connection and to access all my files. If this is being exploited now, I might not even know! How sloppy is that!

> You're giving up freedom for safety.

At the limit, sure, maybe there are tradeoffs between freedom and security. But there's lots of technical solutions that we could build right now that give a lot more safety without losing any freedom at all.

Like sandboxing applications by default. Applications should by default run on my computer with the same permissions as a browser tab. Occasionally applications need more access than that. But that should require explicit privilege escalation rather than being granted to all programs by default. (Why do I need to trust that spotify and davinci resolve won't install keyloggers on my computer? Our computers are so insecure!)

Personally I'd like to see all access to the OS happen through a capability model. This would require changes in the OS and in programming languages. But the upside is it would mean we could fearlessly install software. And if you do it right, even `npm install` could be entirely safe. Here's how we do it: First, all syscalls need to pass unforgable capability tokens. (Eg SeL4). No more "stringy" syscalls. For safe 3rd party dependencies, inside processes we first make an "application capability" that is passed to main(). 3rd party libraries don't get access to any OS objects at all by default. But - if you want to use a 3rd party library to do something (like talk to redis), your program crafts a capability token with access to that specific thing and then passes it to the library as an argument.

Bad:

    // Stringy API. Redis client can do anything.
    redisClient.connect("127.0.0.1", 6379)

    redisConnCap = systemCap.narrow(TCPConnect, "127.0.0.1", 6379)
    redisClient.connect(redisConnCap)

This would require some PL level changes too. Like, it wouldn't be secure if libraries can access arbitrary memory within your process. In a language like rust we'd need to limit unsafe code. (And maybe other stuff?). In GC languages like C# and javascript its easier - though we might need to tweak the standard libraries. And ban (or sandbox) native modules like napi and cgo.

Like, iOS makes most unsafe actions incredibly clear. Apple pay always requires the user to double tap the power button. The OS makes it impossible for an application to charge you money through apple pay without an explicit user action.

Phone apps also can't take control of my entire device, or steal my cookies or cryptolocker my hard drive. Any program you download and run from the internet on a desktop computer can do all of this stuff and more. We shouldn't allow that stuff by default on desktop computers either.

Phones have the right idea. I just don't want Apple and Google to be the only ones who can modify the system at the OS level.

We cannot expect those rootkits to be properly supported long term for any security issues they may cause. I would think that the solution is simple: nobody forces them to make their IP available in non hacked computers...

If they want a hardened computer to deliver their IP, then they should sell their own hardware. But forcing their blocking into the whole stack is not acceptable.

For instance: I cannot see any udemy or netflix content from my computer, because their IP protection blocks the lenovo docking station I use to connect my monitors to my MBP... each part is standard! And somehow nobody tested that scenario. So, no, that tech is barely tested, it must not be forced into any computer.

All or nothing thinking is counterproductive.

Before you ask, no, other banks aren't any better where I live. They all stopped using physical 2FA keys years ago. And no, they won't let you come in physically for things that can be done online.

What's wrong with that?

And then no, it's not clear for me (even as a developer!) how data transfer between apps work, how the advertising id works and how much data Apple and Google really have that they shouldn't. If it's not clear to me as a software engineer, it certainly isn't for your average user.

The browser is just a much easier mental model, especially that I can install an ad blocker on it to make them safer, which I can't on mobile apps.

> Phone apps also can't take control of my entire device, or steal my cookies or cryptolocker my hard drive.

It never happened once with my parents in 15 years of running Ubuntu. Even if that stuff somehow existed, I don't think they would have the tech knowledge to mark the downloaded virus as executable anyways.

What are you prepared to do to reverse the contemporary tide of tyranny? What have you done to make those in power afraid to move forward with policy founded in loathing of humanity?

Everything you have suggested in this post takes away freedom. There is no solution that doesn't take away freedom / your control. There is always a trade off.

> Like sandboxing applications by default. Applications should by default run on my computer with the same permissions as a browser tab. Occasionally applications need more access than that. But that should require explicit privilege escalation rather than being granted to all programs by default. (Why do I need to trust that spotify and davinci resolve won't install keyloggers on my computer? Our computers are so insecure!)

This already exists on Linux.

I run Discord/Slack in Flatpak. Out of the box the folders and clipboard permissions are restricted. Only the ~/Downloads folder on my PC is accessible to Discord/Slack. You can't drag and drop things into these apps. Which makes sharing content a PITA.

If you don't want to worry about things like keyloggers, you should run an open source OS and use open source programs where you can verify that there are no key loggers. You should also make sure you find out what firmware your keyboard is using (many keyboards themselves have complex micro controllers on them that can be programmed).

So what? The lack of perfect security is a terrible argument against better security.

For example, lockpicks exist. Is that a reason to stop locking your house? Our TLS ciphers might eventually be broken. Should we throw away TLS and go back to unencrypted HTTP?

I'm not expecting anything to 100% stop all scams. But modern computer security is a joke. We could do an awful lot better than we are today at keeping people safe from this stuff.

> We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well

Yes. I want something like this on desktop too - but I want to own the signing keys, of course. It seems strange that this is so controversial.

That doesn't stop scammers. They also keep getting more sophisticated, often using a combination of social engineering and technical skill, and they keep tricking people into giving them money. So unfortunately, while malware is pretty much a non-factor, scammers still thrive.

There are plenty of places where mobile phones don't work, especially in the summer when there are leaves on the trees. This means SMS won't really work. So for this path, SMS, the bank has an alternative -- call a number on your account with a voice reading the 2FA code. Thus, landlines or VOIP work here.

When it comes to an app, forcing Canadians to use a phone OS controlled by US companies, still has pushback. An example being, the concept of "A Canadian having to use software from a US company, to identify themselves to a Canadian company" is still a hotspot. Especially with the US wanting to annex us.

So this lock in has not yet occurred.

Really, the phone call to a phone number on your account, not using SMS is as solid a protection, as an app running on a phone controlled by a foreign country's company. It's an alternate path. And it solves the whole 'rural person' access.

Many people living in rural areas don't even bother with a phone type device. Some have Kindles. But by buy a phone, if it doesn't work where you live?

This logic, combined with them closing rural banks, means they have to be quite sensitive here. EG, closing rural banks, then making it difficult to do online banking is political poison for our banks.

I know angle grinders exist. I still lock up my bike.

It isn't even a freedom vs security. It is usability vs security.

I'd like that security model to be the default for desktop apps on my computer as well. Its weird that davinci resolve and spotify and all the rest have full access to look through all my files.

> It never happened once with my parents in 15 years of running Ubuntu.

Probably just because so few regular people use ubuntu, scammers & malware authors don't bother targeting it. Still good for your parents though!

Don't rewrite history.

Huh? In what way does application sandboxing take away my freedom? What can I do today that I can't do with a sandbox-everything-by-default model?

In my mind, it gives me (the user) more freedom because I can run any program I want without fear.

> I run Discord/Slack in Flatpak. Out of the box the folders and clipboard permissions are restricted. Only the ~/Downloads folder on my PC is accessible to Discord/Slack. You can't drag and drop things into these apps. Which makes sharing content a PITA.

Cool! Yeah this is the sort of thing I want to see more of. The drag & drop problem is technically solvable - it just sounds like they haven't solved it yet. (Capabilities would be a great solution for this.. just sayin!)

I think a lot of it is "nobody has bothered building it yet" vs security.

Eg Qubes runs everything in Xen isolates - which is a wildly complex, performance limiting way to do sandboxing on modern computers. There are much better ways to implement sandboxing that don't limit performance or communication between applications. For example SeL4's OS level capability model. SeL4 still allows arbitrary IPC / shared memory between processes. Or Solaris / Illumos's Zones. But that route would unfortunately require rewriting / changing most modern software.

Before the branding they were known as FIDO2 "discoverable credentials" or "resident keys".

