Hacker News new | past | comments | ask | show | jobs | submit login

You misunderstood what I was suggesting. I'm not saying existing certificate authorities should sign apps, but that allowing a trusted authority to sign and distribute apps that a user could opt in to would be beneficial. Think yum/apt repo signing keys, and how if you add a third party repo you can require the public key signatures to match, except tied into the OS much closer. I used the CA analogy because vastly more people are familiar with that than the intricacies of open source package management for a few distros.

Even technical users have a limited capacity to properly vet what an authority should be allowed to do. Not to mention, this becomes a very heavy-handed choice to the user (as people already see on android), like "either allow this new app version to now root your phone, or you can't use this service at all"

The reason we can trust the CA certificates loaded in our browsers have proper processes and operate transparently is that the browser makers leverage those certificates being preloaded as bargaining power.

Would we have the opportunity to retain that sort of power in this decentralized world? Or do we start seeing the "essential" apps move out of the store and doing things like background monitoring of the user?

We already see how slimy so called trusted businesses are like Google and Facebook are by convincing users to install privacy invasive apps using the enterprise developer program.

Who are users suppose to trust?

Back in the day users also trusted SourceForge....

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact