←back to thread

We should have the ability to run any code we want on hardware we own

(hugotunius.se)
2071 points K0nserv | 8 comments | 31 Aug 25 21:46 UTC | HN request time: 0.02s | source | bottom
Show context
kristov ◴[01 Sep 25 13:05 UTC] No.45092413[source]
I think the conversation needs to change from "can't run software of our choice" to "can't participate in society without an apple or google account". I have been living with a de-googled android phone for a number of years, and it is getting harder and harder, while at the same time operating without certain "apps" is becoming more difficult.

For example, by bank (abn amro) still allows online banking on desktop via a physical auth device, but they are actively pushing for login only via their app. I called their support line for a lost card, and had to go through to second level support because I didn't have the app. If they get their way, eventually an apple or google account will be mandatory to have a bank account with them.

My kid goes to a school that outsourced all communication via an app. They have a web version, but it's barely usable. The app doesn't run without certain google libs installed. Again, to participate in school communication about my kid effectively requires an apple or google account.

I feel like the conversation we should be having is that we are sleepwalking into a world where to participate in society you must have an account with either apple or google. If you decide you don't want a relationship with either of those companies you will be extremely disadvantaged.

replies(33): >>45092481 #>>45092502 #>>45092525 #>>45092559 #>>45092576 #>>45092623 #>>45092669 #>>45092781 #>>45092939 #>>45092947 #>>45093038 #>>45093048 #>>45093123 #>>45093260 #>>45093421 #>>45093478 #>>45093537 #>>45093699 #>>45093704 #>>45094027 #>>45095844 #>>45096340 #>>45096654 #>>45097801 #>>45098763 #>>45099066 #>>45100986 #>>45102151 #>>45102555 #>>45103765 #>>45103863 #>>45104157 #>>45105475 #
1. pdonis ◴[01 Sep 25 15:48 UTC] No.45093699[source]
To me the point where the law needs to intervene is the bank or the school. You need a bank to function--that means the bank should be prohibited by law from tying you to an app from a particular company, whether it's Google or Apple or anyone else. You should be able to access their functions using any client that supports the appropriate open standards (such as web browsers).

Similarly, if the school is going to have control over your kids, the school should be prohibited by law from requiring you to use an app that's tied to a particular company. They should be required to provide you functional access using any client that supports the appropriate open standards.

replies(2): >>45093791 #>>45094686 #
2. adiabatichottub ◴[01 Sep 25 15:56 UTC] No.45093791[source]
You mean like if there were a standard (JSON, XML, whatever) format of document that you could cryptographically sign which would order a transaction to take place? Kind of like a digital teller's slip?
replies(1): >>45095795 #
3. bee_rider ◴[01 Sep 25 17:24 UTC] No.45094686[source]
If it is a public school, the state should “intervene,” but really it isn’t an intervention, it’s the state’s school they should fix their stupid policy.

For the bank, I don’t really see why it would be preferable to intervene with the bank vs the tech company. Either way the state will have to impose on a private company.

> You need a bank to function--that means the bank should be prohibited by law from tying you to an app from a particular company, whether it's Google or Apple or anyone else. You should be able to access their functions using any client that supports the appropriate open standards (such as web browsers).

Really this is an interoperability problem, so the government would have to impose on both sides. An OS should be mandated to come with a browser than supports some locked down functionality—a subset of HTML, nothing fancy, no scripting or anything like that. The bank should be required to provide a portal that speaks that language.

replies(2): >>45095774 #>>45135504 #
4. pdonis ◴[01 Sep 25 19:24 UTC] No.45095774[source]
> For the bank, I don’t really see why it would be preferable to intervene with the bank vs the tech company.

Because the bank has a fiduciary responsibility to its customers. The tech company doesn't. The bank can't just deny you access to your money because you don't want to have a Google or Apple account. That should already be the legal framework, but apparently it needs to be clarified and enforced better.

> Either way the state will have to impose on a private company.

Banks are already not "private companies" the way tech companies are; banks are already agents of the state in a number of important ways (such as being required to report all kinds of transactions, follow know your customer rules, etc.).

5. pdonis ◴[01 Sep 25 19:26 UTC] No.45095795[source]
That would be nice, but how would the bank verify the signature? It's the same old key exchange problem all over again.

In any case, that's not what I was suggesting. I was simply suggesting that banks shouldn't be allowed to force you to depend on certain apps or app stores to get access to your money. Similarly, schools shouldn't be allowed to force you to depend on certain apps or app stores to take proper care of your kids.

replies(1): >>45096311 #
6. adiabatichottub ◴[01 Sep 25 20:23 UTC] No.45096311{3}[source]
> That would be nice, but how would the bank verify the signature? It's the same old key exchange problem all over again.

I suppose you could print your public key as a QR code on a piece of paper, or display it on a phone, or use a USB security key device, and physically give it to an authorized employee at a local bank branch. Or if there is a way to electronically open an account you submit it then, along with whatever other proof of identification is deemed acceptable. I think root of trust has been, and always will be, a hard problem. It's just about finding the acceptable level of risk. Security is weaponized inconvenience.

Edit: Just to think down that road a little further, I expect the issue exists because the solution chosen by the school/bank/gov't/business will not be the optimal one for users, but the most expedient for the org. They're going to do the lazy thing that works for 80-90%, because there currently is no better alternative that they can implement with minimal effort.

If we look at the past we see that postal mail and telephones became standard methods of communication, but you could always walk into an office somewhere and handle business in person. Now that last default is quickly being phased out. So what should be final fallback method of communication?

So I see two problems: there is no better way, and there is no required minimum. Both need to be solved.

7. willywanker ◴[05 Sep 25 06:21 UTC] No.45135504[source]
>An OS should be mandated to come with a browser than supports some locked down functionality

What for? Online banking worked perfectly fine on standard web browsers over HTTPS for years before smartphones became popular, why should that change now?

replies(1): >>45143349 #
8. bee_rider ◴[05 Sep 25 20:42 UTC] No.45143349{3}[source]
The modern web is too complicated to make a fully featured actually secure browser; the least-common-denominator feature set that both ends have to comply with should be simpler.