> There are a ton of products on the market that are vastly more dangerous than computers
An irrelevant "whaddabout" argument.
It doesn't change that we need security and privacy for our information handling devices, as well as personal control. The real conversation is about how to best balance these.
> It doesn't change that we need security and privacy for our information handling devices, as well as personal control. The real conversation is about how to best balance these.
An irrelevant false dichotomy argument. There's no inherent conflict between security/privacy and personal control. I would argue that a device which has to phone home to the vendor to get approval for everything results in both less privacy and less personal control.
I guess people are unaware of the various malicious rootkits that have cropped up?
If you're serious about this stuff binary thinking is a mistake. It's not a question of whether rooting is possible or impossible. It's a question of under what circumstances it can be done, and under whose control.
Also, "conflict" is the wrong word here. It's a question of competing concerns not conflicting ones.
We probably want root access to be under the end-user's control, but in such a way that minimizes the ability of malicious parties to exploit it.
e.g., one way would be to allow anyone to easily install any root they want, but to disallow software from, say, the Apple app store from running on such "rooted" devices. While that gives end-users control and would mostly prevent malicious actors from getting things they want, it's probably not what most user's would want. They probably want to run all their regular software along side the root software.
Another way would be to allowing people to easily install software as root, and allow software from popular app stores to run on it. That gives users max control, but is pretty easy for malicious actors to exploit too. People aren't going to be too happy with this when some coupon clipping app starts emptying people's bank accounts.
These are just examples to give the idea of the range of possibilities. The real answer needs to be a lot more nuanced than this. The point is, pretending there aren't issues doesn't get us anywhere. You might as well have no opinion on this.
I just don't have this paternalistic instinct to try and protect people from rootkits. Even if I did, this is certainly the wrong way to do so—you need to hold companies accountable for the flaws in their software (for which we have basically no legislation at the moment) or they have no incentive to make the regulations meaningfully protective. Otherwise you just end up with shipping hardware that's still insecure, but checks the right regulatory checkboxes, and still restricts people from using the hardware they bought, and still no way to remediate when something inevitably does slip past the regulatory controls.
> It doesn't change that we need security and privacy for our information handling devices, as well as personal control.
I can do online banking on my PC as root user if I so choose, but I cannot do online banking on my phone because my bank's app employs a rooting detector SDK that as of now even Magisk+a host of (questionable) modules can't bypass.
An irrelevant "whaddabout" argument.
It doesn't change that we need security and privacy for our information handling devices, as well as personal control. The real conversation is about how to best balance these.