Actually this makes sense. Already since recent iOS versions have started popping up an alert to grant access to local network resources per app, I've noticed this popping up on several apps that have no business mapping and fingerprinting my LAN. Including the Facebook app.
It's weird how a company can be so internally disconnected. This entitlement is a good privacy-preserving hurdle to prevent scummy apps from interfering with your local network and fingerprinting you. On the other hand, the on-device scanning of nudes in imessage and csam in iphoto is a total snitchware swatting-as-a-service piece of software which only serves to incriminate and harass the owner of the device. Such a shame.
The only problem I have with it is that the entitlement system controls both what you can submit to the App Store as well as what you can locally compile and install.
For example, you can't locally develop a VPN app until you ask Apple permission to develop a VPN app. Almost certainly this is to appease China, which I find particularly egregious.
Fonts also require an entitlement, but I'm not sure if it's just something you need a paid dev account for or if you need to specifically grovel to Apple as to why you need it. I doubt "I want to submit a pull request to iSH" would be considered a valid reason (but correct me if I'm wrong).
Even things like camera access in multitasking views are entitlements that your dev account needs to be preapproved for. In fact, it wasn't even something that Apple even publicly mentioned for a while - only Zoom had it until someone reverse-engineered their app bundle and found out about it.
Didn’t that get hardened in response to the Onavo revelations? In particular, Facebook was using their developer certificate to sign spyware installed via MDM. I don’t remember it being a requirement from the beginning, even though China has tightly regulated VPNs for a long time.
Honestly I see no issue with facebook being allowed to do this. If someone pays me to install spyware on my desktop, nobody complains that we should remove the ability to run as root.
> For example, you can't locally develop a VPN app until you ask Apple permission to develop a VPN app. Almost certainly this is to appease China, which I find particularly egregious.
Can't you manually add a vpn without an app? I haven't needed to configure this myself but presumably if you're bundling your own vpn app you can do the manual configuration in settings which is significantly easier.
That only works if your VPN uses one of the 2-3 standard protocols supported by iOS itself.
If your VPN uses a different protocol, you must (with an entitlement) develop an app that gets to execute its code for every packet sent and received. For example, if you want to create a "VPN" that sends and receives packages by audio like an oldschool modem, or if you want to implement the WireGuard protocol, or if you want to implement a dns tunnel, etc.
The good thing is that any random shady app can't just start hijacking and intercepting every network packet for the entire device. The bad thing is that it makes difficult as an outsider to contribute to open-source VPN apps, since you don't have access to the entitlement (which ultimately requires access the the private code signing keys and provisioning profiles for the developer that DID receive the grant (and the debug device must also be registered there)).
Your comment nicely addresses the local network restriction, but the article already expresses understanding of this. Why the extra-stringent multicast thing?
They’re trying to stop people from listening for all multicast traffic, presumably because it stops someone from fingerprinting based on the things on your network.
The restriction doesn’t stop you from using the NetService API (or friends) from listening for or advertising specific named mDNS services. You can continue to do that today without any extra entitlements. What it stops you from doing is listening for wildcards and sucking up everything — sadly, restricting multicast traffic on regular IP sockets is basically an extension of that.
Instead of trying to define a guideline that says “may not use multicast for this, that, blah”, apps instead just have to request it and explain why. It’s probably not a topic that the usual review team can consider without extreme levels of training beyond what’s necessary, and it’s a specialty network skill with lots of privacy traps. It also allows Apple to see who doesn’t request the permission but uses multicast anyways, because they might be using some sort of framework that is unknowingly tracking people, and then they can identify and start rejecting that framework storewide.
“How can we ensure every request for multicast escalates to someone qualified to make a decision that we can stand behind?” An essay question is a great answer, even if people hate the uncertainty. Better that than a new guideline!
Multicast can wreak havoc on a WiFi network. Clients that are further away from your AP require sending data at a slower rate and APs will try to send the data slow enough so that all clients can receive the traffic. In practice this means a 1mbps multicast stream will take far more than 1% of a 100mbps network and in some cases I have seen it shut down a network entirely. At my day job we disabled receiving multicast (IPTV) feeds over WiFi years ago because we have never seen it work well enough to be worth it.
If Facebook has no business using this permission why did App Store review approve it? Surely they must know what is going on in every app, that's why the App Store is so safe.
Because there are legitimate reasons why Facebook might need access to your network for streaming videos to a TV or similar uses cases.
Apple doesn't know what every app does, they basically know what frameworks/syscalls get made. You can wrap entitlements around those things without explicitly knowing exactly what an application is actually up to.
Streaming videos to a TV with airplay can and does happen without the app itself needing multicast/broadcast permissions, as long as you use the provided frameworks and APIs.
It’s not for AirPlay it’s to control Facebook applications running on other devices like the Facebook Portal. I control our Portal with my phone regularly.
It is an OUTSTANDING product. We have several elderly grandparents who loved visiting their grandkids and during the pandemic were cut off. The portal brought them back into the feeling of being part of the action and getting to see what their grandkids were doing. They were all able to set up the Portal without any assistance, which was very surprising. Also, it’s a fantastic Bluetooth speaker when we’re not using it for calls.
Did I feel good about inviting Facebook into my living room? No. I don’t trust that company. But the tradeoff was worth it for me.
Edit: I didn’t just buy one Portal, I bought 4. One would be kind of pointless.
> Because there are legitimate reasons why Facebook might need access to your network for streaming videos to a TV or similar uses cases.
If you want Facebook on your iPhone to call someone then Apple provides a Phone API.
If you want Facebook on your iPhone to stream to your TV then Apple should provide an Apple TV API for Facebook to use.
There is no reason whatsoever for Facebook to have any direct access to anything on your phone whether its your sensors, your microphone, your video, your network.
> If you want Facebook on your iPhone to stream to your TV then Apple should provide an Apple TV API for Facebook to use.
There is - AirPlay doesn't require local network access since it's an API apps can use. Un/fortunately, there are multiple competing standards like Chromecast (and other, manufacturer-specific casting standards) which require the app to do its own local network discovery to find available devices.
Could you explain your posture in the CSAM scanning thing? I'm not an apple user but the way I see it, it's not some sort of nudism / age detection mechanism where a very incopetent system could land you in jail for an old digitalized photo of yourself after a shower from 30 years ago when parents actually took those kinds of pics.
The way I see it, it just hashes them with whatever mechanism they came up with and there are additional mechanisms to verify it if for some fringe conincidence your cat pictures hash matches some CSAM hash which would be annoying but not the end of the world.
Now, in the other hand, let's say the snitch detects actual CSAM in someones phone, what's the problem? if it was sent without their consent an investigation can lead to who sent it, and if it was well, tough shit...
I know it sounds very 1984ish but honestly I don't think it's any worst than the kind of surveillance power google has with all their platforms combined (chrome, android, google, any web thing they didn't kill already).
