How does HN feel about this as a general ethos:

- Computers can do as much work as they want to automatically, so long as none of it touches a network boundary.

- Any time a computer wants to touch the network it must be explicitly initiated by a human action. Sort of like how in browsers capturing the mouse or entering fullscreen mode requires a trusted user action and isn't something a page can do unilaterally, but broader. This also means that the extent of the network communication must be made explicit and clear with no chance of misunderstanding by the user. If what you're doing is genuinely complex beyond your ability to communicate to your target user then you shouldn't be doing it on the behalf of that user. Note that this only really applies to mass consumer products, not something built/deployed internally.

I feel like if a hard boundary is not set around this we will end up in a Panopticon. Set aside governments actively pushing for it, it seems a simple profit motive in a digital era yields this outcome. Maybe nuanced rules would produce better outcomes in theory, but humans don't seem great at sticking to nuanced and fiddly rules when there's strong incentive to bend them beyond recognition.

Yes that would be great. Right now, there are many applications that use pinned certificates to communicate to servers meaning there is literally no way to see the data your own device is sending/receiving from the internet. It's an insane thing that should be banned.