Whenever possible, credentials shouldn't be inside the sandbox either. Credential proxying, or transparent credential injection, for example with Sandcat: https://github.com/VirtusLab/sandcat
Do you think regular desktop computer should be locked down like this too? Scammers can also tell people to run Windows programs. Should that be banned too?
I'm fine with an opt-in lock-down feature so people can do it for their parents/grandparents/children.
Also, just let people get used to it. People will get burned, then tell their friends and they will then know not to simply follow what a stranger guides them to do over the phone. Maybe they will actually have second thoughts about what personal data they enter on their phone and when and where and who it may be sent to.
Same as with emails telling you to buy gift cards at the gas station. Should the clerk tell people to come back tomorrow if they want to buy a gift card, just in case they are being "guided" by a Nigerian prince scammer?
Exactly. There's a sucker born every minute. I'm not saying people deserve to be taken advantage of. The reality is that there will always be people who can be lead off a cliff with minimal effort. There will always be people who believe that a guy with a thick Indian accent and broken English is a representative of Microsoft and that he can fix their computer in exchange for gift card codes. There comes a point where society sacrifices too much under the pretense of protecting the gullible. Prevent people from using technology at all and they'll go back to buying actual snake oil.
Keep in mind that Android has like a billion users who have never touched a Windows computer. (And unmanaged Windows was/is also a disaster zone.) Coming at this from a internet forum perspective is missing the scope of the problem.
> I'm fine with an opt-in lock-down feature
Me too, but it's really just some UI semantics whether this is 'opt-in' or 'opt-out'. Essentially it would be an option to set up the phone in "developer mode".
There is a big difference between opt-in and opt-out that isn't semantics. You can't slowly discourage, deprecate and delete the default the way you can an opt-in, because too many people keep using it.
Yeah, I predict that "developer mode" will eventually be a setup option in the trust store, so you'd have reset the phone to get to it.
With billions of Android users, there's only millions of people who need or really want this. So like 1%. My point is stop thinking about your mom's windows box and consider the scale.
This is based on a view of society that is incompatible with belief in democracy. If people overall can't be trusted to act responsibly and not follow complex sequences of steps dictated by scammers, what hope do they have to figure out who they should vote for? Liberty is responsibility. If you are permitted to cook your meal on your stove, you might burn yourself. It's an entirely different philosophy where the Big Brother or Dear Leader protects you from yourself and knows better what's good for you.
Keep in mind that Android is super popular everywhere democracy isn't.
I'm just spitballing something which would be completely trivial for any 'techie' (and wouldn't require jumping through 24 hr hoops), while improving the situation for the other 99%. Or Android becomes iOS and some minority of techies use some weirdo linux phone, whatever.
Maybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
The scams are more sophisticated than getting gift cards to pay the IRS. A number saying that it’s from the bank will say they need to verify some account information.
I have had to actually verify my “investment profile” with a major broker in order to unfreeze some trades, in a high friction process. To the extent that a sideloaded app that looks exactly like the bank app has a low friction install, then people can get fooled and irrevocably lose savings.
If the lock-down is opt-in, almost nobody will opt in to it. If the lockdown is opt-out, then whether scams still happen depends on how much friction there is in opting out.
Freedom to install other unsigned sandboxed apps has a solution: Banks could use passkeys and other non-phishable methods. Sideloaded apps in Android can’t get to the bank app’s passkey.
Passkeys or hardware tokens get worries about the enshittification of the theoretical recovery process. Which, if that’s the case, I guess we should hope for/pay a better world, at least with banks and brokers. For them specifically, for account recovery allow either showing up in person or using ID checks.
Both for personal accounts and business accounts (i.e. with Business Email Compromise), I believe the onus should be on the bank to use non-phishable methods to show the human-readable payee from their app for irrevocable transfers.
Let's say I'm sitting outside of your office with a bazooka and boxes of high explosives. You ask my why, and I say, "someone might try to rob this office." You say, "somehow, that does not persuade me that a stranger should loiter outside of my workplace with a massive stockpile of ordinance." I reply, "what's your solution to combat robberies?"
Is it a lock? I buy a building and the builder put an id verification lock on the doors and I am not allowed to remove it. And they also require a separate one time fee of 2 to 5 percent of the purchase price.
