HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.

Hacker News Comments on
That's How You Get a Dystopia @ Mozilla Privacy Lab (Nov 2017)

SaurikIT · Youtube · 10 HN points · 13 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention SaurikIT's video "That's How You Get a Dystopia @ Mozilla Privacy Lab (Nov 2017)".
Youtube Summary
(This recording is of a talk that was given at Mozilla Privacy Lab on November 13, 2017.)

Apple/Samsung owns your phone. Google/Facebook owns your data. Amazon/Microsoft owns your network. It seems we are no longer able to conceptualize technology without deciding "who owns it?". Do you want a dystopia? Because that's how you get a dystopia.

When you hear about tradeoffs related to freedom, privacy, security, or even simply quality, too often the discussion is highly theoretical and we lose people to arguments over "well, that will never happen". In fact, there have been enough concrete and documented failures--places where the software development community has accidentally enabled discrimination or even directly been forced to support oppressive regimes--that we can learn quite a bit even limiting ourselves to only what we can glean from major news headlines.

Attendees of this talk will hopefully obtain a new appreciation of just how important it is to design decentralized and federated protocols, even when ostensibly building systems that are "secure, yet centralized" (such as Signal and even Tor), culminating in a description of Orchid, a just-announced open-source platform that takes direct aim at Internet surveillance.


Jay Freeman, widely known online as "saurik", is the developer of Cydia, the alternative to the App Store used on jailbroken iPhones, iPads, and the iPod touch. Substrate, the platform he provides developers to alter the behavior of running programs by way of runtime in-memory patching, has been used by many thousands of developers and deployed to tens of millions of users.

Jay's largely-academic background is in networking, static analysis, and programming languages, which have resulted in nmap+V (which brought "what version of what software is running on the remote computer?" to nmap in 2000), Exemplar/Anakrino (the first decompiler for .NET, released in 2001 while .NET was still only available to beta testers), and Cycript (a hybrid of Objective-C and JavaScript that is often used to explore the behavior of running programs).

In 2017, along with Brian Fox, Gustav Simonsson, Stephen Bell, and Steve Waterhouse, Jay co-founded Orchid, a new peer-to-peer protocol and associated organization with a goal of ensuring surveillance-free access to the Internet for everyone, everywhere. Orchid combines monetary incentives (using a cryptocurrency) with design decisions that give users a feeling of "control" over their Internet connection with a fully-decentralized protocol to build a secure market for bandwidth.
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Based on their history of using their control over the App Store to "protect people" from such harmful content as content about how smartphones are made in sweatshops and tools (such as VPN clients, but also for a long time cryptocurrency wallets) that allow people to bypass restrictions put in place by these nation states that Apple works with, I'd claim these incentives are pretty shit :(.

https://www.youtube.com/watch?v=vsazo-Gs7ms

astrange
If you try to get into cryptocurrency your phone should automatically deliver electric shocks until you stop.
ziddoap
>Based on their history of using their control over the App Store to "protect people" from such harmful content as content about how smartphones are made in sweatshops

Your post has a point, and there is certainly an argument to be made along those points, but the loaded language, inappropriate scare quotes, and disingenuous statements are not an effective way of communicating those points.

Do you actually believe that the App Store process & protections have never stopped a malicious application from being distributed?

> Apple isn’t perfect. The App Store isn’t perfect. Developers aren’t perfect. The App Store review team isn’t perfect. Everything isn’t perfect.

This is key: because individual centralized actors are imperfect and even corruptible--whether due to intrinsic motivations or extrinsic application of force--it isn't acceptable to concentrate so much power onto them; in a talk I gave at Mozilla Privacy Lab a few years back, I covered a lot of these failure cases throughout our industry with real-world "this actually happened" examples, including (as this would of course be one of my focuses) looking at numerous ways in which Apple's App Store moderation has been the problem instead of the solution.

https://youtu.be/vsazo-Gs7ms

starkruzr
just want to thank you for everything you've done for the iOS user community these last 15 years. I left the platform when Apple's success in fighting its own users became too much of a pain point, but before that your work helped enable developers to do some utterly fantastic stuff.
tshaddox
But as long as we have fairly effective enforcement of IP law, so that e.g. only the publisher of a popular video game can get away with distributing that video game to smartphone users, don't you still have largely the same issue with concentration of power? You still won't have different parties able to compete in how Fortnite is distributed. The publisher of Fortnite can choose how to distribute Fortnite, but that power is still concentrated with the publisher, and arguably even more concentrated since the publisher would not be subject to power from any particular app store.
saurik
A) We do not have effectively enforcement of IP law, and to the extent we do it is only because you already helped usher in a dystopia by centralizing power with entities such as Apple.

B) That laws are different in different places and that even in the US there are exemptions to laws should not be casually ignored by assuming one narrow interpretation of a set of laws as you have: Apple controlling the distribution model with cryptographic locks hard-codes in a subset of American IP preferences around the world.

C) Even if we ignore these details and take your argument at the face of it and accept that for "choose how to distribute Fortnite" you merely are deciding between one of two centralized actors, you seem to be carefully trying to perform not one but two sleight of hands on the moral discussion at play.

It isn't like Epic doesn't have legal control over how Fortnite is distributed regardless: if Epic doesn't like Apple's terms for their App Store in the current model, they can choose to just not give you the software at all. You are just hoping to play a super dangerous game by assigning a single negotiator between your community of users and Epic in order to try to convince them to develop their software differently, for which you are apparently willing to pay 36% more for your software (which means you must value it a lot: like, for whatever benefit you think Apple is getting you here you are willing to dig into your own pocketbook and pay multiple extra dollars you otherwise wouldn't have to pay on every purchase or subscription) and--and this is where the tradeoff is unacceptable and the subject of the following #2--give Apple a large amount of control over all software in all jurisdictions... control which they lie about the benefits of, which they have routinely abused, and which can and is take advantage of by external actors.

And really, that is the most important thing in all of this and what I'd hope you would appreciate if you watch my talk: by giving Apple control over all software on the App Store you give them the power to affect what kinds of software is allowed to be built by anyone anywhere while creating a centralized chokepoint for the enforcement of whatever rules that bad actors want (such as the inclusion of end-to-end encryption carbon-copy features in applications or whatever). Giving Epic control over the distribution of Fortnite can't usher in a dystopia.

