Hacker News new | past | comments | ask | show | jobs | submit login

This argument doesn't make any sense to me. I'm not implying that you should blindly distrust the app store your device ships with. I'm not claiming that experts aren't experts, or that you specifically are an expert. I don't know where you got these impressions from. I'm particularly puzzled by your choice of software licenses as an analogy, given that they were designed by experts in the field specifically to maximize freedom (whereas app stores were not) and have held up in this regard to sustained scrutiny over many years (the default app stores have failed miserably here).

What I am claiming is that you don't have freedom if you can't make these choices for yourself. Sane defaults are fine. Shipping with a prepackaged app store is fine. Even having to reboot the device into a separate mode and enter a password in order to change sensitive system settings is fine. But if I want to add F-Droid, I need to be able to do that and it needs to be a first class citizen. I need to be able to remove Google Play if that's what I want to do. On iOS, there is not and can never be a third party app store under current policy. That is most definitely a restriction on your freedom as a user; I do not believe that any cohesive argument can be made against that statement.

Just because you have the option to opt-out of vendor restrictions doesn't mean that you have to do so. For example, my mobile device won't allow me to disable secure boot or to install my own keys, and it is incredibly difficult to locate one for sale that will. In contrast, my laptop will allow me to do both of those things if I so choose. Doing so requires rebooting into the UEFI shell, which I have the option of password protecting. None of this can be done by a malicious program from user space barring a truly massive security hole. As such, I do not believe that this freedom negatively impacts my security in any way.

We disagree on what basic rights _must_ be offered with any hardware-software combination that is sold to us.

I demand the right to take apart my hardware and software as I see fit.

I do not demand the right to receive active support for doing so from the manufacturer.

If they can lock me out with their technology, that is their right as author of the technology. If I can circumvent their lockout with my technology, that is my right as purchased of the technology.

Apple does this so well that most of us aren’t capable of hacking their technology. Good job.

A certain large American tractor company tries to take away your right to attempt to hack their device, rather than simply making it difficult. I disapprove of this with every fiber of my being. As purchaser of the tractor, I may do whatever I wish with what I chose to purchase.

When I buy an iPhone, I knowingly choose to purchase a device that keeps me out so effectively that there are no known ways to hack into it if it’s up to date. Apple has the right to make it so, and it’s very useful to me that they do. I then continue to update it to maintain that line of defense. Folks who root their phone choose otherwise on both counts. That’s their right, too.

If you wish to remove Apple’s freedom to build devices that defend against non-Apple software intrusion, you’re welcome to campaign for that, but I support their freedom to build security countermeasures to the same degree that I support my freedom to purchase a device with those countermeasures enabled. My freedom need not come at the cost of theirs, as the plethora of Android options clearly evidences.

I reject your implication that not being allowed to lock you out of your own device would somehow be equivalent to mandating official manufacturer support of arbitrary user modifications. I already provided what I believe to be a reasonable example of such a system. No manufacturer support is required beyond an interface for the user to disable key checks or possibly to replace the manufacturer's key with their own. Once you do so, you are in unsupported territory and everything that follows is entirely on you.

Perhaps an analogy would help here. For example, suppose auto manufacturers started welding the hoods of new vehicles shut. Suppose that legislation was subsequently passed which banned this practice and asserted that you have a legal right to access, inspect, manipulate, and replace the internals of a vehicle you own. This would not be equivalent to requiring the manufacturer to actively support such activity! It would only prevent specific undesirable behavior on their part.

> I support their freedom to build security countermeasures

This is a false implication about my position, and my previous post very clearly addressed this exact point. Providing the user with the means to optionally unlock things does not require that security be diminished. Functioning examples of this already exist in the wild.

> If they can lock me out with their technology, that is their right as author of the technology.

Currently, yes - from a legal perspective. For the public good, that needs to change. We have ample evidence at this point that we cannot rely on the market to make choices in its own best interests in this case. The market consistently chooses the cheapest devices and the largest ecosystems; it does not appear to select based on the openness of the ecosystem. Meanwhile, manufacturers are actively walling off their ecosystems wherever they can get away with it. They often point to security when questioned, but I find these claims dubious at best. Meanwhile, their behavior demonstrably protects their profits while actively pushing our society towards a state that is very easily abused in a great many ways.

To my mind, such regulation is conceptually analogous to the ADA compliance requirements for certain types of buildings in the US. Without the ADA regulation, the market would almost certainly not choose to conform on its own. Nevertheless, it is clearly in the public's best interest for it to do so.


Editing to add: Your belief that there are no known ways to break into an iPhone if it is up to date is almost certainly incorrect. This article (https://motherboard.vice.com/en_us/article/qvakb3/inside-nso...) from ~6 months ago was on HN at some point. From the article:

> He gave NSO that phone number and put the phone on the desk. After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact