←back to thread

Epic celebrates "the end of the Apple Tax" after court win in iOS payments case

(arstechnica.com)
432 points nobody9999 | 1 comments | 12 Dec 25 16:04 UTC | HN request time: 0.193s | source
Show context
codedokode ◴[12 Dec 25 17:38 UTC] No.46246465[source]
In my opinion, every manufacturer of a programmable device should not be allowed to prevent the buyer from reprogramming it.
replies(8): >>46247960 #>>46248388 #>>46250102 #>>46250233 #>>46251819 #>>46252140 #>>46252929 #>>46280460 #
rstuart4133 ◴[13 Dec 25 03:50 UTC] No.46251819[source]
I would not buy a FIDO2 token if it allowed anybody to reprogram it, including me. If you managed to make selling me such a device illegal, then may a pox descend on your house.
replies(3): >>46252137 #>>46252249 #>>46256587 #
octoberfranklin ◴[13 Dec 25 05:25 UTC] No.46252249[source]
You're free to choose not to reprogram it, so the pox is actually upon your house.

Also, you should probably spend more time reading about cryptography and less time reading FIDO Alliance propaganda.

replies(1): >>46252426 #
rstuart4133 ◴[13 Dec 25 06:04 UTC] No.46252426[source]
I'm guessing you don't understand the reason I don't want it to be reprogrammable. Yes, there are some advantages to me being able to reprogram it. But it comes with two big downsides.

The first is if I can reprogram it, then so can anyone else. I don't know what the situation is where you live, but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware.

The second is places I interact with, like banks, insist on having guarantees on the devices I use to authenticate myself. Devices like a credit card. "I promise to never reprogram this card so it debits someone else's account" simply won't fly with them.

The easy way out of that is to ensure the entity who can reprogram it has a lot of skin in the game and deep pockets. This is why they trust a locked pixel running Google signed android to store your cards. But take the same phone running a near identical OS, but on unlocked hardware so you reprogram it, and they won't let you store cards.

But that's the easy way out. It still let's a government force Google to install spyware, so it's not the most secure way. One way to make it secure is to insist no one can reprogram it. That's what a credit card does.

In any case, if someone successfully got the law changed in the way the OP suggested, so people could not use their devices as a digital passport, it won't only be me wishing a pox on their house.

replies(4): >>46255232 #>>46256599 #>>46257484 #>>46271997 #
codedokode ◴[13 Dec 25 18:14 UTC] No.46256599[source]
> but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware.

In this case the government may mandate to have spyware pre-installed in the factory - which is already the case for phones and laptops in some countries.

> I promise to never reprogram this card so it debits someone else's account

When reprogramming, the card should wipe private keys so it becomes just a "blank" without any useful information.

replies(1): >>46258308 #
1. rstuart4133 ◴[13 Dec 25 21:33 UTC] No.46258308[source]
That doesn't work for two reasons. Firstly the law in my country specifically forbids introducing what they call a "systemic weakness". Among other things, that bans them from demanding every device is bugged. Instead they must get an judge to authorise targeting an individual, then get the manufacturers to replace the firmware in that device.

Secondly, they have no control over companies not based where I live. So I could just import it myself, provided you are successful get ever country to pass a law the denies me the right to do this the way I want to do it.