Two things have changed with the rebrand:

1. A lot of platforms are adopting support for FIDO2 resident keys. This is good actually.

2. A lot of large companies have set themselves up as providers of FIDO2 resident keys without export or migration mechanisms. This is the vendor lock-in part (no export feature), but it's not a feature of the underlying tech itself.

Fwiw FIDO are actively working on some standard for exporting/importing keys so that's something.

If you want to use passkeys without lockin, just use Bitwarden or KeepPassXC - they all have full support. Or you can also store a limited number of passkeys on your FIDO2-compatible hardware key like Yubikey or the open-source Nitrokeys.

I've just explained that sand-boxing causes issues with file access, clipboard sharing etc.

Every hoop you add in makes it more difficult for the user to gain back control, even if that is modifying permissions yourself. Most people will just remove permissions out of annoyance.

If you remove control, you remove people's freedom.

> In my mind, it gives me (the user) more freedom because I can run any program I want without fear.

Any security mechanism has a weakness or it will be bypassed by other means. So all this will give you a false sense of security.

The moment you think you are safe. Is when you are most unsafe.

> Cool! Yeah this is the sort of thing I want to see more of. The drag & drop problem is technically solvable - it just sounds like they haven't solved it yet. (Capabilities would be a great solution for this.. just sayin!)

I don't. It is a PITA. Eventually people just turn it off. I did.

The reality is that if you want ultimate security you have to make a trade offs. Pretending you can make some theoretical system where those trade off don't exists just isn't realistic.

I have unlocked bootloader. That's it, I don't even have enabled root account. One app refuses to work anyway: McDonald’s. I actually can't decide if it is more funny or scary.

All of this takes considerable time, money to build and after that you need to get people to buy into it anyway. Large billion dollar software companies have difficulty doing this. If you think it is so easy, go away and build a proof of concept.

BTW They have implementing sand-boxing in most desktop operating system. It is often a PITA. Phone like permissions model already exist in Windows, Linux and I suspect MacOS in various guises.

For development there are various solutions that already exist.

e.g.

https://code.visualstudio.com/docs/devcontainers/containers

So these things already exist and often people don't use them. The reason for that is that there is usually reduces usability by introducing annoyances.

> Eg Qubes runs everything in Xen isolates - which is a wildly complex, performance limiting way to do sandboxing on modern computers.

It exists though today. If I care about security enough, I am willing to sacrifice performance. That is a trade off that some people are willing to make.

> There are much better ways to implement sandboxing that don't limit performance or communication between applications. For example SeL4's OS level capability model. SeL4 still allows arbitrary IPC / shared memory between processes. Or Solaris / Illumos's Zones. But that route would unfortunately require rewriting / changing most modern software.

If you solution starts with "rewriting most modern software". Then it isn't really a solution.

BTW what you are suggesting is a trade off. You have to trade resources (time and money typically) to build the thing and then you will need to spend more resources to get people to buy into using your tech.

The Stallman generation is slowly leaving this realm, the opportunity has been lost already.

You understand it, but even in this thread you have people proposing solutions like switching from traditional banking to bitcoin, stoping using Netflix and starting torrenting again etc.

Tech crowd always tries to solve non-technical problems through technical means, and this is why I don't have much hope.

There is no way countries agree to have American companies getting so much control on key infrastructures especially in the current context.

Your argument would suggest that virtual memory takes away user freedom, because it's now much harder to access hardware or share data between programs, but that sounds ridiculous from a modern perspective. I think it's better to keep freedom and complexity separate, and speak about loss of freedom only when something becomes practically impossible, not just a bit more complex.

You've explained that flatpak has issues with file access and clipboard sharing. My iphone does sandboxing too, but the clipboard works just fine on my phone.

I don't think "failing clipboards" is a problem specific to sandboxing. I think its a problem specific to flatpak. (And maybe X11 and so on.)

> If you remove control, you remove people's freedom.

Sandboxing gives users more control. Not less. Even if they use that control to turn off sandboxing, they still have more freedom because they get to decide if sandboxing is enabled or disabled.

Maybe you're trying to say that security often comes with the tradeoff of accessibility? I think thats true! Security often makes things less convenient - for example, password prompts, confirmation dialogue boxes, and so on. But I think the sweet spot for inconvenience is somewhere around the iphone. On the desktop, I want to get asked the first time a program tries to mess with the data of another program. Most programs shouldn't be allowed to do that by default.

> Pretending you can make some theoretical system where those trade off don't exists just isn't realistic.

I think you might be arguing with a strawman. I totally agree with you. I don't think a perfect system exists either. Of course there are tradeoffs - especially at the limit.

But there's still often ways to make things better than they are today. For example, before rust existed, lots of people said you had to make a tradeoff between memory safety and performance. Well, rust showed that by making a really complex language & compiler, you could have memory safety and great performance at the same time. SeL4 shows you can have a high performance microkernel based OS. V8 shows you can have decent performance in a dynamically typed language like JS.

Those are the improvements I'm interested in. Give me capabilities and sandboxing. A lot more security in exchange for maybe a little inconvenience? I'd take that deal.

You can choose not to do this, and that's fine. Hardware attestation is dead because Apple refuses to implement it, so no one can force you to.

[a] whether that's a single device like a fingerprint scanner, or a device like a phone or tablet

[b] no crippled or low-performance open source driver

[c] any OS, including Windows, Mac, Linux, BSD, or some obscure minor OS as long as such OS is readily available for free or for a reasonable price

I think it's worth adding that this is fundamental enough to not just be a tech issue. There's a strong legal framework in almost all developed companies for regulating companies where acting in their self interest harms the consumer interest. Without which, lots of things we take for granted (electrical safety certification, usb c, splits between serviceand investment banking).

I think the key thing that's missing at the moment is that the types of restrictions OP is mentioning (DRM, blocking encryption) harm both consumer rights and economic development.

That's an argument that needs to come from people knowledgable about both the indistry, and the technology. Like a lot of the people reading this post.

This logical leap puzzles me, as it is completely unrelated to HW lock-in and a rather generic medium.

This is more of a case of OP diverting a topic to shove in his pet peeve on technology they don’t like or understand.

The typical user doesn't know how Windows works, and they can run that. These days, users can run a friendly GNU/Linux distribution not knowing how it works. So, disagree with you here.

I do love freedom but such freedom will come with a disclaimer. You do want to use a bank app unsigned and you do not want the bank to check your latest SIM card replacement. You understand and assess the risk and will not discriminate the bank for any loss occurred. Same with Netflix and piracy.

This is fair.

Social engineering is really where the threat is at these days.

No I am not arguing that at all.

I'm not sure that's an entirely accurate representation of the request? At least from a quick skim the claimed issue is being able to export keys in plaintext. For example, from the issue author:

> I strongly recommend you temporarily disable this feature or at a minimum require file protection/encryption.

And later:

> > Besides, determined advanced users could just write code to decrypt the kdbx file and extract the passkeys anyway.

> That's fine. Let determined people do that, but don't make it easy for a user to be tricked into handing over all of their credentials in clear text.

> I don't quite understand why requiring file protection/encryption can't be a temporary minimum bar here.

To me that doesn't sound like they're requiring a proprietary format. Something like AES encrypted JSON sounds like it'd work as well, and that sounds pretty "open" to me?

That's how it works on Ubuntu, proprietary apps are usually distributed through snaps which are sandboxed. And unlike on mobile, the OS doesn't have an advertising ID or built-in ad networks.

Normal apps don't need that though because there's a chain of trust which doesn't exist on mobile.

> Probably just because so few regular people use ubuntu, scammers & malware authors don't bother targeting it. Still good for your parents though!

No, it's because the bar on publishing on Ubuntu is much much higher than on an iPhone. Nobody would ever accept those scam casino games on Ubuntu.

