[Retric]

Freedom and computer security are in fundamental opposition. It’s the same basic question as GC vs manual memory management.

The only way to offer safety on a platform is to secure that platform. If Apple disables the API’s which lets apps access users contacts then they can be sure 3rd party iOS stores don’t compromise user’s privacy. If they allow API access and don’t vet stores then guess what that directly means breaches will occur.

PS: If you disagree try and come up with some supporting argument.

[cgriswald]

> PS: If you disagree try and come up with some supporting argument.

I downvoted you rather than giving you an argument. Here's why:

You've edited your post at least four times. Three of those times was when I was trying to offer a counter-argument. The problem was, you kept changing yours. I'm honestly not sure what you believe, both because you changed it so many times, but also because you haven't defined your terms (e.g. whose freedom?). Finally, you make some bold claims, but you don't really support those claims with anything I find credible.

In any case, the 'security' argument (and the associated 'reputation' argument you made in one your iterations) rings particularly hollow with me since Apple itself has already had—for decades—great success with a platform that is reasonably secure and relatively free compared to iOS: the Mac.

[Retric]

Objectively Mac OS has had more serious security issues than iOS, so at most you can say the trade off is worth it to you not that doesn’t exist.

As to freedom, that was specifically used by the post I was responding to. But, if you’re unsure, consider it in terms of raw assembler vs python. Raw assembler allows more freedom, but that freedom comes at a clear cost.

PS: And yes I edited to specific wording a few times for clarity. That’s a holdover from the days when hacker news would eat comments that where being edited for to long. Reputation is a major concern for Apple as a business, but outside of the scope of this discussion.

[rbecker]

> Freedom and computer security are in fundamental opposition.

Only if you interpret "freedom" as "freedom for apps" instead of "freedom for the user". None of what you said precludes the user (I won't say "owner") being able to override Apple, or take Apple's place in deciding what their device may do.

In your mind, is a platform only "secure" when ultimate control is with the manufacturer, and not the user?

How much more "secure" were Apple's users in Hong Kong, after Apple decided to disable the app they were using to track the police?

[Retric]

> ultimate control is with the manufacture, and not the user.

There are a host of ways of describing computer security, but in my mind the most fundamental idea is minimizing the amount of surprises a user faces. A brick might not be a useful stake knife, but it’s secure. Anyone can want more features, but features aren’t security.

If someone goes to a knitting blog they don’t expect it to have access to their exact location via GPS, phone contacts, social security number, bank routing number etc. As such for users to have meaningful control it’s generally 3rd parties not manufactures or users that security needs to deal with. If you want to use online banking you need to trust the device to not be sharing login information with random other apps you happen to have installed, that’s incompatible with allowing such random apps to connect with your bank account.

PS: Hong Kong users benefited from having devices not compromised by the CCP, that’s what I am referring to. Clearly more app stores would let various other apps in, but how may of them would have actually been compromised?

[rbecker]

> the most fundamental idea is minimizing the amount of surprises a user faces

I wouldn't call being given the master key to my own computer "surprising".

[Retric]

What’s your specific objection here? Is it somehow not acting as you assumed it would when you bought it, because that’s what surprise means not simply being annoyed with someone’s business model.

[8note]

Shouldn't the user get to decide whether an app gets access to the contacts API? I should not have to trust that apple is right in saying whether I want an app to have that access.

[Retric]

Microsoft went down that path with Windows Vista, users want very high level permissions, which thus end up being all or nothing.

App stores on the other hand can actually differentiate between an app that only accesses contacts locally, and one that uploads that information etc. That’s not to say Apple actually does this diligently, but it’s at least possible.

Really it’s a question of deceptive apps. Suppose someone makes a AI based photo manipulation app which reasonably asks for permissions to your photos. And then quietly does a facial recognition search or just tried to find and uploaded nude photos without notifying users. You can catch that crap with human reviewers not so much permissions and automated systems.