X) BTW: note that Fortnite is attempting to be some kind of massive metaverse service with a centralized set of servers attempting to provide an ecosystem of content that they would then have centralized control over. If the issues with Apple weren't so dominating and glaringly dangerous today maybe we could be having an argument about whether what Epic is building is moral and whether laws need to exist to stop it (and instead force--either directly or indirectly--such technology to come into existence in a way that is itself decentralized).

tshaddox
> It isn't like Epic doesn't have legal control over how Fortnite is distributed regardless: if Epic doesn't like Apple's terms for their App Store in the current model, they can choose to just not give you the software at all. You are just hoping to play a super dangerous game by assigning a single negotiator between your community of users and Epic in order to try to convince them to develop their software differently

Not exactly. I'm hoping that at least one popular smartphone platform exists that exerts some leverage against software developers on behalf of users, so that users who value that feature can choose that platform. But it's also crucial for customers to be able to choose that platform (in this case, iPhone) for that reason, and to also have viable alternatives if they're not interested in this feature of a smartphone platform. I don't want Apple to do monopolistic things, and I absolutely wish there were more viable smartphone platforms, and I condemn Apple for the things it does to attempt to lock people in to the iPhone platform.

ViViDboarder
So you’re suggesting a blanket right to redistribution to all property? It feels pretty generally accepted (and non contentious) that the creator of a product has a monopoly on its distribution and can chose to distribute in as many or as few places as they like. Otherwise I’d be well within my rights to ask you to give me the contents of your hard drive at my convenience as you would not be permitted to control the distribution.

It turns out that with the current rules around monopoly rights of creators, many rights holders actually prefer to widely distribute, so I wouldn’t say that this makes it “even more concentrated” as the majority of content would be.

Some content will probably only be available in a first party store, but just the fact that there are competing stores is good for the consumer.

tshaddox
No, I absolutely did not suggest that. What I suggested is that the creator’s monopoly on distribution is inherent concentration of power and thus you don’t solve problems with concentrations of power if you force Apple to allow sideloading on iPhones.
rektide
The Safari team is asking for feedback, after "Safari is the new IE"[1] is getting steam again as an idea. This idea that they want to do better is good, but your arguments really cut into the heart of it.

Even if Safari turns the ship around & decides to support fun & interesting new platform capabilities that make the web interesting, like WebMIDI, WebUSB, the mere fact that Safari is the gauntlet for innovation, that Apple & Apple alone gets to say what parts of the web will work, is highly poisonous to the web. iOS users having no choice, having a centralized actor now & forever gating progress is untennable, is wrong, prevents healthy emergence & discovery. However good they are today, they may drift tomorrow, and having no fallback, no options is a technocratic fascism that society should recognize as structurally sick.

[1] https://news.ycombinator.com/item?id=30277179

Dec 26, 2021 · saurik on Control as Liability
This same kind of thought process--that one should strive not for "do no evil" but "can't do evil"--really applies everywhere, as it is somewhat general: amassing control over other people and their resources (money, data, whatever) is always going to be dangerous.

Maybe you are good today, but in the future you might start to be swayed by changing incentives or situations due to forces such as "absolutely power corrupts absolutely".

Or maybe you manage to always be good, but--as humans have fixed life spans--eventually retire or die or simply move on and are replaced by someone who is less good than you are.

Or maybe you are good but the power you manage to concentrate gets stolen by someone (in the digital world, maybe you get hacked) and used without your permission to do bad things.

Or maybe you want to be good, but your power is seen as an asset for something external--such as a government--and you end up being required to do bad things that make you sad.

We see all of these issues play out constantly with large tech companies, with control techniques such as curated application markets getting abused as anti-competitive measures, or getting regulated by authoritarian governments as a tool for their regime.

In 2017, I gave a talk at Mozilla Privacy Lab that looked at many of these issues, citing tons of situations--every slide is a screenshot of a news source, as somehow people always want to believe these situations are far-fetched--where having control has gone badly:

https://youtu.be/vsazo-Gs7ms

meheleventyone
But there is also “can only do evil” where you accidentally set up a system you can’t fix.
saurik
If users agree that the thing you have built is broken and want to opt into using a new less-broken thing, they can always do that, as would be the case (say) with software they download from you and are running on their computer (rather than software you host on your server, that you can change at will): you don't need the power to "reach your grubby mitts"--to put it bluntly--into their lives and fix what you built on their behalf in order for broken things to be fixed, and your definition of what is "broken" can easily be at odds with the user's preferences or even needs (which of course begs the entire question of how to avoid the incentive to be evil in the first place).
mathnmusic
This is relying on something akin to a free market for laws: immigrate to a place which has better designed laws. I find it way too simplistic for real life. Network effects and other cost of switching can sustain bad regimes for quite a while. This applies as much to people immigrating across national boundaries, to religions imposing death penalty for apostasy to musicians being forced to be present on Spotify despite its terrible economics.

Should constitutional amendments be outlawed - just because people are "free" to immigrate if they don't like it?

DarylZero
> If users ... want to opt into using a new less-broken thing, they can always do that

Users don't necessarily have that much agency. The most successful and powerful businesses don't need to satisfy user preferences because the users are FORCED to conform THEMSELVES to the constraints imposed by the business.

tata71
> Users don't necessarily have that much agency.

It's time to fix that.

Web 1.0: Read Web 2.0: Read/Write Web 3.0: Read/Write/Own

CrazyStat
Based on the weekly reports of $XX million being stolen from $DEFI_ENTITY, web3 seems more like read/write/pwn to me.
tata71
Have you opened a Twitter account with that wit?

The fact is that you cannot verifiably compare those numbers to traditional finance hacks, because they're simply not transparently reported/cleaned up before the damage can be noticed.

Don't fault a good in-built bug bounty for bringing about the next generation of strong, distributed infrastructure.

CrazyStat
I don’t think you understand how bug bounties work.
viraptor
Traditional finance hacks usually abuse tax / debt of large enough companies. Web3 finance hacks take all available money directly out of your personal account. That's a much worse situation for a normal user, because with a bank you can often say "this is wrong, fix this" and the bank is insured enough that they will. Compare to the situation in Venezuela where the in-built bug bounty currently takes a significant amount of people's savings and they have no way to revert it.
tata71
P.S. If the thing being hacked is government backed, you are the pay-back!
viraptor
If you want to be that precise, then you are the 1/population part of the payback. Yes, collectively we pay the tiny fraction of insurance on each of us not having all savings wiped in a single hack.

Which happens as well for defi/crypto, but with no guarantees attached - you pay for the development/support with fees.

tata71
The problem is that we've given up our own knowledge and abilities as consumers to complete fucking snakes as people,

and they regularly abandon their duties to keep us safe, with varying degrees of recompense/Justice actually being served when the consumer gets screwed (less every year, from what I can see).

At least with SuperNewFastDeFi (vs Coinbase), I know I'm using a beta and could get screwed, as opposed to my current "stable, traditional financial institution" which just recently turned off everyone's 2FA during an infra migration, and acted like that's totally okay.

I know my home loan etc won't be T-shirt cannon'd off to even worse snakes as soon as I've left the parking lot.

Many forms of security and agency improvements this shift is bringing to the forefront now, and this community, for whatever reasons, sleeps on.

saurik
I certainly understand that wanting to amass power over others (and, then, likely, eventually being evil) is both extremely common and extremely profitable... but the argument here is that it should also be frowned upon, avoided, and quite possibly even regulated out of existence. I thereby don't understand why you are re-asserting the status quo :(.
DarylZero
I'm not re-asserting anything, I'm just saying that our children won't really have an option NOT to work in the bitcoin mines.
AnthonyMouse
I think the point is that the alternative where the developer needs the user's permission in order to push out an update that the user actually wants is already the scenario where the user is in control, as opposed to the status quo.

You don't need the ability to force something on them that they actually want, so the ability to force something on them can only be used for evil. The good update would be accepted without coercion.

DarylZero
I wasn't talking about updates. The user maybe hates using the platform at all. Or maybe doesn't think about it. But either way, knows there's no choice.

Network effect, or else some other monopoly, determines where you have to go to find jobs, where you go to meet girls, what kind of currency you have to pretend has value, etc.

judge2020
Yes - even in what language you speak, what sort of fashion is appropriate, etc. To put it bluntly, because humans only want to interact with other humans, people will always be forced to change their ways and adapt to whatever the status quo is to participate in that human-to-human interaction (lest you decide to slice your tongue and go live in the woods, isolated from any other human). Without the conformity, nobody will be able to interact as they all want to interact in a different way.

The real potential solution to all this is standardization. It's conformity, but only on the communication layer itself and not the backend. For example, in online dating, if you want to use Tinder, go for it, but someone else might want to use something else while still matching with people who use Tinder. This is, of course, entirely impractical as of now given all of the side-effects nobody is willing to make (giving up user data, DoS threats, general increased infra costs with no real ROI), but perhaps a stopgap solution is to have a regulating body determine standards for specific types of services (eg. short-form blog platforms like Twitter), and they enforce products to conform to the shared standard if it's a similar enough experience to existing products in the category. This would still allow innovation in new areas, while ensuring giants can't form a monopoly via network effects in easy-enough-to-replicate platforms. This still leaves the issue of "all my users' PII is in 1000 different companies' servers" so maybe the body would have to vet & impose legal data restrictions on companies that want to federate with the incumbents, but that would impose on the goal of allowing new players to enter the market with low friction and further entrench the dominance of these incumbents.

AnthonyMouse
> (giving up user data, DoS threats, general increased infra costs with no real ROI)

I'm starting to think the best way to solve this is to bifurcate it.

Create a P2P system which is free-as-in-beer but is possibly susceptible to DoS attacks etc., then have an option which is more robust than that where you pay Cloudflare or someone to host your data in exchange for money, but it's still part of the same network and interacting with the same people.

That way you can acquire new users without shoving a payment prompt in their face on day one but someone who just wants to hand a fistful of cash to a third party to take care of their problems still has that option.

> This still leaves the issue of "all my users' PII is in 1000 different companies' servers" so maybe the body would have to vet & impose legal data restrictions on companies that want to federate with the incumbents, but that would impose on the goal of allowing new players to enter the market with low friction and further entrench the dominance of these incumbents.

This is the kind of problem that gets solved much better by smart cryptographers than government bureaucrats.

Encrypt the data. Use a kind of cryptosystem where only the people who are supposed to be able to have it (i.e. your friends, not Mark Zuckerberg) can decrypt it.

Now some servers can host it so it's not offline when your phone is, but those servers can't read it, only the intended recipient(s) can.

Obviously this is only even necessary for posts that aren't intended to be completely public.

saurik
Ugh. I just barely missed the window to fix that "absolutely power corrupts absolutely" typo, and in the process was breaking that paragraph into two, as I think this better explains my vague "changing incentives or situations". Here, improved:

> Maybe you are good today, but--as "absolute power corrupts absolutely"--you might find yourself incrementally abusing your power or even "selling out" in the future without even feeling yourself change.

> Or maybe you always do good things, but due to a tragic change of circumstances--such as an expensive health issue with a family member--it becomes difficult to decide what being good means for you.

> Or maybe you manage to be good "forever", ...

> Or maybe even your heirs are all truly good, but the power you managed to concentrate ...

> The only reason you can install an VPN app is via an .apk file and this is due to the technical design by Android vs. a closed ecosystem like Apple App Store.

Obviously, I understood this, right? This was the entire reason I can make a point I about how Apple decided to go down an immoral technical design with the goal of making more money than can be morally justified, because we know there were common alternative designs.

> Technically speaking, Chinese Android phone companies could just block 3rd-party apk installation anytime they want in the name of security (They already do that by default) and 99% users won't know how to circumvent it.

And yet, they don't.

I guess the big problem I have with your comment (the original one also) is that there is a certain scenario where you think you have a great point, and the idea that the other people arguing here or the article we are reading might not fit your enemy template is I guess so confusing or maybe frustrating that you are willing to just start smashing reality until it fits.

That you are pulling out theoretical futures here to fix your narrative is then telling: that Chinese companies could change something... well, a big part of my point is that they have not already changed something, and we can thereby use that to understand the boundary of what the law in China--not just the written ones but anything unwritten as well--are actually saying.

The reality is that, as far it seems both of us know, the only company with much marketshare--INCLUDING OF THE ONES IN CHINA--that outright block your ability to install VPNs on their phones is Apple. This is because Apple has gone to great lengths to design a system where all data and control over hardware is centrally managed by Apple, which causes problems the world over.

> Strategically, the most morally-reasonable way is to help the people in these countries by actually trying to be present even under severe pressures from the regimes to comply with their demands.

Google didn't even leave China over moral reasons: they did it because China was directly messing with their data centers. It is a move that comes off to me as purely defensive. It thereby isn't at all clear to either myself or many of the other people posting here that Google actually cares to take a stance against China due only to some ethical stance.

But like, you do realize I wasn't applauding such an action, anyway, right? While I am not sure I would be against such, I don't actively think Apple should leave China over their inability to host VPNs... I think they should allow people to install VPNs that they don't host, because apparently that's currently allowed in China and the only reason I see that changing is if Apple sets such a strong precedent that it is even possible or reasonable to control an ecosystem from top to bottom that we lose the practical ability--likely throughout the entire world--to even own general purpose computers anymore.

> And god knows how many malicious apps are in those app stores to eavesdrop users' private information.

