There's already a lot of support out there, in both public opinion and the law, for the idea that if I pay for something physical like a device, I own it. Any substantial alteration in its functionality, especially a reduction in what it can do, requires my consent. Reduction in what it can do should require my consent. Just because tech made it possible for the manufacturer to brick my phone or my car, start charging me extra for certain features I already paid for, or block the apps the OS vendor doesn't approve of doesn't mean they should or that it's even legal to do so. Additionally once I buy the device the vendor has zero business telling me how I can modify it, or whether I can repair it.
I own the thing I bought, fucker. It's my property and I have property rights. The corp has no right to steal away part of the thing I bought or change the terms after the fact. It's potentially criminal if they try.
This framing resonates with a lot of people.
The guy who really exemplifies this positioning at the moment is Louis Rossman and by focusing on these widely understood and popular concepts, he's gained the ability to direct an enormous amount of attention to an issue. He can absolutely swamp a legislature with letters from angry constituents for example when he gives an issue visibility.
Frame it as theft because it is. If they push an update without my consent that removes functionality or sabotages my ownership of the device, it's theft. At the very least product liability laws should apply. Some part of what I bought stops working, that goes to product liability. But I'd take it a step farther and say we're dealing with straight up theft.
Sorry for how you may feel about it, but that *is* how it's being framed for the public..
https://europeanconservative.com/articles/news/eu-parliament...
"How Jewish American pedophiles hide from justice in Israel": https://www.cbsnews.com/news/how-jewish-american-pedophiles-...
"Tens of thousands of pedophiles operate in Israel every year": https://www.jpost.com/israel-news/tens-of-thousands-of-pedop...
> JCW's chief operating officer Shana Aaronson says the failure begins in the United States.
> She says there are elements of the Jewish community in the U.S. that are willing to help pedophiles escape.
A better counter argument to "catch the pedo" is to bring up cases of creeps who were insiders - law officers, or just techies with access - and used the "well-intended" tech to get at their victims.
Certainly. You mean like that time an Israeli Cyber Directorate division chief fled Nevada for Israel after being investigated for soliciting a minor for sexual purposes?
https://www.haaretz.com/israel-news/2025-08-21/ty-article/.p...
It's the the Emperor's New Clothes in real life but for morals. No amount of Rossmanning is going to help society walk back its collective hypocrisy.
It's not about what people believe, but what they are willing to publicly push back against. If such a law was proposed today, I bet it would pass because the only discussions around it would be whether the data can be kept safe and what punishments to dole out if the car owner access this data. Arguments about privacy will be waved away or dismissed without debate.
In fact, let's make a pointless bet: I bet my imaginary internet reputation that the US or EU will pass a law within the next 10 years that requires the continuous recording and collection of data that not only includes GPS, but also face and audio data whenever a car is in motion. This law will impose severe punishments on any owner that accesses this data or deletes it.
I desperately fear for my family and want things to improve, but we are going to lose this battle.
My logical assumption is that all terrorists and pedophiles will concentrate in the areas where they have legal exceptions from being monitored by multiple different parties at any given time. Legislators and the like. To play one of their cards, why would people who love to say "innocent people have nothing to hide" have something to hide?
Kier Starmer wants to protect children? He put Mandelson into government even though he was mates with Epstein. Doesn't sound like someone who cares about protecting children to me.
Rinse and repeat for any politician or political side, they are all only a step or two away from someone who's done something horrible to children. It doesn't matter to me whether I really think it's true or not (though in the example I've used, that is my opinion, who employs someone like that and really cares about children?) but *it does not matter*. This is an us versus them situation, and they are making proponents of freedom out to be criminals at best, paedos at worst. They can take some of their own medicine, and anyone who parrots their line. If ad hominem is the name of the game then let's play, I'm on firmer ground than they are.
Not true, some aren't. Namely the tiny minority who pushes against this sort of stuff.
At this point the internet is exactly like the film Matrix, where humans are merely an implementation detail in the whole system.
The only way to sure defeat is to surrender.
"Secure" is great. But when you hear "safe", that means there is some corp in the shadows predating on you because <insert boogeyman>. They decide what safe means, not you. They will abuse you to no end while keeping you "safe".
That's why companies always remove the features that keep you "secure" and give you ones to keep you "safe".
I wish they filled you with anger instead. It’s not too late. You’re not alone.
It won't matter to the masses, it won't hamper "bad actors" because hackers will find flaws instantly.
It's just enshitfication.
> hackers will find flaws instantly
Yeah.
