Incorrect.

Choice 2. Empowered user. The end user is free to CHOOSE to delegate the hardware's approved signing solutions to a third party. Possibly even a third party that is already included in the base firmware such as Microsoft, Apple, OEM, 'Open Source' (sub menu: List of several reputable distros and a choice which might have a big scary message and involved confirmation process to trust the inserted boot media or the URL the user typed in...)

There should also be a reset option, which might involve a jumper or physical key (E.G. clear CMOS) that factory resets any TPM / persistent storage. Yes it'd nuke everything in the enclave but it would release the hardware.

I'd argue that even the 'safe' devices should at least be open enough to delegate trust to someone besides the original manufacturer. Otherwise it just becomes ewaste once the manufacturer stops support. (Too often they ship vulnerable and outdated software then never fix it.)

This is just insane. Lock the devices down by default, and allow the user to unlock them if they want. Why do we have to have Big Brother devices that "benevolently" restrict what you can run "for your own good"? Why can't all phones have unlockable bootloaders? My phone has a big, scary "DO NOT DO THIS UNLESS YOU'RE A COMPUTER EXPERT" warning screen to unlock the bootloader, and that's fine.

Why do we need devices we can't unlock? Who is harmed by unlocking? This is the major point nobody has ever been able to explain to me. Who exactly does the big scary unlocked bootloader hurt? My parents have unlockable devices and they haven't had all their money stolen, because they haven't unlocked them.

> The problem isn't that locked-down devices exist - it's that we don't have enough truly open alternatives for those who want them.

The problems is that vendors use "locked down devices" as an excuse to limit competition.

Suppose you have a "locked down" device that can only install apps from official sources, but "official sources" means Apple, Google, Samsung or Amazon. Moreover, you can disable any of these if you want to (requiring a factory reset to re-enable), but Google or Apple can't unilaterally insist that you can't use Amazon, or for that matter F-Droid etc.

Let the owner of the device lock it down as much as they want. Do not let the vendor do this when the owner doesn't want it.

On Steam Deck, you never even have to set a 'sudo' password. You can have a safe managed experience and still allow a device to be open. Option 2 is ridiculous because it will just be exploited by companies and governments that want to control what you do or what content you see.

> The problem isn't that locked-down devices exist - it's that we don't have enough truly open alternatives for those who want them.

Not for lack of trying. See for yourself

https://en.m.wikipedia.org/wiki/List_of_open-source_mobile_p...

The list is not short.

Plenty of companies have attempted this over the years but it’s not obvious that a big enough customer base exists to support the tremendous number of engineering hours it takes to make a phone. Making a decent smart phone is really hard. And the operations needed to support production isn’t cheap either.

I know you weren't using it in this way, but I do appreciate the double meaning of the word "protection" here.

A.k.a, "nice google account you've got there, holding all your memories, emails, contacts, and interface to modern living; would be a shame if something happened to it because you decided to sideload an app ..."

Option 1 is a superset of option 2 - meaning, any hackable device can also be a locked down device because hackability means the power to do whatever.

We don't need option 2, period, and it shouldn't exist.

Just put the hackability behind a switch or something. If people turn it on, that's on them.

If there is a big enough market for 1), shouldn't it exist?

The problem in my eyes seems to be that there isn't enough capital interested to sufficiently fund 1) to compete and create a comparable product. Thus, at best, we end up with much inferior products which even people semi-interested in 1) are not willing to adopt due to the extreme trade offs in usability.

In theory these 2 options seem like a sensible way to have a choice. But the average user is not going to own and carry 2 devices. We want to have all we need in a single device, and things like paying with your phone have become way too common by now to not have them.

Agreed and I think we're already here. Hardware is so cheap now its trivial to have both multiple streaming devices and multiple open computer platforms. There are advantages to both and no way to compromise to have one device for everything.

Regardless of whether we expect manufacturers to let us run any code on the device, we should not restrict people from attempting to bypass the manufacturers limitations. That gives the manufacturer freedom to try and lock the device down but also the owner freedom to break those locks. Otherwise it worsens situations like the FutureHome scandal.

No, we need to only have option 1, because if option 2 exists, things like banking apps will all only run on it and will refuse to work on option 1.

You're wrong.

My hardware. My decision.

I was a kid once. The hackability of the devices I owned is what led me to this career. Let's give our young ones a little more credibility.

The issue with this is that inevitably the locked down devices, which will end up being 98%+ of the market, become required for ordinary living, because no-one will develop for the 2%.

Open hardware is essentially useless if I need to carry both an open phone and a phone with the parking app, the banking app, messenger app to contact friends, etc.

Open and hackable products have a niche user base, so these users get a niche set of options. The only way to get mainstream products to play to this tiny user base is to demand that all products be open and hackable by fiat. Otherwise, there’s no incentive from anybody involved (manufacturers, app developers, etc.) to give them something that can run both their banking app and some open source app they compiled themselves. There’s a lot of dancing around the security effects this will have on “normies”, and although there are plenty of armchair proposals I haven’t heard one that doesn’t obviously degrade into some sort of alarm fatigue as both legitimate apps and malware tell you to click though a dialog or flip a setting.

You can have somr option burried in the settings, a 10yo kid would be able to think of this

People too stupid to use computers safely should be kept away from computers for their own safety. Giving that kind of person any kind of computer would be immoral by definition. They shouldn't have phones at all, they're just going to fall for corporate approved scams from Meta, Applovin, and Indian call centers.

I think this is a false dichotomy. Open hardware with open source software would be more protected simply by being more stress tested and vetted by more people. If you need even more protection you can employ zero-knowledge proofs and other trustless technologies. I have long been dreaming about some kind of hardware/software co-op creating non-enshittifying versions of thermostats, electric kettles, EV chargers, solar inverters, etc, etc. Hackable for people who want it, simply non-rent-seeking for everyone else.

> Locked-down, managed devices for vulnerable users who benefit from protection

Thats fine! Just make sure it is possible for someone to take the same device and remove the locked down protections.

Make it require a difficult/obvious factory reset to enable, if you are concerned about someone being "tricked" into turning off the lockdown.

If someone wants baby mode on, all power too them! Thats their choice. Just like it should be everyone else's choice to own the same hardware and turn it off.

Do we need the second option to exist? The world is dangerous place. If you can't figure out a computer perhaps you're just unfit to participate in the modern economy.

The existence of locked-down hardware eliminates the feasibility of open hardware through network effects. That is what is happening now.