|
| sto_hristo wrote:
| Tech world is such garbage they would even pass actual laws take
| it less horrible.
|
| Without this stagnation of progress we have right now, because of
| the unrestrained abuse of power major providers have been doing
| for so long, we'd be using phones like actual laptops right now.
| In fact, we wouldn't be calling them phones at all.
|
| Every new model is just like the model from 10 years ago, but
| with an extra camera on the back. And that is all. It's like
| living in a world of endless Pentium 4 refreshes due to the lack
| of AMD. Truly Terri Gilliam material.
| zepto wrote:
| > Every new model is just like the model from 10 years ago
|
| This statement is totally false.
| dang wrote:
| " _Please don 't fulminate._"
|
| https://news.ycombinator.com/newsguidelines.html
| xoa wrote:
| Very glad to see some consideration of this sort of thing. That
| said I'd really like a minimally crafted law to start that
| created new options for consumers while also recognizing the
| value the existing situation brings, as well as tying corporate
| power to responsibility which seems like it'd do a better and
| more flexible job of getting finding the right dynamic balances
| in the market. Dealing with externalities is always really
| important as well. Using as Apple as an example:
|
| - In terms of cryptographic chain, I'd like to see it mandated
| there be an _option_ at buy time to allow owner access to
| software root key store, hardware root key store, or both. Many
| people would be best served in their threat models by the current
| situation of leaving Apple in charge, which also means they can
| 't be socially engineered or pressured into offering access. It
| also unionizes diffuse buying power into one actor with different
| incentives than other powerful actors. It is unlikely that
| Apple's advertising privacy changes vs Facebook say could have
| happened in a fully open environment for example since Facebook
| has enough pull to get people to sideload whether they like it or
| not. Others would really like full stack access. And many would
| fall into one bucket or the other. Those less technical in areas
| with poor Apple support options might still want the software
| side of things as a walled garden but be able to allow arbitrary
| 3rd party hardware repairs. Conversely, I at least would like
| full software side control, but I'm more concerned about evil
| maid attacks than I am about the rare need to go to an Apple
| store for a hardware repair. There isn't really a one-size-fits-
| all here, but that doesn't have to be mandated either.
|
| - In terms of power and responsibility, I think that'd be a great
| way to handle repair, and it has the advantage of not singling
| out just "big companies". If a product creator wants to maintain
| full hardware and software control, it should also have to fully
| support the product. If after X years it no longer wishes to
| offer support, it should also be required to give up control (in
| terms of necessary crypto keys and documentation). Then everyone
| gets to decide where the right balance is in terms of support. An
| open source startup doing a risky new product also avoids being
| on the hook for much support if things go pear shaped because
| everything is fully available to the community. At the opposite
| end a company like Apple could maintain total control for 10
| years if they wanted, but only if they offered 10 years of
| updates and hardware repair or replacement. At any point they
| could get off the hook for that, but then they'd have to let
| owners take it over themselves. No having cake and eating it too.
| And everything in between. An Android OEM only wants to support a
| phone for 18 months? Fine (maybe, within below), but no locked
| bootloader after that, they need to have full docs for it etc.
| There would be room for all kinds of brands fitting all kinds of
| needs and price points.
|
| - The above said, I do think there is an externality/information
| asymmetry situation when it comes to warranty repair. There is a
| general expectation amongst the public is that there is some tie
| between buying something decent and how long it will last.
| Imagine if an iPhone said "this product will break after two
| years four months" on the label at buy time, that'd pretty
| radically change the market reaction to it. But some small
| percentage of people get screwed, and the standard warranty
| doesn't match expectation at all. Essentially the consumers are
| all gambling, and the side with the best information on risk
| keeps it to themselves and gets to sell "extended warranties" at
| enormous profit. The sticker price doesn't accurately reflect all
| the potential costs. That shouldn't be allowed. Standard warranty
| coverage should either be longer period, or have some sort of tie
| to pricing/tier. If someone wants something ultra dirt cheap and
| disposable that should be ok, but if someone buys something where
| a reasonable expectation would be it lasts 4-6 years at least
| that should be part of the price. Or if nothing else, there
| should be a requirement that all repair/replacement data is
| public with a clear standardized "% failure by year for first 5
| years" infographic or something of that nature. Special
| warranties should only be for truly extended business support
| periods, or stuff like advanced replacement or SLAs. When people
| compare prices, they should be able to have upkeep factor into
| that easily. Hidden pricing is the bane of good markets.
