This is a very popular HN opinion; but not a very popular real world opinion.
The average customer wants a device that works consistently, every day, that is easy to use, with a collection of 3rd party apps who won’t steal their life savings.
Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror. The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
We can also see this in the console market. Windows exists; old gaming PCs exist; the locked down console market will be with us forever because even Windows can’t deliver a simple experience that reliably works.
The average customer wants a car that doesn't explode because you installed a sketchy spark plug. Does that mean the manufacturers should install locks on the hood of every new car, with the threat of jail time if you pick the lock and look underneath?
A sketchy spark plug does not have the ability to make a car explode, so the analogy is pointless.
On that note, even if someone stole your car, at least your car does not have access to your bank account, your passwords, your messages, and even your sexual history. The personal and reputational cost of losing a car is not comparable.
Many people would actually probably prefer their car to be stolen than the contents of their phone be public.
I think a more accurate comparison would be to an electrician. In Australia, doing your own electrical work is a crime even for the homeowner, because it can cause physical death, and is too likely to be done wrong. Yes, you will possibly go to jail for replacing $2 light switches. I assure you that most people’s phones have things they would prefer physical death over being publicly distributed.
> On that note, even if someone stole your car, at least your car does not have access to your bank account, your passwords, your messages, and even your sexual history. The personal and reputational cost of losing a car is not comparable.
You're conflating vendor lockdown with device encryption. The latter does not require the former.
"The very worst offender is Nissan. The Japanese car manufacturer admits in their privacy policy to collecting a wide range of information, including sexual activity, health diagnosis data, and genetic data — but doesn’t specify how. They say they can share and sell consumers’ “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties."
> In Australia, doing your own electrical work is a crime even for the homeowner, because it can cause physical death, and is too likely to be done wrong. Yes, you will possibly go to jail for replacing $2 light switches
And do you find this reasonable, and a good thing to expand to smartphone use?
There's a lot of it about, mate. The other day I had an American tell me with a straight face that we can get jail time for flying a Union Flag here in Blighty - I guess there's a big industry for convincing people that everywhere else is a hellhole over there.
It’s not a crime to do your own electrical work in Australia, it just invalidates your insurance unless you get the work signed off. The websites saying it “could be illegal” strangely never reference the actual law you’d breach.
> I think a more accurate comparison would be to an electrician. In Australia, doing your own electrical work is a crime even for the homeowner
In this comparison Google and Apple have the role of the government, if you believe that argument, that also implies that you believe they should be broken apart for antitrust
Sounds a lot like "We don't need free speech because I have nothing to say".
Just because you don't need or want it, doesn't mean it's not an important right to protect. Considering the influence of computers these days, the right of general purpose computing is probably at least as important as the right to free speech.
The problem is not the ability to unlock your phone.
The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).
There is a reason malware is over 50 times as prevalent on Android.
> The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).
Why would you think that?
Many Android phones can be unlocked, so it's not a hypothetical situation. I does not enable software piracy, since piracy doesn't depend on root. I know a few persons would install of sort of shit on their phone, including obvious malware, and they lack the knowledge to root their phones.
The data extraction problem happens today on unrooted phones in a "legal" way, it's done by your regular friendly companies like TikTok, Google or Meta. Rooting enables limiting this which is likely why they are against it.
If you look around on forums that discuss the topic of unlocking/rooting Android phones you will see that there is little discussion of piracy and people seem mostly driven by the will to control their own machine instead.
Given that the vast majority of Android devices aren't rooted, bootloader unlocked, or even installing apps from outside the store(s) that they ship with, what exactly do you think is the reason for more malware on Android? (Taking the claim at face value)
>The problem is that 90% of people unlocking their phones will either be for piracy (against the company’s interests), or against the customer's own interests (stalkerware, data extraction, sale of stolen devices).
The first point is irrelevant once I've bought a thing. Once I own a thing it is mine to do with what I want, and the company's interests ought to be irrelevant. As for your second point, that is mitigated by making the process sufficiently annoying (eg. hiding it in the developer menu).
Why do I give a shit about the company? I bought the phone, it's mine, I should be able to unlock it. If I catch malware, I'm an adult and I'll live with my choices.
> There is a reason malware is over 50 times as prevalent on Android.
What's the reason for that bogus-sounding statistic?
Let's say for a second it was accurate (It's probably not), perhaps it's because Android has a far higher market share globally, and it's much cheaper and easier to get started writing apps (or malware) for Android than say iOS.
You also don't need to buy a single device from Google to get started. You can take the PC you're at and get started right away, and publish that app (or malware) without spending a penny (though I don't recall whether they still charge that nominal fee to get a developer account).
