[bobince]

If this unacceptable mess is "doing it well", perhaps the whole idea is doomed and should not be attempting to do it at all.

> It comes down to an argument of trust - do you trust Apple is acting in your best interests

No. I mean really very obviously no.

Neither Microsoft. Nor Google. Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?

It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.

[quelsolaar]

I'm entirely fine with people running "Trust" systems. But not when the platforms do it by force. If you want to pay McAfee, or some other service to force your computer to only run trusted code, then that's your choice. I might even be fine if Apple or Microsoft offered it as a service you have to pay extra for.

The problem is when one entity can lock down a platform entirely. Its a problem when its not a choice the user have. Its also a problem that even when the user wants all code to be verified, they cant choose who it gets verified by.

If yesterdays disaster had happen to a third party trust company, and not Apple, a lot of people would be looking for a new trust vendor today. Thats what should happen in a non-monopolistic market.

[judge2020]

This plays into why Google is so big, doesn't it? Where by offering immensely valuable things (like trust[0], video hosting[1]) for free, people are willing to give up a host of freedoms assuming it doesn't directly impact them/the apps they use (which is most often doesn't, with the exception being Fortnite, and even then it just becomes another topic for reddit to have flame wars about).

0: https://www.marketwatch.com/press-release/global-antivirus-s...

1: https://www.theverge.com/2020/10/29/21531711/google-alphabet...

[johncolanduoni]

Mac market share is less than 10% in the US, even lower in other countries. I personally know at least one person who is considering not buying one next time around just because of this incident. Some people use tools that lock them onto a Mac, but most of that is just people that have to develop for Macs (and they’re stuck no matter what Apple does, because they need to test on Macs). The iOS/App Store monopoly arguments are one thing, but 10% is a monopoly now?

Just because a company sells a product that has some things one might want that no other market players bother combined with some things that they don’t like, doesn’t mean they’re “exploiting a monopoly”.

[AnthonyMouse]

> The iOS/App Store monopoly arguments are one thing, but 10% is a monopoly now?

It goes the other direction. If you want to develop for iOS you have to get a Mac even if you don't want one.

Moreover, this behavior is objectionable regardless of market share, because a platform excluding alternative stores segregates that platform into a different market. If you're a developer whose customers use a Mac, and Apple starts operating the Mac App Store the same as the iOS one, it doesn't matter that they have 10% market share because that 10% of the PC market is 100% of your app customers and the relevant market isn't PCs, it's app distribution to a given customer base.

[johncolanduoni]

That argument applies to literally any product that another business wants to built their own product on. I don’t see how that doesn’t turn into every business being required to make the business model of every other business whose products are built on theirs work in perpetuity. If you make a commercial OS, are you arguing you can’t ever remove any feature in a future version if it would make another company’s product impossible to upgrade?

[AnthonyMouse]

It's not about removing a feature, it's about keeping it there but monopolizing access to it. If the feature goes away entirely, that's fine. And then somebody else can come back and implement it themselves.

But if the company gives themselves access to that feature and not anybody else (even with the permission of the device owner), and restricts anyone else from reimplementing it, that creates a monopoly which they would then be abusing by restricting what competing app developers can do.

Security is the owner of the device controlling what runs on it. Monopoly abuse is the manufacturer of the device doing so against the will of the owner of the device.

[musicale]

> It goes the other direction. If you want to develop for iOS you have to get a Mac even if you don't want one.

Very annoying that you can't use an old Lisa development system like the ones Apple required for the original Macintosh.

[greggman3]

Apple isn't just Macs. iPhone has 50% or greater market share in the USA. iPad has 65% or market share as well. Apple certainly does exploit a monopoly in various different ways. One is their monopoly on browser engines in iOS that lets them dictate web standards because if they don't implement something then the 1.5 billion iSO devices don't get it period.

