> Devices should be allowed to display a different logo at boot time depending on whether the software is manufacturer-approved or not.

Not sure how to phase this legally, but please also add a provision against manufacturers making the "custom firmware" logo hideously ugly on purpose to discourage rooting - like e.g.Microsoft did for Surface tablets.

> 3. Users should have the ability to opt themselves into cryptographic protection, either on the original or modified firmware, for anti-theft reasons.

Full agreement here. I very much would like to keep the bootloader locked - just to my own keys, not the OEMs.

> Devices should be allowed to display a different logo at boot time depending on whether the software is manufacturer-approved or not.

Another thought on that point: Why of all things is manufacturer approval so important? We know manufacturers often don't work for - or even work against - the interests of their end users. Manufacturer approval is not an indicator for security - as evidenced by the OP article.

If anything, we need independent third parties that can vet manufacturer and third party software and can attach their own cryptographic signatures as approval.

4. Apps with special security needs are allowed to detect whether a device is unlocked and can either disable themselves or go into a mode that shifts ALL related liability onto the user. It's not the bank's fault if the user disabled protections and some spyware logs the online banking password or something like that.

Repeal and outlaw drm. It was a mistake that violates everyone's constitutional rights.

DRM can still stick around and be popular. For example, consider an Apple TV. They make the hardware and software, so it can be locked down under the provided rules. Or a console. We might consider devices which are used for streaming or movies to not be general purpose computation devices. Which, historically, they haven't been.

Watching copyrighted stuff on general purpose computers is a very new phenomena, and it's still quite atypical IMO.

What there are is many people utterly convinced that this brings some security to end-users. See the other messages in this thread. DRM is only a fraction of the problem.

DRM is a barrier to legally protected purchasing digital media for me. I will buy an album from iTunes (no DRM), but I will not buy digital movies the same way.

It wouldn't forbid shipping the device with a virus scanner. It would only forbid refusing the user control over what software does and does not run.

There might be a couple messy edge cases if applied at the software level but I think it would work well.

Applied at the hardware level it would be very clear cut. It would simply outlaw technical measures taken to prevent the user from installing an arbitrary OS on the device.

Regarding warranties, what's so difficult about flashing a stock image to a device being serviced? At least in the US wasn't this already settled long ago by Magnuson-Moss? https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...

> Won't this also forbid virus scanners that quarantine files?

Yes. If I really _want_ to execute malware on my device, I should be allowed to do so by disabling the antivirus or disregarding a warning.

> I don't think it's reasonable to expect any manufacturer to uphold a warranty if making unlimited changes to the system is permitted

It is very reasonable and already the rule of law in "sane" jurisdictions, that manufacturer and mandated warranties are not touched by unrelated, reversable modifications to both hard- and software.

>virus scanners

You can (and should, imho) remove anti-virus software.

> A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

No, but millions of women have controlling partners or friends who betray their trust and, for example, many people going through U.S. Customs are being asked to surrender control of their devices so they can be used without their knowledge. There’s a well-funded malware industry with a lot of customers now.

> AFAIK that's true for many vendors but for example [on] Pixels you can relock the bootloader with other keys

Oh that's pretty cool, wasn't aware.

> The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Hold on, could you elaborate a bit on this? I thought it was an either/or type deal cause they do the same thing.

Verified Boot isn't merely to thwart Evil Maids, but by and large provide what's known as "Trusted Computing Base". And yes, given the proliferation of smartphones and the nature of sensitive applications built on top, most people, even if they don't realise it, need it.

> if I buy something then I own it.

That's the point: you can't buy it, only license.

> Having your vehicle serviced by someone other than the dealer could void your warranty and poses a safety risk

Good tongue in cheek post, but in the US Magnuson-Moss prohibits warranty claim denials merely on the basis of non-OEM parts and service. It also puts the burden on the manufacturer to demonstrate the defect or failure was the direct result of the non-OEM part. Other jurisdictions have similar laws on the books.

Right to repair already exists in certain aspects and needs to be expanded (and enforced. Tons of those ‘will void warranty’ stickers are lies and you have legal rights to poke around)

You make an interesting point here. While “rooting your phone can void your warranty and pose a security risk“ may be a factually true statement, we must also consider some entirely unrelated and possibly untrue statements that could be theoretically uttered in another reality.

We can get so bogged down with “things that are real” and “exist in this universe” that we completely fail to focus on the vital stuff like “Bigfoot is circumcised” and “Who did it?” and “Why?”

>For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want.

This only makes the statement untrue if you use “can” and “will” interchangeably.

>More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits.

This is a good point. What even is “attack surface” anyway? Does anybody actually consider it when “evaluating security posture”? If I simply choose not to care about attack surface because I don’t want to, then doesn’t it simply become a factual nonissue? There are no answers to these questions

Malware van persist across reboots regardless of verified boot. What it can't do is persist through a factory reset.

But if you really want a thorough reset, simply re-lock the bootloader and flash stock firmware from there. Nothing can persist through that without an exploit in the verification chain and if you have that kind of exploit, you don't need the bootloader to be unlocked in the first place.

Also, there are devices out there that let you enroll your own keys, like the Google Pixel series.

It creates a Hobson's choice of no tinkering and less malware, or tinkering and greater risks from malware. There should be a "maintenance mode", but the onus of responsibility for breakage should be on the user for system update compatibility without the user being held hostage. This is a false choice and ostensible customizability. If the manufacturer wants to add an "OS warranty void sticker" flag because things maybe broken from tweaking, that's cool, but leaving the user less secure as punishment is wrong.

Yeah, that's rooting your phone. It should be a little difficult. You can do it. And it's good that most people don't.