In physical world, there’s only so many people who can rob you if you do something stupid (like constantly give away copies of your keys to strangers), they will be very noticeable when they are doing so, and if you feel like something’s off you can always change the lock.
On the Internet, an you are fair game to anyone and everyone in the entire world (where in some jurisdictions even if it’s known precisely who is the figurative robber they wouldn’t face any consequences), you could get pwned as a result of an undirected mass attack, and if you do get pwned you get pwned invisibly and persistently.
Some might say in these circumstances the management company installing a (figurative) biometric lock is warranted, and the most reliable way to stop unsuspecting residents from figuratively giving access to random masked strangers (in exchange for often very minor promised convenience) is to require money to change hands. Of course, that is predicated on that figurative management company 1) constantly upping their defences against tenacious, well-funded adversaries across the globe and 2) themselves being careful about their roster of approved trusted parties, whom they make it easy to grant access to your premises to.
The trouble with your analogy is that physical reality works the same way. People have been committing mail fraud since the advent of post offices. Spies have been planting bugs on delivered goods since the invention of bugs. The thing that causes this isn't digital devices, it's long-distance delivery of goods and messages.
Meanwhile installing software on your own device is the thing that isn't that. They're preventing it even when you're the owner of the device and have physical access to it. They're not installing a lock so that only you can get in, they're locking you out of your own building so they can install a toll booth on the door.
All of your examples require, to successfully attack one target, a level of effort (hiring human spies and keeping them happy so that they don’t whistleblow or swap sides, planting physical bugs, etc.) vastly incomparable with a level of effort required to attack millions upon millions of targets; and just as incomparably higher stakes of an unsuccessful operation (actual people going to jail, versus being perfectly safe in a jurisdiction that does not extradite).
totally my point here. The actual shape of the thing starts mattering so much that at one point your metaphor is just completely useless for judging the actual tradeoffs
it already has a lock, by default you're not allowed to install apps in android you have to accepts a bunch of prompts and configurations (the key) and now you won't even have the key
And when you do that, you lose access to your bank, because bank apps routinely refuse to run on devices that leave the user in control (e.g. unlocked bootloader, rooted phone). Graphene and similar would be a much more acceptable solution if remote attestation of a locked bootloader were banned.
I really don't see the issue with waiting 24 hours. These protections in general seem very likely to help unsophisticated users. It really seems like a nothingburger to me personally. I was going to make an analogy to the ethics of getting vaccinated (and getting mildly ill of a day) to protect the immunity compromised members of the community, but even that is laughable because it underscores what a nothingburger this is (far more of the community is technologically unsophisticated than is immunocompromised, and what sophisticated users are being asked to do is closer to wearing a mask once for 24 hours).
You can always find justifications to erode all civil liberties. I think it's a major gap in the way history is being taught that people think that the reasons to remove liberties sound like overt evil mustache-twirling slogans. In reality they always talk about a danger that the benevolent overlord will keep you safe from.
All these changes are attacks on general purpose computing and computing sovereignty and personal control over one's data, and one's digital agency.
More and more apps won't run, again allegedly to keep you safe. You can't run your bank apps on your rooted and custom software. TPMs of desktop, everything needing approval. Yeah you may say tough luck, just use the web. But more and more banks sunset their web UI. It's apps only. And then you'll say "tough luck, start your own bank and offer this feature if you think there is customer demand". Or tough luck, win an election and then you can change the laws etc.
Yeah I'm aware that we can only watch from the sidelines. At least we can write these comments.
The new world will be constant AI surveillance of all your biosignals, age and ID verification, only approved and audited computation, all data and messaging in ID attached non e2e encrypted cloud storage and so on. And people will say it keeps you safe and you have nothing to fear if you are a law abiding person.
This would be less of an issue if there were an explicit regulatory mandate saying "businesses larger than X may not limit any consumer capabilities for interacting with their business in such a way that it can only be accessed by proprietary applications running on locked-down systems that a user cannot modify, control, or install their own software on. Offering to have a person handle that functionality on their behalf does not constitute an alternative to functionality made available via such an application". (With appropriate clear definitions for "locked-down", and other appropriate elaborations.)
I don't know that sounds pretty dumb on the whole. The key challenge is determine who is at fault in the event of a breach. I don't think it's reasonable to hold companies responsible for privacy while also requiring them to allow privacy to be invaded.