As for this whole argument path, you seem to be arguing that people don't deserve freedoms because they are... I guess, dumb? If we don't believe people should have freedoms anyway, maybe we should just accept that authoritarian regimes are a force of good? I mean, the Chinese government is going to make tons of similar arguments about the good they are doing. Could it just be that you are pro-authoritarianism? :(

Regardless, you here claim that the possibility of malware people might accidentally install on these devices is somehow a 100% (a number you use later) guarantee of surveillance but ignore that Apple is just handing their centralized collection of user data to China anyway via stuff like iCloud (which is absolutely "in scope" if "users are dumb and will install malware is"... we can't make decisions based on the idea that elites running tech companies have the job of being smarter than the unwashed masses: down that road likes authoritarianism).

At this point I felt I should maybe dig into your comment history to try to better understand whatever your position here result is, and in the process of digging through a hunger of pro-censorship positions and defenses of Apple ( I came across something fascinating from a mere three months ago: you are against Apple's CSAM work (which I would expect you to be for, given your arguments here, as it is essentially the exact same scenario).

https://news.ycombinator.com/item?id=28230499

> This part is legit though: governments around the world could pressure Apple to add other forms of surveillance. Be it hashes of non-CSAM, or simply pressure NEMEC or other hash providers, or extending its capabilities to all messages or photos on device. > In my opinion, this is the biggest concern, not the technology. Before, Apple could simply refuse by saying we don't have the capabilities. But now, that excuse is gone. Apple's promise to human review content and only report CSAM is the weakest link.

^ This. This is you making my EXACT ARGUMENT for why having centrally managed software distribution is bad: that once you build such a mechanism, "governments around the world could pressure Apple to add other forms of surveillance" by using that mechanism you didn't have to build, and which all but a totalitarian regime (North Korea) would never force you to have built. "Before, Apple could simply refuse by saying we don't have the capabilities. But now, that excuse is gone. Apple's promise to human review content and only [block scams] is the weakest link."

Here is a talk I have at Mozilla Privacy Labs about centralization and the evils thereof, which attempts to link together a ton of these kinds of thoughts. Maybe it would be helpful to sit back and really consider your positions and whether they are at all consistent :(.

https://youtu.be/vsazo-Gs7ms

The core issue is that trusted, central bodies are generally already evil or will become evil, whether by their own volition or as authoritarian governments force them to use their centralized control to help them accomplish their goals.

Here is a talk I gave to Mozilla Privacy Lab back in 2017 about centralization and all of the extremely-concrete evil that has resulted, with every single example from the (long) talk directly cited (as every slide is a news article). And the sad thing is that every few days there is some new high-profile abuse of centralized power that I always feel also deserves to be in an updated version of this talk... it is a never-ending issue as people suck.

https://youtu.be/vsazo-Gs7ms

So, I feel like your very question of trying to solve things that can't be solved with centralized systems is flawed; hell: I studied decentralized systems in grad school, and I have been saying for as long as I can remember that "anything you solve with a decentralized system I can solve cheaper and faster and better with a centralized one"... but you know what I can't do? I can't solve it in a way that doesn't lead to at least some moral landmines due to my now having chosen to take those shortcuts by having centralized control of the result.

Inherently, then, I believe the reason to work on blockchain stuff is not to solve things that "can't" be solved using centralized systems... it is to figure out how to re-solve the things that people already solved using centralized systems without putting any individual or small cabal in charge of anything that would let them do evil things. And it is then to figure out how to do well enough with what results that people are willing to put up with it probably being a worse result on the surface because it is a better result for humanity.

And like, that's a nearly impossible bar, and maybe to really get there will require regulation of centralized systems to make them illegal... which I realize will probably never happen :(. But that doesn't make working on these systems dumb, the way a lot of people here seem to think: it makes it all the more noble, as everyone who isn't doing this are actively making the world a worse place to live (and in some of the more egregious examples, such as everyone who chooses to work at Apple, have pretty direct blood on their hands from issues in countries like China).

Hell... looking at your comment history, I see you recently being excited about the idea that Google could use their fleet of self-driving cars to create a mass road surveillance network capable of logging the license plates of "bad drivers" (and from thread context, "reporting them")... Google already is used as a stooge for governments (even as they push back, they still provide tons of data) but at least it is almost always about their own users: expanding their charge into watching other people is just evil and will lead to unprecedented ways to abuse this information stockpile :(.

danielmarkbruce
It's not a flawed question - the question might be better worded, but it basically asks: where are the situations where the cost/benefit of blockchain is positive versus the centralized version. It's trivially easy for you to find examples of bad behavior, and it's trivially easy to find situations where blockchains have resulted in bad outcomes.

The people have voted with their wallets that buying books from Amazon is better than buying books from a bricks and mortar store. Not everyone needs to agree, but the aggregate has spoken. What is the analogy to Amazon?

I have no issue with any of these worst-case scenarios you mention because 1) these were people who opted-in to listen to these people (who might also have biased websites: "big whoop") and 2) I maintain, as I argue in more detail in my other response to someone else, that the current situation is worse for biased censorship of the platform as a whole because it implies that we are going to decide what is "abuse or brigading" as part of some centralized filter, with the result that some people are just going to either lose access to the platform entirely--even to talk to their own audience--and/or certain subjects are going to become verboten due to some disagreement with the zeitgeist.

https://news.ycombinator.com/item?id=28661600

We need to stop building centralized filters and instead push all of the moderation to the edges--even when I admit it maybe feels awkward at first glance--as it is what eventually ensures that we all have a right to communicate. You get to decide what is talked about in your Telegram channel, WhatsApp group, or (yes) Twitter sub-thread so that I have the right to decide what is talked about in mine... lest we both lose the ability to decide such after passing it off to some centralized "offensive speech" filter that ends up deciding all photos of nipples, talk of non-normative sexuality, discussion of COVID-19, or information about the latest Russian election are off-limits, because you simply can't build a centralized system for moderation without marching straight into a dystopia.

https://youtu.be/vsazo-Gs7ms

Apple pushing requirements on apps is also (supposedly) why a lot of apps (such as Instagram, which had explicitly come out to blame Apple for this) banned content of women breastfeeding, as Apple (due to Steve Jobs: there is some interesting stuff you can find on this) is so puritan.

You can also find tons of other examples of Apple's influence making decisions about what large numbers of people can experience, often without even realizing it is Apple pulling the strings, whether it be content about drugs, guns, or the use of sweat shops in the manufacturing of smart phones (a category of app I find particularly egregious for Apple to be censoring as it is so self-serving).

The core problem is really that there is no alternative: if your app isn't allowed to be accepted by Apple, you simply don't get to address something like half of Americans with your product. Users generally don't own multiple phones and they can't take an extra trip to "visit" another phone for your product, so attempts to draw analogies to supermarkets or Walmart tend to be unhelpful.