I guess, what I'm asking for is for real arguments on why and how this truly violates privacy and to what extent it is problematic for a legit non CSAM consuming person.
I'm not trying to argue with you but to understand this point of view since I read so many comments against it but nothing that seriously made sense to me.
I am not fond of my device burning battery for, and being one bitflip away at a jmp-if-zero/jmp-if-not-zero, to calling an API whose only purpose is to inform the authorities that I am a suspect. If it happened server-side I would have no problem with it.
Thanks for your response, I'll answer just to continue the conversation, not to try to invalidate your points or anything like that.
I read in other posts there's some sort of review process and a way to verify if the image is a match or a collision (I don't know much about he details) but I read the latest posts about the attacks that were being worked on.
I mean, with the complexity these attacks have I think it'd be easier for a ransomware gang to just infect you, plant the CSAM, find reliable contact info, verify it, lock your phone and extort your through an untrackable side channel (if this system didn't exist) or something a bit more elaborate / targeted (not even at NSO level).
IDK, I think the phone burns battery for dumber reasons at a higher rate, this should only be activated when there's a new picture written to disk and it's probably less expensive resource wise than whatsapp / telegram / imessage checking for new messages periodically don't you think?
I think if they don't royally fuck the process up or turn it into some idiotic fake way of getting the cops whatever paperwork they need to force you to give them access to your files it's a good thing.
The answer to why people don't like this is simple, if a government like China says "Apple, you're going to add these image hashes to the database and report any device that has them in the next update or you're going to leave China," what do you think Apple is going to do?
I have read their papers, I understand the system and the safeguards they put in place, but none of them are good enough to have scanning on my device. There is nothing that is good enough. On device scanning for "illicit" content is a box that cannot be closed.
They have the whole system at their disposal for that, they don't have to do this. As an example (I know I could be out of date with this one), do you know why aren't there any iMessage bridges that don't require a mac?
IIRC it's deeply entrenched in the system and no one reversed their way deep enough to be able to replicate it. Now this might sound silly, but it's just an example, a contrast maybe of how the hard work the people behind asahi are putting or the huge jailbreak community, but the idea I'm trying to convey is that the playfield is HUGE and they just don't need this.
The one thing I would be 100% concerned about is the investigation process for matches because that's mainly where human interaction and decision making com into play and we humans SUCK, we've put people behind bars for years for no reason and with all this AI crap there have been a lot of news articles about that kind of stuff and that's something we should definitely be worried about, but I guess it's less about the tech and more about the people in charge right?
I don't understand the idea you are trying to convey. iMessage is not impenetrably complex, it is just an ugly API that uses an Apple provided certificate and a valid serial number as part of the authentication factor.
I also don't agree that the human-in-the-loop part of the process is a/the problem. Are you suggesting that it should just send the findings straight to the FBI... where a human would review it? Or maybe skip all of the messy middle part and if the model detects enough CSAM just send an APB to the local police to pick you up and take you straight to prison with no trial?
I was using iMessage as an example of something tedious and not overly complex but not exactly low hanging fruit that's yet to be completely reversed. The S/N or certificate parts don't even matter, if people had reversed their way through it, there would be at least an option to extract the required parameters out of your hardware and plug them in a stand alone server (in fact, IIRC there a valid S/N generator some time ago that was used to deploy osx in kvm?).
So, the idea is that even though it's not an impenetrable fortress, there are still plenty of dark places to introduce subreptious changes.
As for the human-in-the-loop part, I don't know why did you get so snarky, what I was talking about was that this is the layer that should be scrutinized the most, all of those components because even without the technology those are the people that will put someone in jail with no verifiable evidence.
So your argument is "iOS is complex, they could have just hidden it in there, but they didn't, they told us about it." I'm still not sure why this matters. From the standpoint of interacting with a government Apple could say "we cannot do that and maintain the security of the OS." Now, post announcement, they have to say "we will not do that."
That is a huge difference.
I got snarky because the human-in-the-loop for decision making is the the least concerning part of the process and the alternatives are as ridiculous as I laid out. There will always be a human-in-the-loop in this process - I'd rather it start with Apple's human, then law enforcement, then a prosecutor, then a judge, etc.
You really should go read Apple's papers, FAQ, etc... on the feature. Not saying that has happened here, but there are a lot of knee jerk, uninformed opinions and information floating around. Also take a look at PhotoDNA, which is an older version of a hash system already in use by other providers.
In your example about planting CSAM, why would on/off device matter since the new feature only checks for items going to iCloud anyway? The planting CSAM attack vector is available right now for any device connected to FB, OneDrive, or Gmail, and I don't think planting material has been an issue.
Well, in the planting scenario I didn't mention the attacker uploading it to iCloud directly because that's exponentially harder nowadays.
If you're hit by an NSO client and they have an agent running in your phone checking in with their C2, what do you think would be easier :
1 - Run a reverse proxy in your phone, steal your credentials (or session data) and use that connection to upload the material
2 - Write it to disk and wait for the media scanner service to pick it up and act on it?
I mean, in the end it's not about the technology but the people operating it, if apple is really incompetent and law enforcement is shitty as usual then yeah, people might end up behind bars for no reason, which sucks but in that case I think the focus shouldn't be the technology itself but how shitty and unfair the system is.
There is also the other thing with imessage scanning. It seems ripe for abuse, for example a husband forcing it on every family member including the spouse (and forcing a fake DOB).
Using Apple devices used to be all about how they serve the user to bring joy. Knowing they now spend even a single cpu instruction on trying to frame the user turns the device from something I loved to something I fear.
All the talk about human review and multiple failsafes does not smooth things over. App store review is a prime example of how their review process can be seriously flawed - scam apps and subscriptions sometimes even being FEATURED in editorials on the app store.
It does not matter that you will be found innocent in the end. Just being put under investigation for csam can make anyone's a life living hell. Getting your AppleID blocked, even if temporary, can cause severe problems.
When a company advertises that "what happens on your phone stays on your phone", and then proceeds to build snitchware into the phone that reports on received imessages to the "family head of household" and reports and UPLOADS photo roll items that were never intended to be shared, to human review, well... that company does not appear to be honest anymore.
> There is also the other thing with imessage scanning. It seems ripe for abuse, for example a husband forcing it on every family member including the spouse (and forcing a fake DOB).
In addition, this only works for <18 accounts. If the abusive figure goes as far as making other family members recreate Apple IDs and lie about their age every 5 years to keep getting access to iMessage (and other parental controls like screen time) then there's not much Apple can do.
In that iMessage scenario, the family member has to explicitly approve sharing anything with the adult on the iCloud account. Nothing happens automatically.
No I didn't. Even if someone is under age and gets nudity messaged to them with this feature enabled, they have explicitly opt into sending it to their parent. Otherwise, nobody sees it.
But it ultimately does happen server side. The client is is hash creation, but the server runs it thru an elliptical curve to see if there’s a real match. And if so, it performs an additional hash on the server side.