[johncolanduoni]

You can always fashion a monopoly by adding “they have a monopoly on X on their own product” for any proprietary hardware or software vendor. If you want to argue that proprietary hardware or software shouldn’t be allowed then do that, but don’t try to tie it to monopoly. It has little to do with either the legal or economic implications usually associated with that word.

[amelius]

> Mac market share is less than 10% in the US, even lower in other countries

Do people on other platforms have so many security issues that Apple's measures are justified?

[stephenhuey]

Windows may be better but any of us born before the 90s may still have PTSD from all the pain of troubleshooting malware infestations. 17 years ago I was the primary developer of a commercial Java web app and wanted nothing to do with support phone calls but on many I had to walk our web app users through the installation of Spybot Search & Destroy just so they could get rid of something interfering with their usage of our product!

I was traumatized a few weeks ago when my parents sent me a particularly jarring video of their Windows computer with audio playing telling them to call a number to get rid of something nefarious-sounding but quickly Googled it and realized it was a bunch of popup browser pop ups pretending to be worse than they were. I don’t run into stuff like that when using Firefox on my MacBook.

[quelsolaar]

I would say no. Windows/Linux machines are generally secure.

I think it matters a lot what you consider "Secure" to mean. Most security people are focused on stopping an attacker from remotely installing and executing malicious code on your device. Huge amount of effort is dedicated by security people to adding hardware to stop buffer over runs, make memory protected, signing code and so on, to stop these types of attacks. A more locked down system like iOS/Android is at least in theory more secure then a device ruining Windows and especially Linux, that lets the user install and run what ever they want.

If you on the other hand define security as in control over your device and your data, then the Mobile devices are terrible. A lot of apps are full of "telemetry" (read spyware) that in practice makes most Mobile device leaks a huge amount of data. You have very little control over this. This is an attack vector that is mostly ignored by these companies, because they dont see it as an attack vector, but rather as a revenue stream.

[intricatedetail]

I think we need regulation that any API in the OS cannot be closed and end user should be given all keys. Current situation is untenable.

[bigbubba]

People really want to believe these corporations are charitable organizations, not inhuman slow AIs optimizing for profit. The propaganda departments of these corporations really do a number on people.

[sonotathrowaway]

I read the article and you seem to sidestep all the arguments and facts they present, instead just saying their a brainwashed by propaganda. Not as convincing an argument, sadly.

[orf]

The internet is a malicious place, filled with the non-technical and uninformed.

I guess we’ll wait for you to design a better trust-based system that allows you to stop malicious software from executing on N different machines without needing N users to do anything.

[brainzap]

Norton Antivirus will protect me

[iso1210]

I trust in McAfee, the software is as stable as the founder

[systemvoltage]

Nortan Antivirus. Download now, free 6 month trial.

[zepto]

It’s unfortunate that this is a response to a bulveristic comment. This really is a very important problem, indeed perhaps the most important problem in computer science today.

[api]

The real solution is a least privilege hardened operating system that limits the damage both in terms of malicious effects and data exfiltration/ surveillance. Exposing permissions to users is also a hard UI/UX problem.

Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.

Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.

[zepto]

I’d say this is only one half.

Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.

[api]

In that case code signing can’t do much either.

[zepto]

On the contrary code signing is the only current solution to this problem.

It allows fraudulent, malicious, or easily exploited code to be disabled.

[coldtea]

>If this unacceptable mess is "doing it well", perhaps the whole idea is doomed and should not be attempting to do it at all.

Well, "unacceptable mess" are your words. It's totally acceptable to me that there could be issues on a feature / launch that need to be ironed out, unless we're talking about aviation software or pacemakers.

If we deemed "unacceptable" any misstep or early issue, we wouldn't even have fire, a relatively tried and tested technology, that still has its issues...

>No. I mean really very obviously no.

The question is not an absolut one.

You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".

Not to mention they don't even do the kind of tracking the original "sky is falling" post assumed they do: https://blog.jacopo.io/en/post/apple-ocsp/

As this post says, "Now that you know the actual facts, if you think your privacy is put at risk by this feature more than having potential undetected malware running on your system, go ahead [and disable the checking via /etc/hosts]".