I've complained about this GH exchange in the past and have come to understand that Apple is also part of the alliance, and the entire concept of blocking software-only password managers is just dead outside of enterprise situations where they mandate the hardware/software anyway. Mr. Cappalli might disagree, but he and his employer do not have the power to change this without breaking the standard and throwing away over a decade of work.

Think user accounts but for task classes.

If I'm doing development work, I want to be able to chain together a Frankenstein of apps, toolchain, API services and so on, with full access to everything else in that specific context.

But that doesn't need visibility of my email, my banking and accounting software should have visibility to/from neither, and random shareware apps, games and movies should run, like you say, with a browser tab level of permission.

Making this work in practice while keeping performance maximised is harder than it sounds, preventing leaks via buffers or timing attacks of one sort or another (if apps can take screenshots, game over).. for now I use user accounts, but this is becoming less convenient as the major desktop OS and browser vendors try to force tying user accounts to a specific online identity.

Putting aside the philosophical issues, that statement isn't true for a few years now. It's not well known, even in very technical circles like HN, but macOS actually sandboxes every app:

• All apps from outside the app store are always sandboxed to a lesser degree, even if they are old and don't opt-in.

• All apps from outside the app store may opt in to stricter sandboxing for security hardening purposes.

• All apps from the app store are forced to opt-in, must declare their permissions in a fine grained way, and Apple reviews them to make sure they make sense.

To see this is true try downloading a terminal emulator you haven't used before, and then use it to navigate into your Downloads, Photos, Documents etc folders and run "ls". You'll get a permission prompt from the OS telling you the app is requesting access to that folder. If you click deny, ls will return a permission error.

Now try using vim to edit the Info.plist file of something in /Applications. ls will tell you that you have UNIX write permissions, but you'll find you can't actually edit the file. The kernel blocks apps from tampering with each other's files.

Finally, go into the settings and privacy/security area. You can now enable full disk access for the terminal emulator, or a finer grained permission like managing apps. Restart the terminal and permissions work like you'd expect for UNIX again.

Note that you won't see any permission popup in a GUI app if you open the file via the file picker dialog box. That's because the dialog box is a "powerbox" controlled by the OS, so the act of picking the file grants the app permission implicitly. Same for drag and drop, opening via the finder, etc. The permission prompt only appears when an app directly uses syscalls to open a file without some OS-controlled GUI interaction taking place.

So, if you want a desktop OS with a strong sandbox that you actually control, and which has good usability, and a high level of security too, then you should be using macOS. It's the only OS that has managed this transition to all-sandboxed-all-the-time.

And I'm afraid most of us are part of the system, rage-clicking away most of our days, distracted, jaded perhaps, like it historically has always been.

Look at Chat Control in the EU: they started with mandating server-side scanning. Nobody liked that so everyone implemented E2EE. Now there's a new law that adds mandatory client-side scanning.

Most of my tech-brained friends are saying "whatever, we'll just compile from source or use alternative means of distribution. But is that becomes popular, what's the next step? I'm fully expecting the EU's to then try to mandate the service providers need to ensure their apps aren't tampered with, which can only be done by locking devices down to official means of distribution and implementing end-to-end cryptographic attestation. Then we truly are out of options.

There has never been a utopian past and there will never be a utopian future. The past was riddled with despotism and many things that the average man or woman today would consider horrific. The basic principle of democratic society is to prevent those things from recurring by pitting elite factions against each other. Similarly business elites who wield high technology to gain their wealth must also compete and if there is any sign of them cooperating too closely for too long, we need to break them up or shut them down.

When Apple and Google agree, cooperate, and adopt the same policies - we are all doomed. It must never happen and we must furthermore break them up if they try, which they are now doing.

I often recommend people to kill their subscription as well because of this fact. Netflix just isn't oriented to improve their service for their users and it shows.

It won't hit any of their KPI or metrics, but their shitty behavior has a real effect. That said, most other alternatives suck as well. Killed Paramount almost immediately, can't remember why I left Disney. I think there were similar issues.

> I don't think "failing clipboards" is a problem specific to sandboxing. I think its a problem specific to flatpak. (And maybe X11 and so on.)

There are other examples.

e.g. There are other things that become a PITA on the phone. Want to share pictures between apps without them having full access to the everything. You need to manually share each picture between apps.

The point being made is that it causes usability issues. What those usability issues are will vary depending on platform. However they will exist.

> Sandboxing gives users more control. Not less. Even if they use that control to turn off sandboxing, they still have more freedom because they get to decide if sandboxing is enabled or disabled.

Anything that gets in my way is something that taken control away from me. Unfortunately giving me full control comes with dangers. That is a trade off.

> Maybe you're trying to say that security often comes with the tradeoff of accessibility? I think thats true! Security often makes things less convenient - for example, password prompts, confirmation dialogue boxes, and so on. But I think the sweet spot for inconvenience is somewhere around the iphone.

No usability and control.

BTW, Your sweet spot is a platform which is the most locked down.

> On the desktop, I want to get asked the first time a program tries to mess with the data of another program. Most programs shouldn't be allowed to do that by default.

Well I don't want to be asked. I find it annoying. I assume that this is the case when I install the program. So I don't install software in the first place that I think might be risky. If I need to install something that I might think is iffy then I find a way to mitigate it.

> But there's still often ways to make things better than they are today. For example, before rust existed, lots of people said you had to make a tradeoff between memory safety and performance. Well, rust showed that by making a really complex language & compiler, you could have memory safety and great performance at the same time.

You aren't selling it to me. I got so annoyed by Rust that I didn't complete the tutorial book. Other than the strange decisions. One thing I hate doing is fighting with the compiler. That has a cost associated with it.

I spend a lot of time fighting with the TypeScript compiler (JS ecosystem is a mess) as a result to have some things work with TypeScript you need to faff with tsconfig and transpilers. Then once you are past that you have to keep the compiler happy. Frequently you are forced to write stupid code to keep the compiler happy. That again has a *cost*.

> V8 shows you can have decent performance in a dynamically typed language like JS.

I work with JavaScript a lot. While performance is better, it isn't actually that good.

There was also two secondary effects.

- Websites ballooned up in size. Also application development moved to the browser. This meant you can lock people in your SaaS offering. Which reduces control/freedom.

- There is a lot of software that is now written in JavaScript that really shouldn't be. Discord / Slack are two of the slowest and memory hogging programs on my computer. Both using Electron.

> Those are the improvements I'm interested in. Give me capabilities and sandboxing. A lot more security in exchange for maybe a little inconvenience? I'd take that deal.

Again. It is a trade-off that you are willing to take. I am willing to make the opposite trade-off.

A working permission system would be objectively good. By that I mean one where a program called "image-editor" can only access "~/.config/image-editor", and files that you "File > Open". And if you want to bypass that and give it full permissions, it can be as simple as `$ yolo image-editor` or `# echo /usr/bin/image-editor >> /etc/yololist`.

A permission system that protects /usr/bin and /root, while /home/alex, where all my stuff is is a free-for-all, is bad. I know about chroot and Linux namespaces, and SELinux, and QEMU. None of these are an acceptable way to to day-to-day computing, if you actually want to get work done.

Politics is a spectrum. Some claim that model is oversimplified but it's not. Here you're making a left wing argument that individual bad actors must be regulated for the good of the collective. However, left politicians would look at the situation and see the opposite. They prioritize an authoritarian safety-first victim-first mindset, in which individual freedoms are sacrificed to help the weakest. But companies like Google and Apple are already doing that. And whilst you're trying to hammer this situation into a left wing framing, the number of individuals who care about the freedom to install apps from anonymous developers is very small. Trivial, on the scale of a country. They do not represent the "consumer interest" in any meaningful way.

