(no title)
digiown | 13 days ago
In principle I agree with keeping some content away from children, but I don't think any of the implementations will work without causing worse problems, so I disagree with implementing those.
> in the day to day practical way
There's a world of difference between practically required and it being illegal to use anything else, even if initially for a small set of population. You still have a choice to avoid those now. Moreover there is a fairly large subculture of gamers etc opposed to these movements, and open computing platforms will take a long time to fizzle out without intervention.
If you mandate locked down devices for kids, it will very quickly become locked down devices for everyone except for "licensed developers", because no one gets a bunch of new computers upon becoming an adult, and a new campaign from big tech will try to associate open computers with criminals.
mindslight|13 days ago
You kind of skipped over the distinction I made between "secure boot" and "remote attestation". Based on what you wrote here I'm not quite sure if you understand the difference between them. And in the context of locked down computing, the difference between them, and their specific implications, is highly important.
I'm not pointing this out to shoot down your point or something, rather I think you'd benefit from learning about this outside of this comment. But I'll be a little more explicit here to get you started:
The worry with secure boot was based around the possibility that all manufacturers would stop making non-locked-down devices. This has not really panned out - all phones basically have secure boot, there are many you can install your own OS image onto, and there are many escape hatches.
The worry with remote attestation is that website owners will be able to insist that you run specific software environment and/or hardware, and deny you access otherwise. On desktop web browsers, this is the WEI proposal that seems to have stalled. But on mobile, this is still going full speed ahead, both web and apps (SafetyNet).
The thing about remote attestation is that its restrictions take the same shape as current CAPTCHA nags, IP block based hassling, etc. When websites see that more and more visitors are compliant, they can crank up the pain. First it's invisible, then it's a warning, then it's a big hassle (eg lots of CAPTCHAs), and then finally it's a hard lockout. This can happen, led by specific industries (eg banking), regardless of any communities working to resist it. What you should picture is all of our old computers working just fine, but being able to access modern websites in a way that cannot be technically worked around.