The ability to circumvent these cryptographic attestations and pretend to be a "pristine" corporate owned device while in fact being free will be a key strategic capability in the future.
They will no doubt pour billions into improving the technology though. I'm not sure if such a capability can be maintained over the long term. We don't have the resources.
...But there is always at least one hacker.
The issue with hardening DRM is that at the core it's hard to protect against an adversary that with physical access to the device that keeps the very secret. From the vendor perspective, the very customer paying you is your potential enemy.
That means that the root of trust isn't itself protected with cryptography. Instead, it relies on security-through-obscurity, Faraday cages, fuses, anti-tampering and lots of glue. And it's a numbers game if there are thousands of different devices, potentially with different flaws while your adversaries are hidden among billions of customers.
There is still a gap between the hacker and main-stream availability, though: laws and legalism, like DMCA that penalize disclosing how the obfuscation and all work.
Before anyone downplays this concern as scaremongering ans slippery slope fallacy stuff, keep in mind that countries are shifting their national ID cars infrastructure to online services which are fundamentally designed around attestation. Moreover some class of services such as banking are progressively increasing requirements that your software and hardware needs to meet to allow you to manage your own property.
the meaning of this word has diluted so much
Don't worry officer, my device is completely clean. Here you go check it. Why yes, I absolutely only ever use it for banking and updating linkedin on a suspiciously empty gmail, and keep it on silent 100% of the time. What's so odd about that? What? No, I just re-read a lot of books, that's my hobby, I read Catcher In The Rye 20 times a month.
...
It's about time people realize the concept of a real phone and a civilian phone as one and the same is dead.
In fact.
You don't need a "real" phone. Just the civilian one.
I use what's basically a portable retroconsole for entertainment. Including reading, incidentally. From its perspective, it is just a computer. Let's make it a competition, puny phones versus portable computing. Name me one thing you think it can't do, in return, I'll fire two YOUR phone can't right now, back at you. I'll forward two: It can run tmux and has a copyparty toggle for a portable filestorage on it. Yes, you can do both on the phone. But yours can't right now, and I you will suffer trying tog get it, while mine, it was 2 command lines and one config file each.
I cannot tell if the alternative solution will be better, but I do think we will develop alternatives.
Also, in the mean time, their announced "sovereign solutions for the European citizen" look ridiculous: now you'll be free from Visa and Mastercard for your payments but at the same time you'll need a phone approved by either Apple or Google.
The user still maintains all the freedom of doing whatever computing they want on their own machine, but if they want to play with others who don't want to play with cheaters then they have to use the official client.
For people who want a high degree of freedom and be able to access as many digital services as possible I foresee such people using a hypervisor that runs both a provable secure OS and another OS that is as free as they want.
What makes you think they will give us this magical hypervisor capability? It's more effort, increases the chances someone finds a bypass and takes power away from the incumbent online platforms. It's so much easier to just prevent it all. The only reason it hasn't happened yet is the amount of devices without this ability in circulation. But that number is shrinking rapidly.
You aren't banned. You just have to use a secure device. It's like saying that a store banned you because they stopped taking checks and started requiring a credit card since they are more secure and harder to commit fraud with. As a person you didn't lose any freedom. Freedom does not mean someone has to be able to force their will on another person. That sounds like the opposite of freedom to me.
>What makes you think they will give us this magical hypervisor capability?
It's not magical. Look at Windows WSL2 which already works like that.
I understand there’s some stupid compliance thing that makes banks do this, but it clearly isn’t a hard requirement, as there’s still plenty of banks that don’t participate in this security theatre.
Graphene OS says they are secure, but the definition of secure they're using isn't the same one the service providers are using, so that doesn't help much.
The best route forward here is to push for a separation of certification types. Ideally it would be possible to pass the security related aspects of Google's CTS test suite and get approved by Play Integrity without triggering the other parts of Android certification.
No, you have to use government backdoored device. I.e. the most secure android rom (at least the only rom we know is not penetrable by state-sponsored celebrite based malware) is not covered by google's play protect, while bunch of outdated CVEd phones are.
Same will go with many hardened Linux machines, QubesOS, Whonix stations, you name it. I'd argue they are far more secure than any average windows/macos installation.
Hardware attestation has nothing to do with security, it's censorship.
Secure as defined by a duo of monopolists. It's a contractual concept and doesn't have a firm relation to security-related characteristics. I'd trust GrapheneOS to be as secure as anything Google is capable of releasing, but that doesn't help them if Google refuses to vouch for a device running their OS. Which is also why your check/credit card analogy falls flat.
