We should have the ability to run any code we want on hardware we own

It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.

This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.

The reason is that the desktop PC security model is deeply flawed. In modern desktop operating systems, we protect user A from user B. But any program running on my computer is - for some reason - completely trusted with my data. Any program I run is allowed to silently edit, delete or steal anything I own. Unless you install special software, you can't even tell if any of this is happening. This makes every transitive dependency of every program on your computer a potential attack vector.

I want computers to be hackable. But I don't also want my computer to be able to be hacked so easily. Right now, I have to choose between doing banking on my (maybe - hopefully - safe) computer. Or doing banking on my definitely safe iphone. What a horrible choice.

Personally I think we need to start making computers that provide the best of both worlds. I want much more control over what code can do on my computer. I also want programs to be able to run in a safe, sandboxed way. But I should be the one in charge of that sandbox. Not Google. Definitely not Apple. But there's currently no desktop environment that provides that ability.

I think the argument against locked down computers (like iphones and androids) would be a lot stronger if linux & friends provided a real alternative that was both safe and secure. If big companies are the only ones which provide a safe computing experience, we're asking for trouble.

With the iPhone they get the risk of answering to a scam call or scam sms and giving them the access of their bank account.

Ubuntu is almost bullet proof for beginners.

In fact, that's what I've done for my parents and I had to retire the computer and get another one because it's the hardware which became too old after 15 years of running Ubuntu without any problem.

Security for users isn't just about bootloader expoits.

Even on an iPhone without a sim card, they can download one of the scam casino games from the appstore and give away a lot of money, on Ubuntu they can't do that.

There's more to security than just bytes.

The threats to your average user isn't a bootloader exploit built by some Israeli firm but privacy breaches, social engineering and scams.

Like, iOS makes most unsafe actions incredibly clear. Apple pay always requires the user to double tap the power button. The OS makes it impossible for an application to charge you money through apple pay without an explicit user action.

Phone apps also can't take control of my entire device, or steal my cookies or cryptolocker my hard drive. Any program you download and run from the internet on a desktop computer can do all of this stuff and more. We shouldn't allow that stuff by default on desktop computers either.

Phones have the right idea. I just don't want Apple and Google to be the only ones who can modify the system at the OS level.

And then no, it's not clear for me (even as a developer!) how data transfer between apps work, how the advertising id works and how much data Apple and Google really have that they shouldn't. If it's not clear to me as a software engineer, it certainly isn't for your average user.

The browser is just a much easier mental model, especially that I can install an ad blocker on it to make them safer, which I can't on mobile apps.

> Phone apps also can't take control of my entire device, or steal my cookies or cryptolocker my hard drive.

It never happened once with my parents in 15 years of running Ubuntu. Even if that stuff somehow existed, I don't think they would have the tech knowledge to mark the downloaded virus as executable anyways.

I'd like that security model to be the default for desktop apps on my computer as well. Its weird that davinci resolve and spotify and all the rest have full access to look through all my files.

> It never happened once with my parents in 15 years of running Ubuntu.

Probably just because so few regular people use ubuntu, scammers & malware authors don't bother targeting it. Still good for your parents though!

That's how it works on Ubuntu, proprietary apps are usually distributed through snaps which are sandboxed. And unlike on mobile, the OS doesn't have an advertising ID or built-in ad networks.

Normal apps don't need that though because there's a chain of trust which doesn't exist on mobile.

> Probably just because so few regular people use ubuntu, scammers & malware authors don't bother targeting it. Still good for your parents though!

No, it's because the bar on publishing on Ubuntu is much much higher than on an iPhone. Nobody would ever accept those scam casino games on Ubuntu.