> It reduces the expected value of stealing a phone, which reduces the demand for stolen phones.
It's not at all obvious that this is what happens. To begin with, do you regard the average phone thief as someone who even knows what expected value is?
They want drugs so they steal phones until they get enough money to buy drugs. If half the phones can't be resold then they need to steal twice as many phones to get enough money to buy drugs; does that make phone thefts go down or up?
On top of that, the premise is ridiculous. You don't need to lock the boot loader or prevent people from installing third party software to prevent stolen phones from being used. Just establish a registry for the IMEI of stolen phones so that carriers can consult the registry and refuse to provide service to stolen phones.
It's entirely unrelated to whether or not you can install a custom ROM and is merely being used as an excuse because "prevent theft somehow" sounds vaguely like a legitimate reason when the actual reason of "prevent competition" does not.
> It's not at all obvious that this is what happens.
This is what we've empirically seen as Apple went from having devices which could trivially be reflashed and resold without much impediment to now most iPhones being locked and their hardware parts cryptographically tied together.
There is a lot of "how to lie with statistics" going on with correlations like that. To begin with, property crime rates have been declining year over year in general, so "it was lower the year after X" is the expected result whether or not X actually did any good. This is especially true in years -- like the one in question -- that follow an epidemic of thefts, and then subsequent years see large declines as a result of reversion to the mean.
Then clickbait headline authors do their favorite thing and find a table of numbers, sort by size and choose the biggest one. 50% in London! That's probably not an outlier, right? But down to 25% by the time they get to city number 3, and no other cities are listed.
Likewise, when there are a lot of thefts then everyone tries a lot of solutions, and then some subset of them do something (or just reversion to the mean again) and everybody wants to claim it was their thing that solved it.
But if it was their thing, and their thing is still in place, then the theft rate shouldn't be going back up again, right? Yet it is:
> It's not at all obvious that this is what happens. To begin with, do you regard the average phone thief as someone who even knows what expected value is?
They know if their fence went from offering them $20/phone to offering $5/phone, it's not worth their time to steal phones any more.
> Just establish a registry for the IMEI of stolen phones so that carriers can consult the registry and refuse to provide service to stolen phones.
This seems like something that the average HNer is going to get equally riled up about as a surveillance and user freedom issue.
> They know if their fence went from offering them $20/phone to offering $5/phone, it's not worth their time to steal phones any more.
Except that phones are worth significantly more than both of those numbers or nobody would be stealing them to begin with, and they have a value floor in what they're worth if disassembled for parts which is above what many people would be willing to steal in order to get. And then we're back to, if you need X amount of money to buy drugs, and the amount of phones you have to steal to get X amount of money doubles, how many phones are they going to steal now?
> This seems like something that the average HNer is going to get equally riled up about as a surveillance and user freedom issue.
The only thing on the list is stolen phones. The phone carrier consulting the list would have your IMEI regardless. The only information anyone would get from the list is that the owner of a phone with a particular IMEI has reported it as stolen.
The main thing you need to make sure and do is to have a good way to prevent someone from reporting someone else's phone as stolen, and "make that a crime and make people who want to file a theft report show a valid ID so they can be prosecuted if they're committing that crime" is probably a pretty good way to do that.
Thieves don't always get the news right away, but when you work hard to steal a bunch of phones and can't sell them for anything, you don't get your fix and you find something else to steal and sell.
Regulations have made it pretty hard to sell catalytic converters, but there's still thefts cause some theives are really out of the loop, but I think it's been reduced by a lot. Still a few people who want to fill up their stolen trailer with cats before they go to the scrap yard, though.
A strong lock system that prevents stolen phones from being used is better than a global IMEI denylist because phones that can't be connected to a cell network but are otherwise usable still have value, some networks won't participate in a global list, and some phones can have their IMEI changed if you can run arbitrary software on them (which is maybe a bigger issue, but still steal phone -> wipe -> change IMEI -> resell is stopped if you can't wipe the stolen phone)
> Thieves don't always get the news right away, but when you work hard to steal a bunch of phones and can't sell them for anything, you don't get your fix and you find something else to steal and sell.
Thieves figure that out pretty quick, and they still seem to be stealing plenty of phones.
> Regulations have made it pretty hard to sell catalytic converters
This is the equivalent of having a list of stolen phones.
> A strong lock system that prevents stolen phones from being used is better than a global IMEI denylist because phones that can't be connected to a cell network but are otherwise usable still have value
It's pretty likely that this value is lower than, or approximately the same as, the value of the phone as individual parts.
> some networks won't participate in a global list
Thieves want to sell phones in rich countries where people can afford to buy them. Get the rich countries to use the list and nobody is going to be stealing iPhones so they can pay $10 to ship them to sell in Somalia for $5. For that matter it's going to make a huge dent even if yours is the only country using the list, because most thieves are not going to use an international fence.
> some phones can have their IMEI changed if you can run arbitrary software on them
So the manufacturers who want to do something like this should prevent that rather than preventing people from running arbitrary software in general.
It seems like you're trying too hard to defend the premise. Having a list of stolen IMEIs would be significantly effective. "What about this marginal edge case?" is like, preventing the thieves from selling stolen catalytic converters would be significantly effective, but they could hypothetically ship them to Somalia and sell them there, so we need OEMs to lock down everyone's cars instead.
That seems more like an excuse to lock down everyone's devices than an actual concern about the marginal edge case which itself could be addressed in various ways without doing something with such high costs to competition. Assuming the edge case was even significant, which it probably isn't.
I find it hard to believe that Oneplus is spending engineering and business recourses, upsetting a portion of their own userbase, and creating more e-waste because they want to reduce the global demand for stolen phones. They only have like 3% of the total market, they can't realistically move that needle.
I don't understand what business incentives they would have to make "reduce global demand for stolen phones" a goal they want to invest in.
robots.txt was being enforced in court before google even existed, let alone before google got so huge:
> The robots.txt played a role in the 1999 legal case of eBay v. Bidder's Edge,[12] where eBay attempted to block a bot that did not comply with robots.txt, and in May 2000 a court ordered the company operating the bot to stop crawling eBay's servers using any automatic means, by legal injunction on the basis of trespassing.[13][14][12] Bidder's Edge appealed the ruling, but agreed in March 2001 to drop the appeal, pay an undisclosed amount to eBay, and stop accessing eBay's auction information.[15][16]
Not only was eBay v. Bidder's Edge technically after Google existed, not before, more critically the slippery-slope interpretation of California trespass to chattels law the District Court relied on in it was considered and rejected by the California Supreme Court in Intel v. Hamidi (2003), and similar logic applied to other states trespass to chattels laws have been rejected by other courts since; eBay v. Bidder's Edge was an early aberration in the application of the law, not something that established or reflected a lasting norm.
The point is, robots.txt was definitely a thing that people expected to be respected before and during google's early existence. This Kagi claim seems to be at least partially false:
> Google built its index by crawling the open web before robots.txt was a widespread norm, often over publishers’ objections.
Perhaps it wasn't a widespread norm though. But I don't really see why that matters as much, is the the issue that sites with robots.txt today only allow Googlebot and not other search engines? Or is Google somehow benefitting from having two decade old content that is now blocked because of robots.txt that the website operators don't want indexed?
Agree. It was not standard in the late 90s or early 00s. Most sites were custom built and relied on the _webmaster_ knowing and understanding how robots.txt worked. I'd heard plenty of examples where people had inadvertently blocked crawlers from their site, not knowing the syntax correctly. CMS' probably helped in the widespread adoption e.g. wordpress
> robots.txt was definitely a thing that people expected to be respected before and during google's early existence
As someone who was a web developer at that time, robots.txt wasn't a "widespread norm" by a large margin, even if some individuals "expected it to be respected". Google's use of robots.txt + Google's own growth made robots.txt a "widespread norm" but I don't think many people who were active in the web-dev space at that time, would agree that it was a widespread norm before Google.
This ignores capital and opportunity cost. Building a GPU data center or chemical plant costs a lot. If you only use it 20% of the time, you're effectively paying 5x more for that capital equipment.
Of course. It's just a coincidence that they're placing onerous restrictions on competi- I mean alternative browser engines. Restrictions which, of course, they're not obliged to follow themselves.
I am sure that Apple will make no other efforts to impede others from unwalling the garden. That would be completely ridiculous, and frankly, un-Apple-esque.
Both Chrome and Firefox are already compliant, so I don't see it as onerous, but the full context of the list is indeed an extremely loud and clear "FUCK YOU, WE OWN YOU" to regulators and other browser vendors.
> Use memory-safe programming languages, or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;
There is absolutely zero way to satisfy the latter part here. It's at best non-enforceable. If I'm using C++ and use std::span instead of a c-style array, is that good enough?
You have to request explicit permission to be able to be a browser on iOS. You can’t just ship an app. I assume part of that process is that you specifically demonstrate that you try your best to use best safety practices.
Again, it’s also not absolute safety. It’s just due diligence review.
Sorry if I wasn't clear. I meant the WebKit guidelines were from the commenter, not from the apple page.
> or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;
This can't be analyzed in any real way, so its just another way that Apple will restrict web engines and claim it was due to "not enough use of memory safety language features"
Why does it matter if Apple themselves don’t link the WebKit docs? It’s literally their project and seems to meet their requirements.
There’s a lot of things in the requirements like funding that Apple cannot verify. I think you’re being too binary in this.
Some of it is very clearly intended to be a “show us you are at least considering these security measures and have practices in place to minimize known issues”. Again, for the third time, it’s clearly NOT a list for ongoing perfect security, given that there are other items on the list that deal with further mitigation strategies.
What is the exception? I’m saying they meet the same requirements they are asking for other browsers.
This is literally the question I started this thread with and you have gone in to a loop of saying “they can’t enforce this” without any response of substance.
Your "substance" is "trust Apple will enforce something correctly where there isn't a correct answer". I don't agree with that. Apple has a history of interpreting things favorably for themselves and locking 3rd parties from doing the same things for wave hands reasons.
If you are going to make guidelines, make them evaluable. These aren't. If you care about memory safety, either say use a memory safe language or point to an exact reference guide to use to allow XYZ language to satisfy it.
Then you’re basically strawmanning here because you’re applying your own interpretation to the rules as written.
If you would pause for a second and actually read the rules in their entirety it is obvious that the lines you’re fixating on aren’t meant to be absolute security measures and therefore don’t need to be continuously evaluated.
Your conjecture about Apple withholding the permissions for arbitrary reasons is not borne out of evidence. When asked REPEATEDLY to show where they’re giving themselves an exception to their own rules, you continuously fail to provide any example and are just hand waiving conjectures.
Maybe they are doing what you’re saying but you’re making an incredibly poor argument regarding it.
Maybe he just likes building things that others find useful.
When I was younger I rented furniture from a company called CORT. I happened to notice on the contract or receipt or something, that it was a Berkshire company (I didn't know that before then).
If I were Warren Buffet, I would have been happy to know that someone was a satisfied customer of one of his companies. I got some decent furniture for a few months at a reasonable price.
Just like I'm happy when someone is a satisfied user of my software.
Does that setting actually matter? When I lived in the area that had these, I always forgot to set it when the number of passengers in my car changed. I never saw any difference. The charge is the same.
The one time I saw traffic lights go down, it was total chaos. There were two separate crashes that had already happened when I got there, and there would probably be >1 wreck per few minutes with the driving I observed.
I moved from South Africa to Ireland 2 years ago. It was very noticeable to me how drivers in Ireland have no idea what to do when the lights are out. Absolute chaos!
In south africa, traffic lights not working is a daily occurrence. And we've all learned how to navigate a dead intersection wit zero casualties.
Massive 6 way intersections with 2-4 lanes per direction worked perfectly with everyone taking turns to go.
reply