Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sneak a day ago

> You can have sandboxing and system integrity while still giving the user overrides.

I think this is wishful thinking, and the most experienced organizations in the world in this field agree with me. You can’t square this circle.

We can pretend that these two things can coexist, but they cannot. Where there are overrides, there are youtube tutorials on how to disable the overrides to install malicious botnet vpn surveillance proxy apps to get free robux. (to borrow a turn of phrase from @ptacek iirc)

If you give users an escape hatch, they will get malware in ring 0 and Apple Pay will stop being a thing because people’s cards will start getting remotely skimmed at scale. (Or Amazon will give you 1.5% off all purchases to install a rootkit that uploads your complete realtime cc nfc purchase boop history and email receipts and location track so they can figure out which businesses to clone/dump on next.)

If you say “…but not the SEP” then you’re just admitting that you need a part of the phone the user does not and cannot control. Most users care about the privacy of their nudes and sexts so they’d rather it be the whole damn phone.

Did we forget that even the not-full-scale escape hatch that was enterprise app certs was abused by Meta (then Facebook) to install surveillance VPN backdoors on customer phones at scale? Apple didn’t even know bc they were sideloading them via enterprise certs and when they found out they revoked them across the board, but by then thousands of people had had 100% of their phone’s network traffic surveilled by an ad company without consent.

Roark66 a day ago | parent [-]

So wait, the solution for malicious spy ware installed by corporations like Meta is giving ownership of our devices (and consequently all our data) to corporations like Apple?

Got it.

And remember the consequences when Apple starts scanning all your photos and sends a SWAT team to arrest a father who took a picture of his son's rash and sent it to a doctor, because surely he was engaging in child abuse.

I rather have Meta steal info of the 100mln idiots that install their root kits on their devices than have Apple and Google do the same for Billions (with a B) to protect from the former.