So if you lobbied politicians this way, Google/Apple would lobby back and they'd say, we are exactly what you always demand! We're acting proactively to protect the victims by limiting the freedoms of bad guys for the greater good. And the left would be not only highly receptive to that message, but having suddenly become aware of what is technically possible would likely demand they go much further! We already see this with left wing governments banning VPNs and DNS resolutions so they can better control the internet in order to keep this or that group safe.

Which sort of politicians care about the rights of freedom-loving minorities over the safety of the collective? Libertarian politicians do. But they are themselves in a minority, and would not be receptive to an argument framed as "we must regulate the big evil corporations for the greater good", because regulation is always about removing freedoms: in this case, the freedom to design a computing device as you see fit. They probably would be receptive to an argument of the form "it is important to be able to distribute code and communicate anonymously", but prioritizing something so few people care about is exactly why they don't tend to win elections.

So there's no direct solution in politics, but the closest approximation is to support politicians who are more libertarian than average. They won't solve the problem but they will at least not make it worse, and might be open to very targeted regulations that can be framed as protecting market competition e.g. requiring unlockable bootloaders can be framed as protecting competition in the operating systems market. Meanwhile you can try and increase the popularity of platforms that prioritize freedom over safety. In practice that means demonstrating some sort of use case that the big vendors disallow, which is valuable, morally positive and requires anonymous app distribution.

Not always. The app can claim to need filesystem access and it will get it without the user knowing.

I think you could do this with capabilities!

The current model makes of security implicit, where an application can make any syscall it wants and its up to the OS to (somehow) figure out if the request is valid or not. Capabilities - on the other hand - restrict access of a resource to the bearer of a certain token. The OS knows that by invoking capability X, the bearer can make requests to a certain resource / account / file / whatever. (Think of it like unix file descriptors. You just call write(1, ...) and the OS knows what file you're writing to, and what your access to that file is.)

There's lots of ways to use capabilities to build the sort of frankenstein app you're talking about using caps. Eg, you could have a supervisor task (maybe the desktop or a script or something) that has a capability for everything the user cares about. It can create sub-capabilities which just have access to specific network ports / files / accounts / whatever. It launches subprocesses and hands the right capabilities to the right sub processes. The sub processes don't even need to know what the capability they were given connects to. They just need to know - for example - that reading from the capability gives it the data it expects to receive. Then you can do all the routing & configuration from the supervisor task.

Because all the sub processes only have the specific capabilities that were passed to them, the security surface area is automatically minimised.

SeL4 shows that you can do this without losing much performance. (In SeL4, the IPC overhead is tiny.) But as I said upthread, I'm sure there's also ways to design our programming languages to allow within-process isolation. So, for example, you can call the leftpad package without giving it capabilities held by other parts of the same program.

Capabilities can also make it easy to virtualise filesystems, the network, and so on. Or to do interdiction - and snoop on the messages being sent. Its easy because you can just make virtual network / filesystem / whatever capabilities and pass those to subprocesses.

---

There's levels to appropriate paranoia around these things of course. SSH private keys are stored in plaintext for millions of engineers around the world - sometimes probably even passed around through unsecured emails or whatnot I would guess. They're still largely more secure than user:pass on aggregate, despite that rather major peril.

So ultimately, plaintext creds are not necessarily catastrophic. But still - imo - something worth concerted effort to dissuade at least at early stages of standards' implementation.

---

Edit: also, looks like the outcome of that thread was ultimately that KeepassXC have opted to implement the spec as per[0]. Good outcome to a good request.

[0] https://github.com/keepassxreboot/keepassxc/issues/11363

Uhhh are you claiming ubuntu has a stricter app review process than apple has with the iphone app store?

google is clamping on this already so yeah

When you look at it like that, then what Google and Apple is doing does not fit this point of view. They are (extremely) powerful entities imposing themselves on the whole world.

The app review process on the appstore isn't designed for the user's benefit but Apple's benefit. There's no problem publishing a casino game but if your app doesn't pay the tax, be sure that it will be rejected.

Then there's the 1%'ers, people causing trouble, be it by being biker thugs or malware authors or toplevel pirates, actually disrupting the system but often not in a way that's good for the masses and when clashing authoritans the authoritans win due to the masses good.

And yes, the "good" for the masses is more about malware whilst DRM is more of powergrab by media industries that were unwilling to adapt.

The large adoption of those devices and standards did not lower the price.

They probably just banked on the enterprise market where every CISO was pressured to tick the hardware/2FA checkbox. And is then gonna allow to use the Microsoft/Google "software" one because it is hard to manage otherwise.

We have given capitalists more and more power pver the last few decades and instead making things better, its just allowed them to nueter the government regulations that would have prevented them from fucking common people over. The market can not solve for this the same way it cant solve for education or the military. This needs laws

Governments should be supporting this competition, or at the very least not encouraging monopolies/duopolies. Give loads of support/help to startups, small businesses. Let the large corps fund themselves.

But instead, we end up giving them huge tax breaks, anti-competitive legislation and even give them a voice in government.

> Anything that gets in my way is something that taken control away from me. Unfortunately giving me full control comes with dangers. That is a trade off.

E.g. if using open free platforms was already the norm, netflix requiring a verified OS would just result in netflix becoming unusable for most people rather than just killing a couple edgecases used by a relatively small number of people. And so it would no longer be in their financial interest. It's why we've had desktops for so long without this happening, although the pieces are finally being put in place to make it a reality.

I wouldn't call it utopian, but I'd say we are way past "peak democracy" at this point.

There was a time in which corporations did get broken up when too large, when we did understand that it's about serving the population first and accumulating wealth after that, when corporations influencing politics was widely seen as a negative. It does seem to me we are now way past that.

This one isn't even hard to argue against; Apple being a good steward for its storefront was true in 2011. It is no longer true today. I'd consider a tech-illiterate user less likely to randomly lose a lot of cash by using different storefronts from the Apple App Store (or again, the Google Play Store), if only because those different storefronts actually do a bit of curation instead of focusing on quantity over quality.

[0]: Most of the ones listed here apply that aren't "non-free dependency" or are meant to be a category filter like NSFW. I'd also throw in "microtransactions to unlock basic functionality", but F-Droid effectively bars those with other inclusion rules. https://f-droid.org/docs/Anti-Features/

They make you use this separate device to scan a color qr code generated by the app. The details of the transaction you're authorizing are then displayed on this completely decoupled device, no internet, nothing. After keying in your pin you're given an OTP to put back into the app to authorize.

And I haven't checked, but I'm sure the 'payload' the qr code conveys is signed.

There is a big difference between basic memory protections and what was being discussed.

This is the issue with a lot of people that work in software. They take the most ridiculous interpretation because "that is technically" correct while not bothering to try to understand what was said.

Anything that is proposed has a cost associated with it (time, money). That always has to be weighed up against any potential benefit.

You only need to learn how to start a browser. You're a little behind the times, today browser is the OS.

Lots of services that don't support passkeys currently require remote attestation. Boycotting passkeys (an open, possibly beneficial tech that doesn't require remote attestation) will not prevent bad actors from requiring remote attestation (with or without passkeys).

It's also become a much more niche product as software based (and/or primary-device-hardware-based) solutions have evolved & improved. & niche costs more.

All that said I'm really not sure why they've been so quiet on new series releases.

That is because Windows for the most part manages itself and there are enough IT professionals, repairs shops and other third support options (including someone that is good with computers that lives down the road) where people can problems sorted.

This is not the case with Linux.

> These days, users can run a friendly GNU/Linux distribution not knowing how it works. So, disagree with you here.

Sooner or later there will be an issue that will need to be solved with opening up a terminal and entering a set of esoteric commands. I've been using Linux on and off since 2002. I have done a Linux from Scratch build. I have tried most of the distros over the years, everything from Ubuntu to Gentoo.

When people claim that you will never have to know how it works. That is simply incorrect and gives a false impression to new users.

