> Your relatives then contact you and insist that you flip the switch for them so they can install Facebook and Instagram from the Meta store so they can continue scrolling cat memes.
You should not have to police adults on what they're allowed to do with their property. If someone asks me to help them setup their computer, I may gave some advice and warning about things to avoid. If they asked me to do something that may be dangerous, I can refuse to do it, but I will not actively prevent them from doing so. They're not children.
If someone is ok with putting their whole digital life at risk, then let him do so. Just like you can't prevent someone who wants to eat cake all day. It's not your life.
> You should not have to police adults on what they're allowed to do with their property.
The fundamental problem with this "power to the people" mentality is that adults don't actually know how to use technology. The average person is technologically illiterate.
You can go on about giving adults full control over their property, etc. etc. but we both know that this is how you get security disasters: old people getting scammed, people losing their life savings and what not.
Part of being an effective security engineer, is realizing that you need to protect people themselves. 2FA is a prime example of security driven via this mindset: necessary because the technologically illiterate masses reuse passwords. There are other benefits, but that's the main reason.
So you shouldn't have to police people, but practically, in the end you do.
> If someone is ok with putting their whole digital life at risk, then let him do so.
All fun and games until people lose their life savings and get forced into homelessness or whatever.
Then these people start to blame you. Then technologically illiterate senators and regulators will also blame you. Lose-lose scenario.
Crypto is a prime example of what happens when you give people control. "Power to the people!," tons of people get scammed, and this prompts regulatory lockdown.
TL;DR is that the EU regs wouldn't be a problem if Apple could hide the functionality behind developer settings, but they can't. Exciting times, people in the EU are gonna get totally fucked by shady apps. GG.
> You can go on about giving adults full control over their property, etc. etc. but we both know that this is how you get security disasters: old people getting scammed, people losing their life savings and what not.
This happens when senile people are legally authorized to exercise control over their assets. It has nothing to do with technology and has been happening since before computers existed. The general solution is to appoint a conservator who is required to authorize major transactions.
Which hardly justifies using the same measures for someone of sound mind.
> 2FA is a prime example of security driven via this mindset: necessary because the technologically illiterate masses reuse passwords.
And then their phone number changes or they lose access to their email and you've locked them out of their account.
This is particularly egregious when the second factor is required to be a phone number, because people in financial straits will have their service canceled for non-payment and now you've magnified their problems at the worst possible time. But phone numbers serve as a convenient tracking ID since most people only have one of them, which may explain the popularity of requiring them "for your own protection".
> All fun and games until people lose their life savings and get forced into homelessness or whatever.
We build insecure systems and then blame the users for it and offer to lock them in a cell to protect them from our bad choices.
Why is it that anyone can charge a credit card or a bank account who has the account number? Public key cryptography has been a thing for decades. Put a USB-C connector on the credit card itself and require the card to be plugged in to the device the first time each merchant wants to charge the account. 99% of credit card fraud, gone, because you can't breach one merchant and use the card info at a different one without physical access to the card.
Meanwhile anyone could trivially cancel a subscription because the list of authorized merchants would be listed on the bank's account webpage and the user could remove one at any time.
> Crypto is a prime example of what happens when you give people control.
Anybody can go to the bank, right now, and withdraw cash and hand it to a scammer. Sometimes they do. You can also give them your television or company ID badge. Cryptocurrency is no different. Most of the crypto scams are get rich quick schemes, which people have been getting scammed by since the invention of barter.
What made cryptocurrency so susceptible to scams wasn't that people were in control, it was that some people were actually getting rich, which made others credulous, and that attracts con men.
"We have to protect people from themselves" is only true for small children and the mentally ill. Adults get to make their own choices -- because there is no one else to make them. As soon as you appoint someone else to do it, that person has a conflict of interest and the incentive to defect, and the person affected needs the right to choose differently unless you can prove that this specific person is mentally incapable of exercising reason.
"Nobody is ever completely reasonable" doesn't cut it because that applies to the gatekeepers too.
You should not have to police adults on what they're allowed to do with their property. If someone asks me to help them setup their computer, I may gave some advice and warning about things to avoid. If they asked me to do something that may be dangerous, I can refuse to do it, but I will not actively prevent them from doing so. They're not children.
If someone is ok with putting their whole digital life at risk, then let him do so. Just like you can't prevent someone who wants to eat cake all day. It's not your life.