| endisneigh wrote:
| > Senator Dianne Feinstein criticized the bill and said that it
| targets a "small number of specific companies," and Senator Alex
| Padilla said that it was difficult to "see the justification for
| a bill that regulates the behavior of only a handful of companies
| while allowing everyone else to continue engaging in that exact
| same behavior."
|
| This bill should pass but that's also a good point.
|
| More fundamentally there should be a bill that affectively taxes
| the top 10% of companies in all industries and credits the bottom
| 25%. Call it an innovation bill. In addition the bottom 25%
| percent should get discounts on all licensing fees charged by the
| top.
|
| More generally our government should use financial incentives and
| disincentives for creating the behaviors we want.
| eps wrote:
| > Call it an innovation bill.
|
| This will result in a boatload of scam and zero innovation.
| endisneigh wrote:
| How so?
| DerpyBaby123 wrote:
| Not op, but I can imagine it would be easy to be in the
| 'bottom' tier of an industry by revenue/sales/etc - if I
| want to be credited, just make a tiny barely functioning
| company and collect the credits
| endisneigh wrote:
| A well operated implementation would probably be in the
| form of reduced taxes, not a check as the point is to
| help grow smaller competitors, not create zombie
| companies.
| dereg wrote:
| > More fundamentally there should be a bill that affectively
| taxes the top 10% of companies in all industries and credits
| the bottom 25%. Call it an innovation bill. In addition the
| bottom 25% percent should get discounts on all licensing fees
| charged by the top.
|
| No. How is this at all promoting innovation? The practical
| effect of this would be to allow crappy companies to stay alive
| as zombies, doing the opposite of promoting innovation. This
| would also encourage companies to split into a hojillion shell
| companies to qualify themselves as what you define "the bottom
| 25%."
|
| This isn't even speculation. If you look at states' tax credit
| programs to "encourage innovation" in x industry, you see those
| tax credits are absorbed by the best of financial engineers.
|
| The more levers, and thus complexity, you create in an economy,
| the more likely that it's the extreme wealthy who benefit.
| endisneigh wrote:
| I disagree with you. If companies split themselves into
| smaller companies that wouldn't necessarily be a bad thing.
| Without having described _how_ exactly the money would be
| distributed or the specific criteria I 'm not sure how you
| can confidently say it would create zombie companies.
|
| In any case, the point of what I was saying was to help fund
| strong competitors. You could just as well transfer funds
| from the top 10% to the third and fourth deciles.
| dereg wrote:
| What's your desired outcome of a program like this? The
| purpose of antitrust is to encourage competition for the
| benefit of consumers. Improving competition is a necessary,
| but not sufficient outcome. Creating competition for
| competition's sake, irrespective of the consumer effect, is
| against the spirit of antitrust.
| endisneigh wrote:
| I think competition for competition's sake is good.
| Historically and inherently it will ultimately result in
| better outcomes for consumers as ultimately that's the
| purpose of all companies - providing goods and services.
| pumanoir wrote:
| Isn't the very definition of antitrust to target "a handful
| companies" and prevent them from running an entire industry?
| syshum wrote:
| Why do you believe that taking money from the top 10% and
| gifting it to the bottom would result in innovation?
|
| Is is not possible that the bottom 25% is there for a reason,
| that they failed or their product is not viewed as innovative
| by the public?
|
| I fail to see how this wealth redistribution scheme would be
| effective or produce the stated outcome. Like most wealth
| redistribution scheme it is lofty on the goal, but unclear on
| the results with no objective measurements and not real way to
| assess its value. It is more a "do it and assume it was
| successful" program like many government program are
| endisneigh wrote:
| Depending on how it's implemented it could result in
| innovation by reducing the cost for competitors, to well,
| compete. Tremendously poor companies would still fail, but it
| would effectively create more breathing room for potentially
| viable competitors.
| echelon wrote:
| > Why do you believe that taking money from the top 10% and
| gifting it to the bottom would result in innovation?