The current situation is that banks regularly require the use of an unmodified, unrooted Android or iOS device, which reinforces the duopoly and makes it impossible for anyone to compete. (Even emulating Android doesn't help, as emulated Android won't pass the checks banks do to make sure you don't have control of your device.)
That situation is not acceptable. Got something better than insults like "pretty dumb" to say about how to resolve this abuse of the two-player oligopoly in the mobile phone market?
You are uncritically repeating the party line from banks who claim it is necessary for security, without giving any rationale or supporting evidence, and coupling it with an insult.
I have to completely concur that it's probably one step toward an increasingly restrictive final state. Add a few "Are you sure?? You'll brick your phone!!!" warnings, then ID and age-verification mandatory (think of the children!!)
Labeling the phones essential infrastructure can pretty easily backfire if your goal is to be able to modify the phone as you like.
For an example think about how mods are treated on cars. There can be very good reasons for those restrictions, but if your goal is to be able to modify phones in the way you want, that might not be the best way to go about it.
In short, be careful what you wish for because sometimes you get it. :)
"Stockholm syndrome" is completely useless term invented by guy who never spoke with the actual hostages. What the histages did was logical conclusion for their safety, where police was endangering their lives more than their captors.
"Nils Bejerot, a Swedish criminologist and psychiatrist, invented the term after the Stockholm police asked him for assistance with analyzing the victims' reactions to the robbery and their status as hostages. Bejerot never met, spoke to, or corresponded with the hostages, during or after the incident, yet diagnosed them with a condition he invented."
"According to accounts by Kristin Enmark, one of the hostages, the authorities were careless, and their initial approach to the robbers nearly compromised the hostages' safety.[6] Enmark criticized Sweden's prime minister, Olof Palme, for endangering their lives. Palme believed that if Olsson saw one of his close relatives, he might be willing to surrender the hostages; however, the police made a careless mistake. They misidentified Olsson, and sent a 16-year old boy who was unrelated into the bank. This caused confusion and resulted in Olsson firing rounds at the boy who barely escaped. Olsson became much more agitated in general. After that, Enmark and the other three hostages were fearful that they were just as likely to be killed by police incompetence as by the robbers.[7][8][9] Ultimately, Enmark explained she was more afraid of the police, whose attitude seemed to be a much larger, direct threat to her life than the robbers.[10]"
Would you support Microsoft doing the same thing to Windows?
These are general purpose computing devices. It's sure taking a long time, but Cory Doctorow's talk on the war on general purpose computing is sure starting to become a depressing reality: https://www.youtube.com/watch?v=HUEvRyemKSg
Microsoft is doing the same thing, they call it S-mode. A surprisingly large amount of computers are sold with Windows S. Thankfully S-Mode can usually be disabled even if your computer shipped with it enabled.
Windows S mode is a streamlined version of Windows designed for enhanced security and performance, allowing only apps from the Microsoft Store and requiring Microsoft Edge for safe browsing.
All apps should be open source and subject to verification by nonprofit repositories like F-Droid which have scary warnings on software that does undesirable things. For-profit appstores like Google and Apple that allow closed source software are too friendly to scams and malware.
I don't think that's a realistic suggestion as as the quantity of applications are huge who are going to spend time reviewing them one by one. And and even then it's not realistic to expect that that undesirable things can be detected as these things can be hidden externally for instance or obfuscated
F-Droid exists and they have a much better track record than Google. I'm not actually serious, I just think if there's a single app repo that should be allowed to install apps without a scary 24h verification cooldown, it's Google's proprietary closed-source app store that needs the scary process, not F-Droid.
Users don't have to wait 24 hours because Google Play store already has registered developers. Scammers can be held liable when Google knows who the developer of the malicious app is.
Really though? Who is in jail right now for Play Store malware offenses? Or are we just talking about some random person in China or Russia who signed up with a prepaid card and fake information had their Google account shut off eventually.
I'll give you that, enforcement of the rules can sometimes fail. But scamming & malware is a global industry, definitely not limited to state-funded actors in those two countries (which is what I think you're referring to).
I think compared to the alternatives, this is the best answer.
Even if you are a bank or whatever, you shouldn't store global secrets on the app itself, obfuscated or not. And once you have good engineering practices to not store global secrets (user specific secrets is ok), then there is no reason why the source code couldn't be public.