Saying 90% of people root for piracy is hilarious, I rooted every Android device I owned until the last one or two, and I've never pirated anything, why did I root? Mainly for customisation and host-based ad-blocking.
I can't understand the thought process of these people who think the things you own should be locked down to protect you.
We should stop selling screwdrivers too in case someone's granny tries to open their toaster and electrocutes themselves, after all, a screwdriver is the pre-tech root access to all things electrical and electronic. I suspect those same people who argue in favour of locking these devices down would also say "don't by silly, my granny wouldn't open her toaster with a screwdriver, because she's not an engineer".
Yeah, agreed. This "I don't want to own my things because I want Big Brother to protect me" attitude is really frustrating, especially when you can have protection without Google holding all the keys. GrapheneOS isn't less secure than stock Android.
It's a kind of madness people only have towards our (technology/IT) industry.
I don't know if it's because they don't understand it, and that's scary, so they think it's safer for the big boys to hold the keys, but imagine if people acted the same in other contexts?
"The bank should keep hold of the keys because otherwise I might accidentally lock myself out, or lose my keys, or leave the door unlocked for a bad guy to come in and steal my stuff".
That's fine if you can't trust yourself to look after them, let someone else handle your keys for you, perhaps someone "trust worthy" could offer it as a service, but I'll keep my keys in my own pocket thanks.
Where does the 50x figure come from and what types of malware does it include? It doesn't really match neither my experience or pricing on the grey exploit market.
Malware has a wide definition however, and if you include all the spyware included with phones that aren't sold outside China and to a degree also India, you could probably hit that mark. But as they aren't allowed to access Google services or the official Play store, it's also a bit misleading.
> The average customer wants a device that works consistently, every day, that is easy to use
And it can only be archived with a fully locked down hardware?
Of course not. The modern OS archives system security through permission and isolation, which don't require bootlock etc to work. In fact, it worked well too even after the device is unlocked & rooted.
> Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror
Windows (and Linux for that matter) is not modern OS. They're classic OS that offers the entire computer as playground for the program running on top of it. That's why Windows can be contaminated with a single malice EXE, but not Android or iOS.
OSs are not the same, don't try get the water muddy that way.
Still, those permissions are standard Linux permissions. So the argument that Linux is less secure than Android is a little hard to understand. A little more specificity might help.
They're definitely not "standard Linux permissions." Yes Android does use many of those (such as standard user IDs, file system permissions, and now SELinux) to implement some of its permissions, but it adds a ton of permissions on top that are not part of Linux.
They're part of Android. Android is not Linux and Linux is not Android, anymore than a car is a wheel and a wheel is a car. Don't confuse the foundation with the building.
Here's the API reference if you'd like details [1]. They are very much not just standard Linux permissions. Android includes a huge set of APIs on top of Linux
KDE and Gnome are desktop environments that runs on top of an OS, they themselves are categorically not OS, and they don't provide OS facilitates. They don't even directly talk to RAM or core hardware without an OS managing everything in the middle.
Android is all by itself an OS, it got everything an OS should have, scheduler/trap handling, runtime, system apis/syscalls all the good stuff. It's just happened that Android currently runs on top of Linux kernel, and it utilizes the kernel to provide some aforementioned facilitates, so yes you can say Android builds On Top of Linux, but that's not saying Android Is Linux, the sentences simply mean different things.
There's nothing wrong with wanting that, but as the author said those of us who want to opt-out should have the choice to do so.
If I buy an iPhone, I should have the option to completely disconnect it from Apple and be able to replace the OS with whatever I want. If I do not have the option to do that do I REALLY own the device? The answer is no bacause what I have is a device that I can only use the way Apple allows. When the phone is obsolete and Apple stops updates then all I can do is send it off for recycling since Apple won't allow me to repurpose it with new software.
You are putting a lot of trust in the manufacturers as well. For example, they have the technical capabilities to kill the second hand market in their devices if they simply decided to refuse to allow a new user to login to a device. Sure, you could still sell the hardware, but it wouldn't be much use if the manufacturer stopped it from connecting and autorizing. I know this is an extreme example and no sane manufacturer would implement it, but I think it demonstrates why having to option to disconnect is a good thing.
The same applies to all other devices that are locked down, things like smart TVs, IP cameras and appliances. Just look at how many early smart TVs are now dumb because the manufacturer stopped updating the on-board apps. There should be no reason why the owner of such devices should be allowed to do whatever they want with them to try and bring them back to life.
> with a collection of 3rd party apps who won’t steal their life savings.