|
| The economics occurring atop the Apple platform should not
| belong to Apple. Apple created a great product in the iPhone,
| they slayed the competition, and they have forever positioned
| themselves as 50+% of American computing. They're making boat
| loads of profit on hardware sales, accessory sales, first
| party services and subscriptions. This should not come with
| the right to tax almost everything happening in mobile
| computing.
|
| Apple is not innovating in the dating space, the gaming
| space, the business management space, or the productivity
| space. They are taxing these industries simply because they
| established themselves as the toll keep of the winning
| platform.
|
| None of these companies cares about Apple. They're only
| building in Objective-C/Swift/iOS because that's what won the
| market. They'd be much happier to build for an open web
| platform, but Apple has artificially knee-capped it. Web apps
| suck because of Apple.
|
| Apple needs to be told by the government this isn't okay.
| This won't hurt Apple in the slightest. They have a dragon's
| hoard of cash, will still have the best mobile platform, and
| have a ton of other incredible revenue streams.
|
| They need to let their stranglehold go so that others can
| grow too.
|
| Imagine if the roads were 50% Tesla and Tesla took 30% of
| every Amazon delivery, every trip to the grocery store, and
| every date you went on. That's what Apple is doing right now.
| It sounds absurd because it is.
| formvoltron wrote:
| How about standardizing battery replacements as well as
| standardizing on battery packs for power tools?
| twblalock wrote:
| I'd rather not. Competition in the power tool market has
| resulted in very impressive batteries over the last few years.
|
| If we had standardized on the old 18v-style batteries, with the
| stick that goes up into the tool handle, we might still be
| stuck with them.
|
| Similarly, if the EU had gone through with standardizing on
| micro-USB plugs for smartphones several years ago, as it
| threatened to do, I doubt we would now have phones with USB-C
| which is so much better.
| endisneigh wrote:
| I'm surprised no one has made a series of adapters for this so
| you can use any battery on any tool.
| bin_bash wrote:
| yes they have https://badaptor.com/us/
| aaomidi wrote:
| I mean, there's always going to be more things.
|
| This one is a huge step and I hope it goes through.
| sneak wrote:
| The real question here is will it allow you to sideload without
| an Apple ID?
|
| Right now, to get _any_ app onto an iPhone, you have to use an
| Apple ID, which requires providing a phone number (verified with
| sms), an email (verified with a code), and some other stuff that
| 's not verified (name, country, street address, etc). It also
| sends the serial number of the device when you create the ID (and
| you can only create so many per device).
|
| There's really no privacy on Apple devices unless you can a) buy
| a device without providing PII, and b) load apps onto the device
| without providing PII (including VPN/DNS apps, so that you can
| block all the phone-home crap it constantly does to Apple).
|
| I'm in the process of a painful switch to Graphene and the no-
| good, very-bad Android ecosystem as a result. I don't like the
| approach to solving the problem, here, but if Apple devices
| become usable again without compromising privacy it would be nice
| to be able to continue to use them.
|
| Sideloading is sort of enabled already, in that you can use any
| Apple ID to get signatures for self-built apps (or downloaded
| apps) to load on to your own device (registered to that Apple
| ID). If they comply with such legislation by allowing sideloading
| for ID-identified customers only, it's little comfort for those
| that care about privacy or freedom/choice. (It also means they
| can turn off sideloading on a per-person or per-country basis
| from Central Command during wartime, or if you become persona non
| grata for some reason.)
| [deleted]
| ortusdux wrote:
| It sounds like this might apply to Oculus/Meta head-sets as
| well. I would buy one tomorrow if they didn't require a
| facebook account in good standing.
| clairity wrote:
| yes, tying sideloading to an apple ID would be a real blow to
| privacy and freedom, but sideloading at all would be a
| meaningful improvement.
|
| it'd be a win to be able to install and run an application- &
| network-level (outbound & inbound) firewall for everything on
| the phone, not just some subset of web content on safari.
| LatteLazy wrote:
| More poorly defined legislation with no predictable outcomes that
| will spend decades with judges who never used a computer trying
| to guess their way through?
