If you don't control something, you de facto don't own it. You're advocating for a future without personal property. If you doubt this, see John Deere.
> improve the overall security of the internet
When someone else has remote control over your system, your system is - by definition - insecure. The recent drama involving the FBI and an iphone is a perfect example: the phone is insecure if the OS can be forcibly updated by the manufacturer.
Remote control of the OS may improve the security of the internet, but it happens at the expense of user security.
> The end user wanting a system he/she controls [is insecure]
This attitude is incredibly insulting. Instead of providing more secure products that people cant successfully maintain, or spending the time and effort to properly educate users, you're claiming they cannot be trusted with complicated tools.
> taking away control
"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice. You might want to consider the long-term effects of advocating against freedom.
I'm not advocating. I am pointing out that user control is fundamentally anti-security. Bad security may very well be worth the tradeoff if you value other things like freedom, fashion, backwards compatibility, fewer restarts, price, etc.
I'm not convinced that freedom and security are quite as opposed as some claim; centralized control has repeatedly been shown to create its own security problems.
But supposing and to the extent that they are, I'll bite that bullet. If I have to trade away security for freedom, then I'm willing to do exactly that.
I don't see how your argument works. You seem to be saying that user control automatically leads to less security which is obviously false. Maybe you are conflating groups with individuals. If an individual has control then by definition he can chose to be more secure or less secure by his actions e.g that individual may chose to perform updates asap and stay away from suspicious downloads. He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way. But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.
>You seem to be saying that user control automatically leads to less security which is obviously false.
No.
> If an individual has control then by definition he can chose to be more secure or less secure by his actions
He can in theory, but he does not in reality.
>He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way.
Again, reality shows us that the vast majority of users choose to be insecure.
>But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.
Correct, a diverse set of platforms would also be good for security. But that is a separate argument.
> the vast majority of users choose to be insecure.
This is incorrect. The vast majority of users choose to use the things they purchase for the intended features. They usually make no choice whatsoever about security. Your posts in this thread have been trying to blame users for poor product design; if something is badly insecure when used for the intended features, then it is defective.
This is where you probably want to assert that remote management is the solution, which takes control away from the user and allows defects to be fixed at a later time. You have asserted many times that allowing users to control their own devices is "less secure". This conclusion may be true in some cases, but it is simply incorrect most of the time.
When you take control away from the user and give it to the manufacturer (or other remote location), you are creating a backdoor that the user cannot override. Adding a remote backdoor is weakening security for the user. If you want to argue this, you're going to have to explain why both the FBI and Apple were wrong in their recent conflict about pushing a broken OS to a certain iphone.
Yes, users have very little knowledge about computer security. The solution to that is to educate them and make better products that don't need as much technical knowledge to use safely. Only then will security be improved. Your solution of handing over control to someone else is trying to keep users ignorant while lowering user security.
You seem more interested in putting words in my mouth than having a real discussion, so I will simply say that if you want to go with that metaphor, having a backdoor is preferable to having no walls.
User control is, by definition, security. The goal of security is to keep control in the hands of the owner. To remove control in the name of security is at best deceptive and self-defeating.
No. The user might use his control to make his computer less secure. Then it does't have security. And in real life, most user do exactly this when they have the option easily available. Most viruses spread through user control. Users choose to run programs which are viruses. Users choose to not upgrade their insecure software. Those are pretty much the main ways viruses spread.
You start off by saying "The user might use his control to make his computer less secure" which is true. But just two sentences later you claim "users choose to not upgrade their insecure software" which is obviously false. They might but the might not.
I could argue the same way and claim that removing user choice might make the computer less secure e.g. by forcing updates to an insecure version, installing backdoors etc. In the real world, this is exactly what happens. Therefore removing user control makes computers less secure. Now do you agree or do you think that my argument is deeply flawed?
"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice.
Very well said. There's this relevant Gandhi quote:
"Freedom is not worth having if it does not include the freedom to make mistakes."
The whole approach to computer security seems to be based on an argument along the lines of "let's just throw everyone in jail and treat them guilty by default because they might possibly do something we don't like", which (fortunately, at this present time) seems preposterous in the real world, and yet that's what people are silently accepting --- or even strongly advocating --- with respect to online matters and their computing devices.
A world of perfect security and perfect safety, where no one can make mistakes, where no "bad things" can happen to anyone, and in which everything is controlled by some authority would be immensely boring, dystopian, inhuman, and quite frankly not worth living in.
Choosing to have less security because you value freedom more is totally fine. What I object to is choosing to have less security because you value freedom so much you pretend that less security is actually more. And especially when people are making that choice because those of us who are more informed than they are lied to them in order to manipulate them into doing so.
If you don't control something, you de facto don't own it. You're advocating for a future without personal property. If you doubt this, see John Deere.
> improve the overall security of the internet
When someone else has remote control over your system, your system is - by definition - insecure. The recent drama involving the FBI and an iphone is a perfect example: the phone is insecure if the OS can be forcibly updated by the manufacturer.
Remote control of the OS may improve the security of the internet, but it happens at the expense of user security.
> The end user wanting a system he/she controls [is insecure]
This attitude is incredibly insulting. Instead of providing more secure products that people cant successfully maintain, or spending the time and effort to properly educate users, you're claiming they cannot be trusted with complicated tools.
> taking away control
"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice. You might want to consider the long-term effects of advocating against freedom.