Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Thanks, but no. I'm never buying a device with easy root access for a non technical family member ever again. Freedom is great, and I'm using this freedom to buy something with exactly the capabilities I need.


So they'll never use a PC or laptop or anything of that ilk again?

To use the same logic, they shouldn't be given anything with a visible screw, or are you going to tell me they _wouldn't_ take a screw driver to an appliance because that would be silly for someone who doesn't know what they're doing in there?


If there were a multi-billion dollar industry of scammers always trying to trick them into taking the screws out of things so they could steal from them, then no I probably wouldn't buy them anything with visible screws.


This is a strange argument, kind of like, "We can't defund the police, because look at all of the crime out there!" If there's so much crime occuring already, then what in the world are the police doing?

To an extent, crime can't be eliminated. You can't even eliminate crime by instituting a strict authoritarian regime, because power corrupts, and those in power become criminals themselves. That's why turning big tech companies into paternalistic device authoritarians doesn't work. The big tech companies have become massively corrupt, demanding a 30% cut of everything that happens on your devices, in return for what? Some low paid, low skill reviewer spending a few minutes to approve or reject a third party app submission? That's not security, it's security theater.

There were phone scams before there were smartphones. Before there were mobile phones, when everyone had a landline. There's no technical solution for crime and scams, much as tech people want there to be. Education and viligence have always been the only effective resistance. Unfortunately, the big tech companies don't want to do education; to the contrary, they want consumers to be eternally technically ignorant—despite the increasing importance of computers in our lives—because that's more profitable. At least with cars, we have mandatory driver's education.


Which is probably fine, that's not the same as taking away everyone's screwdrivers.

The problem is that a line is being drawn in an arbitrary place; if scammers are the worry, don't let them have a phone, or internet or email either, in fact just don't let them talk to any strangers in person or otherwise, but that would be awfully inconvenient for them.

Everyone is willing to make a compromise somewhere so long as the compromise isn't something they care about. Some readers probably think the suggestion of taking away their phone or email is absurd to protect them from scammers, and I'd place preventing root-access in the same category; not disabling it by default, I'm ok with that, but preventing it entirely.

My opinion is that everything should be secure by default, but when it's something you own, there should be reasonable, measured steps to "unsecure" it, whether that's removing a couple of screws, or accepting a disclaimer to gain root access to the device you own.

If I don't own it, let's cut the bullshit and tell me I'm merely licensing or renting it, and we'll adjust the price I'm willing to pay accordingly.


It doesn’t have to be easy enough to let through a person who doesn’t understand what they’re doing (aka blindly click through the annoying popups - that’d be bad).

And non-owners shouldn’t be able to have access solely based on their physical possession - quite the contrary, owner should have means to fully use hardware security features for their personal benefit, locking their own device as tight as they want (within the device’s technical capabilities).


I take it you mean easily unlockable bootloader, not really out-of-the-box root access which no phone have.

I have taken the opposite stance on that. Never again will they be left with some Samsung bloatware which hardly receives any Android updates when phones such as Nexus, Nokia and Nothing costs the same and has excellent LineageOS support.

Lineage is stable, bloat-free self-updating and requires no maintenance from my side.


Just because the device is capable of root access does not mean all users need to be


And here is (in effect) a completely legitimate reason for manufacturers to wall off root access. They did not want to sell and support a full-access, general-purpose computer. Nor provide liability coverage for anyone who reprograms their toaster and starts a fire.


It’s impressive how many people downvote this actually über reasonable opinion…


Because it isn't at all reasonable. There is no argument to not allow root access. You don't have to use it, perhaps most users would be safer with a conventional user account, but it is not reasonable to outright deny full system right to the owner of a device since there are so many disadvantages connected to that.


My thinking is that if I have device that doesn't allow me root access, then what I have is more than likely a device designed to keep making money for the company that made it or wrote the software for it.


But you know you don’t have root access before buying. Why would you buy it if you want root access?


I'm willing to stand corrected, but I can't think of a single smartphone on the market from a reputable manufacturer that is sold with root access. If I want a smartphone I have to accept that the manufacturer will have the bootloader locked down, I don't have a choice.


I have zero experience in the android world, but a quick search tells me that Xiaomi Devices, Google Pixel Phones, OnePlus Devices, Redmi Note 4, Samsung Devices and MediaTek Devices at least are rootable, with some rules with various degrees of freedom for the procedure (in particular warranty is voided pretty much all the time when device is rooted).


Google Pixels are the few devices that enable not only to unlock the bootloader but also the ability to flash your own keys and still have secure boot together with full kernel sources availability (which is why Grapheneos only support them as far as I know).

As far as I know Mediatek (and vendors that use those chips) are usually not good with regards to GPL Compliance, which means no Lineageos if kernel sources are not available...


That's because the opinion presents a strawman position. From the linked-to page :

> I agree with the premise that consumer devices, such as mobile phones, should be as secure as they can by default. This can even go so far as shipping new devices with locked bootloaders and blocking access to root. ..

> But this shouldn’t come at the expense of being able to make an informed choice to unlock these privileges to install any software you want, even if that means adopting a higher level of risk.

One does not require "easy root access" to make that informed choice - complicated root access (within reason, as pulling out the soldering iron might be a step too far) should be enough for tasks like installing a new OS because the company no longer supports the hardware.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: