Apple wants users to trust iOS, but it doesn’t trust iOS users(theverge.com)
theverge.com
Apple wants users to trust iOS, but it doesn’t trust iOS users
https://www.theverge.com/2021/5/20/22444471/epic-apple-fortnite-antitrust-trial-craig-federighi-ios-security
9 comments
After decades of IT work, I don’t trust users either, but I especially not competent users. If I were designing a device to store financial data and passwords, I would explicitly block them from hacking it without wiping it first; if they want to root it, they can backup and restore their data, and when-not-if their disabling of security protections results in theft and loss, that’s their problem and not mine.
And they shouldn’t. Do we all not serialize all data not only to prevent bugs but also because the source isn’t always that altruistic? “Tall fences make nice neighbors” is a nice analogy to say we need limits and boundaries in systems. If being bad is difficult you will be less inclined to invest effort in being bad. You can interpret that as mistrust but I call it boundaries and limits.
Also “this is why we can’t have nice things” is a fun way of saying there are bad actors in every group. You don’t know who they are. So you can give them carte blanche and watch it burn to the ground, or create systems to check, maintain and over all limit privileges and access. This isn’t so much as blatant mistrust for everyone so much as they don’t know everyone’s intent and a great way for a product to not go up in flames is to consider earned trust and security at the cost of some convenience
Also “this is why we can’t have nice things” is a fun way of saying there are bad actors in every group. You don’t know who they are. So you can give them carte blanche and watch it burn to the ground, or create systems to check, maintain and over all limit privileges and access. This isn’t so much as blatant mistrust for everyone so much as they don’t know everyone’s intent and a great way for a product to not go up in flames is to consider earned trust and security at the cost of some convenience
Given how many people believe the IRS is calling them demanding they immediately deposit $10,000 in a Seven Eleven Bitcoin ATM it’s reasonable to have guardrails in place..
There's no reason to trust Apple. Numerous reasons to be on guard about any assumption relating to this company. From fading and variable service, quality of deliverables, security oversights, repair relationships and one sided contracts, use of vendors and stewardship of user data in China, ethical and legal positions with respect to taxation, privacy and due process there is absolutely no reason to trust Apple or their products. From the use of my phone and laptop taking weeks to repair and being unavailable to compromising messaging and data on the device or in the cloud. Apple and its products create a centralized area of exposure where their incentives and position are increasingly one-sided. Federal oversight is lacking and appropriate competition is as well.
We need to re-evaluate what "rights" mean in a digital age. In the case of widely deployed personal computing devices, the users should have the right to install an application without first seeking permission from the OEM. "Apple made it so they can do anything they want. Take it or leave it" - is not an acceptable position (in my opinion).
But one of the selling points of iOS is precisely that they don't trust the public as much, so the system is vulnerable mostly to second party security threats. With freer desktop systems, you have the same second party threats, but also third party threats as well. People don't want to have to evaluate their threat model every time they want to try something out - and we entrust a lot more to our phones than our laptops.
They are willing to make privacy a choice that a user can "give up" via an OS prompt. This would be no different.
>With freer desktop systems, you have the same second party threats, but also third party threats as well.
Not quite. It's an option to use a third party app store/repo.
> People don't want to have to evaluate their threat model every time they want to try something out - and we entrust a lot more to our phones than our laptops.
People adapt. Nothing stays the same and never has. We don't need to underestimate our fellow users. I remember when my mom was unwilling to use the touchscreen on a smartphone because she would inadvertently click on some button or like some random picture on FB because she didn't know tapping was an action, etc. She's a champ now.
>With freer desktop systems, you have the same second party threats, but also third party threats as well.
Not quite. It's an option to use a third party app store/repo.
> People don't want to have to evaluate their threat model every time they want to try something out - and we entrust a lot more to our phones than our laptops.
People adapt. Nothing stays the same and never has. We don't need to underestimate our fellow users. I remember when my mom was unwilling to use the touchscreen on a smartphone because she would inadvertently click on some button or like some random picture on FB because she didn't know tapping was an action, etc. She's a champ now.
[deleted]
Reciprocity: When the situation is still the same when reversed.
Also known as 'fairness'.
If a situation is not 'fair', go elsewhere. Apple is not the only game in town.
Also known as 'fairness'.
If a situation is not 'fair', go elsewhere. Apple is not the only game in town.