[danmg]

You're really going to scrap your car from 2015 because the off-brand android doo-hicky they stuck in it hasn't been updated?

Even if you're technically inclined, it's not like installing some community provided roms image on your slightly out-of-date flagship phone. The device likely has some proprietary aspects to it which would render it useless even if you attempted.

[Dylan16807]

Don't scrap the car, but you shouldn't be connecting the doo-hicky to the internet any more.

The manufacturer sold you a part that would break for many purposes after a few years. Be mad at them, and strongly consider replacing it.

[danmg]

The part didn't break. Someone who thinks they know better decided to make it not work, and complicated some normal person's life with some security theater.

If a manufacture intentionally made a product they sold you not work, much like how Tesla disables fast charging capriciously, it would be a violation of the Magnuson-Moss Warranty Act.

[cnst]

Exactly! It's so upsetting that the narrative has been so distorted that most folk don't even understand that it's not the manufacturer that intentionally makes the device unusable, but instead the website operators, and those who support and misleadingly advise such operators. The biggest problem is that folks like Mozilla tell everyone to disable TLSv1.0, whilst themselves still supporting it; which shows the biggest case of hypocrisy there could ever be.

Are you aware of any groups working against such planned device obsolescence? My latest gripe on this matter is Wikipedia -- it's beyond absurd that anonymous users can make changes to the contents of pretty much any of the millions of pages, yet getting said pages over pristine networks is conditional on TLSv1.2 support, limiting older devices from even read-only access to Wikipedia for absolutely no good reason.

[Dylan16807]

Crypto keys and algorithms need to be updated or they stop working. Web browsers are full of exploitable bugs that get discovered over time. These are both provable statements. So any manufacturer that locks those in time is practicing planned obsolescence.

[cnst]

But I don't need crypto to read text and watch pictured posted by anonymous users, so, the crypto point is just moot.

You're also missing the context. Why does it matter if someone's browser has exploitable bugs if the only sites they visit are those that are not likely to use such exploits?

So, such planned device obsolescence is conditional on two explicit actions on site owner's side, (1), prohibiting http traffic, (2), prohibiting TLSv1.0 traffic. So, it's 100% site owner's actions that cause the device to become obsolete and make your own site inaccessible. The manufacturer has zero control over the actions of the individual site owners. On the other end of the spectrum, Google, Microsoft, Bing, Amazon, Mozilla, plenty of other businesses, don't intentionally go out of their way to disable both of those things, so, their sites still work -- including through HTTP in case of the search engines. Which manifests as a definitive proof that it's the fault of those other specific sites (like Wikipedia) that take explicit actions to make the older devices obsolete.

P.S. Incidentally, this also proves the point about capitalism -- as a result of misleading propaganda campaigns promoting HTTPS everywhere, most smaller sites are automatically and inadvertently acting as precursors for planned device obsolescence, whereas the big players that need to make the last cent out of every person in the world regardless of how old their device is, or what actions their provider takes against the encrypted traffic, are fully capable of getting exceptions to the PCI compliance or whatnot, and continuing to serve their sites through TLSv1.0 as well as plain old HTTP.

[Dylan16807]

Even if all you want is plain HTTP, when HTTPS breaks it's mostly the fault of the device, and the product is still experiencing planned obsolescence caused by the manufacturer. And it would be stupid of a site to allow old versions of TLS, since that compromises the people depending on HTTPS; if there's going to be an insecure access method it should be HTTP.

And don't be so dismissive about privacy. Crypto isn't just for banking.

Also it's not really a capitalism thing, capitalism is too busy trying to sell you an update every 2 years to care about the difference between 8 years and forever.