I would rather that other Linux users tell potential users the truth. There is trade off. You get a lot more control over your own computer, but you will need to peek under the hood sooner or later and you maybe be on your own solving problems yourself a lot of the time.

What happens when the browser update fails because the package database got corrupted?

What happens when a lock file stop the whole system updating because of a previous iffy update?

You are going to need to drop to a terminal and fix that issue or reinstall the whole OS.

Either way you are going to need to know something about how the machine works.

There are laws on the books, Google's breaking them, and it's just forging ahead with more of this anti-consumer control crap anyway. Google's unique in American history, it has recently been ruled an illegal monopolist in two cases in two markets and a third ruling against them in a third market is likely to drop soon. Even Standard Oil didn't achieve a rap sheet like Google's.

Yeah of course we need government action and I'm calling for that. But people need to realize that this monster is way bigger than just passing a law. The judges need to be choosing harsher remedies including a breakup. The enforcement apparatus needs to be stronger, willing and able to seize direct control of the company if it doesn't comply or complies maliciously. EVERYTHING in the system needs an upgrade because Google is so uniquely huge and criminal in the context of American history.

They are a different, far larger and more intractable problem than your standard, garden variety corporate criminals and extreme measures are needed to rein them in.

Now, imagine a future where the Web platform didn't become a duopoly and Phone+Tablet+PC OSes didn't become a triopoly. A half dozen vendors globally for one, and a different half dozen for the other. That's a very very different world where someone is going to carve out plenty of market share by letting you continue to install your own apps even if they're ad blockers or whatever else you would like. You just wouldn't get 12 companies plus the US, EU and Chinese governments or whoever to all agree on a single platform. We need the big guys to fight. We need the market to be divided. We need competition. We need to slay Google and never have another Google again.

You don’t have the right to other people’s content - especially for rental content in the case of Netflix.

Even if you don’t agree with that, do you really think that Google should allow Google Wallet run on hardware where they can’t verify the security? No one in the payment chain would trust Android devices. Credit card terminals and every one else has to fall under compliance regulations.

The banks are liable for fraud. Are you okay to say if use unverified hardware to use banking services they aren’t liable for any losses?

And are you going to force app developers to support all of these platforms?

So you need to install Qubes OS for them?

I mean, why do you need us to repeat these very well publicized convictions that have been all over the news? They've been found guilty of anti-trust violations in multiple cases in multiple American markets. The details are just a Google search away... Are you disputing the court rulings that Google possesses a monopoly? Which court?

Personally I think there are technological preconditions for stable democracy that have recently been countered by authoritarian leaning technology. We need to invent counter technology to those things.

I think you're simplifying a few things here, mainly the amount of different views that are under the umbrella you're classing as "left-wing" (some of which will fit your categorisation, and some won't) and the amount of different issues under the umbrella of "running your own things".

What I'm trying to say is that there's multiple arguments to be made along the lines of "large companies can and should be restricted from blocking out freedoms of smaller companies and individuals". There's a big economic argument to allowing competition, and I think that's something that unites a lot of thinkers you'd probably class as right wing, as well as the traditional left.

You're not wrong, but technical artefacts can be an important step in the right direction. I came to my bank, showed them my Librem 5 phone and asked where I can download an app for it. It was a much clearer message than "but Android isn't free!" (which is of course true). I do the same with governmental services. It also makes it much easier to explain to ordinary people that the choice must not be artificially restricted to just two megacorps.

This isn't a surprise. A vocal minority have been saying the same ad infinitum.

The need hasn't changed, and won't change; however there's a strong likelihood we'll get to a point where action isn't possible because we've passed the point of no return.

We need agreement to ensure the large corporations adhere to these.

Sure, locking down the OS in this way is more secure, but it's also very restrictive and personally I don't think the added security justifies this. Lock picks do exist, but I am still entirely content with a single lock on my front door. I do not need an extra biometric sensor or camera or security representative standing outside my door to check id's of people passing by in order to consider myself reasonably safe.

Maybe this is cultural/geographical, but I've yet to hear of anyone who lost access to their mail or had unauthorized access to their bank account as a result of malware. I'm sure you can find examples, but I do not consider this an attack vector that is prevalent enough to warrant requiring signed apps or preventing manual installation.

I recently requested those rights again because I needed to install something new for a PoC I was working on, and that wasn't allowed anymore. But during onboarding I had those rights and installed homebrew to more easily install dev tools, and homebrew keeps its admin rights to install stuff in a directory owned by admin. So that circumvents this whole security model (and I did, for my PoC).

The problem is that it's all or nothing. Homebrew should have the right only to install in a specific directory. Apps shouldn't automatically get access to potentially sensitive data. Mobile OSs handle that sort of thing more granularly. Desktop OSs should too.

Because the overly restrictive security rules at my work are little more than security theatre when it's so easy to circumvent.

It's like having an automated turret on your lawn because sometimes people bring bad snacks to your dinner parties.

Here are the big, recent U.S. antitrust rulings against Google, with what each court actually decided and where things stand:

#1 Search monopoly (DOJ v. Google – “Search” case) — liability found (Sept 2024) A federal judge found Google illegally maintained monopolies in general search services and general search text ads, violating Section 2 of the Sherman Act. Remedies are being handled separately.

#2 Open-web ad tech (DOJ & states v. Google – E.D. Va.) — liability found (Apr 17, 2025) The court ruled Google monopolized multiple digital advertising technology markets (tools used by publishers and advertisers), harming publishers, competition, and consumers. Remedies proceedings are underway.

#3 Android app distribution & in-app billing (Epic Games v. Google) — jury verdict + injunction affirmed on appeal (Dec 2023 → Oct 2024 → Jul 31, 2025) A jury found Google violated antitrust laws through exclusionary Play Store practices and tying Google Play Billing. The trial judge issued a nationwide permanent injunction (Oct 2024) requiring Google to open the Play Store to rival stores and payment options; the Ninth Circuit unanimously affirmed (Jul 31, 2025).

Case #3 is the direct answer to your question, but I want to again point out that the really serious problem is how Google has abused its market power in MANY US technology markets, and found guilty of these abuses independently by multiple judges in a short span of time, a feat of criminality even Standard Oil failed to achieve. This is why a historic level of action against Google, probably greater than that taken against Standard Oil, needs to be taken.

It's all in the court cases and it's all available publicly online for the interested public to read.

Edit: also, this comment is already too long, but in case it doesn't stand out as obviously to everyone else as it does to me, Google now introducing an additional layer of Google approvals above the multiple app stores that the court is forcing them to accept in case #3 is so amazingly, obviously a telegraphed case of malicious compliance, they are not even trying to hide it. This is the kind of thing I'm talking about when I'm saying passing more laws is part of the solution but not nearly enough on its own.

Today, when we have significantly fast tools, more standards, more shared knowledge, and MUCH more noney moving through the ecosystem, yet somehow it’s harder to support more platforms.

There’s a problem either at the level we’re talking about (the mono/duo-polies), or perhaps one level higher (national economies). My hunch is that it’s the same problems that are widening wealth gaps the world over (not just in the tech industry), but I’m open to other ideas.

New technology doesn't change anything about social institutions - the most powerful groups before the technology was invented simply own the technology after it's invented and use it to further cement their power.

I think the luddites were on to something. We don't need technology, we need humans doing things a little differently, maybe even doing bizarre things like setting factories on fire. Personally I hope we can try other things before setting factories on fire, see Keith McHenry's version of The Anarchist Cookbook for peaceful resistance solutions as well.

The point is though without a restructure, new technology doesn't liberate, in fact it further entrenches existing power structures.

Agreed, although I don't think that's entirely true, its just that post-smartphones we no longer have any political agency over a significant volume of the new traffic. Much of the new traffic represents that faction of people who initially mocked the internet as "nerd shit". But we don't have to get discouraged by our smallness here.