| throwawaymanbot wrote:
| neonate wrote:
| https://archive.is/q31Xz
| dang wrote:
| Url changed from https://www.macrumors.com/2022/01/20/senate-
| panel-sideloadin..., which points to this.
|
| Submitters: " _Please submit the original source. If a post
| reports on something found on another site, submit the latter._ "
|
| https://news.ycombinator.com/newsguidelines.html
| eatonphil wrote:
| > Sideloading would "hurt competition and discourage innovation"
| by making it "much harder" to protect the privacy and security of
| personal devices in the United States, according to Apple.
|
| Taking Apple at their word here, I still don't get it. Can anyone
| explain the argument they're trying to make? As written it just
| sounds so ridiculous (but I'm still trying to understand it).
| joe_the_user wrote:
| Proof by 1st order corporate brochure logic (CBL): "Hurting
| security" is a bad thing. "Hurting competition and discouraging
| innovation" is a bad thing too. One bad thing always leads to
| another.
|
| QED.
| xoa wrote:
| > _Taking Apple at their word here, I still don 't get it. Can
| anyone explain the argument they're trying to make? As written
| it just sounds so ridiculous (but I'm still trying to
| understand it). _
|
| There are at least three aspects to this: active attacks,
| negotiating power between various actors, and platform
| maintenance.
|
| 1. To the first, certain classes of attacks and malware are
| dramatically harder to execute on locked down platforms like
| iOS devices than on open systems. Remember, on the PC or Mac
| enormous amounts of real world risk isn't the result of 0-days
| but social engineering, pressure, user error or laziness, etc.
| On iOS, it's simply impossible to just give somebody root
| access. The user doesn't have it. It's even harder to have a
| persistent root kit, let alone go down below the kernel. When
| there are exploits, the owner community as a whole tends to see
| and have deployed upgrades faster. There are more barriers to
| the kinds of low effort mass adware and the like that plagued
| many non-technical (this does _not_ mean stupid or undeserving)
| people before, like the classic of opening your relative 's
| browser and discovering a hundred competing searchbar and ad
| injecting add-ons and such. And on and on.
|
| Of course, there are security issues that can arise from this
| too. And if a player is _more_ powerful than Apple is (like a
| major government) then the whole thing can go very bad, because
| now there isn 't any way to bypass that either. On balance I
| think the long term risks are higher with no owner controlled
| root cert like the current situation, but we shouldn't be blind
| to the fact that Apple worked to solve a huge problem with
| computing that the tech community were really assholes about
| (me included to some extent in the 90s, I remember the BOFH
| type admin and jokes that went around hell desk quite well).
| There is some baby amongst the bath water.
|
| 2. To the second and per above, that Apple has a secured
| position as powerful player on the iOS platform shouldn't
| obscure that there are other very powerful players vs the
| normal user. Many people find certain things like Facebook
| effectively indispensable. And individually they lack the
| weight to negotiate. Facebook and the like do not give a single
| shit about you individually. If you tell them "you better stop
| XYZ tracking or no more service from me!" that likely won't
| even get a reply. But Apple's control means it acts as the
| focal point of hundreds of millions of very valuable users
| combined. Apple can say "thou shalt disclose privacy practices
| and formulate and obey a policy" or "thou shalt not have
| persistent device traction" and attach an OR ELSE to it and
| actually have it stick. But if a player of Facebook's scale
| could then just say to everyone "you must go and sideload
| Facebook Store and grant it full permissions to keep using our
| product" that power might well completely dissolve. In
| principle government could be dealing with some of this, but
| government is often pretty slow, heavy handed, and faces its
| own problems with corruption, lobbying etc.
|
| 3. To the third, while Apple is obviously making plenty of
| profit and some of their resources are obviously going into
| irritating bikeshedding UI-cycle stuff, that shouldn't disguise
| that upkeep of a modern networked platform isn't free. There
| really is a major cost to keeping up security, to developing
| and maintaining system frameworks, infrastructure etc, and then
| keeping up with that for years after a product has been sold.
| How that is paid for also has implications for effectiveness.
| It's not necessarily feasible to build all of it into hardware
| pricing. If users are asked to pay (remember, paid OS upgrades
| were once the rule in the proprietary world), lots of them
| won't, which means the platform becomes more fragmented and
| more people miss out on critical security updates sooner or
| later. Having it be part of developer prices might be a least-
| bad way to do it. There is some link between those who benefit
| most and those who pay most, and it doesn't create the same
| negative incentives for users.