One question I have on CSAM is: so it only detects known pics that law enforcement already has? If so, is that the major issue with child porn, e.g. same pics getting passed around? Just seems like this won't prevent abuse from occurring, with their own new pics and videos.
FB, Google, MS, etc... already use a similar hash based system called PhotoDNA on any photos in their clouds. They reported ~20M+ instances last year, so yeah it seems like the same pics do get passed around.
I'm not defending the FBI or the Apple feature here, but on a lot of cases where abusers get caught it's because they were sharing pictures of their victims in groups where they exchange other pictures with other people into that. Sometimes those other pictures are on this databases. So this database matching things generate leads.
Last case I heard about was cleaning personnel in a body expression workshop for kids with learning disabilities that was sharing new pictures he took of girls in a Telegram group. The group was infiltrated by an FBI agent that allegedly got the link from a Facebook group that they found because of Facebook scanning for known hashes and reporting.
I can't remember the actual title of the article but I clearly remember about an instance (I think it was a few years ago) where there was a CP ring that operated (at least partly) through a whatsapp group and they got busted when they accidentally added someone with the wrong phone number so yeah, I think there's a lot of "low hanging fruit" that could lead to putting some of these assholes behind bars.
I don't think it would prevent "new" abuse but just like you might have some material (books, music, whatever) these people have their stuff and it's not like every single one of them is a producer but they might be part of communities and catching some of them might lead law enforcement to bigger fish and hopefully producers or at least that's how I think the people behind this might be thinking.
> I know it sounds very 1984ish but honestly I don't think it's any worst than the kind of surveillance power google has with all their platforms combined (chrome, android, google, any web thing they didn't kill already).
This should give you pause.
Why do you think something that sounds 1984ish should be acceptable to anyone? Why is it acceptable to you?
The fact that other companies also have advanced surveillance power should be reason to push back on that as well, not to cede more ground to surveillance.
I guess your logic doesn't make any kind of sense to me.
This is such an honor. I was starting to suspect no actual humans other than the developers and the managers work at FFANG at all given how hard it is to contact them. Perhaps in this case it is not a human either but a neural network of a sort.
Anyway, I believe everything should be done this way, through communicating with humans. Humans should study every ad and every app before it gets published (but I support side-loading for users willing to opt-out), humans should review every video before it gets de-monetized or removed, humans should communicate on every appeal. I would vote for a law mandating this.
PS: The more news of this kind the more I feel like buying an iPhone perhaps. I don't like how they restrict the users but I bloody adore how they restrict the apps (with exception of some cases like iDOS, terminal apps, alternative-engine web browsers etc - I certainly don't like Apple banning them).
It doesn't seem like the author is complaining about having to contact someone at Apple to have these permissions in an app you are building to distribute. If this was for distribution, that could have made sense, but apparently this request for permission is way before that: you need to contact them simply to be able to use the feature on your own device, without distributing it anywhere.
This is like being asked to get permission from IETF in order to run an HTTP server on your computer, it just doesn't make sense.
> This is like being asked to get permission from IETF in order to run an HTTP server on your computer, it just doesn't make sense.
The iPhone was never intended to cater to developers writing personal-use, general computing software on their own devices, though. I know it’s an unpopular opinion on HN, but I don’t expect my iPhone to be an open development platform and I’m fine with that, even though I’m also a developer and software enthusiast.
Realistically, how many people would even be impacted by this restriction on multicast packet sending for personally-developed apps for personal use only? The number is vanishingly small relative to the total iPhone user base. It makes sense that Apple wouldn’t go out of their way to cater to that ultra-niche use case which can still get the access they need by requesting the permission.
I know people get angry that the iPhone doesn’t cater to every single niche personal use case, but honestly I’m fine with that. If I need to write a custom app for personal use that does something unique, I’m not going to reach for an iPhone anyway. However, I use an iPhone as my primary phone because Apple has focused on the things that matter for making it a good phone that does phone things well, which is exactly what most of us actually need.
This isn't really that niche. "Personal use" apps are just another word for prototype. It is incredibly damaging to innovation if you can't even build a little prototype without submitting a request to Apple.
> It makes sense that Apple wouldn’t go out of their way to cater to that ultra-niche use case which can still get the access they need by requesting the permission.
Well, its not about expecting Apple to put more effort to enable some feature. In many cases enabling that feature is less effort and Apple instead goes "out of their way" to disable such things. _That_ is the problem - and it is not specific to iPhone, things like this have happened in the past on MacBooks too (see https://github.com/onmomo/superdrive-enabler/blob/master/src...)
Your stance is going to have lots of unforeseen network effects which will in the end leave you with no general purpose computer at all. What you will be able to run will be dictated by large multi-national conglomerates which will double as some kind of quasi-states.
Exactly, it should use the same process as other “advanced” features like payments or push notifications: you toggle a flag in the app entitlements file, it works by default for local development, but you can’t distribute on the App Store without a review.
> Anyway, I believe everything should be done this way, through communicating with humans. Humans should study every ad and every app before it gets published
Why? This is actually one of the biggest complaints about the App Store review process, because it tends to produce a lot of inconsistent results if your app comes anywhere near the gray areas of the App Store guidelines.
Mandating human review for everything sounds like a good idea for those who imagine perfect, highly-skilled, consistent reviewers handling every step of every process, but that’s not how things work in the real world. You don’t actually want to legally mandate real humans handling every step of everything, unless you want to force everything back to the days of bureaucracy and endless back-and-forth communications to get everything done.
The vast majority of what you experience in society has gone through human review. All laws go through human review before they are enacted. When you go to the grocery store or a restaurant, all the food there has been selected by a human for you. For some fruits or vegetables, every single item was hand-selected for sale during harvest.
When you go into a Target or a Walmart or certainly any small retail shop, everything in there was selected for inventory by a human buyer. When you read a newspaper, every single article was reviewed by a human before it was published.
Product designs are reviewed by humans for utility and safety. Drugs are reviewed by humans for efficacy and safety. Cars and trains and airplanes were human-reviewed during design and assembly, and again at regular intervals. Every scientific article is reviewed by humans before publication.
Systems that try to run at scale without human review have problems with quality. Amazon tries to run a retail platform with minimal human review; it’s choked with fakes and scams. Social media companies try to run with minimal human review; they’re full of false information and scams.
Does this go much deeper than zoom? They're the only one's I've really heard of. IMO, apples walled off model has some pretty serious flaws, so I'm not surprised if there's exceptions
* Well, I'm somewhat surprised, because it's apple, and they tend to be overly idealistic... but there seems to be a bit less of that in the post-Jobs era
What you are describing sounds for me exactly like a bureaucratic nightmare.