It is more akin to a physical region of the country... imagine more as if all Apple users happened to live West of the Mississippi River or whatever and you weren't allowed to sell there because they had a monopoly, and for users to use your product they have to take on massive switching costs (of moving across the country).

This centralized bottleneck on software development and distribution then plays out in tons of ways, and tends to make Apple a patsy for local government interference. People like to claim "they have to follow local laws!"... but they didn't have to build a product that puts them in so much centralized control in the first place, as except for in the most authoritarian of regimes (such as North Korea) pretty much everywhere is ok with relatively open devices (such as computers or phones that support sideloading).

Apple has thereby made an active choice to build a product that is bad for democracy around the world (including here in the west!) in no small part because it makes them a ton more money than one that they would have less centralized control over (and thereby manage to charge their extreme overheads on all use cases for)... this profits before people approach should be familiar, as it is also similar to the playbook used by Big Oil and Big Tobacco.

And, as we see in situations like this, maybe that Google merely allows sideloading isn't sufficient, given how they actively discourage it with functionality barriers (alternative stores not supporting automatic updates), discouraging messaging (telling users that side loading is dangerous), complex activation paths (sometimes requiring switches in hidden developer-only settings panels), and even stronghanding users back into their happy path (such as with their anti-virus-like tool that tends to flag alternative stores as if some kind virus).

We need to stop allowing this sort of behavior. If a company is doing something that puts them in a situation where they are making decisions to support authoritarian regimes, we should not only be morally judging them--and of course this includes everyone who works at these companies on these products: you don't get some moral pass for "merely" being a foot soldier if you have the skills to take on another job--but maybe putting in place laws that prevent our companies from tolerating these kinds of decisions.

And again: this is not to say that "you are asking Apple to violate the laws of Russia" or "you are requiring Apple to not sell to Russia"... the laws in Russia or China or wherever we tend to be talking about when these issues come up do not make it illegal to sell a device that lets users install this software: Apple, and in a different (though I do think lesser, if only for being more indirect) way Google, have gone out of their way to build a product that puts them in that position.

(To the extent to which anyone finds any of these thoughts interesting, I gave a talk at Mozilla Privacy Lab back four years ago on "That's How You Get a Dystopia", citing numerous examples of how centralized systems lead directly to the problem of gatekeepers either themselves becoming corrupt over time or being forced to corrupt themselves to satisfy external pressures, with numerous concrete examples--every slide is a citation--across the entire industry. The saddest part is that it feels like I am constantly writing down new examples of the issue I could use to make this long talk even longer, as this is a never-ending problem.)

https://youtu.be/vsazo-Gs7ms

shadilay
This is it. If you build the machine of tyranny it will inevitably be used to impose tyranny. Building open systems that center software freedom is a moral imperative.
galaxyLogic
> tends to make Apple a patsy for local government interference

It feels like that's part of their business model. Apple (and Google) can have more business if they follow the dictates of dictators. Dictators can "buy" suppression of free speech from Apple/Google.

abecedarius
Remember when Google left China. It's not a pipe dream to expect a strategic choice against working for a tyranny. (Yes, it is unusual. We can hope to make it less so.)
galaxyLogic
News: https://www.bbc.com/news/technology-58737433
Torwald
> as Apple (due to Steve Jobs: there is some interesting stuff you can find on this) is so puritan.

As this "puritanism" is an interest of mine, can you point me to some of that interesting stuff you had in mind, please?

saurik
I mean, did you at least try to search 'Steve Jobs puritan' on Google? That has some information, though 'Steve Jobs porn' is probably better (and immediately turns up most of the references I would push someone towards).
Torwald
My question is whether the GGP had something specific in mind.
dane-pgp
> Apple has thereby made an active choice to build a product that is bad for democracy

That's a good point, actually. If a company wants to claim that they are on the side of users and democracy, it needs to include in its threat modelling the possibility of "Are we the baddies?".

Torwald
Wasn't that what Google meant to do when they carried the slogan "don't be evil"?
Sep 18, 2021 · 10 points, 1 comments · submitted by pdkl95
mikewarot
The old expression was "If You Build a Better Mousetrap the World Will Beat a Path to Your Door"

Now if you build anything that stores data online, the spies and grifters will beat a path to it.

Thanks for letting me know I'm not paranoid enough. I hate learning it, but do appreciate it, just the same.

~4 years ago I gave a talk at Mozilla Privacy Lab (perfected from a talk I gave at 360|iDev) that focused on these moral reasons for not having centralized systems, looking at everything from government control to the tyranny of the majority, that I called "That's How you Get a Dystopia".

https://youtu.be/vsazo-Gs7ms

As far as I am concerned, you absolutely cannot have centralized control over something like "all software distribution" without being actively complicit with such regimes, and that people working for Apple have chosen to normalize this is unconscionably immoral :(.

tailspin2019
> As far as I am concerned, you absolutely cannot have centralized control over something like "all software distribution" without being actively complicit with such regimes

Yeah that seems to distil the problem down to the fundamentals. Will watch your talk, thanks!

I was with you until the very end, when I feel like you threw away the argument by seemingly being open to "legal requests"; the "political wars" you get dragged into tend to be from politicians that are certainly making "legal requests": hell, if they aren't legal, they change the law!

I feel like the core problem in many cases was building a system where someone gets to be arbiter of content in the first place: Apple claims they take software down due to "legal requests" by/in various countries (though this is a lie as they also do it anti-competitively or for market perception reasons, but even taking them at their word here) and yet they caused the ability to do that as somehow Android devices sold in the same jurisdictions support installing arbitrary software without issue.

Platforms like Twitter and YouTube make their problems worse by recommending content--which is entirely their editorial decision and should be seen as such: any benefits or costs, moral or legal, should fall squarely on their shoulders--and then conflating that with having the ability to publish, but they would be in a much more morally (and often legally) defensible position if they simply didn't actively recommend content they disliked but still let it be found by people who actively followed the publisher.