It's also true, the best way to audit software is source-code and behavior analysis. Google and Apple do surprisingly minimal amounts of auditing of the software they allow on the Play Store and App Store, mostly because they can't, by design. It should shock absolutely nobody then that those distribution methods are much more at risk of malware.
Most open source repositories do have eyes on the code. Debian often has separate maintainers who maintain patches specific to Debian.
It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories. It's a result of the system. Trusted software currated and reviewed by maintainers.
The play store will always have significant amounts of malware, so this entire conversation is moot.
1. "Most open source repositories do have eyes on the code"
Seems basically impossible that this is true.
"Debian often has separate maintainers who maintain patches specific to Debian." does not support the previous statement. Debian cherry picks patches, yes.
2. "It's not a coincidence that Linux distros are much less susceptible to malware in their official repositories."
Not only is it not a coincidence, it seems to not even be true.
3. "The play store will always have significant amounts of malware, so this entire conversation is moot."
This seems to just be "a problem can not be totally solved, therefor making progress on this problem is pointless to attempt". I... just reject this?
Not the parent or agreeing/disagreeing with them, but to your question: if you get creative, there are a lot of things you could do, some more unorthodox than others.
Tongue-in-cheek example, just to get the point across: instead of calling it Developer Mode, call it "Scam mode (dangerous)". Require pressing a button that says "Someone might be scamming me right now." Then require the user to type (not paste) in a long sentence like "STOP! DO NOT CONTINUE IF SOMEONE IS TELLING YOU TO DO THIS! THIS IS A SCAM!"... you get the idea. Maybe ask them to type in some Linux command with special symbols to find the contents of some file with a random name. Then require a reboot for good measure and maybe require typing in another bit of text like "If a stranger told me to do this, it's a scam." Basically, make it as ridiculous and obnoxious as possible so that the message gets across loud and clear to anybody who doesn't know what they're doing.
The people falling for social engineering now won't be protected by this either. You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
> You could gate the functionality behind verification of an anti-scam awareness and education training and certification course, scammers would coach people through the entire course and the verification step, and people would still be victimized.
The problem with this line of reasoning is that it proves too much, which really gets to the heart of the issue.
If people are willing to be led to the slaughterhouse in a blindfold then it's not just installing third party code which is a problem. You can't allow them to use the official bank app on an approved device to transfer money because a scammer could convince them to do it (and then string them along until the dispute window is closed). You can't allow them to read their own email or SMS or they'll give the scammer the code. If the user is willing to follow malicious instructions then the attacker doesn't need the device to be running malicious code. Those users can't be saved by the thing that purportedly exists only to save them.
Whereas if you can expect them to think for two seconds before doing something, what's wrong with letting them make their own choices about what to install?
To add as a sad example, mother of a acquaintance of mine got scammed into withdrawing all her money from an ATM, gave it to the scammer person, then sold her car and apartment (!) and only then became aware of what was happening. And even though she is senior (early 60s) she did work her whole life in a senior engineering role (not IT related).
Point is, the social engineering is, and will be to primary tool of scammers, as it was for the entirety of humanity. And no amount of tools and locks will prevent this.
To make the argument further - we know that lock-picking exists, and can be very effective, yet we're not rolling out bigger and more complex door locks every year, or mandate people having 15 doors with 10 locks each - we just acknowledge that this tech is not perfect, but good enough.
So clearly, the incentive of all these changes can't be "security", it's just plain stupid.
That's unfortunate if true but it isn't a convincing argument to force the rest of society to live in proverbial padded cells. There's a minimum bar here. Some people probably shouldn't have online accounts and aren't responsible enough to manage their own finances. The rest of us are (hopefully at least marginally) functional adults.
This is actually a really interesting problem. Some portion of the public (nerds) are competent to understand what running software even means and the rest (let's call them "sheep") are naive and helpless. A portion of the nerds (Evil Hackers) are easily able to coach any sheep to do any action. Obviously everyone should default to being a Sheep, and obviously it would be ideal if Nerds could have root on their own damn hardware. But how can one ever self-certify that they're actually a Nerd in a way that an Evil Hacker can't coach a Sheep through? "Yes, now at the prompt that says 'Do not use this feature unless you are a software engineer. Especially don't click this button if someone contacts you and asks you to go through this process.'... type 'I am sure I know what I am doing' and click 'Enable dangerous mode.'"
> Obviously everyone should default to being a Sheep
This isn't actually that obvious, for a number of reasons.
The first is that it causes there to be more sheep. If you add friction to running your own software then fewer people start learning about it to begin with. Cynical cliches about the government wanting a stupid population aside, as a matter of policy that's bad. You don't want a default that erodes the inherent defenses of people to being victimized and forces them to rely on a corporate bureaucracy that doesn't always work. And it's not just bad because it makes people easier to scam. You don't want to be eroding your industrial base of nerds. They tend to be pretty important if you ever want anything new to be invented, or have to fight a war, or even just want to continue building bridges that don't fall down and planes that don't fall out of the sky.
Another major one is that it's massively anti-competitive. If the incumbents get a veto, guess what they're going to veto. This is, of course, the thing the incumbents are using the scams as an excuse to do on purpose. But destroying competition is also bad, even for sheep. Nobody benefits from an oligopoly except the incumbents.
And it's not just competition between platforms. Think about how "scratch that itch" apps get created: Some nerd writes the app and it has only one feature and is full of bugs, but they post it on the internet for other people to try. If trying it is easy, other people do, and then they get bug reports, other people contribute code, etc. Eventually it gets good enough that everyone, including the sheep, will want to use it, and by that point it might even be in the big app store. But if trying it is hard when it's still a pile of bugs and the original author isn't sure anybody else even wants to use it, then nobody else tries it and it never gets developed to the point that ordinary people can use it.
So maybe the scam we should most be worried about here is the one where scams are used as an excuse to justify making it hard for people to try new apps and competing app stores, and deal with the other scams in a different way. Like putting the people who commit fraud in prison.
No. This assumption is the core fault with the entire line of reasoning. The typical sheep will not do arbitrary things for a stranger such as sending you his entire bank account because you told him he needed to pay an IRS penalty in crypto to avoid being picked up by the state police who are already en route in 15 minutes.
It's a continuum. The question is how much of the low end needs to be protected by the system.
Binning into discreet blocks to match your example, the question is where to place the dividers between the three categories - nerd, sheep, and incompetent. We don't care to accommodate the third.
This is if nothing else an interesting postulate. Default all devices to nerd mode and sheep mode is an opt-in at setup time.
In theory I have no problem with the idea of hanging the incompetents out to dry, when I imagine them as unsympathetic idiots, the same people who litter, and can’t drive correctly. But actually I think most of us would be horrified when it turns out that category of incompetents includes our parents and grandparents, or, increasingly, our children (Gen Z has been increasingly falling victim to scams, partly because they have no idea how computers work since modern ones present only highly abstract surfaces to them, and I suspect Alpha will be the same).
> Default all devices to nerd mode and sheep mode is an opt-in at setup time.
The entire point here is that sheep do not need an overly protective mode. It's a false premise.
I know plenty of them. I help them navigate modern tech. I install fdroid on their phones. They lie on a continuum and none of them are going to turn on developer mode (or whatever BigTech wants to call it) because a stranger on the phone told them to.
There is a small sliver on the far end of the continuum that will do things like that. But in general they are sufficiently gullible that no measure that can be bypassed will ever work for them. They require a Fisher-Price device.
BigTech wants to hold that small sliver up as justification for their anticompetitive practices.
I agree mostly with you, especially that last line! I just think we disagree on how big that sliver is. I think it's at least 20-25% of the public that is very uncomfortable with the technology they use, and with the right social engineering, absolutely can be taught to do harmful things to themselves.
You (or another commenter) are right though that blocking sideloading eliminates but one avenue for this abuse, which at first makes us feel good that we then shouldn't have to give this freedom up! Now, the bad news is that from Big Tech's pov, the open Web is the next enemy in the crosshairs. The future "Sheep mode" may simply be App Store (only sanctioned scams, paying their 30% cut, are allowed there!) + a "Web Browser" without an address bar, which can open any of the "Thousands of Safe Sites" on the OS Vendor's allow-list. Getting on the list is of course "easy," and just requires a $999/year subscription, and proving SOC2, GDPR, and CCPA compliance.
Compared the current paradigm, where you already need to enable developer options, allow installation from untrusted sources, and tap through a warning screen for each apk to be installed?
Maybe 10-20%, generously. The people who are falling for it under current protections clearly are not reading anything they're looking at or thinking about security at all, they've fallen for social engineering scams and sincerely believe they're at imminent risk of being arrested by the FBI or that their adult child is about to be killed. They're in fight or flight mode already, not critical thinking and careful deliberation mode.
If you were to rank everyone by gullibility, these people would largely be clustered in the top 1-2% of most gullible people. There is very little you can do to protect these people, realistically.
> They're in fight or flight mode already, not critical thinking and careful deliberation mode.
That actually sounds like an argument is favor of this restriction. If someone is in a position of deep trust with the scammer then waiting a day is nothing. But if they're in a panic, not thinking things through or calling anyone for advice, that state probably won't last 24 hours.
That's fair, reasonable minds can disagree on the numbers and even magnitude here.
What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%? Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users? Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
It really feels like you're replying to a completely different comment than mine? Absolutely nothing you're responding to here is consistent with what I wrote (except your very first sentence)...
> What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
There's nothing to challenge here. The method I proposed keeps you fully in control and owning your device. Anybody can follow that process if they want. It's not like I said each person has to get approval from Google before enabling developer mode on their phone.
> Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%?
This is not some kind of paradox like you're making it out to be. A very reasonable starting point would be "get this scam rate down to match {that of another less-common scam}". Iterate until/unless new data comes along suggesting otherwise.
> Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users?
"Too"?! Where did I ever suggest root should be "completely unavailable" to all Android users?
> Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
I think there has been a fundamental misunderstanding. I am not accusing you of having suggested any of this - these are escalating hypotheticals about what lengths it is appropriate to go to in the name of protecting vulnerable users.
When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?
What I am asking you to do, as a thought exercise, is to define that threshold, and then to consider that if we never meet that threshold, how far are you willing to go with iterating and adding more friction, stripping user control in pursuit of it?
It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero. All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
> When you say "Iterate until/unless new data comes along suggesting otherwise", does that mean you will want to continue adding more friction and more restrictions as long as a number or percentage of people (that exceeds some threshold) continue to get scammed?
All it means is "keep reevaluating the situation and your approach based on the data." I can't possibly claim to have all the answers for every hypothetical available right here.
> It seems to me that you have a mental model where some small, reasonable changes will dramatically reduce the number of scam victims to near zero.
Replace "will...near zero" with "has a reasonable chance of...low enough that the fish becomes too small to fry" and you might be capturing my thoughts better.
> All I'm asking you to do is sincerely consider what your preferred course of action looks like if you are wrong about how effective each additional layer of controls are.
I am not a prophet (or a dictator). I'm an engineer. I see a potential solution or mitigation, I evaluate the trade-offs, and if it seems worthwhile, I suggest/try it. If it works out well, great. If not, I reevaluate everything based on the facts at that point. "I don't have any good idea anymore" is certainly a possibility I could reach, as is "I have another idea"...
Clearly there are a million factors to consider in each situation. Some predictable, some not. Just to list a few obvious ones off the top of my head: how fast we get there, how users react, how governments and lawmakers react, the magnitude of the scamming (not just rate! but also monetary amount), what other threats pop up in the meantime, what threats go away, what other mitigations or alternatives are available to try next, what the financial system even looks like at that point... these are all relevant. I can't predict what we should do in a vague, underspecified hypothetical where the only concrete premise seems to be that my predictions are wrong. (!) What I can see and suggest some solution for is the reality right now.
If I proposed putting mandatory cameras in all homes and you objected, would it then be fair for me to demand that you justify your position by proposing a better alternative to combat domestic violence?
Locking down computing is just fundamentally wrong and leads to an unfree society.
The choice is not between "individuals are on their own against scammers" and "users are locked into Google vetting their phone". Users should be able to choose another organisation to do the vetting. They bought a phone, they didn't sell their life to Google.
Enable unknown sources in developer options, have the user type out in order to proceed "If I am typing this and don't know what I am doing, I am likely being scammed".
I suppose you could make the cooldown apply to the actual installed app. Like... when it's first installed it won't work for 24 hours and the clock doesn't start until you reboot. And then on boot it scares you again before starting the clock. And then "scares" you again after the cooldown.
Force the phones to be open so I can install my own OS on them.
Then Google can do whatever they want with their OS and I can do what I need with mine. You might actually get phone OS competition. This is what the walled garden is actually meant to prevent.
China just executed couple of them that operated in Myanmar. Since we are hurling towards the bad parts in their dystopia anyway, why not also get the good ones?