> I don't like how they restrict the users but I bloody adore how they restrict the apps
Honestly, that brought me to go away from Apple. They reject apps randomly, allow terrible security holes that affect ALL applications over relying on safari mobile web views (Pegasus) and do nothing against scams (see discussions over family sharing):
https://news.ycombinator.com/item?id=28203361
Brazil is fiction. Judging how you relate to things in the real world by comparing them with things that were made up to be funny is not how you achieve insight.
Um... Yes, Brazil is fiction but the dystopia it portrays is rooted in extrapolations of the times in which it was made.
Its absolute nonsense to shoot someone down on the basis that they draw parallels to movies or other artforms. Especially if those works of fiction are intended as warnings / cautionary tales.
As it is i thought the parent comments comparison to Brazil was fairly apt in this situation...
When I watched Brazil the first time as I was a kid I couldn't imagine anything shown there being possible in real life. Especially the lack of the right to repair - we repaired everything from all the plumbing and electric wiring (and that was in apartment buildings, not just in private houses, private houses didn't even require any bureaucracy at all - people just built for themselves whatever way they wanted from whatever materials they had, often without any project whatsoever) to all the electronics, let alone cars ourselves during those days. I also couldn't imagine people being be SWATed in their homes for non-violent offenses (by mistake or not).
Now I see the movie has been implemented into life almost precisely and the AI with mass surveillance has been introduced to make it even worse.
To make it more fun and looking realistic today they even portrayed people kinda watching Netflix on their office computers when the boss doesn't look (AFAIK computers were not actually capable of streaming videos over the network during the days the movie was filmed).
My assumption was the homes in Brazil were owned by the state, so the restrictions aren't even really hyperbolic. If you've ever lived in government/military housing they can come and inspect how clean you're keeping the place at any time, for example.
This is a pretty obtuse perspective. Fiction can be written for the express purpose of achieving insight. Just because something is fictional or humorous doesn't limit that - it can emphasise it. See - A Modest Proposal by Jonathan Swift.
I'd hardly call one of the most acclaimed dystopian-bureaucracy films a 'random bit of satire'. If you've not watched and understood it (clearly the latter of that is especially true) I dont think you've any right to claim it's not relevant to anything.
I also understand that it is fiction, and it is exaggerated, and it is highly silly.
It is not a prophecy, it not a guide to reality, it is a silly film by a guy from Monty Python who was annoyed at bureaucracy, a very simple and shared part of human experience.
So why are you criticising someone highlighting annoyance of encroaching bureaucracy referencing a work of fiction that deals with this "shared part of human experience" in a "simple way"?
No one is saying its a 1:1 guide to reality, but as a nightmare vision of a dystopia gripped by unnecessary administrative apparatus, silly or not, it is a work of fiction that takes its root from reality and then makes a farce of it.
There are reasons works like kafkaesque, orwellian, ballardian become part of the lexicon despite all dealing with fictional universes of their own making...
It was just a person, on the internet making a 4 word reference to a famous movie... I don't know why you're intent on endlessly attacking the "lack of insight" from the poster.
I guess you think Monty Python films are just 'silly films' too, completely overlooking the intelligent satire present throughout the entire films, that will be studied and admired as top level satire for generations to come?
It's astonishing to me that you can't seem to grasp how effective fiction is at laying bare (albeit in an exaggerated fashion) the issues present in the real world.
Yeah, but it seems like you're trying to have it both ways. On the one hand you're arguing that the insights into society can be absolute garbage and on the other implying (or suggesting) that Brazil doesn't necessarily fall into this category.
So what is it then? Brazil does make interesting points about encroaching bureaucracy (and therefore the parents post is justified)? I think you took the point about Brazil a bit too literally, the poster was never suggesting that the world is suddenly exactly that way, more highlighting the parallels. I think you need to allow yourself to suspend disbelief a little more and realise the very deliberate allegorical nature of these movies...
I mean, judging by the greyed out appearance of all your posts on this topic I would say it seems you're in the minority with this kind of opinion.
I don't agree. Developers should be able to develop whatever app they want, and not the apps that Apple decides that can be developed.
Modern smartphone have a lot of potential that cannot be exploited only for policies. One example is network connections in general, it's so restricted that is barely usable. For example controlling the network interfaces is problematic. On iOS (and now also on Android) you can't tell the phone to connect to a particular Wi-Fi network, only to a network with a prefix and it's not even that reliable. Where that would be useful? Of course in an app that connects to some device that exposes a Wi-Fi AP.
I develop embedded devices and thanks to mobile phones network limitations everything has to pass trough a cloud. That is a big improvement for privacy if we ask Apple? I don't think so. But there are really no reliable ways to control something in your LAN. Well if you give Apple a ton of money to implement HomeKit by putting the Apple proprietary chip in your product of course, why do you think they impose this limitations?
If I bought an iPhone, I'd use it to call people. That's probably it.
Android phones are nice because they at least respect my pre-existing workflow. I can sync my Nextcloud server to keep my notes and photos distributed, I can install different shells to get work done on the go, Hell, I can even use it to send a firmware payload to my Nintendo Switch in RCM mode. It's my swiss-army knife for when it's impractical to carry a full Unix machine.
Ok, this is about Bonjour, which is pretty cool. David Abramson and I released a multiplayer Horse Racing game, called PocketJockey on iOS 2.1. During game play each device would play its local copy of the William Tell Overture. We used packet latency to synchronize tracks. You would then bounce up and down as though you were a jockey. If you bounced in time to the music your horse would go faster. There was an announcer that would announce the status of your horse, which was also in synch. Up to 4 players could be playing in the same room with the exact same music and announcer emanating from their pocket. All on the original iPhone. To use an overused term, the experience was "magical" That's what you can do with Bonjour.
So, what's the attack vector? A back door, perhaps? Bonjour requires a user approval dialog. A misleading title of the dialog may allow someone to connect. Maybe extract private data.
Imagine a peer-to-peer chat app. Say, in Hong Kong -- during a protest. Or in Kabul -- during an evacuation.
What's funny, is all these issues were raised when Apple rolled out Zeroconf (old name for Bonjour). Apple pointed out that it wasn't a vulnerability, and that not doing it was akin to punching people who came in the front door, while leaving illegal entry unattended.
Edit: Yes. "After its introduction in 2002 with Mac OS X 10.2 as Rendezvous, the software was renamed in 2005 to Bonjour following an out-of-court trademark dispute settlement." https://en.wikipedia.org/wiki/Bonjour_(software)
It's also worth noting that Bonjour support for other devices was a complete shitshow! I had iTunes installed on my old Windows 7 desktop, and Bonjour was the service that taught me how to forcibly exit a program in task manager. It must have had a memory leak back then, because I remember seeing it chew up anywhere from 100 to 500mb of memory...
I fell into this trap with our app. We have an iot app that controls 3 generations of hardware now. The first generation device is only visible via Netbios lookup, which runs afoul of this new multicast lockdown. The later 2 generations support Bonjour (mdns) lookup. Unfortunately we are still running into problems with customer routers that block or interfere with Bonjour service discovery, so we still fall back on Netbios even in current generation hardware. Luckily we have history with Apple so the approval was fairly straightforward, but I can't imagine what the process would entail for a new company/new product.