>It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.

The author is a security specialist, not some random dude. And he made his point with technical arguments, not hand waving.

[cle]

> You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".

For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot. I don't even trust that I could understand if Apple is acting in my interests, because massive corporations like Apple have unparalleled resources they can use to obfuscate their intentions.

Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software, and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?

Personally I'm not anywhere near ready to accept that that's the best we can do, nor that it's something that we even should do.

[coldtea]

>For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot.

Well, this is half-thought though.

First, most people don't use any GNU software or even know what GNU is. And they can and do trust all kinds of BS that they shouldn't (that's how computers get filled with malware crap).

Second, GNU in this context means nothing. GNU is an organization and an assorted set of licenses, not a program, and a program being associated with GNU says nothing about the safety of the program or not. The programs themselves could still be maliciously polluted with malware as have happened time and again, unbeknownst to the authors of the programs and those running the repositories.

>Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software

Well, if you're against closed-source software you shouldn't be using macOS or Windows in the first place.

>and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?

The latter is a political issue, and best solved at the political level. You don't get out of a surveillance situation just by using different programs, when the whole state apparatus, sites you visit, even ISPs, etc, is used for surveillance.

[8bitsrule]

Spin, spin, spin. I learned to distrust Apple's hardware after I bought my last (i)Mac. I've see no reason to think it or its software's gotten more trustworthy.

(The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)

[amelius]

> (The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)

When Woz left.

[alfonsodev]

But this thing frezzes your whole computer, it happen to me while switching internet providers, I could have worked perfectly fine offline, but I've lost hours, which I'm not getting back. I don't know if there has been an apology but I would like to see one.

Edit: By saying this I'm not endorsing OP exact words, but the failure is not a minor, besides hours of work lost, it was a major stress, as I though I would have to take the computer to repair, or replace it, and I can still manage, but many people can't afford it right now.

[userbinator]

The author is a security specialist

In other words, an authoritarian corporate shill, just like the vast majority of others in the "security industry" whom I've had the displeasure of meeting.

[AnthonyMouse]

> You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".

But it isn't that. That would be the argument for choosing to install apps through Apple's store, not for Apple preventing you from choosing to install apps through a competing store.

Because then it's not Apple vs. literally every random shady garbage app, it's Apple vs. some specific alternative store that you might very well trust more than Apple to be acting in your interest, e.g. F-Droid.

[sneak]

Apple has been leaking OCSP app launch data in cleartext for two years. This isn’t a Big Sur release glitch.

[jb1991]

Your tone here does not seem proportionally appropriate to the level of discourse this article is attempting.

The fact of the matter is that computers offer myriad ways to compromise your life and behave maliciously, and avoiding that is a tall challenge for any company. Apple is trying it their way, and you can try it yours. But to call it Stockholm Syndrome is an unfortunate take on these efforts.

[politelemon]

I see little to nothing in the way of discourse. Much like HN over the past few days, it's mostly a hand waving away of the reality that has always existed beneath the exterior. What doesn't help is that it's the nature of humans to fervently defend the ecosystem they've invested in.

We at HN like to hold ourselves apart from other communities, but is merely an echo chamber for what gp refers to.

Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.

[arvindamirtaa]

> Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.

Apple is so awesome, they have already come up with the perfect phrase you can use to describe them. It's "Reality distortion field".

[fauigerzigerk]

>Your tone here does not seem proportionally appropriate to the level of discourse this article is attempting.

You mean this level of discourse?

>The privacy squad mobilised on this one - in fact, one blog post recieved a lot of attention for decrying such systems with the dogwhistle "you no longer own your computer!"

[jb1991]

https://news.ycombinator.com/item?id=25095110

[jhardy54]

Can you explain why? You've offered assertions but haven't explained why you feel that way.

