| ▲ | observationist 5 days ago |
| This should be illegal, and anyone caught doing it fined twice the total cost of amortized ownership per each device owner over the total duration of ownership in addition to completely refunding every customer. Throw in jail time for decision makers. Lets make markets honest with real incentives. |
|
| ▲ | necovek 5 days ago | parent | next [-] |
| For a start, stop buying those products: vote with your wallet. Do you own a phone that's easily rooted? Who else does? What about your WiFi routers? Internet modem? AirTags? Smart home appliances? |
| |
| ▲ | userbinator 4 days ago | parent | next [-] | | In the early 2010s the majority of Androids were easily rootable and the ROM-modding community flourished as a result. | |
| ▲ | esseph 5 days ago | parent | prev [-] | | Rooting a phone fails certain security checks that prevent a lot of banking apps from working on your device. | | |
| ▲ | necovek 5 days ago | parent | next [-] | | Yes, it's equivalent to running a computer with admin access, and most banking web sites have no issue with that. Still, my point was not about running a rooted phone with unlocked bootloader (secure boot disabled on a pc equivalent), but whether if this is possible accounts in your purchasing decision. | | |
| ▲ | tsimionescu 4 days ago | parent [-] | | Before we had secure phones, we used to get hardware gadgets from banks in order to secure access. Now that phones are secure enough, the phones act as the root of trust (and, unfortunately, SMS does as well...). | | |
| ▲ | necovek 4 days ago | parent [-] | | Yes, and phones are full of vulnerabilities because vendors provide security updates only for 2-5 years (high end being rare), thus making this a moot point. | | |
| ▲ | charcircuit 4 days ago | parent [-] | | The security measures do not need to be perfect. As long as fraud remains at a reasonable level it should be fine. | | |
| ▲ | necovek 4 days ago | parent [-] | | Agreed. Full disk encryption on a device you have full control of is sufficient. Containerization helps if you install untrusted apps. Not having root helps if you install untrusted apps (either vulnerabilities/exploitable or malicious) as root. | | |
| ▲ | esseph 4 days ago | parent [-] | | Containers are not security. Don't trust containers to have the same level of isolation as a VM. | | |
| ▲ | charcircuit 3 days ago | parent [-] | | Containers are for security, but they rely on the kernel+ being secure. VMs rely on the hypervisor+ being secure. | | |
|
|
|
|
|
| |
| ▲ | fsflover 4 days ago | parent | prev [-] | | How about switching your bank if it forces you to give away your freedom for no security benefits? | | |
| ▲ | esseph 4 days ago | parent [-] | | Switch to the other bank with the same system? They're all like that. | | |
| ▲ | fsflover a day ago | parent [-] | | If all banks are like that in your country, you should complain to the legislators. |
|
|
|
|
|
| ▲ | Terr_ 5 days ago | parent | prev | next [-] |
| And/or abolish the DMCA "anti-circumvention" laws, which makes it a crime to pick (digital) locks that you own, or discuss how one might do so. It's still a problem if manufacturers force ExploitationOS on the device I bought, but it's not-as-bad when everyone can collaborate to disable the exploitation-parts. https://www.eff.org/issues/dmca |
| |
|
| ▲ | trelane 4 days ago | parent | prev | next [-] |
| Why? There is a perfectly cromulent license, sitting right there https://www.gnu.org/licenses/gpl-3.0.en.html It was even explicitly designed to prevent "tivoization." https://www.gnu.org/philosophy/tivoization.en.html One just has to use it to prevent their software from being locked away from the end user |
|
| ▲ | jon-wood 4 days ago | parent | prev [-] |
| This isn't just about hardening devices against the owner, some devices by the nature of what they're doing have to go in places where their physical security can't be guaranteed, secure boot means that we can put those devices there and not worry about some kid with a USB stick coming by and either wholesale replacing the operating system with something else or injecting a botnet client into the running system. |