We "fixed" it with broadcast, it was the only way.
There are indeed a number of old routers out there that do not work with mDNS well. This is still a problem, but most <5yo routers seem to handle it okay (with the caveat that there are a number of cheap APs and extenders that are completely broken at basic TCP/IP when clients switch).
We use broadcast for device-to-device discovery, vs device-to-phone. It makes for noisy networks, but works better than mDNS on a wide range of hardware.
You’d probably just call it “local network access” or something similar.
Most people are not running local DNS services which a device without this permission could use to probe the local network, so it’s a fairly accurate description for the majority of users I would think?
Well it can certainly help the app to get a coarse location - if it matches an existing network fingerprint (when you visit back the same network or it was scanned by other user before). This is also why you need location permissions on Android for Bluetooth or Wifi direct access.
You can do this without multicast, at least for the period of time that the listening app is allowed to run in the background (around a couple minutes, unless there are other entitlements at play), by just listening for connections on the loopback address using a regular socket.
> Did a bunch of apps specifically abuse multicast networking?
My first thought was: how does multicast IP traffic interact on cell networks?
IPv6 makes heavy use of multicast (e.g., NDP), and a lot of mobile network are now IPv6-only (clients do no get IPv4 addresses), and so if apps can start sending tracking to "everyone" on the network (or a particular base station), could that cause problems.
Cellular networks don’t quite work like this. Your mobile data connection is actually a point-to-point tunnel to a gateway somewhere in the provider packet core, so you don’t really just “leak” multicast packets to other devices on the same cell.
Even in many enterprise Wi-Fi networks, it’s quite common to see either client isolation or multicast filtering in place (in part because multicast traffic is often sent at a very low data rate and that can have unintended side effects).
My limited knowledge of multicast from working with network software a while ago was that it’s local network only, and udp and you needed to “subscribe” to get the broadcast messages. There was also a keep alive component which is a little different from normal UDP.
I wrote a tool to help debug the system by subscribing and then dumping the messages. Perhaps this the problem Apple has with it?
My understanding was a lot of routers didn’t support multicast, I know we had some issues with our network configuration.
Yep. I've noticed a couple apps that recently updated suddenly wanted to scan the network. One arguably, if you squint, might have had a legitimate reason; the other obviously didn't.
I assume some surveillance library recently changed to start asking for it, but am not sure.
I deleted both and realized it has been a while since I've watched my phone over an intercepting proxy; time to sweep for bugs again.
I don't know about iPhones specifically, but I know I used to sigh and grit my teeth every time I'd debug something networking-related while I was at a public coffee house or something, and there's all those apple laptops, broadcasting the user's registered name on the local network for lord only knows what reason.
They may well be trying to stop something equally stupid happening where someone decided it would be a good idea to blast the user's name and phone number out over the local network.
Yeah kinda random. Doesn't something similar exist if you want to download content from a domain without TLS from within an iOS app?
I vaguely remember needing to fill something out to explain why I needed users to be able to load content from http (user generated content in an app). But it makes a bit more sense in that case.
Apple is also sabotaging the Bluetooth Low-Energy standard, by blocking apps from registering certain standard service IDs. For example, iOS doesn't allow apps to provide a HID-over-GATT service, which could be used to implement HID-compliant peripherals (i.e. keyboard, mouse, game controller, etc.).
When you try to launch a BLE service with the required identifier, the framework simply throws an error: "The specified UUID is not allowed for this operation." :-)
This is why there are no Bluetooth keyboard/mouse/trackpad apps in the AppStore, while there are many on Android.
What bothers me even more, is that you need developer account (100$/year), and go through these manual reviews, if you want to develop and tests apps on simulator or your own iOS devices.
They already have manual review process for submitting apps to the App Store, so I don't understand why I would also need permissions before I start developing apps using restricted features.
My iOS developer story ended shortly after I attempted to start back in 2008. To run apps I’d written on a device I had to sign up and pay for an account, which I was ok with. Then my account was suspended until I proved who I was with a scan of a government issued document. As a non US citizen my ID had little protection so I said no. After a few months apple agreed and refund my $99. So I’ve never written for iOS. The upside was I made a small profit thanks to a swing in the exchange rate :)
I haven't renewed my Apple Developer subscription in a few years but I'm still developing and testing apps at home on the free tier. It hasn't been necessary to the subscription for a few years. Only if you plan to release to the App Store or want developer betas.
You do if you want to use UDP multicast or want to enumerate MDNS services. That's what this article is about. If I understand correctly, they apparently don't even let you use multicast on your own phone for testing without requesting permission.
This. If you need restricted features, like I mentioned in my comment, Apple needs to approve it for your development team, before you can create provisioning profile for signing the app, to be able to run it on real devices.
However, I was partially wrong (it's been some time since I needed this), you can actually use them in the simulator without an approval.
I may be in a niche scenario. But I do welcome some sort of restriction. On a large campus network running PIM sparse with 10kish Apple devices, multicast chews up a fair amount of CPU resources on network devices.
Not sure if this is the solution tho..that's out of my realm of expertise.
Apple is getting worse day after day. I'm still hoping that one day the EU Commission will finally go after them and force them to open up their stuff.
What we desperately need is for the tech giants and their mono/duopolies to be broken up, or for regulators to force them to make changes to their business in ways that allow for actual competition.
When that happens, the world might have more choices than just Google and Apple for smartphones, or Microsoft and Apple for desktop/laptops.
Let's face it, that is not going to happen. I can barely get bluetooth audio to work on my desktop, a truly functional purely linux ecosystem for phones that my mom can use is at least a decade away (if possible at all).
It's clear that the more traditional "Linux" operating systems on the PinePhone/Librem are just not mature, but what about a PinePhone/Librem loaded with stock AOSP and F-Droid, no GApps.
Lots of stuff just won't be available but that's going to be true no matter what non-Apple/Google platform you went to. Outside of that though, it should generally provide a fairly user-friendly experience.
If the state of Linux on desktops is anything to go by, Linux on smartphones will never be a success story either. I frequently regret buying a ThinkPad with AMD CPU/GPU after listening to the propaganda about open source GPU drivers. My laptop was basically a paperweight for a month until I downgraded linux-firmware package. No one wants to deal with this shit.
Curious, which ThinkPad was this? I got a T14s with AMD last year and it is one of best laptops I've used till date, and works with Linux out of the box, incl graphics, networking, USB-C docks etc.
Interesting. I didn't know much about it other than having heard the name until I just looked it up. The idea of physical kill switches is pretty cool. My only question is, given that the OS isn't based on Android, does it basically not have any apps? The website mentions that it sort of turns HTML 5 apps in to some sort of native-like app by downloading it and sandboxing it. Is that the only sort of apps that are available for it? Or do you install full Linux applications on it? The website doesn't make it super clear.