Rather we can offer a sub-system that satisifes our demands and is an open door to those willing to find it. We could try to fight our corner, but unless we're incredibly organised, its unlikely they'll listen due to how less relevant we are, now that all the normies transitioned online.

So we either jump ship to other, more permissive platforms and help make them good by developing software that closes the gap, or we counter by attacking the systems that prevent people from installing software on the device they have bought.

We just shouldn't expect the general population to care about our problems en-masse because they never have and never will. We will make a difference by creating an alternative sub-system that is poised to grow when the giant crushing machine stumbles at some point in the future.

We can't hate people for picking the parental wing of Apple because for most normies they don't enjoy the freedoms of technology, its the choice and difficulty that they conversely find oppressive.

Car manufacturers today have a lot of standards that I expect would make competition from any new contenders harder not easier. Tesla would be an example of that, they did survive but the industry thought it was never going to work precisely because of all the standards and regulations required.

On the other hand, early car manufacturers didn't have standards and shared technology stacks. At that time new car makers popped up everywhere and we had a ton of competition in the space.

Open standards are good for the consumer and good for any features that require interoperability. It has nothing to do with competition though.

An expensive iPhone ships with iOS and a rigid security model.

If you tap the `about` button 16 times and click a confirmation dialog, you disable certain security mechanisms against arbitrary software installation. Do something else easy but impossible to do accidentally, and you unlock the bootloader. You progressively lose portions of your warranty in doing so.

This is the path I think we should be going down.

Or are you talking about a very specific industry, because the thread sounds like it is all society or "Late capitalism" which I disagree with.

Virtual memory probably isn't what you meant, but take something like user privilege separation. It's usually considered a good idea to not run software as root. To interpret the statement generously, privilege separation does restrict immediate freedom: you have to escalate whenever you want to do system-level changes. But I think josephg's statement:

> Sandboxing gives users more control. Not less. Even if they use that control to turn off sandboxing, they still have more freedom because they get to decide if sandboxing is enabled or disabled.

can be directly transposed to user privilege separation. While it's true that escalating to root is more of a hassle than just running everything as root, in another sense it does provide more control because the user can run arbitrary code without being afraid that it will nuke their OS; and more freedom because you could always just run everything as root anyway.

Maybe josephg's sense of freedom and control is what you're saying there is a trade-off between. But the case of privilege separation shows that some trade-offs are such that they provide a lot of security for only a little bit of inconvenience, and that's a trade-off most people are willing to make.

Sometimes the trade-off may seem unacceptable because OS or software support isn't there yet. Like Vista's constant UAC annoyances in the case of privilege separation/escalation. But that doesn't mean that the fundamental idea of privilege levels is bad or that it must necessarily trade off too much convenience for control.

I think that's also what josephg is suggesting about sandboxing. He says that the clipboard problem could probably be fixed; then you say, "but there are other examples". What remains to be shown is whether the examples are inherent to sandboxing and must degrade a capabilities/sandbox approach to a level where the trade-off is unacceptable to most.

If there were anything better and as easy to use as Chrome, I'd switch.

This is of course demonstrably untrue. Marshall McLuhan devoted his life to illuminating how technology changes society. The printing press, radio, television and the Internet have all undoubtedly changed our social institutions. It's hard to imagine secular democracy ever becoming a thing if we hadn't been able to mass produce books and newspapers, and writing manuscripts had remained mostly under the control of the Church. It seems less probable that the Nazis would have come to power if not for the immense skill Goebbels and Hitler had in the use of radio. And I doubt Trump would have been elected if he hadn't known how to press people's buttons so well on social media.

Let's not forget that more ancient things like fire, agriculture and accounting are also technology that irrevocably changed humanity and put new people in power. Or take a look at how railroads remade American society. Or how sufficiently advanced sailboats placed half the world under the thrall of colonialism...

Absolutely there can exist technologies which are anti-democracy, and surveillance technologies are exactly that. You become afraid to say or write the wrong thing in public, and then to say or write it in private, and then to even think it, and finally the thing is forgotten. I felt like Orwell made the point well enough in 1984.

All that said I don't see technology saving us from our current problems, it needs to be invented, it needs to mature, there needs to be adoption. One might imagine mesh networking and censorship proof distributed messaging or something having an influence on society but we simply aren't there yet.

It is simply that, eventually, people learn how to use technology to their advantage.

Company A gave me sudo access and I could do anything I wanted.

Company B locks down everything, no sudo, no brew, nothing. But I do get a big VM with root to do anything I want. There is an approved "appstore" of many different varieties of IDEs/tools.

TLDR: Not having brew is not a problem, and /can be/ a better experience if done right.

It took a couple weeks to shift the mental model but I have no problems. The dev experience is quite good because they provide all the libraries you need to do your job.

We only need that the standards are open, and described clearly enough for a schoolchild to implement, and that we are not prevented from adding additional protocol support to systems we acquire.

Hardware protocols are a bit different, but I actually dislike the USB-C standardisation. We already had better de-facto standards (e.g. small, "fixed-function" devices like feature phones and e-readers all use Micro USB-B for charging). Our problems were mainly "this laptop barrel charger is incompatible with this other laptop barrel charger", and proprietary Apple connectors.

The most important hardware protocol is power supply, which we can fix by requiring well-documented, user-accessible contacts that, when sufficiently-clean power is applied to them, will power the device. These could be contacts on the motherboard (for something designed to be opened up), or something like Apple's Smart Connector (without the pointless "I'll refuse to charge until you handshake!" restriction).

Requiring open, well-documented protocols which aren't unnecessarily-complicated is imo more important than requiring standard protocols.

They’ve had something like that for a long time on Android, and I think it’s a reasonable middle ground between making the platform open and closed. But as far as I know, Apple never did something like that on iOS.

Has there even, ever, been an instance of that happening?

Banks on the other hand have so much more control over my life. With their apps being locked to the two major mobile OS I have many hoops to go through when I want to use an alternative one. It's not impossible yet, but it becomes very cumbersome to do so.

It's crazy if you really can't

im a older millennial, so i have older parents and young kids. My father could not bother with a smartphone or does not care about internet at all. My mother uses whatsapp and everything after initial year she is quite handy with it. Im not scared about her, im more scared that she is reading AI slop.

My kids are now at the age where a lot of the pears are getting a smartphone for them im not giving them a smartphone. If i give them a smartphone in a year or i will be using parental controls.

If your system requires extraordinary political efforts from large numbers of people, your system will fail. We are the elites, we have to oppose this. If Netflix asks us to implement this kind of DRM, we have to resign. If Facebook asks us to implement sophisticated surveillance, we have to resign. Etc. etc. We can't keep cashing the checks and then point to the body politic like "I beg you to stop me".

Sometimes this system may have warts like not getting to watch Netflix on your Switch, but that seems like a small price to pay for respecting individual autonomy.

Wait, what?

If a particular product is tied to a specific proprietary tech stack, then the consumer is also tied to specific suppliers. This is known as vendor lock in.

Microsoft used this approach with Internet Explorer back in the old days; ensuring that it provided proprietary elements and implementation, that would encourage developers to provide websites that only functioned using their browser.

Open standards allow choice.

Any standard that is developed closed-source and is protected or proprietary, can and will prevent consumer choice further down the line.

Interoperability of data, choice between vendors, and the ability for smaller players to compete with established larger players are all directly negatively affected by a lack of open standards.

I also don't believe more people get scammed on PC compared to mobile platforms. Scammers go where the most naive people congregate.

A sensibly configured Linux system is very secure compared to your mobile device. No security model can really shield against user stupidity. The people would need completely different devices as they simply aren't fit to use a computer. My parents are the same, but I won't accept a bad compromise of an OS just because they essentially need other devices.

