We should have the ability to run any code we want on hardware we own

(hugotunius.se)

2071 points K0nserv | 3 comments | 31 Aug 25 21:46 UTC | HN request time: 0s | source

Show context

fastball ◴[01 Sep 25 01:29 UTC] No.45088616[source]▶

Much harder to make a secure device that is resistant to getting pwn'd if you can run any code you want. I personally prefer my iPhone to be more secure than to be more open.

Buy a more open phone if you want one, but stop trying to use legal means to force the software on my phone to be worse for my use-case just because you want to have your cake and eat it too.

replies(3): >>45088800 #>>45089004 #>>45090488 #

Aachen ◴[01 Sep 25 07:47 UTC] No.45090488[source]▶

>>45088616 #

Nobody said that...

You can keep your device enslaved to Apple all you want. You don't have to use the administrator permissions on Windows if you don't want them. Some of us do want freedom

You've got it completely backwards that having the option to control your hardware means you, as an individual, are impacted by anything at all if you don't want to administrate your own device

replies(1): >>45090508 #

fastball ◴[01 Sep 25 07:50 UTC] No.45090508[source]▶

>>45090488 #

How do you enable administrator permissions on your Windows computer?

replies(2): >>45091028 #>>45091259 #

Perz1val ◴[01 Sep 25 10:00 UTC] No.45091259[source]▶

>>45090508 #

Depends on settings, but usually just click "Ok" in a popup

replies(1): >>45091992 #

1. fastball ◴[01 Sep 25 11:55 UTC] No.45091992[source]▶

>>45091259 #

Indeed. Doesn't sound particularly secure to me.

replies(1): >>45095403 #

2. Aachen ◴[01 Sep 25 18:40 UTC] No.45095403[source]▶

>>45091992 (TP) #

And yet online banking still is a thing. If they're banning Android devices where you need to buy the right vendor and (from the perspective of a regular user) move heaven and earth to fricking read the data on your own device, then that absolutely has to go first for it to not be hypocritical

replies(1): >>45113879 #

3. fastball ◴[03 Sep 25 09:38 UTC] No.45113879[source]▶

>>45095403 #

Online banking is broadly less convenient than the banking app on my phone. With online banking I need to login with my creds every time, with my phone it is secured with FaceID, so I basically just open the app and I'm good to go. This is secure because Apple prevents unsigned FaceID cameras from being used with the Secure Enclave, so an attacker can't just steal my phone, swap the FaceID for a component that always says "yes" to auth requests, and steal all my shit.

This is doubly a concern because phones are broadly much more easy to steal/lose than your computer. Additionally enabling FDE on my computer is not a big deal, but doing a full decrypt of my phone every time I wanted to open it would be onerous.

Mobile phones are just fundamentally different devices from desktops. I want my desktop to be open (and secure, but lean towards open). I want my phone to be secure and functional.

↑