My (limited) understanding is: the Librem phone has a very limited number of apps.
The vendor tackles existing GTK (?) apps and tries to make them work with touch. But it seems to do so on a best-effort basis so nothing is guaranteed.
I acknowledge that Purism is a small company and that it can only do so much. In case it fails, my gamble is that enough people are going to contribute and keep the most important apps working.
UK government had to plead and beg for a year untill it was allowed to release an app to let half the population using iPhone register their legal rights:
> Why? They're clearly an abusive company, just don't do business with them.
The market just does not have the ability to act here. Facebook literally incited genocide on the other side of the world and Facebook experienced zero repercussions
This is a website of mostly software developers and people working in tech.
If you fall into that demographic, how do you avoid doing business with Apple? They're entrenched in the duopoly on desktop, the duopoly on mobile, and the duopoly on browsers.
Refusing to do business with Apple will only make you feel good about yourself, but it will significantly hurt your career prospects if you're a working developer, and ruin any hope of success if you're an entrepreneur trying to start or run a tech company.
For all intents and purposes, they're a monopoly. If you're a fan of the Hasbro game, you might disagree on the exact definition, but Apple (and peers) is unquestionably in a position where they're immune to market forces.
Capitalism doesn't work right when you have companies like that.
If you fall into that demographic, how do you avoid doing business with Apple?
Fairly easily, I have an X1 running Linux as my dev machine (I'm backend/ML) and don't have a phone. No need to worry about my career, I'm doing OK thanks.
I know this is pure conjecture with regards to this particular situation, but I already had couple of clashes with operations people over use of multicast in my applications. They basically trying to tell me there is never valid case for multicast so they just outright filter it out everywhere with no possibility of enabling it.
Multicast is semi-broken on most networks, and devolves into pure broadcast on the current LAN or VLAN in most cases. This in turn causes chatter havoc on LANs with many devices, such as corporate WiFi. Oh, and multicast is totally insecure unless you layer your own authentication and encryption on top.
Multicast has been a dream since the 1990s but has been a nightmare in practice.
I am talking about multicast for having applications talk to each other in a datacenter, not to have that traffic exposed to office clients.
I understand most office networks are broken and if I send multicast I would just be causing untold mayhem.
I have already resigned myself to the fact that the only way to have reliable communication with a client is to use HTTP.
But in a DC where you control all your networking devices, configuration and people who maintain it, it should be possible to find a configuration that works reliably and allows devices to talk to each other without too much hassle.
> it should be possible to find a configuration that works reliably and allows devices to talk to each other without too much hassle.
The number of multicast bugs in Cisco/Juniper/whatever enterprise gear is astonishing. It’s basically a DoS waiting to happen. And if you have multiple network vendors in your shop as all real networks do… forget it.
As I said, my long experience is that multicast just doesn’t work reliably in practice except maybe for small layer-2-only networks. The same places where broadcast storms aren’t noticeable.
Unicast with source replication is fast, cheap, and reliable.
I have to imagine this is related to the release of Matter, the smart home communication standard. Cutting off multicast cuts off a standard way existing network connected home automation devices work, forcing users to Matter and to ultimately buy into a new ecosystem.
It will also seriously harm their TV/AirPlay competitor Chromecast, right? I have to imagine that every app with a Chromecast integration is using multicast to discover devices, but I could be wrong.
I'm confused. Does he need this form's approval to compile on XCode and push over USB to his device, or does he only need it to submit to the app store?
Handling specialized permissions one at a time through specialized teams could make sense for distribution. allows the whole-app reviewers to not have to also become experts on multicast best practices/security and having a second reviewer handle that.
You need the permission granting before you can run it locally. It gets added to the provisioning profile that is used as part of the signing process, even when run through Xcode.
It's to prevent people bypassing this approval and distributing their app through other methods.
Yep, you have a Developer certificate that signs the binary before it gets sent to the device.
If you're just using the free developer program (by signing into Xcode with your Apple ID), this is all automated and you don't have to get into the nitty-gritty of certificate and profile management (but it's all still accessible if you want to).
There's some big restrictions on the free program though, not least being unable to use certain capabilities in your apps (e.g. multicast mentioned in the OP, but also background modes, push notifications, etc.) Most of these are self-service and don't require asking Apple nicely, but you don't have access to the developer portal so cannot add them to your app.
I like the idea of having to grant applications permissions to use multicast, and to make the suggested behavior be "deny permissions", but whatever this form is I don't like it.
> Note: You can test your app using the iOS and iPadOS simulators without an active entitlement, but using multicast and broadcast networking on physical hardware requires the entitlement.
In my case, filing the form was not enough: they then asked me by email for more info (IP addresses and ports used, a description of the protocol, etc...).
If you want to save a week of waiting, I suggest including all that info upfront in the form.
I think this might be to have some leverage against Google with Chromecast, Amazon with Fire stick, etc.
If they can make connecting to those devices a pain for developers, it will tip the balance in favour of apple TV and devices apple chooses to whitelist.
This reminds me when we were working on a business push notification app, much like WhatsApp business but back in 2015. Apple required users to allow push notifications for the app when installing. If a user disabled push notifications then it effectively stopped the app from working as it's sole purpose was to send push notifications. So to try combat users turning off push notifications without realizing what they had done, we would prompt them to say that turning off push notifications would stop the app from working. We submitted the app to the app store and Apple rejected the new version saying that we were forcing users to enable push notifications.
I remember being so frustrated with this process of trying to convince someone in Apple who just didn't seem to understand why this would make sense. They cited that it was a poor user experience but I can't imagine a worse experience than a messaging app that never received push notifications.
I hear this kind of complaining from greybeards all the time. And I have some sympathy having grown up in the early 90s when you legitimately could tinker with every aspect of your computer. I kind of miss that; I suspect I’d miss it more if I had more time.
But as a customer I appreciate this stuff. I need some shortcuts to be able to maintain reasonable opsec without dedicating my life to dodging surveillance. I’m ok if it makes applications harder to develop because there are plenty on the App Store already.
If you want a device that can run arbitrary code, Android exists. Laptops exist. You have options. I don’t want a device like that in my pocket, however. It doesn’t fit in my personal security model.
False dichotomy. No one is arguing against this feature being put into ios. They're arguing that the owner of the device should be able to control this setting without presenting their fucking papers to apple.
What I would really like is a Raspberry Pi in an iPhone from factor. (Or maybe a Gemini PDA form factor.) Apple has been doing nothing but pissing me off for years, definitely including scanning photos on the device and now this multicast issue.
It's useful in settings where devices on the same LAN don't trust each other, e.g. coffee shops. I could see a similar explanation behind the iOS thing.
Apple's reasoning is probably this: By far, the most common use for multicast is mDNS. Apple probably supplies Bonjour APIs which you are expected to use for that use case. If you want to do something outside of that use case, you are probably Up To No Good and Apple will need your name, address, and DUNS number just to make sure you aren't.