Regardless, as usual, I will now link to my heavily-cited talk (every single slide is inherently a citation from a reputable news source) that I gave in 2017 (maybe 2018? the video was unlisted and I only just recently made it public as someone noted I had never done that, and now the upload date is weirdly set to last week ;P) at Mozilla Privacy Lab--"That's How You Get a Dystopia"--wherein I push hard at the idea that centralized systems and the arbiters they empower are the core problem and never work out, even if you like some of their decisions for some of the time.

https://youtu.be/vsazo-Gs7ms

clairity
> "...centralized systems and the arbiters they empower are the core problem and never work out, even if you like some of their decisions for some of the time."

centralization is merely a necessary but not sufficient ingredient for dystopianism. you also need a ratcheting consolidation of power, especially money (provided by advertisers in this case) and attention/influence (provided by viewers). centralization is simply one of those (key) ratchets that can be leveraged to further consolidate power for the benefit of directors and executives.

relatedly, the american constitution is an experiment in crafting a centralized system with checks and balances stable enough to withstand assaults of power consolidation. the jury is still out, but it's looking somewhat bleak at the moment, given a runaway executive branch fueled by an unhinged fed/central bank. we seem to be stomping on the gas pedal even as the brick wall looms ahead.

in any case, i've long been an advocate of right-sizing organizations of all sorts, especially governments and companies. we've concretely learned over the past many decades that the negatives of large (and small, but those tend to self-regulate away) entities eventually far outweigh the benefits, and are better substituted by a more diverse and specialized collection of medium-sized ones.

saurik
It is not merely a "key" one, though, as it is (as you admit) a "necessary" one: we see centralized systems abused for reasons both lofty and petty by organizations both large and small; but, if you don't have (or at least make obvious... like, "come on", right?! these companies seem to have a giant "come at us" sign they wave around) some centralized chokepoint, then the problem disappears. At best, I would argue that these other influences you list are themselves centralizations that attempt to push platforms to be more centralized (whether for political, monetary, or whatever else gain). (Also, ancillary point: I would argue the explicit goal of the design of the US government is that it isn't centralized... those checks and balances come from how there isn't a centralized chokepoint of power; we are at our worst when we allow people to--when times seem good--undermine this decentralization by consolidating more power in one of the branches over the others.)
clairity
i think we're disagreeing on whether any level of centralization is acceptable, or even good (with centralization defined principly as the consolidation of people and resources here). i'd contend that yes, some degree of centralization is beneficial, but too much centralization gets overwhelmed by negative repercussions.

in this specific case, imagine if we had thousands of mini-youtubes, each with their own curational quirks. no single mini-youtube could unduly influence the whole zeitgeist. most (all?) will be flawed in their curatorial duties, but none could move public opinion in any meaningful way. viewers could also jump from one to another and be exposed to many different editorial perspectives, even without necessarily being cognizant of that. however, if every mini-youtube were relegated to being a single person each (i.e., no centralization), then we'd lose the benefits of aggregation and curation.

the problem of course, is that we societally accept size and growth as good things, and i'm arguing that they're only good to a certain point (and see your argument as saying all centralization is bad), and that we need to change incentives as a function of size/centralization, so that we get right-sized organizations, rather than unaccountable behemoths. our current incentives make right-sizing an unstable equilibrium point on that curve, which is why it doesn't happen.

anm89
I think you are mistakenly conflating government official request with legal request. Maybe I would have been better off to use "legal demand".

A senator can ask you to do something but the fact the they are a senator does not legally obligate you to comply.

But if the DoJ sends you a demand (I'm not a lawyer, I'm just making up details here) let's say it's signed by a judge or something, what are you gonna do, say no?

There are also cases like child pornography where you might preemptively remove stuff without any demand because you want to but it would still be under justification of it clearly complying with a law so you haven't poisoned the well of if you censored anything.

And that's really the important factor in the end.

As everyone else had said, if you don't do that stuff, you are just going to get your domain and assets seized anyway.

vbezhenar
If a website does not honour legal request, it'll get blocked, so its entire content will be effectively removed for all citizens.

The proper approach IMO is to honour legal requests, but provide transparency and display some information about blocked content, like who made the request to block it and so on. Of course content must only be blocked for requests originating from that specific country.

jMyles
> If a website does not honour legal request, it'll get blocked

If that is happening, then the architecture of the internet needs to take more evolutionary steps.

If the state can censor the internet, there's nothing 'inter' about it. It's just a network, subject to the whims of its flailing predecessor.

vbezhenar
> If that is happening

Yes, that is happening for many years. China being the most known state, but AFAIK even well-recognized first-world democratic countries like UK block some websites.

> then the architecture of the internet needs to take more evolutionary steps.

Adoption of IPv6 is a good example that architecture of the Internet is pretty much set in stone at this moment. We can put more layers on top of it, like Tor network, but underlying protocols are still IPv4/IPv6 with enough meta-information to allow efficient blocking of protocols or resources.

I have some hopes that new TLS standards with hostname encryption (ECH) along with CDN networks will make blocking impossible. But even that is easily circumvented with government MITM. Kazakhstan already deployed all the necessary hardware and did some successful tests on scale. Browsers blocked its root certificate, but will they block (imaginary) China root certificate, losing 1.5B users?

saurik
But that doesn't solve the problem, as the "political wars" the person I was responding to described all work in the world of increasingly tight laws; you have to avoid being a target in the first place by correctly navigating the space of solutions for how content is distributed in the first place. Take the Apple iPhone example: if Apple is forced to remove an app from their app store by China, it doesn't matter if the user can install it on the side... and somehow China has not managed to force companies to not provide that functionality: Apple going out of their way to centralize both app distribution and even API access (VPN functionality, as a specific example, is hidden behind an entitlement that they don't give to casual developers) is work they chose to do that directly enables the ability to even make "legal requests" quickly and easily.

I maintain the moral equivalent of this for platforms like Twitter and YouTube is to stop conflating their centralized recommendation systems (which should be considered "their speech") with the functionality to publish at all (which should be considered "someone else's speech"): it is going to be way less controversial to stop recommending something that someone else likes if it is still accessible to people who know about it (as they externally discovered the content or author and were directly linked to it/them), and it is also going to be way less controversial to allow people to publish something that someone else doesn't like to their own audience if it isn't being actively recommended to third parties. These recommendation systems have started to conflate "being able to say what you want" with "being able to be granted a large audience" so well that the feature set for moderation fails to separate them, and that's bad for everyone: there is a reason why we talk about "the right to free speech" instead of "the right to be heard".

Well, I want decentralized peer-to-peer networks and the ability to pay for things using currencies like Monero and Zcash; only, to build the tools that make that world happen, I can't only build apps and platforms that only work for half the potential users: the network effects simply don't work like that :/. And yet, Apple insists that, for their own good, all push notifications for users must go through their servers--requiring apps to always have centralized backends, which they currently often outsource to Google or Amazon, further centralizing all data collection--and all payments for all products everywhere by anyone must be made with centralized credit cards through Apple's payment processor. I mean, this is the same company that implemented a feature that causes your computer to phone home to Apple every time you run a program, which they also claim is for your own good? Even the entire setup of their centralized App Store makes them a tool of oppressive governments to do further surveillance on their population, providing centralized chokepoints--ones that only exist because of Apple: Android phones that are marketed to these same regions do not have these issues, proving Apple's excuses are lies--to ban applications such a scam VPNs. The whole situation is ridiculous: centralized systems are inherently anti-private, if not in the short term then in the long term as their incentives wear out.

https://www.youtube.com/watch?v=vsazo-Gs7ms

layoutIfNeeded
With all due respect, this is not about your open source decentralized peer-to-peer crypto utopia. This is about third-party app stores. This is about Google- and Facebook-type companies gaining unfettered access to the most lucrative user segment (rich iPhone users) and data-mining the crap out of them. This is about billions of dollars of juicy advertising revenue.
srtjstjsj
Privacy is not the same as anonymity. Confidentiality is a technique for offering a degree of privacy without anonymity.