I can only speak to the Mac situation, but most people there would not have "root" in the traditional sense:

* Pedantically speaking, you can not even log in as root, any root level access would have to go through sudo (which is indeed enabled for most users).

* But additionally, even as root, Macs by default have System Integrity Protection enabled, which makes most system files non-modifiable. Users still have full control in that they CAN disable System Integrity Protection, but that involves a reboot and some (documented) command line commands, so most users don't bother doing that.

> I'm career IT support. In the entire age of smartphones, 100% of the malware/crapware I've seen was on non-rooted devices - most of it pushed on users by manufacturers, carriers and OS devs.

To add on, almost all the money people I know who have lost to scams have been through non-rooted devices. Sending an OTP or making a bank transfer because "you're under police investigation" is cheerfully easy even without the user knowing what "root" is.

Also see: the recent phish on Krebs (on security). A malicious email and entering a password to a webpage does not need root access, for better or worse. In fact, a rooted device might block your bank app, actually making money transfer scams tougher, ironically.

"I accept this metric. It means non-rooted devices are unsafe."

Same here. It's manufacturers and software vendors such as Google and Microsoft that we need to most guard against.

Fully agree wirh your second paragraph, I've only seen viruses on non-rooted devices and I've never had a virus on any of the many rooted phones I've owned over the years.

Sure there are viruses and they can be troublesome but when you look below the surface much of the hype about locking down one's devices comes from manufacturers and software vendors, Google, MS et al, who benefit financially from not allowing users to control what runs on their phones.

It's not only phones, what Microsoft has done with TPM and Windows 11 and the deliberate obsoleting of millions of perfectly good PCs/forcing users to buy new hardware when it's unwarranted is simply outrageous.

Microsoft ought to be sued for committing environmental vandalism. …And that's just for starters.

The neat thing here is that we don’t have to make uninformed speculation about this, we can just look at how it worked in the past. Anyone who did family tech support in the 2000s knew that every family visit involved removing all of the malware their relatives had installed – ESPECIALLY the ones who “knew” what they are doing! – and it was even odds that you’d see stuff like that on computers at businesses, libraries, banks, etc. All you had to do was say it’d improve system performance, give them free coupons or porn, and they’d trip over themselves to install it. This is why iPads and ChromeOS devices became so popular because everyone who actually knows how to use a computer safely knows people who say they do but absolutely do not.

It’s also important to learn how the modern abuse industry works. Since the 2000s, malware has grown into a multi-billion dollar highly professional industry used by governments around the world and the scammers have professionalized as well. You should look at some of the YouTube videos of scammers social engineering people into giving them remote access, approving bank MFA challenges, or talking them into making cryptocurrency purchases - and while we might sneer and say they’re uneducated or careless, most of them are distracted or old, just like most of us will be some day. If there’s a prompt, millions of people will approve it and if it means their device can no longer be trusted that’s a lot of money and e-waste.

I don’t like any of this. I want to have root on every device because I grew up with unfettered PCs (first installed Linux .9 using a disk editor, etc. etc.) but the landscape has changed since then. We can’t pretend otherwise, but we could call for regulation to balance the interests of owners and device manufacturers just as we allow people to customize their cars without giving up the concept of safety or emissions testing.

20 years ago (2003-2006), Welchia, Blaster, Code Red... Windows boxes that weren't patched were infected within about 35 ± 5 seconds when connected to lightly-filtered Internet when it was still a capitalized proper noun. Ask me how I know and used JScript and psexec to mass remote into LAN machines to try to stop some of the madness and downtime.

Spoken like someone who knew no one other than fellow practitioners in the field. My God, the 2000s were the Wild West in every kind of way - were you even there to see it? I note you do not say that you were.

Computer usage and consequently threat landscape went through a crazy change from 40/50 years ago. Desktops are a minority of devices. If you take personal devices even more so. Most people in the world with a computer have just a pocket one. Especially in WANA countries discussed

If you talk to regular non IT savvy people many of them don't bother and correctly assume that at some point it will "get a virus" or something. And it is fine for them because almost no one uses desktop for critical stuff like payment or finance. But majority do use phones for that. They jumped from cash straight to phones and now it's a lucrative attack vector.

Edit to reply because throttled by downvotes: yea I'm in your boat, we live in a bubble. It's hard to believe. But now I'm using a payment system that literally has "get app" on its site and no other way to manage money or even sign up. And apps like that can be the only way for many people to get some sort of plastic card to pay cashless

And I see how it happened. Many people have no personal desktop computers. Many payment vendors don't trust desktop computers because an ordinary person's windows machine is a malware breeder.

So many people in the world depend on mobile security (especially underprivileged people). Anyone who wants them all to get fucked for own libertarian ideal of "hardware ownership" is basically a psychopath to me. Especially considering that he is literally free to root his device and not make it a problem for others.

By following the principle of least privilege. Like with apps the user should only have privileges for what they are allowed to control and nothing more. So if the user should have privilege to disable apps, then the settings app could expose a way for the user to do so.

Yes, this is kind of approach of coming up with a design to security instead of going with the easy route of everything being allowed is harder to do and takes more time, but it leads to better security.

By having a "maintenance mode" that can be entered and left.

Having root access implies that you can do all sorts of things: change files, install new software, new kernel modules, etc. Locking this down makes the attack surface for malicious parties much smaller. Many exploits start in user-space and then obtain root access to install rootkits.

Of course you lose freedom, but that is exactly what is needed, because some people just cannot help themselves from exploiting that freedom.

Unless someone figures out a way where we can safely share computing power and connections to real-life services (e.g. banking, having an identity, communication in general), I think there is no real alternative.

Perhaps having separate internets for various purposes would be an option. Ond where we can socialize anonymously, but not trust each other, and one where it's pretty boring, but where you can safely buy goods using your paycheck.