I think you're dismissing legitimate concerns without fully understanding them, because through the right lens you realize how this can be anticompetitive in the mass market.
Even if some technically inclined folk can install what they want, the masses will stay in the walled garden so that Google can get their cut and exert ideological control. Even now, both Google and Apple engage in practices across their product that are designed to scare people away from third party applications. From Google's terminology when describing Google in banners as "a more secure browser" etc, to Apple requiring a secret incantation in order to run unsigned apps.
All of this kind of mind control bullshit should be eradicated via regulation. Companies should not have a license to be deceptive towards their users.
The comment you're responding to includes the line:
> The move, developed in partnership with Singapore’s Cyber Security Agency, is designed to prevent fraud and malware-enabled scams.
Your comment seems to disregard it and instead lay this entirely at Google's feet as if they're seeking anti-competitive behavior - but if this was driven by a government, does Google really deserve all the blame?
(Note that I am explicitly not endorsing the move. I think sideloading should be left mostly untouched.)
Singapore is far from a nation known for free speech or to pick the side of liberty should it come into conflict with security. I've no doubt whatsoever that approved apps on a CTS "hardware backed" remote attestation phone is more secure. It's also possible to remotely own such a device unambiguously, and provides a central place where apps can be taken offline. It's win win from the point of view of a security agency. It's not from mine.
> but if this was driven by a government, does Google really deserve all the blame?
Of course. If the government ordered Google to assist in a genocide against some demographic, and Google goes along with it, it doesn't matter if the government is also evil. Google is evil for playing ball.
And we don't have to speak in hypotheticals. Both Google and Amazon are actively engaging in tech-assisted genocide.
I would love to, but this is the wrong forum. This is going to sound weird if you understand these events purely literally, but me and you are ideologically aligned, but not dialectically aligned. There is a much greater truth to this entire situation.
> The masses will always stay in the walled garden. It's where they want to be and they don't even realize there are walls. It is just what is for them.
The walls should have open doors, though, versus prison bars. Physical switches on devices (much like older Chromebook devices had) used to opt out of the walled garden should be mandated by consumer protection regulations.
It's not entirely unlike the qualified/accredited investor rules which won't let you invest in unregulated securities without income/net worth/certification requirements. No form exists which would allow someone to say "hey, I get why these wall are here, but I understand and am opting out of your protection".
I personally think there should be (I value individual rights/freedom over preventing someone from harming themselves), but I also see why we ended up here. When bad things happen, people demand action and government wants to be seen as doing something.
> Physical switches on devices (much like older Chromebook devices had) used to opt out of the walled garden should be mandated by consumer protection regulations.
I don’t want to live in the same society as the person that wrote this asinine comment with this much confidence. We are just ideologically incompatible
How so? I understand the tension between freedom to tinker and consumer protection. It's OK to assign different values to either of them. And there are definitely ways to reconcile the two positions. Some of that will have to come through nuanced regulations.
For example, it could be regulated that if the flip is switched (or a fuse is blown irreversibly) on a device, responsibility for the device and its software fall entirely onto the owner. So if they get phished on an unprotected device and lose their life savings, it's entirely on them. Manufacturers and service providers have no obligation to support them.
Once you have enough power to legislate and enforce this, what's to stop a future administration from tightening the ratchet just a little bit further and forcing users to purchase TPM computers with unbreakable DRM and encrypted blobs running who knows what, and no ability for users to modify their system, change hardware or operating systems without either running afoul of the law or losing access to banking and insurance?
My comment (GGGP) was about regulating devices to require physical switches to allow the owner of the device to opt for freedom. I'm not sure where you got DRM-type stuff out of that.
I think efuses being blown by device manufacturers should be illegal.
I think bootloaders that don't allow the device owner to run whatever software they want should be illegal.
I think device owners should be permitted to repair their devices without losing functionality because of DRM embedded in the parts themselves.
I think a physical switch, exercisable only with physical access, should be present on locked-down devices to allow the owner to exercise their ownership over the device. If that means that "attestation" functionality breaks and that causes some third-party software to "break" so-be it.
(I think the problem with banks, etc, requiring "trusted" devices is also in the realm of consumer protection, probably in banking regulation. I haven't thought about it deeply.)