The thing you have to remember is that Apple has shown the world how to run a top-tier mobile platform that supports billions of users while, more or less, protecting everyone's privacy and data from bad actors. They have decided to err on the side of pissing off devs if it came down to that or compromising on this goal. And it's made them trillions of dollars.
Given that this kind of stories are each time more frequent: why are we still buying Apple? Its not like the hardware is super special or the Unix compatibility (that we already have in Linux or even Windows).
If they hadn’t done the recent transition to arm I’d be ready to consider a Linux laptop. Which is a fine option for me but other family members would need windows or Mac OS for various productivity apps.
This is why as much as the web sucks, it's one true advantage over other platforms is that you can develop whatever you want without some company restricting you.
> No doubt a couple of readers will be thinking “well this is what Apple/proprietary software is like, what did you expect?” I’m extremely familiar with that argument and I don’t like it very much
It would've been fine if it was handled like the other permissions, but the author is taking issue with the fact that this one requires a manual review, you can't simply add it to your app's entitlements.
Interesting snippet from SO[1] from January 2021 (so I assume its still valid) :
>The entitlement is needed only to be able to browse and advertise arbitrary or wildcard services. If you’ve added the one type you use to your Info.plist, as you detail, you do not need the entitlement.
i.e. the entitlement is only required if you are not willing or able to restrict your use of multicast to defined services.
Does multicast have other uses outside of local network device communication? I’ve seen several apps trigger alerts that they want to access devices on the network if I grant permission and I’ve been saying no since I don’t understand why those apps would even be trying to connect to another device since they’re things like food delivery and other service related stuff.
> Does multicast have other uses outside of local network device communication?
Not with any sort of seriousness I think.
Some major internet peering exchanges used to have multicast LANs for whatever reason. I think LINX were one of the last ones to operate one, but eventually in 2020 they removed it after they reached a point where only two ports were connected to it with no significant traffic flowing !
> My bold prediction is that one day they’ll get rid of BSD sockets entirely.
This probably isn't as unlikely as you might initially think. I remember reading somewhere that Apple had been working on a user-space networking stack?
Edit: Apparently I saw it in https://developer.apple.com/forums/thread/79590?answerId=235... — Eskimo claiming "It came up during the iOS discussion on user space networking because NKEs are a major sticking point in bringing user space networking to the Mac"
There's no need for that. Just make http/s the only networking api that the kernel exposes and use that for everything. We're halfway there with dns over https.
I wonder if this is to thwart the multitude of sketchy iot devices on amazon that require calling back to Chinese servers to even functions (lightbulbs even, ha)
It’s not just about the end user here. It’s about not empowering the device to become a hacking tool in the hands of any random hacker with Xcode. I think the author could have done a better job acknowledging this.
Apple is seeing that they are in a position of responsibility here if they don’t draw lines in certain places.
Ah yes, because we don't have small portable devices you can load tails or whatever onto and war drive (or war walk) in real time. Certainly not ones that are under $100, can run for days or be easily operated remotely...
The sarcasm is not needed, and says
more about you missing the point than about my post. The point is that Apple isn’t required to choose to be a company that makes software for the small devices you mention.
Could brainy lawyers turn this restrictions on use of private property as theft by stealth?
I mean you buy a device and then Apple successively prevent you from using it as you see fit.
> I’m developing an app of my own creation to install on a device in my own possession, and now I have to prostrate myself before some review committee to use a staple of TCP/IP?
That's funny, he believes he owns an Apple device. Sorry, no. Apple locks down the device with strong crypto and rents you limited permissions, they sell a computing service, not a device. Apple are the only ones who get to say what code ultimately runs on their hardware.
The confusion is common due to the specific way the lease agreement is structured: you pay a lump sum for the device custody and future rent, you lose that sum if you damage the device, and you are responsible for recycling the outdated hardware instead of returning it to the owner.
Honda does not give me an SDK and API to run arbitrary software on the computers in my Civic either. But obviously I own it.
The state of federal law is that you own your iPhone and can run whatever software you want on it. Jailbreaking is legal, largely because you own your iPhone. The law just doesn’t force Apple to make it easy for you.
On a practical note, I’m interested in thoughts on why Apple might try to lock down multicast, specifically, but I have to scroll through dozens of comments arguing about a software system (iOS + App Store) that is now over 13 years old. Is there anyone on HN today who does not understand how iPhone software works? Why do we have to rehash a decade-old conversation on every single iPhone/iOS Apple story?
EDIT - Since I’m still in the edit window, I might as well link to a comment that seems actually useful and relevant to this blog post:
> Why do we have to rehash a decade-old conversation on every single iPhone/iOS Apple story?
Because people are mad - still, and baffled - still, that Apple is successful and prosperous despite not catering to the niche needs of your average HN commenter.
You would think so, but the repeated comments you see in every Apple story makes it seem that folks cannot get over the very existence and success of Apple's device and app store philosophy enough to let any other discussion or criticism emerge.
Yeah, honestly, I do not mind people disliking the Apple device philosophy, but it's a bit wearying to have to dig through all the same grand comments about walled gardens etc etc over and over again in any Apple related discussion.
>"You seem to give enough fucks to come and rant on a thread dedicated to an Apple device"
I discuss lots of things that I do not loose my sleep over. This whole HN is just an entertainment for me. Distraction from work so that my brain does not melt.
>"Maybe just use whatever you want instead?"
I do use whatever I want. And what I rant about is not for you to decide.
> Why do we have to rehash a decade-old conversation
Because there's new people in the world every day and they need to hear this important conversation, which is new for them. If you are already aware, it does no harm to you to just ignore the conversation.
Honda could decide that every new sold car in future will phone home at the press of the ignition and check if the driver should be allowed to start the car. The software techniques to turn every car sold into a leasing service is not difficult to implement.
If there is such software is inside your civic then no, you don't own it. Honda does. The word "ownership" is in part defined by the ability to exert control. If Honda controls who drives the car, where, how and when, the owner is indisputable Honda.
This is why right to repair laws are important. If you buy the hardware, you should implicitly have the right to modify the software in-so-far as it is physically possible given the hardware package purchased.
It's entirely within the rights of a company to lock down their hardware if that's how they sell it to you, but it should be equally within the rights of the hardware owner to bypass those "protections". If Honda decides to lock ignition behind an arbitrary clearance check (pulling a John Deere), they shouldn't be able to retaliate if that lock gets bypassed -- as long as that distinction exists, we will always be proper owners of the things that we buy.
> The word "ownership" is in part defined by the ability to exert control.
If we were to upgrade the saying "possession is 99% of ownership" to the digital ream, it would be something like "control is 99% of ownership." The distinction between possession and control is only relevant for smart devices.
> Honda could decide that every new sold car in future will phone home at the press of the ignition and check if the driver should be allowed to start the car.