Like the ones constantly advertising across Google's plethora of platforms without any repercussions or possibility of recourse with Google? For my safety, of course.
You can’t feasibly protect someone that believes the person on the phone is their family member or the chief of police.
This kind of thing has to be verified like how they try drugs. Just randomly doing things will surely be useless, similar to how randomly optimizing parts of a program is generally worthless.
Are scammers using sideloaded apps when they can use whatever remote connexion the apps in the store allow ?
I think a big warning in red "Warning :If you don't personally know the person asking you to install this app, you are getting scammed. No legitimate business or Institution will ask you to install this app"
Why would you need to sideload anything when scammers can just use Teamviewer or any remote operation software, readily available in the Play Store, that will surely pass whatever "checkmark" process Google uses to validate "safe" apps?
As if Google Play itself isn't a cesspool full of scammers, or Google ads, or Youtube. As long as Google get their cut they don't give a shit about scams. For a reality check, turn off your adblockers and you'll see how much Google profits from scams. Any solution to scamming can't involve Google, since they long have been a willing tool for scammers.
Pretending that this is about anything but Google's greed is giving them far too much credit.
But this has nothing to do with combating scammers in the first place, have you never used the play store before? It's overwhelmingly scam apps with the most intrusive ad/tracking shit imaginable. There are scammers openly buying sponsored search results for names of popular apps so their malicious app with similar name appears as the first result.
is is the shit people are exposed to when they go through the Play Store. You don't find that on F-droid.
The second thing I'd do to combat scammers is the same thing I'd do to combat child porn and disinformation: educate people. This silly process is a technical answer to a social problem, and those rarely work well.
You didn't even slightly research the topic of phone malware, browse /r/isthisascam for starters.
I don't say the problem is an "epidemic" and it doesn't have to be an epidemic to be addressed.
It's very obviously not irrelevant. Google is not going to let their main phone app product become associated with Grandma losing her savings! That's not going to help the free software folks... it's going to send everyone over to iOS.
> Google is not going to let their main phone app product become associated with Grandma losing her savings!
How did they manage to survive as the grandma-account-draining brand for over 15 years, though? They're still the market leader.
One of the best arguing tactics the pro-control side has come up with is "The way it works right now is JUST not good enough". And then you don't need to argue any further or substantiate that. You just force your opponent into coming up with new measures because obviously right now we have an emergency that must be dealt with immediately. So far, this reasoning has worked for program install restrictions, de-anonymizing internet users, all sorts of other random attestation and verification measures, and it will be used for so much more.
My question to all that is - what has happened NOW that changed the situation from how it was just a couple years back?. Google hasn't been sitting idle for all these years, they've been adding measures to Android to detect malicious software and prevent app installs by clueless users - measures that were striking a balance between safety and freedom. Why is everything safety-related in the last few years suddenly an emergency that must be rectified by our corporate overlords immediately and in the most radical ways? How did we even survive the 2010s if people are less secure and more prone to being scammed with the new restrictions right now than they were back then?
I'm not saying there's not an issue, but without hard stats, these issues will always be magnified by companies as much as possible as the wedge to put in measures that benefit them in ways other than the good-natured safeguarding of the consumer. In an open society, there's always a point where you balance the ability to act freely with ensuring that the worst actors can't prosper in the environment. Only one of these things is bad, but you can't have both. You need a middle ground.
It's for the same reason governments all over started to implement "age verification" laws all of a sudden, they never tell us their real motivation. That we can only speculate on, but for many people it seems they just go along with it and believe them all on face value, that's what all the media does anyway. The overarching goal they all work towards seems to be total control and surveillance of people's information sources and communication.
Insufficient answer. "The past 15 years" is asking about that entire period. If you want to compare a specific point in time, they asked what changed since "a couple years ago". A fair point-in-time comparison might stretch "couple" as far back as 2020 because of how they talked about surviving the 10s, but no further.
So, 2020 or 2023 or so. Plenty of ransomware, plenty of phone banking. What changed since then?
I don't know if sketchy is the right word but every* time I encounter a proton mail user on a mailing list, they are tinfoil-hat paranoid. Like they are a random nobody, but they are convinced that "the Russians" or "the Chinese" are constantly hacking at their laptop and they are constantly trying to harden everything so much one wonders why they even bother using computers at all.
* OK "every" is an exaggeration but enough that the impression has been formed.
reply