Gaming and such are dedicated services. Fine if people agree to pay premium to have the required platform / console / etc.
General services such as communications / banking must be free, and must not require trusted hardware on the end point. The services must be designed to be secure even in the case of compromised end points. But that's against the current trend where all banks are trying to push all the responsibility on the end user because they want to reduce their costs. There are plenty of solutions but they don't go for it because it's not in their interest and they want to squeeze out any little penny of infrastructure cost.
Defense is depth actually works. It's better security to require a dedicated device to make it harder to commit fraud. This is why credit cards became a secure device instead of just being a magnetic strip.
No. It's the constant attempts to invade our computers and "prevent" the unwanted behavior that are problematic. See kernel level anticheat nonsense. They want to own our computers.
> if they want to play with others who don't want to play with cheaters then they have to use the official client
They should be able to play with whatever client they want. It's their computer, it should run whatever software they want.
This nonsense mainly exists only because the operating system is unable to attest that it the app is secure and the right app is what is running.
>It's their computer, it should run whatever software they want.
I agree, but companies shouldn't be forced to match cheaters with legitimate players. Cheaters just can't secretly be cheating.
> the operating system is unable to attest
And it should remain unable. There should be no "attestation" of anything. The corporations who want such things should remain unsure of the device's "security". They should just accept it. Let them write it off as a cost of doing business or something. The optimal amount of fraud is non-zero, as they say.
> the app is secure and the right app is what is running
These machines are our personal computers. They are extensions of our minds. They are general purpose tools with limitless potential, just waiting to be shaped in accordance to our wills.
There is no such thing as being "secure" from us. Not inside our own computers. The mere idea of it is offensive. It is an affront to us all. We are the gods of these machines. To attempt to "secure" a video game of all things against us is an attempt to usurp our power.
> Cheaters just can't secretly be cheating.
Now that remote attestation is in play, the ability to do that -- forge attestations to pretend to be a corporate owned machine while remaining free and subversive -- has become key. So I'm forced to say that cheaters absolutely should be able to secretly cheat. If the cheater wants to edit his computer's memory or whatever, it's his divine right as the owner of the machine. An inability to do that means our freedom is lost.
Cheating in video games is literally nothing compared to the loss of our computer freedom. Let the entire industry go bankrupt if it must. We cannot sacrifice it no matter what, and certainly not over something as mundane such as video games. There is so much more at stake here. Ubiquitous access to cryptography. Adversarial interoperability. Our very self-determination in the digital world. Video games are nothing -- and that's coming from a fellow gamer.
The choice is simple: tolerate some level of online cheating, or require remote attestation to run the game. If you ask me, I’d rather take the first option. Locked down game console already make me a bit queasy. A locked down desktop, laptop, or palmtop? That’s not acceptable. People should be able to run any program they want on their computers. If that means the end of online gaming, so be it.
How do old boomershooter communities tackle cheaters? When and why do methods that work on a social graph fail or necessitate anticheat? I agree on the hypervisor part. Putting different applications in microvms would be good for isolation.
A lot of gaming migrated to consoles for this reason. They have secure remote attestation implemented properly. Accusing winners of cheating doesn't work there, and it's obvious why that results in happier and healthier gaming communities.
You might of. But there was a percentage of players turned away by cheaters or even just had a bad experience one day because of one. At scale this can cause a bad experience for a ton of players so trying to stop as many cheaters as possible does matter.
>Why do I need to compromise my hardware
You don't have to compromise anything. In fact it is optimal to have the system be as secure as possible that way cheats can't mess with the game.
>How do old boomershooter communities tackle cheaters?
By limiting the rate of new players. This goes against the wishes of games who want to achieve massive growth.
>When and why do methods that work on a social graph fail or necessitate anticheat?
If people provided IDs that could work too instead of anticheat, but usually people do not want to do that just to play a game. It adds friction to the onboarding process.
So… I don’t have to compromise the ability to run any program I want on my machine, and I don’t have to compromise the ability to be root on my machine. Right? And of course, when I say "me", I’m talking about everyone, including cheaters. Meaning, we don’t have to compromise the cheater’s ability to run any program they want (that would include cheats), nor their ability to be root on their machine.
> In fact it is optimal to have the system be as secure as possible that way cheats can't mess with the game.
Secure for the game company you mean. I want a computer that’s secure for me, that responds to my commands. And again, "me" includes everyone and cheaters too.
---
The online gaming industry is not worth sacrificing individual ownership of computers.