[harladsinsteden]

How would you ensure that the "average user" actually gets to the page he expects to get to?

There are risks in everything you do. If the average user doesn't know where the application he wants to download _actually_ comes from then maybe the average user shouldn't use the internet at all?

[KronisLV]

> How would you ensure that the "average user" actually gets to the page he expects to get to?

I think you practically can't and that's the problem.

TLS doesn't help with figuring out which page is the real one, EV certs never really caught on and most financial incentives make such mechanisms unviable. Same for additional sources of information like Wikipedia, since that just shifts the burden of combatting misinformation on the editors there and not every project matters enought to have a page. You could use an OS with a package manager, but not all software is packaged like that and that doesn't immediately make it immune to takeovers or bad actors.

An unreasonable take would be:

> A set of government run repositories and mirrors under a new TLD which is not allowed for anything other than hosting software packages, similar to how .gov ones already owrk - be it through package manager repositories or websites. Only source can be submitted by developers, who also need their ID verified and need to sign every release, it then gets reviewed by the employees and is only published after automated checks as well. Anyone who tries funny business, goes to jail. The unfortunate side effect is that you now live in a dystopia and go to jail anyways.

A more reasonable take would be that it's not something you can solve easily.

> If the average user doesn't know where the application he wants to download _actually_ comes from then maybe the average user shouldn't use the internet at all?

People die in car crashes. We can't eliminate those altogether, but at least we can take steps towards making things better, instead of telling them that maybe they should just not drive. Tough problems regardless.

[harladsinsteden]

> People die in car crashes. We can't eliminate those altogether, but at least we can take steps towards making things better, instead of telling them that maybe they should just not drive. Tough problems regardless.

I agree with the sentiment but there are limits to what we can and should do. To stay with your analogy: We don't let people drive around without taking a test. In that test they have to prove that they know the basics of how to drive a car. At least where I come from that means learning quite a bit of rules and regulations.

In other words: Don't let people off the hook. They need to do some form of learning by themselves. It's no different with what you do on the internet. If you're not willing to do some kind of work to familiarize yourself with how the bloody thing work then it's not the job of everyone else to make sure you'll be okay. It's _your_ job to understand the basics.

I'm getting tired of just another thing we must take off peoples minds so that they can "just" use whatever they want to use. Don't try to blame (or god forbid sue) someone else because you didn't do your homework.

[KronisLV]

> It's _your_ job to understand the basics

I feel like this line of thinking is dangerous: people hit the wall hard when they don’t have sex ed, or financial education classes, or even basic classes on how to cook or do crafts (we had those in school, girls mostly cooked and the guys got to learn woodworking but also swapped sometimes; and later in university there were classes about work safety in general), or computer literacy classes.

I think a lot of people don’t even have basic mental models of how OSes or the Internet works, what a web browser is (“the Google”) and so on.

Saying that they should know that stuff won’t change the fact that they don’t unless you teach them as a part of their overall education.

[harladsinsteden]

The sheer amount of what you _might_ need later in life has proven to be simply too much for the time we usually spend for "overall education". I'm completely with you in that we should offer help along the way. But help can only bring you so far and you have to accept it.

In the end that's fine. I have no idea how my car works and if the guy from the repair shop says that I need to pay for a new clutch then that's what I'm gonna do. I am aware that I don't have the knowledge to know whether or not I'm being scammed or not. But I _accept_ that because the alternative (getting to know a lot more details about a car) simply doesn't appeal to me.

If someone wants to use the same approach for everything he does on the internet then that's perfectly fine. But then he needs to accept the consequences as well.