[zepto]

It’s a form of bulverism: https://en.wikipedia.org/wiki/Bulverism

[jb1991]

I don't follow... what did you want me to explain and what assertions are you referring to. If you mean, the assertion that Apple users are suffering Stockholm Syndrome is an inappropriate discourse, I'm not sure how to better explain that.

[jhardy54]

Maybe you could start by why you think it's inappropriate?

[coldtea]

Because it's a "mass psychology" BS explanation based on the premise of "others are misguided/idiots/sheep/Stockholmed and I know the truth/true freedom" - as opposed to a good faith argument, understaning that it's an ideological preference and that others (including people with 10 times the degrees, career experience, computer science knowledge of the author, can think otherwise).

If that very basic thing needs to be spelt out, I'm not sure how any discussion is possible...

[Veen]

Perhaps we should think about this from a utilitarian perspective. There are obvious security advantages to app signing. But there are also negative implications for privacy and availability. Given tens of millions of non-technical users, is app signing likely to result in more good than bad, taking into account the fact that it can be turned off? I don’t know the answer, but I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.

(Pretending to be able to see into the minds and motivations of people you don’t know is rarely helpful. You have no grounds to attribute users’ behavior and opinions to Stockholm Syndrome, and it doesn’t apply anyway: no one is held hostage or abused in this scenario)

[AnthonyMouse]

The key is in understanding that the trade off is an illusion. App signing is de facto blacklisting. Anyone can get an app signed but Apple maintains a naughty list. It's just anti-virus by another name.

But you don't need signed apps for that, only hashes. And you don't have to phone home for that, only download the latest naughty list whenever it changes so you can check against it locally.

[zeusflight]

> There are obvious security advantages to app signing. But there are also negative implications for privacy and availability.

App signing exists elsewhere without sacrificing privacy. Most Linux packages, for example, are signed with GPG keys. The difference is that Linux only cares about installing trusted packages. It doesn't care about applications that are already installed after verification. Apple insists on having the ability to revoke something that's already installed. There are two issues here:

1. Is it reasonable to revoke permissions for an installed package? It could be argued that it will help stop malicious apps that were discovered after they were distributed. However, it could equally as well be that Apple wants more control over devices and hold developers to ransom. Their recent treatment of developers indicate that this concern is not at all misplaced. The least Apple could do is warn the user about a revoked certificate and ask if they still want to proceed (like how browsers do in the same scenario). However, it just refuses outright.

2. Apple chose a very bad method to implement online certificate revocation. OCSP is meant for server certificate validation. OCSP stapling is preferred over plain OCSP due to privacy concerns. Stapling cannot be used in this context. This method unfortunately ruins privacy and spill user information everywhere. They could have chosen some other more private method, like an updatable CRL.

> I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.

As I said, there are more private ways to push revocation status. Apple always claimed that the device lockdown was to ensure privacy. This oversight shows how hollow that claim is.

Important part to notice is the false dichotomy of freedom vs security. The argument that negligent users will screw up if given freedom. This is wrong for two reasons:

1. Defaults vs restrictions: Keep the defaults secure and slightly hard to modify for normal users. But don't restrict those who need alternatives.

2. Security can be achieved without locking everything down and remote controlling it. See web browsers for example. We run JS from all insecure sources, but cannot access sensitive resources (like camera, file access etc) without users' permission. The same can be achieved on OS with sandboxing, microkernels etc.

> no one is held hostage or abused in this scenario

Abuse is not always apparent to the abused. User rights are gradually eroded away in the name of security, giving users enough time to get accustomed to it. There may be escape hatches now, but they are slowly getting closed. For example, we considered PCs that don't allow us to install another OS as abusive. However, we don't hold mobile devices to the same standard. Unfortunately, this normalization of abuse doesn't just affect those who accept it. The rest of us are left without a choice. That criticism is definitely valid.

[JKCalhoun]

> Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?

I get what you're saying, but (as an Apple fanboy) I have to point out that Apple's incentives are to act in your, the customer's, interests since that is what they are selling now. They are differentiating themselves from the Googles by taking user privacy seriously.