At some point a user will be asked to allow execution of code they got through some fishy mail. There is no defense against that other than for the user sticking to books.

That or the OS settings for said script will need to be handled. That is time and money.

In software, the problem is closedness, protectionism, and undocumentedness, not proprietary wheel reinvention.

Won't satisfy developers for long though because it cannot work.

The problem is that mobile OS security systems isn't fit to develop anything but shit. It is simply no solution for desktop.

It really wasn't. It isn't hard to understand what was meant.

> Virtual memory probably isn't what you meant,

No it wasn't and there is no need to put "probably". It was obvious it wasn't.

> can be directly transposed to user privilege separation. While it's true that escalating to root is more of a hassle than just running everything as root, in another sense it does provide more control because the user can run arbitrary code without being afraid that it will nuke their OS; and more freedom because you could always just run everything as root anyway.

The difference is that there are very few things I need to run as user directly daily as root on my Desktop Linux box. I can't think of anything.

However having to cut and paste a meme into ~/Downloads so I can share it on Discord or Slack is a constant PITA. If you sandbox apps you have to restrict what they can access. There is no way around this. The iPhone works the same way BTW. I know I used to own one. You either have to say "Discord can have access to this file", or you have to give it all the access.

> Maybe josephg's sense of freedom and control is what you're saying there is a trade-off between. But the case of privilege separation shows that some trade-offs are such that they provide a lot of security for only a little bit of inconvenience, and that's a trade-off most people are willing to make.

No they are a false sense of security with a lot of inconvenience. The inconvenience is inherent and always will be because you will need to restrict resources using a bunch of rules.

> Sometimes the trade-off may seem unacceptable because OS or software support isn't there yet. Like Vista's constant UAC annoyances in the case of privilege separation/escalation. But that doesn't mean that the fundamental idea of privilege levels is bad or that it must necessarily trade off too much convenience for control.

There are many things that seem like they are fundamentally sound ideas on the face of it. However there are always secondary effects that happen. e.g. Often people just ignore the prompts, this is called "prompt fatigue". I've literally seen people do it on streams.

Operating systems are now quite a lot more secure than they were. So instead of going for the OS, most bad actors will use a combination of social engineering to gain initial entry to the system. The OS security often isn't the problem. Most operating systems have either app stores, some active threat management.

If you are running things from npm/PyPI/github without doing some due diligence, that is on you. This is well past what non-savvy user is likely to do.

> I think that's also what josephg is suggesting about sandboxing. He says that the clipboard problem could probably be fixed; then you say, "but there are other examples". What remains to be shown is whether the examples are inherent to sandboxing and must degrade a capabilities/sandbox approach to a level where the trade-off is unacceptable to most.

It is inherent. It obvious it is. If you want to share stuff between applications like data, which is something you want to do almost all the time. You will need to give it access at least to your file-system. The more of this you do, you will either have to give more access or having to faff moving stuff around. So either you work with a frustrating system (like I have to do at work), or you disable it.

So what happens is you only have "all or nothing".

That is not true. It is understandable that you believe it because it gets repeated a lot, but those repeaters are doing what you are, namely repeating what they heard (and sometimes what they want to be true) without sufficient actual knowledge of what they are talking about.

Quite simply, the first three problems are actually caused by proprietary wheel reinvention.

It is true about the size.

Sill I do not understand the price difference between 5C Nano [0] and the PIN+ Mini-C [1]. 3 to 4 times more expensive depending on the currency.

- [0] https://www.yubico.com/pt/product/yubikey-5-series/yubikey-5...

- [1] https://www.token2.com/shop/product/pin-mini-c-release3-1-fi...

At least two independent people understood you in the same way. So just dismissing it isn't productive.

> PITA. If you sandbox apps you have to restrict what they can access. There is no way around this.

This has nothing to do with freedom though.

> You will need to give it access at least to your file-system.

On Qubes, you copy-paste with ctrl+shift+v/c and nothing is shared unless you actively do it yourself. It becomes a habit very quickly (my daily driver). Sharing files is a bit harder (you send them from VM to VM), but it's not as hard as you want it to look.

I think you're also assuming the only competition that matters is long term. In the short term the potential for locking users into your own ecosystem can incentivize short term competition.

Long term competition seems like a good goal, but that assumption wasn't part of it at the beginning of this chain.

It isn't fortune cookie wisdom and no it isn't "too generic". It is something that fundamentally wasn't understood by the person I was replying to from their comment. I also don't believe you really understand the concept either.

> But we’re not discussing CS theory 101.

No we are not. We are discussing concepts about security and time / money management.

> In this case in particular, what is the cost exactly? Is it a cost worth paying?

You just accused me of "fortune cookie wisdom" and "being too generic". While asking a question where the answer differs dependant on the person / organisation.

All security is predicated on what you are protected against. So it is unique to your needs. What realistically are your threats. This is known as threat modelling.

e.g. I have a old vehicle. The security on it is a joke. Without additional third party security products, you can literally steal it with a flat blade about two inches long and drive away. You don't even need to hot-wire it. Additionally it is highly desirable by thieves. I can only realistically as a individual without a garage to store it in overnight, protect it from an opportunist. So I have a pedal box, a steering wheel lock, and a secret key switch that turns off the ignition and only I know where it is in the cab. That is like stop an opportunist. However more determined individuals. It will be stolen. Therefore I keep it out of public view when parked overnight. BTW because of the security measures, it takes about a good few minutes to be able to drive anywhere.

Realistically. Operating system security is much better than than it was. It is at the point that many recent large scale hacks in the last few years were initiated via social engineering to bypass the OS security entirely. So I would say it is in the area of diminishing returns already. So the level of threats I face and most people face, it is already sufficient. The rest I can mitigate myself.

Just like my vehicle. If a determined individual wants to get into you computer they are going to do so.

> The moment you think you are safe. Is when you are most unsafe.

This is demonstrably false. Qubes OS has the lowest number of CVEs, even less than that of Xen. Last VM escape in it was found in 2006 by the Qubes founder (it's called "Blue Pill").

Also: https://news.ycombinator.com/item?id=27897975

Yes, they are. Show us a counter-example.

Two main players. No choice.

Sure, it is circumstancial security, but exploits exist for mobile devices as well.

>Sooner or later there will be an issue that will need to be solved with opening up a terminal and entering a set of esoteric commands.

That's what I did to export drivers from previous windows installation in suspicion of regression.

Might be a tough sell for the volunteer open source community ("linux & friends") to work on such an alternative "locked down" computing experience. Free and open source software is usually more focused on unlocking use cases, not locking them up.

That all said, I basically consider macOS to be a locked down computing experience. So that's my solution for older people.

It's not a perfect solution but the Apple closed ecosystem is better designed for the limited use cases of the elderly. Rely on iCloud and built-in Apple approaches to data security as much as possible.

For example, an iMac and an iPhone can get all "adulting" use cases done, including typing/receiving emails, printing documents, online banking, government services, and so on. Apple Passwords plus Face ID helps to simplify password-based security. My biggest issue is getting TOTP-based two-factor adopted. Apple Passwords supports this but I usually have to do remote tech support to get it set up initially. It's also annoying that right now, the current generation of iMacs don't support FaceID, because that would simplify authentication across the two primary platforms (desktop/mobile).

I would never use this setup myself since I like to run F/OSS everywhere as much as possible. But I am realistic about tech expectations for the elderly who just want to live their life with minimal investment in learning about data/software security.

But you're right, along with other commenters, that it's dangerous for society to rely on a monopolist technocorporate overlord (or a pair of overlords forming a de facto duopoly) for the basic administrative tasks of adult living and lawful citizenship.

Two people that we are aware of.

BTW, I often encounter this when talking to other techies. People go to the most ridiculous extremes to be contrarian. Often they don't even know they are doing. I know because I used to engage in this behaviour.

So I feel like I am well withing my rights to dismiss it.