Offering services to fully anonymous counterparties is fraught with challenges.

Android is extremely vulnerable to third party attackers via apps.

> I can't only build apps and platforms that only work for half the potential users.

Are you sure even close to half of your potential users use (exclusively) iOS? I severely doubt that.

Exactly for the reasons you mention, people who want self-managed security don't use iOS.

saurik
In addition to the absolutely "well known" market share and revenue numbers listed in the sister comment, because many of my users care deeply about both security and privacy--which this absolutely is: Monero and Zcash are both called "privacy coins" and not "anonymity coins" for a reason... being able to avoid any third-party (including Apple or banks or governments) from knowing who you transacted with is different from building systems where the person you are transacting with doesn't know who you are (even if they are related)--I would expect more than the usual share of users for such a product to be using iOS, a decision that even I tell people is a smart decision... due to the better permissions and capabilities/entitlement systems and due to the longer support and seemingly better care towards security in general, and not at all due to the App Store's centralized BS.

FWIW, though: 1) even if you expected the vast majority of people to be using one system instead of the other, you can't build a communications platform or payment system or ecosystem generally at all that simply cuts them out as it causes problems for the people and companies trying to adopt it... if you build a platform for decentralized apps that doesn't support iOS or a chat system that doesn't support iOS or a payment system that doesn't support iOS, well, you now have to convince everyone else in the world not to support iOS: your hands are frankly tied here.

novok
If you're a mobile developer, the market numbers are pretty well known. About %50 in the USA is iOS & %15-%20 is iOS internationally. And even in the international case, that %15-20 is around +%50 of the REVENUE. iOS users pay way more and these facts have been fairly stable for years.

And what apple is doing is not giving their customers and users a choice other than an extremely radical one of abandoning the platform completely.

saurik
I hate leaving such a useless comment but this autocorrect-assisted typo is so horribly confusing: "a scam VPNs" -> "as VPNs". (I guess I will just take this forced opportunity to then point out that this is all viscerally concrete for me, as the developer of both Cydia and now Orchid: I recently sued Apple over these issues.)
novok
Curious why the video is unlisted?
saurik
OMG that would explain why it is always so difficult for me to find the link every time I want to paste it!! Thanks!!
zepto
> only, to build the tools that make that world happen, I can't only build apps and platforms that only work for half the potential users: the network effects simply don't work like that

I call complete bullshit on this. I want the same thing, and so so many other people. The only reason we don’t have it is that it’s a lot of work and nobody has done it yet.

Blaming Apple for their business standing in the way of network effects is just an excuse.

If the software was built, we’d find a way to run it.

saurik
Well, claim what you will, but the Ethereum community has been making great strides in these areas, but Apple has forced all of the wallets to remove their dApp browsers and has caused companies such as mine to have to spend immense amounts of time trying to figure out how to build fiat payment gateways for cryptocurrencies over Apple in-app-purchases rather than working on our actual decentralized product as we got rejected from the App Store due to failing to give Apple their cut.
zepto
Again, just false.

Nobody has built anything like the whole stack needed for a secure distributed App Store with private payments.

It’s obvious you can’t build such a thing on top of Apple’s store, it’s just not credible to claim to be trying and being stopped by Apple.

You could build one for Linux or Android. If you actually made it work, then it would be existence proof that a centralized model is not needed for a private and secure store.

That hasn’t been proven and the way to prove it is clearly to build it where it can be built, not to make arguments about Apple’s bad faith.

And yet, interestingly, developers removing their own apps is also Apple's fault in the end, for two reasons: one proximal, and the other ultimate. I work on an app that helps you bypass firewalls, and so it is illegal in China. I am pretty sure I would get in trouble with Apple if I allowed it to be downloaded in China, so I turn off the ability to download it in counties where I know I am not allowed to market it... if you thereby told me that every one of these apps was turned off by the developer, I would not be surprised.

However, more fundamentally: I also think we turn off the ability to download our app in some countries on Android... and yet I know that users can and do still install my app in those countries (hell: I want them to!!!) because Android almost always supports sideloading (and hell: the Google Play Store is often blocked in the most egregious counties anyway).

The real, underlying, ultimate issue is that, driven primarily by their greed, Apple has decided to create a centralized bottleneck on the deployment of applications to their platform, and so has--100% predictably: like this was ridiculously obvious when they started doing it what would happen, and they certainly are not so stupid to not now know in hindsight... they just don't care--become a tool of oppressive regimes to block and enforce the installation of software they dislike on people who happen to own an Apple device.

For a much wider and more general analysis of what is going on here, I highly recommend watching a talk I was giving a few years back called That's How You Get a Dystopia--the best version of which I did at Mozilla Privacy Lab (recording link below)--wherein I look at not only Apple, but the harms put upon users from centralization across the software industry, as well as discuss all the ways this also screws us even in counties that supposedly are quite liberal (as if nothing else, Apple is specifically extra-puritan, which causes a weird aftertaste of misogyny in their curation choices, such as causing Instagram to ban photos of people breastfeeding).

https://www.youtube.com/watch?v=vsazo-Gs7ms

mindslight
The real WTF is Apple setting up a list of countries in the first place. There should be no list of "block downloads in these countries" feature, because there should be no record of what country any given account "belongs to".

The Internet never cared about countries. Then Big Tech came with all this legacy horseshit of dividing and controlling individuals, grafted proprietary software onto the HTTP protocol to create what is effectively Cable TV 2.0, and marketed the hell out of it drowning out actual Internet culture.

It's the exact same attack other countercultural movements succumb to, but that doesn't mean we should just silently accept it.

musicale
> The Internet never cared about countries

However countries care about Apple and can affect its business, particularly if Apple doesn't obey local laws or regulations.

mindslight
The vast majority of this is opt-in on Apple's (et al) part. They could have also chosen to offer their products "as is", and leave it up to foreign countries to firewall or not.

This is a little harder for Apple specifically, also selling hardware. But it would have been straightforward to spin the software store into a separate business, and they'd have been more robust for it.

But instead they fell back to all that legacy cruft, because it's what corporations know. And it's certainly lucrative to sell the fruits of freedom to authoritarian countries while filtering out the inconvenient parts. However the grassroots tech community should be denouncing them at every opportunity, rather than giving a pass to their corporate authoritarianism as if it in any way reflects Internet ideals.