If they act against that they lose their key advantage.

Trust but verify perhaps?

[Wowfunhappy]

Apple is incentivized to push you towards their services—to make installing from the App Store easier than sideloading, and to make first party services more useful than third party services. Those are not my interests.

I say this not to ascribe malicious intent—I do not think Apple implemented OCSP to push people towards the App Store. But incentives are funny things, and can cause people and organizations to rationalize all sorts of decisions, and conveniently ignore some side effects and not others.

[jasonv]

I live in a world where those incentives have created a platform where I can buy decent hardware to run the kinds of applications that aren’t available on the preferred platforms. Want a laptop that can last all day, edit 4K, and be operated as an appliance, not a passion project? You’ve got Windows and Apple. I have run Linux forever, from day one, and while it can run the services we need for the whole internet, it’s not desktop viable in the ways Windows and Linux are.

In this argument, I’m not sure that level of product development can be dismissed. I wish Apple had implemented this better, I just bought a Windows machine so I wasn’t dependent on one platform, I’m trying to move towards Linux again (to be aligned with my own values), but the engineering this community wants, and the readiness of the platform & product we can buy any day of the week at Best Buy ... doesn’t exist.

So I, personally incentivized to give Apple a bit of a pass on this one, and hope they iterate this solution in the right direction, and definitely hope they don’t turn the Mac App Store into the iOS App Store.

[staticman2]

It's not in my interest to have Apple censors control what web browser I run on my phone or what games I can play on my phone.

[revscat]

This is irrelevant to the topic at hand.

[zepto]

You aren’t their customer.

[saagarjha]

I’m an Apple customer and their interests don’t always line up with mine.

[zepto]

By ‘customer’ I mean target customer in a marketing sense.

In this sense, you are not their customer.

I am not either.

[alpaca128]

> They are differentiating themselves from the Googles by taking user privacy seriously.

Then please explain how that is consistent with Apple setting Google as default search engine in Safari ( https://www.theverge.com/2020/7/1/21310591/apple-google-sear... ).

As always, Apple only aims for environmentally-friendly actions and privacy as long as they profit from it and it makes a good news article. But then they ignore privacy when you're not looking, and making it unnecessarily hard to repair your devices.

[foobiekr]

I do trust apple over a hundred different developers with random practices.

I found out not long ago that a tool I was using had no hygiene practices at all - they grabbed random versions of things they packaged up, had no meaningful audit trail at all, no means to notify (or even awareness that this might be a consideration) essentially no meaningful code review and so on. I noted this because I was investigating a bug for the project and gradually the reality became clear.

At the very least, Apple is one step above mayhem and negligence.

[amelius]

McDonald's food never makes me sick. One time I went to a different restaurant, and I found out that they had no hygiene practices at all. At least McDonald's is one step above mayhem, and it therefore is where I eat all my dinners.

[foobiekr]

That's the wrong analogy. The right analogy is Apple is acting as a restaurant inspector. They may miss a lot, but they accomplish _something_.

[summitsummit]

> Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?

Even without perverse incentives, why would another agent in your environment have any reason to go out of their way to have your best interest at heart?

[viraptor]

> Neither Microsoft

I see more nuance here. I don't trust the Apple/MS licensing / code signing teams, but I do trust the MS defender team to do much better job. They're not directly connected to a source of profit.

[lmilcin]

Whether something is or isn't acceptable is completely separate from whether it is done well.

Guns can be well engineered, but that does in no way answer whether it is or isn't acceptable to own one.

[macintux]

Where does the author belittle those who prefer a different answer?

[craigsmansion]

By posing false dichotomies: "do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?"

It's perfectly reasonable to believe that Apple is acting in Apple's best interest without attributing malevolence.

By downplaying rational arguments: "I think the privacy arguments are far-fetched (because others are worse)"

By using loaded terms: "Dogwhistles

The privacy squad mobilised"

Presenting strawmen: "if I have the code, build the code, nothing can hide in the code. This is a fallacy that people buy in to thanks to effective marketing "

Lying by omission: "It's not feasible for an individual to maintain the list of trustworthy or untrustworthy parties that Apple does."