Think about it some more. I'm talking about the incremental increases in power coupled with unpredictable administration changes, and how each new increase in federal power creates multiple branches for slightly increasing power even more, until without realizing it, we've let our government slowly move the Overton window right where it needs to be for an authoritarian power grab and restriction of freedoms. We have to be extremely careful about the powers we give our governments, because they do not give them back without a fight, and they're always looking to expand their reach.
Well, you do realize that there are already a lot of laws covering these things, right? If you're this cynical, then you need to realize that stuff like what you describe could be legislated at any time. There's no real barrier.
Obviously, why do you think I'm raising awareness? Right-to-repair is a huge issue across multiple regions and industries, with uneven progress across the US.
Normal users complain about not being able to change things on their devices all the time. My whole family was pissed about the latest android update because Gemini was foisted on them and they didn't know how to turn it off.
I don't think they cheeref at the arrival of the Microsoft Store on Windows, for example.
That's what's pushed for on the current smartphones, and they accept it; they easily don't see the problems, and it can seem complex for them to avoid it.
Other than when talking with other techies and on forums like this one I've never heard anyone complain about ads in Windows or the Microsoft Store. Again, for most people, computers and web sites and apps just are what they are. They don't even realize there's any other way.
Yeah, it's like saying the masses wanted high-fructose corn syrup, or lead, or asbestos, or BPA, or CFCs, or whatever other cost-saving or profit-increasing but classist and consumer-hostile product or practice was foisted upon us and sweetened with deep propaganda and gaslighting, bankrolled by global corporate interests.
> All of this kind of mind control bullshit should be eradicated via regulation. Companies should not have a license to be deceptive towards their users.
I agree with you. However, the impact of scams should not be underestimated either.
To me it seems like fighting teen pregnancy by preaching abstinence. We should be teaching a higher baseline of computer literacy, and providing more secure systems that keep the user in control and in the know when it comes to their own device and the software running on it.
Attacking the problem by reducing user freedoms and increasingly monopolistic control is not the answer, even though Google's PR department would tell you otherwise.
Yeah, it's definitely a piece to the puzzle. I still think it's not so hard to prove that increasingly technical literacy, outlawing deceptive UX and language that prey on information asymmetry, and providing increased autonomy with more fine-grained and visible security controls is a net win for the population, whether or not this particular method of Google's is effective enough against spam compared to some baseline.
Agreed. Android already has seriously big whitelisting requirement for installing applications from outside the Google Play store.
The correct way to do it would be to whitelist other good stores, and allow developer mode installs with an extra process that says explicitly I am extra sure this may be danger, but no. This would reduce Google's income streams.
The way I see it, it must be attacked the way default Internet Explorer was attacked.
> To me it seems like fighting teen pregnancy by preaching abstinence.
More like fighting teen pregnancy by mandating chastity belts... With the same ultimate problems too: those most determined to overcome the block will make use of bolt cutters or their digital equivalent.
.... This doesnt stop scammers. Software will never stop scammers. Its pretty wild that people would be willing to sacrafice their freedom permantely so a scammer can spend two weeks thinking of another approach to scam.
You are correct. But it's not about stopping scammers, it's about making their lives as difficult as possible. The problem is, as seen with Facebook [1], even that was not enough to stop "self-xss" exploits.
The actual way to stop the scammers would be to sanction their host countries into oblivion: India, Philippines and Myanmar are big in targetting English speaking countries, and Turkey when it comes to German speaking countries. Scammer Payback alone has made so many complaints with very little follow up from local authorities, partially due to open corruption. Either these countries clean up their act or they get dropped from SS7 (phone) and the Internet. But I see no way of this ever happening.
Even if some technically inclined folk can install what they want, the masses will stay in the walled garden so that Google can get their cut and exert ideological control. Even now, both Google and Apple engage in practices across their product that are designed to scare people away from third party applications. From Google's terminology when describing Google in banners as "a more secure browser" etc, to Apple requiring a secret incantation in order to run unsigned apps.
All of this kind of mind control bullshit should be eradicated via regulation. Companies should not have a license to be deceptive towards their users.