I really like this comment. I similarly don't like that banking is, from no collusion just internal incentives, locking out any users not opted into the Chromium hegemony.

> The irrefutable part here is that the security model works.

Yes! And that business model should be allowed.

This leads me to worry the notion of "user agency" may be misplaced, meaning, aimed at the wrong level of the stack. It would seem both open (general compute ethos) and secure devices (appliance ethos) have a right to be in the market. So…

### Perhaps user agency should be at the experience level. ###

We couldn't plug Sega Genesis cartridges into Nintendo 64. We understand this about consoles. If we remap mobile devices into consoles, it seems less obvious their internals should be opened and tinkered with by end users.

User agency seems more at the level of picking a console family, and it's often for the whole brand aura including both the console itself and safeness-to-permissiveness dial by which the brand curates its the cartridges (spectrum from Nintendo to Apple to Sony to Microsoft and Steam). A free market for mobile devices or desktops would likely sort out a similar spectrum of just-works to fidget-able. If you choose the Nintendo 64, you wouldn't expect to run arbitrary software on it as you would expect on Dell.

We hackers are capable of figuring out how to make Nintendo 64 software; our neighbor does not need or want those affordances, they want just works, no headaches. This idea that the user must be able to open their digital watch or toaster oven and change how it is wired glosses what users actually choose: the conveniently toasted meal.

At the same time, business models around the curation and appliancification of digital tools, blurring the lines from hardware through solid state through firmware to software into a single product users can choose, must be defended.

If I want to dev for a secure product, I similarly must be OK opting into the supply chain security model (with Apple, registering as a dev in order to exchange cert material and bypass consumer paths to loading software I'm making for the platform) that allows that product to be secure, and opted into by users with money to buy my app, that caused me to want to develop for it in the first place.

Users must have a right to buy an appliance that isn't fiddle-able. Not mandated to, as this article sounds, but allowed to as the EU is trying to deny. Such products have a right to exist, and such business models have a right to exist.

And then, user agency remains as simple as use dollars to buy a product offered through a biz model that matches the user's goals, rather than regulate to disable business offerings offerings/products that don't, and developer agency is to pour energy into the platform that aligns with one's ethos.

If more money is to be made on a platform with a different ethos, perhaps it's worth reflection rather than rants.