Well, "somehow", Android phones are sold in these countries, and while Android devices are not truly "open" by any respects, they almost always are able to let you "sideload" absolutely any sandboxed app you want... including these apps that are banned in all of these countries that Apple insists they are forced to block. The reality is that Apple is only forced to block them because they have decided to be a centralized arbiter of all content for these devices, something that Google and Samsung did not do, and so have created a powerful, centralized bottleneck that can be leveraged as a tool for regimes to control their population. The only reason this is thereby happening is because of Apple's greed: they would rather be able to collect 30% of every transaction that occurs on their systems than to add a trivial feature--sideloading--that would fight against and undermine this oppression.

I highly recommend watching a talk I was giving a few years back--the best version being when I did it at Mozilla Privacy Lab (link below)--which focuses on the ramifications of the core of this problem across the industry (but of course, with one of the narrative focuses being on Apple, as I have a lot of background knowledge there).

https://www.youtube.com/watch?v=vsazo-Gs7ms

GeekyBear
Sideloading apps that get you targeted by the local government isn't a win for those who end up arrested or killed.

>Egyptian authorities are using dating apps like Grindr to lure, arrest gay men

https://www.hindustantimes.com/world-news/egyptian-authoriti...

xnyan
Safari does not block a user from visiting dating websites, this is true even if a dating website is illegal for the user to access. Repressive police states do not limit themselves to only targeting people using dating applications versus dating websites.

If you pay them money, Apple has/will let you make virtually any data siphoning and user-hostile application you want, and they will allow you to sideload it without review (enterprise program). The common factor is control that benefits Apple.

Mediterraneo10
There has been speculation that Google will eventually make its Advanced Protection model, currently optional, mandatory in a future Android version. A consequence of that will be that sideloading will only be possible if you connect to the phone over ADB and install the app from the command line that way. Obviously only a tiny, tiny amount of techies like us will every know how to do that. So, I don't think Google can so easily be held up as an example of user freedom.
privacyking
Doesn't that require a security key? That will never be implemented due to that requirement.
Smithalicious
It's not difficult to learn to do that, though, and regardless this is just speculation of what may happen.
Mediterraneo10
Using the shell is difficult to learn for 99% of Android phone owners. We nerds here are not a representative crowd.
Smithalicious
You don't particularly have to learn to "use the shell", however. If you only want to sideload apps it's just a matter of copying simple commands from the internet. This is well within the capabilities of most people who are technically competent enough to sideload apps now.

Users are certainly very reluctant to drop into a command line, but in my experience if it is a true necessity for something they want to do, they don't actually have that much difficulty with it.

Mediterraneo10
No, the vast majority of Android phone owners are not going to open the command line. The very prospect of it will daunt them, or it may even be unfamiliar to them (a lot of Android users, especially in the developing world, rarely or never use a traditional computer and are unfamiliar with the full range of its features). Even those users who would copy and paste into the terminal are a niche more comparable to us here than the average phone owner.

Yes, of course sideloading may still remain possible in such a scenario, but it would not be mainstream enough to sustain any kind of mainstream ecosystem of apps outside of the Google Play Store. Even F-Droid supporters have been worried that clamping down on sideloading could marginalize F-Droid even further than it already is.

Smithalicious
The vast majority of Android users are also not going to sideload illegal apps currently.

Don't get me wrong, I agree that trying to restrict users from installing software of their choice on their own computing device is user-hostile, but in this specific scenario, users sideloading apps banned by their government, I don't think having to open a command line to do it would significantly shrink that userbase, which is already comprised of a small minority of particularly committed people.

But all of this is moot regardless, because AFAIK this doesn't extend beyond the realm of speculation.

I am not confusing any of the things you claim I am, nor have you provided any evidence of something I said even being incorrect. Apple makes an active choice. Somehow, many Android devices exist--built by manufacturers I don't see any need that name, which technically but only barely includes Google--and they don't have these issues because they did not make the immoral choice made by Apple.

> Apple allows one channel. It owns that channel. It is responsible for the content on that channel.

I understand this, and am claiming it is morally reprehensible: Apple's explicit and actively immoral decision to say there is only a single distribution channel can be used on their devices directly leads to this problem. They chose to build and sell a device with a centralized point of failure that made China able to block apps from their phones.

> Android had many channels, and Google’s App Store has the same apps banned, but an android user can simply use another channel.

I also understand this: the active and explicit decision made by the people who sell Android phones is what allows this. Apple explicitly decided to not allow this, because they are evil.

> Since Apple is responsible for the apps in the Chinese App Store, they’ll remove apps that expose them to liability. Google does the same.

Obviously. But that is entirely irrelevant to the discussion. The decision made by Apple to only allow a single store on their phones is an explicit, active decision to be horrible people and to explicitly allow Chinese censorship of their devices.

We know this wasn't a requirement to sell their phones in China, as many other phones are sold in China that do not have these restrictions. Now, you can happily say "Apple wanted to have a monopoly on app distribution, and that's why they decided to build a system that would require them to cave in to these censorship demands".

But you can't claim that they would lose access to the Chinese market. This claim, in fact, makes the error you (incorrectly) claim I do, which is to incorrectly model the decisions Apple made with respect to their platform.

FWIW, if you want to listen to me go on about this issue for an hour and a half--to verify I am not somehow twisting my words here to avoid being wrong--here is a video of me speaking at Mozilla Privacy Lab.

https://www.youtube.com/watch?v=vsazo-Gs7ms

dann0
I appreciate your effort in fleshing out your arguments, but you’re still conflating multiple factors. You also seem to to have an ideology against Apple and/or it’s approach. While that’s fine, it becomes impossible to have a conversation based on fact or reason.

Your claim of offering only one software distribution platform as being morally reprehensible is absurd. All Apple phones can run any web app. No consumer is forced to only purchase an Apple phone. Apple hasn’t done any more than follow the law that they have to follow given other decisions they have made.

You’re right that they made an explicit choice, but not for the reasons you’re suggesting. The App Store wasn’t created to enforce CCP policy. One could argue that allowing the uncontrolled distribution of apps that violate that security and privacy of the user is far worse.

You seem to have an intense dislike of Apple for other reasons. That’s fine, no issues there. But it is causing you to misattribute blame. They are far from a perfect company, and the App Store is problematic for many other reasons.

However, you seem to ignore the same behaviour when conducted by other businesses. Why is it ok for other phone makers, movie producers, and game distributors to censor or alter their products for the Chinese market, but it’s the height of evil for Apple to do so?

If you are truely concerned about morality, look deeper. You should direct your outrage at the CCP and less so at Apple.

HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.