I still don't understand the threat. Is it that a user who is not "worthy" of more permissive security may nonetheless be capable of enabling more permissive security?
I can put that more charitably by thinking about it in terms of informed consent, ie does the user understand the risks involved. But if you're concerned that someone following a video tutorial or seeking out a friend has not consented, then I think your standard for what constitutes consent is ludicrously high!
And if it turns out that lots of people are consenting to something, that isn't a failure of design. You asked your users a question, and they gave you an answer.
The threat is that users who are not sufficiently tech savvy will shoot themselves in the foot, including using methods they don't understand. This is a pattern we've seen play out numerous times. The more secure platforms are overwhelmingly the ones that protect the users from themselves, and (most) users value security over absolute computing freedom.
> The more secure platforms are overwhelmingly the ones that protect the users from themselves
More secure by what metric? I would expect that by definition, they are equally secure until the security settings are disabled. If the user disabled a security setting, of course that system is less secure, that's a choice the user made in exchange for some other benefit.
> (most) users value security over absolute computing freedom.
How do you know this? I think that if they're disabling security settings, it's probably because they value freedom/capabilities over security. And you may think this is the wrong choice, but it's theirs to make.
Accurate enough. Those platforms are more secure. But given that many players have a liability-related interest in making sure everyone uses Secure Platforms:
- Many important things that are needed or at least highly useful for daily life will only support "Secure Platforms"
- Everyone will have to use "Secure Platforms" whether they would value computing freedom or not
- "Not As Secure Platforms" will be unsupported and treated as roughly equivalent to malware.
We can see this already literally playing out - it's the whole point of the browser attestation idea.
So thanks to this thinking, we'll get one secure package - Firmware, OS, Browser, all cryptographically sealed. None of them changeable, no "tampering," like adblockers, tracking blockers. No programs that could, say, show you what other programs are phoning home. No third-party programs at all, unless they've paid the platform fee and agreed to Platform Vendor's terms.
You can always use Linux, if you can figure out the drivers, and if you're ok just browsing GNU websites and the Indie Web. Everyone else will block that dirty, non-attested traffic. "It's probably bots," they'll say.
I can put that more charitably by thinking about it in terms of informed consent, ie does the user understand the risks involved. But if you're concerned that someone following a video tutorial or seeking out a friend has not consented, then I think your standard for what constitutes consent is ludicrously high!
And if it turns out that lots of people are consenting to something, that isn't a failure of design. You asked your users a question, and they gave you an answer.