|
| People mock the "Apple Tax" but honestly paying taxes for
| infrastructure isn't always a bad idea. If anything I wonder if
| Apple shouldn't actively lean into that and announce they're
| going to make it more progressive, with 0% fee for the smallest
| fish rising to the highest amount for the biggest ones. But it
| too depends on some level of enforcement, same as taxes IRL.
|
| ----
|
| Again, none of this is to say there aren't major, obvious
| downsides to the level of control Apple has too. Their
| accountability is limited, and their incentives certainly
| aren't all aligned with their customers. Their control has been
| used for anti-competitive ends and moving into other services
| that should be more competitive (backups being a simple
| example) with negative effects (not just money, but lack of
| E2EE encryption). I do think there is room for legislative
| improvements. But it's not entirely simple.
| legutierr wrote:
| I have some questions about how access to Secure Enclave, and
| in particular hardware keys, would work in a sideloaded app.
|
| Could one sideloaded app somehow impersonate another sideloaded
| app, and thereby trick the PKA/SKP into signing a message with
| a private key that it shouldn't have access to?
|
| If there is no way to securely distinguish between two
| sideloaded apps, such that one app could impersonate another in
| getting access to OS- or hardware-level cryptographic services,
| then that could be a real problem, I think.
|
| I don't yet know enough about how these crypto services are
| implemented to know whether this would actually be a problem in
| practice, however.
| olliej wrote:
| Ok it's very simple.
|
| If Facebook says "we're going to put Facebook on a different
| store", now the majority of americans use Facebook, so now
| install the second App Store. This App Store fails to maintain
| the security rules of the real App Store, and now users devices
| a compromised.
|
| A core part of the security model of iOS is the App Store. The
| App Store makes sure that all applications have a sandbox, and
| that the sandbox entitlements are safe.
|
| The reason one app can't build a list of your other apps is
| because the sandbox prevents it. The reason it can't read your
| address book is because it lacks the entitlements to do so
| without your permission.
|
| As far as privacy: The reason Facebook, or any app, is required
| to ask for your permission before violating your privacy is
| because of App Store policy.
|
| This legislation explicitly makes restrictions on collecting
| user data unlawful.
| JumpCrisscross wrote:
| > _Can anyone explain the argument they 're trying to make?_
|
| If Facebook removes their app from the App Store (or cripples
| it), and says you have to side load this app, most Americans
| will do so. Even if that app violates a number of user-friendly
| policies. The OS, of course, could enforce that at a technical
| level, which weakens the argument significantly.
|
| Also lots of people will click links and side load spam apps,
| but that's par for the course.
| olliej wrote:
| What technical restrictions can they do?
|
| It can't be sandboxing, as the entitlements and/or existence
| of sandboxing for an app is enforced by the App Store, and
| we've just said we're not using that.
|
| It also removes privacy protections: Facebook is required to
| ask permission to track you on iOS. It's only required to by
| platform policy in the App Store license agreement. They're
| not using that any more, so goodbye opt-in tracking.
| ThatPlayer wrote:
| Why couldn't they make the entitlements enforced by the
| operating system with user prompts, rather than the App
| Store (or both)? Just because that's how it's done right
| now doesn't mean we're just flipping a switch and suddenly
| allowing everything. It's still up to Apple on how they
| implement it. If that's how they choose to implement it,
| that's on Apple.
| zepto wrote:
| > The OS, of course, could enforce that at a technical level,
| which weakens the argument significantly.
|
| This is simply not true. An app can lie about what it does,
| and nothing at a technical level can prevent that.
| JumpCrisscross wrote:
| > _An app can lie about what it does, and nothing at a
| technical level can prevent that_
|
| I was thinking of the tracking restrictions when I wrote
| this. The OS simply doesn't give the app the data.
| zepto wrote:
| It's much harder than that to prevent fingerprinting, or
| the use of legitimate APIs for illegitimate purposes.
|
| In any case the idea that you can achieve privacy and
| security solely through managing APIs is simply false.