Maybe it’s just a bad example, but why would this be true? As a private company delivering entertainment, they can have any restrictions they want as a condition to selling to you.

There is nothing and I mean nothing that is completely secure.

It's called "social cooling": https://news.ycombinator.com/item?id=24627363

> but we simply aren't there yet

Actually, I2P is already here. It should be promoted more.

Installation is not the same as support and isn't the same as trouble shooting.

That why people distro hop. They keep on installing thinking that distro X will solve there problem. It may do, but it frequently has it own problems.

> That's what I did to export drivers from previous windows installation in suspicion of regression.

Which is unusual situation. It isn't unusual situation in Linux.

You're not wrong, but dismissing security because there are always other threats is just security nihilism. See my link.

There's an entire subsection of the security industry dedicated to this happening. The DefCon international security conference holds an on-stage competition where security researchers demonstrate this happening to real targets in real time in front of a live audience.

Technology, its development and production, is one thing that they control.

The rest of the population (the nonbillionaires) is another thing that they seek to control. It's near the top of their list.

Phones, internet and social media are tools for controlling us. Arguably. Right?

A study was done a while back of average user competence and when given the task of arranging a meeting in a calendar app for a time where all participants could attend (given calendar conflicts) a meagre 5% of participants succeeded. The bar is tragically low for technical literacy and 95% of people (ballpark) fail to clear it. I'd imagine the first time these sorts of people are aware of side-loading is when they get scammed by being told to side-load some malware. So for these people they wouldn't even notice their digital rights being eroded or taken away completely, because they don't even understand how or why they'd be important.

The web browser is an important attack vector, and there are no Linux distros that sandboxes the browser anywhere near as effectively as Android and ChromeOS do except maybe Qubes, but Qubes is stuck using X for the display server and using Zen, both of which have been abandoned by their maintainers and aren't receiving enough maintenance attention to fix security vulnerabilities. I.e., Qubes's reputation for security probably comes from the fact that it was relatively secure many years ago.

Android and ChromeOS use selinux to sandbox the browser. Fedora uses selinux, too, but it only sandboxes server software: any program including a web browser started by the user is unconstrained (unaffected) by Fedora's selinux implementation.

The kernel is another important attack vector (and Linus has always been bored by and impatient with security considerations.)

Ditto the C library. Note that GrapheneOS uses a special, hardened C libary (which in the last few years has migrated to at least one security-focused Linux distro, namely, secureblue, but of course none of the people that show up here on HN proudly proclaiming that Linux is more secure than iOS or Android use secureblue, and the lead of the secureblue project freely admits that MacOS iOS Android and ChromeOS are more secure than secureblue is).

You know how one of the arguments for Wayland is the fact that there is no way to prevent any process from reading the contents of any X window? Well, to actually achieve this "window privacy" inherent in Wayland requires active support from the compositor, and Gnome has the only Wayland compositor that actually provides this support.

Till the vulnerability started getting exploited some time last year, anyone could upload a theme to KDE's theme store that could run arbitrary code when the user chose to install it. No one was reviewing uploaded themes for malware or warning users of the danger.

Hyprland uses a trampoline (files at a known location in the file system that are occasionally executed by Hyprland) for reasons that are hard to explain if we assume that Hyprland's maintainers care anything about security.

Why round trip it through the file system or Files.app? That seems like extra (annoying) work On my iPhone, I copy the meme onto the clipboard and then I open discord/slack/signal/Whatsapp and find the right channel/chat, and paste right in there.

1. Is the "big VM with root" running macOS itself, or a different OS?

2. Do you do any work on the bare metal version of macOS, or do you just start the VM in the morning and do everything from there?

3. How do you experience the performance/UX of the VM?

4. Do you know why Company B IT has set up this VM solution, instead of a plain old MacBook locked down with Apple's enterprise management tools?

5. Can you explain more about the App Store? Is it the actual Apple App Store but restricted to a curated set of apps, or is it a different system? If so, is the store a custom in-house thing or is it provided by a vendor?

The meme is still alive that windows accumulates garbage and becomes slower with time, so you need to reinstall it periodically. Reinstallation is also how you fix regressions, because ms is busy with cloud services.

>It isn't unusual situation in Linux.

As I remember, on linux I have an ample choice of kernel versions, but I didn't encounter regressions. For windows intel provides only the latest drivers.

I don't want to be mean, but this isn't a great counterpoint.

Standards can be (and are) developed cooperatively and these still allow and encourage progress.

Google blesses malware all the time because otherwise they would go bankrupt. They're an ad company, not a security company.

Windows is the least "manage itself" OS out of all OS available today. It needs pretty constant maintenance and esoteric enchantments to keep trucking.

What's even the point of me being alive is I can't do anything that isn't completely idiot-proof and made for goo goo ga ga users?

Look, I get it. Think of the children! Think of the granny!

But I'm not a child, I'm an adult. I would like to be treated as such. Otherwise what the fuck are we even doing here? Why can't I just live in daycare forever? Why am I paying bills?

The problem is not primarily technological, it is a problem of rule of law. Google is a serial violator, found guilty multiple times. So it is a failure of enforcement of law (unless government actions in the near term end up being very dramatic).

If someone points a gun to your head, I guess you could solve that by inventing a personal forcefield. But until you do, we need law enforcement as a deterrent against murder. Otherwise murderers will just keep on doing it.

Once upon a time, Jabber was the messaging protocol. But what killed interoperable instant messaging wasn't a shift away from Jabber: it was a shift away from interoperability. Requiring all chat communication systems to be Jabber wouldn't have helped, and it would have prevented IRCv3.

This is the core proposition!

The benefit of open standards here, is to the consumers of these standards .. not the engines.

Open standards allow the consumers (websites / apps) to be able to benefit.

The printing press resulted in the first ultrapowerful media companies that were able to capitalize on later revolutionary technologies such as radio and television (for those nimble enough to keep up with the times). Even in that era the newspaper was leveraged to serve the needs of the wealthy and solidify their power. Countless unpublished books that couldn't get picked up by the publishing houses. And the end game of those media technologies is Rupert Murdoch, Disney.

You are right, power shifted from the church to other Capital holders. And the laborers continued to labor at the whim of some new master.

Railroads led to Standard Oil and America's first ultra powerful monopolies, laying rail to serve their needs (or wasting rail to suck money from the government) rather than the needs of the people.

Sailboats created the East Indian trading company and actual corpotocracies, as you said.

Incredible changes to society in so many ways except perhaps the most important, and that's my point: it won't be technology in the end. It wasn't technology that led to the syndicalization of pre Franco Spain, or the revolutions in Russia and the ROC, or the development of the Paris commune, events that signify some of the few brief times in our history that the core paradigm was shifted if only briefly.

Today the main problem is social engineering and scams. The disadvantage of mobile OS are too great to justify bad approaches to desktop systems or security in general. And for browsers that means the security threat isn't some arcane media decoder, it is the well made phishing site.

But my argument is more that perhaps I don't want window privacy because it doesn't fit my security needs and reduces functionality and access. And one assumption in that is that one compromised app can compromise the whole system in the worst case and believe risks must be mitigated elsewhere. In case of doubt, I can reasonably sandbox something I execute myself, if the need is warranted.

I would love a good file explorer for my mobile device. But file access is restricted. How many hours wasted to bad security...

And how is interoperability possible without agreed standards?

Of making people export all their credentials from a password manager and send them to a scammer?

If you insist that using software with trampolines means not "caring anything about security", I'm afraid it's a you problem. I'll still be happy to hug my partner when she comes home regardless of what germs might have been on a tram's seat she was sitting on on the way there, regardless of whether someone thinks that this means I don't care anything about health (I'm sure someone does).

In case someone needs it spelled out: I do care, but there are other things I care about too and I won't let some minuscule threats ruin them.