This is blatant unempirical scare mongering. How many desktop computer users have had their life savings stolen by 3rd party apps? Citation needed.
> The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
This is a false dichotomy. Almost all desktop computer users have a smartphone too. The people who have enough disposable income buy both smartphones and desktop computers. There's no inherent conflict between the two.
> the locked down console market will be with us forever because even Windows can’t deliver a simple experience that reliably works.
That's a competely ahistorical interpretation. Originally, the gaming consoles had no third-party games: the games were all written by the vendors. The first third-party game development company was Activision, a group of former Atari programmers who learned that their games were responsible for most of Atari's revenue, but Atari refused to give them a cut, so they left and formed their own company. There was a lawsuit, and it was ultimately settled, allowing Atari to get a cut of Activision while allowing Activision to otherwise continue developing console games. It had nothing to do with "reliablity" or "security" or any kind of made-up excuse like that.
> You’re kidding, right? You seem to have completely forgotten, or put the drunk glasses, on what living in the 2000s was like.
Again, citation needed. I made it through the 2000s just fine, thank you.
> What a stereotypical HN comment. Cite something that only applied to the 2nd generation of consoles to prove me wrong, even though my point spans almost all console generations.
No, I was explaining the historical origin of the game console business model. Of course the business model continued, as these things usually do, through a combination of monetary incentives and inertia.
> Again, citation needed. I made it through the 2000s just fine, thank you.
Playing devil's advocate: banking trojans used to be really common here in Brazil back in the pre-smartphone era of the early 2000s (smartphones already existed, but weren't very commmon; most people who used online banking did it through their home computers). They're the reason why, for a long time, it was hard to use online banking on Linux: banks required (and still require) the use of an invasive "security plugin" on the browser (nowadays, there's also a Linux version of that plugin, which IIRC includes a daemon which runs as the root user), which attempts to somehow block and/or detect these banking trojans.
What does this even mean? Do you stand behind what you say? If so, then just say it without hiding behind the devil. And if you don't stand behind what you say, then why in the world are you saying it?
This is a silly criticism. After all, as we all know here (right?), Atari itself fell on hard times. I was talking about the business model, not a specific business. Vendor lockdown and taking a cut of 3rd party software is clearly quite lucrative for vendors, and that's why they do it. There's of course no guarantee of success, but it's obvious why other vendors have emulated that business model.
It may be only for historical reasons that desktop computers aren't completely locked down too. It's a lot easier to lock down a new device class, like smartphones, than it is to lock down an existing open device class, without causing consumer outrage and rebellion.
I worry about the long term health of general-purpose computing. It's not going anywhere today, but I fear for future generations that will likely eventually never know the joy of bending a computer entirely to their will, because they'll have never known computing without guardrails.
> Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror. The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
Yet that trust is, for the most part, unfounded. There's a ton of malware in app stores - you can assume any app that contains ads is sending data about you to some shady server, for example. You can't even trust the most popular apps not to be malware [0].
If you explain all details about the advantages and disadvantages to them, I am sure they would think differently.
There are much more "hostile" smartphone apps that exfiltrate your data and sell it to the largest bidder than there are compromised executables these days. Also there are more profitable scams than compromising a PC system outside of industrial espionage.
PC in contrast to consoles always were a cost or usage factor. The difficulties of operating a PC isn't significant. It also heavily increases digital competency of the user for computer systems. If you really don't want that, you have other options.
that's a, frankly, stupid argument. the conclusion doesn't follow the premise.
then don't root your phone or download an .exe. having the ability to do something doesn't mean you are forced to do it.
not safe enough for you? fine! make the current status quo comfortable walled-garden-of-illusionary-fake-safety the default. for example, there's no reason windows needs to by default allow unsigned code to run. hell, even make it really annoying to turn off.
but the "safety" and "easy to use" arguments against right-to-repair, digital rights, ownership, etc. is simply nonsense. there is literally ZERO negative safety or usability impact to anyone else's device because i'd like to own mine.
it's also an insulting and disingenuous argument to hear anyone on this forum make: our careers and entire segment of the economy would not exist if it were not for open systems. and it's insulting to basically say "bubba/granny is too dumb to be trusted" with owning their own device.
The average customer wants a device that works consistently, every day, that is easy to use, with a collection of 3rd party apps who won’t steal their life savings.
Windows failed to deliver this; the average customer never downloads an Exe from a newer publisher without terror. The average consumer is literally dozens of times more likely to trust a new smartphone app than a new desktop app.
We can also see this in the console market. Windows exists; old gaming PCs exist; the locked down console market will be with us forever because even Windows can’t deliver a simple experience that reliably works.