| whatshisface wrote:
| Apple defends their absolute control over software that runs on
| their devices by arguing that malicious actors could give
| instructions for sideloading malware.
| kart23 wrote:
| I think the headline is wrong. Sideloading or alternate app
| stores wouldn't be required, thats not the purpose of the bill.
| Sideloading and alternate app stores is a legitimate
| privacy/security problem that will be exempted under the bill.
|
| >"unless necessary for the security or functioning of the covered
| platform," from https://www.congress.gov/bill/117th-
| congress/senate-bill/299...
|
| I think it would actually be very good for the app store,
| outlawing a lot of the restriction that Apple places on things
| like payments.
|
| I really don't know what to think about the bill overall. It
| would definitely have the largest impact on Amazon, their basics
| line would pretty much be killed by the law. Google rankings
| would also be overhauled, no more flights at the top of the page.
|
| The testimony in support of the bill by Sonos [0] and Tile [1] is
| also a good read.
|
| [0]
| https://www.judiciary.senate.gov/imo/media/doc/Eddie%20Lazar...
|
| [1]
| https://www.judiciary.senate.gov/imo/media/doc/04.21.21%20Ki...
| dang wrote:
| The headline was originally "U.S. Senate panel approves
| antitrust bill that would allow sideloading" (before we changed
| the URL from https://www.macrumors.com/2022/01/20/senate-panel-
| sideloadin....
| sebow wrote:
| Using terms like sideloading is precisely why the vast majority
| of the public doesn't give a damn about this issue.Free 'social
| experiment' idea: ask everyone who was a smartphone what is
| sideloading, what is installing, what's the difference and
| what's common.
|
| Altering our language to appease companies and somehow pretend
| like sideloading means something different than installing is
| why we're losing, precisely because it's a tactic to erase
| correlation of the word and the meaning.
| repiret wrote:
| You know where else I can side-load apps? Desktop PCs. You know
| what my in-law's desktop PCs are full of? Spy-ware and search
| bars and other crap they got tricked into side-loading.
|
| Here's how I think this will go down:
|
| 1. Some indie developers and hobbyists will be enabled by not
| having to pay $99/year and jump through hoops to distribute apps.
| That will be good.
|
| 2. Some mainstream apps will require side-loading to get around
| the Apple tax for purchases, but they won't lower their prices.
| That will redirect some money from Apple to Amazon or EA or
| whoever. Thats bad for Apple, good for those companies, but I
| don't think it will affect most people very much, except for a
| better flow for in-app purchases where you're current directed to
| the web-site.
|
| 3. The mainstream apps eventually condition people that side-
| loading is an okay way to get legitimate app. Then publishers
| will leave the app-store in mass, and the crapware will be as
| prolific as on PCs. This will be bad.
|
| 4. Side-loading will enable piracy, and so honest users will
| suddenly become more burdened by software DRM type crap. This
| will be bad.
|
| I am honestly not convinced the good that comes from #1, and the
| connivence that come from #2 are worth the costs of #3 and #4.
| Karunamon wrote:
| I'm less convinced that piracy^wcopyright infringement is as
| much of a problem as the people who stand to profit most from
| its demonization claim it is.
| repiret wrote:
| I don't think copyright infringement is a big problem either,
| but many software publishers do, and that fear leads them to
| make the software worse for all of us.
| nullifidian wrote:
| The senators will get their donations from the affected
| companies, and nothing will come out of it.
| pm90 wrote:
| Absolutely. Big Tech is already spending a lot, they will just
| spend more.
|
| However, it _is_ upto the electorate (us) to vote in people who
| don 't make decisions that way, and there are quite a few of
| them today.
| whatshisface wrote:
| Senators don't get donations for passing laws, companies
| establish annual donations which then may be revoked if the
| right laws _aren 't_ passed.
| topspin wrote:
| I share your cynicism. My suspicion is that it's in the bill
| specifically to motivate campaign donations. Like you I doubt
| this survives.
|
| If it does Apple et al. will ensure the mandated sideloading
| capability is accompanied by scary warnings, unnecessary
| downsides and any other dark patterns they can get away with
| inflicting.
___________________________________________________________________
(page generated 2022-01-20 23:01 UTC) |