Hacker News new | ask | show | jobs
by Wowfunhappy 16 days ago
I still don't understand the threat. Is it that a user who is not "worthy" of more permissive security may nonetheless be capable of enabling more permissive security?

I can put that more charitably by thinking about it in terms of informed consent, ie does the user understand the risks involved. But if you're concerned that someone following a video tutorial or seeking out a friend has not consented, then I think your standard for what constitutes consent is ludicrously high!

And if it turns out that lots of people are consenting to something, that isn't a failure of design. You asked your users a question, and they gave you an answer.
1 comments
moduspol 16 days ago
The threat is that users who are not sufficiently tech savvy will shoot themselves in the foot, including using methods they don't understand. This is a pattern we've seen play out numerous times. The more secure platforms are overwhelmingly the ones that protect the users from themselves, and (most) users value security over absolute computing freedom.
link
Wowfunhappy 16 days ago
> The more secure platforms are overwhelmingly the ones that protect the users from themselves

More secure by what metric? I would expect that by definition, they are equally secure until the security settings are disabled. If the user disabled a security setting, of course that system is less secure, that's a choice the user made in exchange for some other benefit.

> (most) users value security over absolute computing freedom.

How do you know this? I think that if they're disabling security settings, it's probably because they value freedom/capabilities over security. And you may think this is the wrong choice, but it's theirs to make.

link
xp84 15 days ago
Accurate enough. Those platforms are more secure. But given that many players have a liability-related interest in making sure everyone uses Secure Platforms:

- Many important things that are needed or at least highly useful for daily life will only support "Secure Platforms"

- Everyone will have to use "Secure Platforms" whether they would value computing freedom or not

- "Not As Secure Platforms" will be unsupported and treated as roughly equivalent to malware.

We can see this already literally playing out - it's the whole point of the browser attestation idea.

So thanks to this thinking, we'll get one secure package - Firmware, OS, Browser, all cryptographically sealed. None of them changeable, no "tampering," like adblockers, tracking blockers. No programs that could, say, show you what other programs are phoning home. No third-party programs at all, unless they've paid the platform fee and agreed to Platform Vendor's terms.

You can always use Linux, if you can figure out the drivers, and if you're ok just browsing GNU websites and the Indie Web. Everyone else will block that dirty, non-attested traffic. "It's probably bots," they'll say.

link
BobaFloutist 16 days ago
The most secure platform is one that protects the user from themselves by never letting them log in, or even turn it on.
link