It's perfectly feasible for a group of individuals. I'll take any group distro maintainers over Apple's word.

He really doesn't just sound like an Apple apologist; he is one.

[macintux]

Fair points, I should have re-read it after seeing the GP’s comment.

[zepto]

You’re exaggerating, and then falling into the same traps you are accusing him of.

A lot to people are claiming Apple is a malevolent entity. In context, it is reasonable for him to rebut that.

I agree with you about his use of loaded terms, and the dismissiveness.

The straw man you cite isn’t a straw man. It is a solid argument. https://www.bunniestudios.com/blog/?p=5706

The lie of omission you assert isn’t a lie.

No group of distro maintainers has solved the problem Apple is solving. The author used the word ‘feasible’. This is currently true, but doesn’t need to remain so. The fact that you are technically literate enough to know about distro maintainers, and trust them does not mean it is feasible for everyone to do so.

“He really doesn’t just sound like an Apple apologist; he is one.”

If that isn’t a loaded term, I don’t know what is.

[craigsmansion]

> A lot to people are claiming Apple is a malevolent entity. In context, it is reasonable for him to rebut that.

The exclusive "or" in "do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?" still makes it a false dichotomy.

> The straw man you cite isn’t a straw man. It is a solid argument.

"if I have the code, build the code, nothing can hide in the code.":

is not something someone knowledgeable would ever claim, only that having the code and building the code will be at least as safe or safer than not having the code at all. Presenting it as "nothing can hide in the code" and then attacking that is, in my opinion, a strawman argument.

> The author used the word ‘feasible’.

And he is correct in that. No single individual can maintain the software integrity of an entire operating system, but a group of people can do so. The omission here is that that group of people need not be Apple.

The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".

> If that isn’t a loaded term, I don’t know what is.

The term is from the article: "While I'm going to sound like an Apple apologist,"

He claims he is not X, but has given no argument why he shouldn't be considered X and has presented a lot of arguments on why he should be considered X.

He has presented no reason to assume he is not a devoted Apple user, or in his words, an "Apple apologist".

In short, I'm not sure I'm exaggerating, but that I'm willing to disagree on.

[zepto]

Many invalid points, and straw men in your comment. Here are the more important ones:

“The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".”

You say it’s ‘not true’. I think it’s quite likely to be true.

But more importantly - it’s an argument. Not a fact. You just happen to disagree with him. It’s not a lie of omission to simply come to a different conclusion.

He hasn’t presented any argument why he should be considered an apologist. You are arguing that he is an apologist. That is both ad hominem, and a loaded term, and it’s you who is using it.

[craigsmansion]

> He hasn’t presented any argument why he should be considered an apologist.

He _literally_ did, himself, in the article he wrote:

"I think the privacy arguments are far-fetched"

and actually acknowledging it verbatim:

"While I'm going to sound like an Apple apologist,"

as in "people who say this are Apple apologists, but I'm only like one if I state it."

> Many invalid points, and straw men in your comment.

Of course.

[stouset]

Further, GP is outright belittling those that disagree with them with the Stockholm syndrome comment.

[crazygringo]

I conclude the opposite:

Yes. I mean really very obviously yes.

And Microsoft. And Google.

I assume they're acting in my interests because they have clear incentives to increase their profits by giving me useful helpful products that I'll buy.

That's the entire premise of competition and the free market. The invisible hand gives consumers what they want. If, as a company, you don't, then you go out of business.

If this were a communist country where the Party performed validation checks? With no choice between products? Then no.

But in a competitive free market? Absolutely. In fact I'm relying on their motive to increase profits in order to trust that they'll act responsibly. What can you trust more than someone else's self-interest, at the end of the day?

[bitmunk]

Tobacco.

[AnthonyMouse]

Comcast.