They may be mandated to do so:
> U.S. Senate bill seeks to require anti-drunk driving vehicle tech
Apple has been crystal clear in their marketing and documentation about how app development and distribution works on iOS since the day it was announced in 2008.
The specific question here is why Apple is putting new restrictions on multicast. Unfortunately all the informative comments are far below this rehash sub thread.
But are regular users aware of any of that? Do they know how app publishing works at all? Do they know about the absolute disgrace that is the app review process and the "guidelines" it follows? Do they know they can't sideload apps? Do they know every single binary that an iOS device runs has to be signed by Apple?
I bet they don't. And Apple would've lost some part of their user base if they were honest about this with their users, not just developers.
Though around me in particular, many people became acutely aware of that in 2016 when Pokemon Go became huge and those with iPhones found out they can't just download the game from somewhere else and install it to bypass the geographical restrictions in the app store. Some made separate Apple IDs for a country where it was available. Many were envious to those who use Android, because you'd just download an apk and be done with it.
The modern era provides individual humans with greater access to information and ability to publish information than has ever existed before.
If “regular users” aren’t taking the same stance as you, maybe it’s not because they aren’t aware, maybe it’s because they have different use cases and priorities.
Every app they download is distributed through the app store. If it doesn't fit the app store rules, it simply never materializes, and so no one ever sees it. You only become aware of these limitations once you want to make an app, modify someone else's app, or, like in my example, want to use an app that isn't officially released in your country.
Apple is very good at disguising these limitations such that you don't notice them unless you start actively thinking about iOS development one way or another. In other words, you only become aware of the walls around the walled garden if you try to escape it.
Oh no, you think that if only the users knew about X then they would care, when really they don’t care so they have no reason to know about X. Not to get too off topic but Epic thought they’d have popular support for their new App Store but the entire world just shrugged and saw it as a greedy play for more money.
Anyways I digress, though you really think that Apple not wanting you to install an unsanctioned iPhone app is going to cause outrage? Sideloading has been a thing for a long long time
Plus there's far more mods available for honda than there ever will be for Apple. Modding them, tuning the ECUs, aftermarket hardware and software, you bet baby. The car hacker community is very alive
But you might also make a novel improvement that benefits all of your fellow users. Think about how many iPhone features were dreamed up not by Apple but by developers or even “hackers” who figured out a clever approach to a common problem.
I use the “flashlight” on my iPhone all the time but I remember when the only way to use it was to open the camera app, switch to video mode, and turn on the flash. And Shortcuts is one of the most useful app available for an iPhone and it was an idea patched together using APIs in a way Apple never intended. In fact, Shortcuts could be way better if Apple didn’t have so many seemingly random and arbitrary limitations.
Honda isn't part of that decision, and the laws apply equally to vehicles of all makes. As long as you don't modify emissions, you actually get quite a bit of leeway.
> Why do we have to rehash a decade-old conversation on every single iPhone/iOS Apple story?
Because this is the possibility of people to cash in on their "I told you so". Also, it is not too late to either change direction or jump ship; if we take this without complaining, the situation will only get worse.
>Honda does not give me an SDK and API to run arbitrary software on the computers in my Civic either.
If something goes haywire in my phone, it can't possibly turn into a 2 ton death machine, which is something that can happen with a car. Cars have stringent safety regulations that cell phones do not. So... bad example.
Because its the obvious outcome of the ancap principles that many on here are strongly in favour of. Company appeals to the largest market share by designing devices that work well for the majority of people. It just happens that HN readers are in the minority on this one.
Slightly OT, but thinking about your comment I wonder if there’s any correlation between people who don’t care about general purpose computing and people who drive commuter cars. I would think probably so - in both cases, many just want a box that gets them from point A to point B with no interest or concern about what’s going on inside the box.
What galls me about this model is not that it exists, but that companies are allowed to use the words "buy" and "own" in their marketing and contracts around this. The distinction between buying and renting a house, or buying and leasing a car, is well understood. But when it comes to renting a console or a license to a piece of music, we use the same words as for ownership. Maybe we need a new word to describe the "lump sum up front but not for ownership" model.
This is based on a nonsensical idea of what ‘ownership’ allows you to do.
When you buy a phone, you definitely own all the atoms in it. You can take it apart and use the bits to make jewelry. You can take all the phones you have and assemble them into a piece of wall art. Apple has no say in what you do with the object.
But your belief that physical ownership of the object should mean you can make it do anything you want is… bounded by your actual capability to do so.
You can probably extract some of the parts of your phone and reuse them - maybe with care and patience you could figure out how to use the screen, or the battery, or the camera as part of another device. Again, not something Apple can stop you doing.
But expecting to be able to use a device to do something you want to merely because you know the potential to do so is inside is an unrealistic expectation. A cotton t-shirt might contain enough thread to be able to be woven into a pair of shorts, but you can’t complain to the manufacturer that the way they made the t-shirt makes it hard for you to turn it into shorts. They sold it to you in a useful, valuable configuration. They’re not obligated to make it easy for you to reconfigure it to your will.
This would make sense if I had the tools to unweave and reweave a t-shirt but the manufacturer has added additional wire in a cross pattern to specifically prevent this.
Apple actively design their products to not allow you to reconfigure them even if you have the tooling. The shirt manufacturers do not prevent me from taking a old shirt and making oil rags from the fabric.
Well in this case, Apple make a ‘tool’ that lets you send multicast packets (it’s actually built in to the device, but it’s behind a lock) - and they will even give you the key to unlock that tool and instructions for how to use it if you apply through a form on their website!
If not for your replies elsewhere in this thread I'd assume you were being sarcastic.
Yes, a device manufacturer putting locks on my device that I can only open by "apply[ing] through a form on their website" does seem pretty evil to me.
Because the main usecase of the device is running software written by third parties and if that tool was left unlocked occasionally that third party software would hack into your home router.
According to apple’s explanation page [1] (near the middle) you can only run on the simulator without the entitlement.
> Note: You can test your app using the iOS and iPadOS simulators without an active entitlement, but using multicast and broadcast networking on physical hardware requires the entitlement.
You actually can unlock it - just get an app written by a trusted developer that uses the multicast functionality, and you can use your phone to transmit the multicast traffic that app generates.
You’re free to access that functionality of your device, using software that uses it responsibly.
I would take the analogy even further. While you may physically have the capability to do as you please with the house you own, you do not have the legal permission to do so. The exterior is heavily regulated by city landscaping regulations. The interior structure is heavily regulated by building codes. Mess with wiring and you can say goodbye to your electricity grid connection. Mess with pipes and no insurance will cover you.
Similarly, I own a car. Can I take off the seat belts? Physically, yes. But legally, a vehicle without a seat belts is no longer a car and I lose the right to enjoy driving it on public roads.
Ownership was never about physical possession. It's about gaining some rights.
Back to phones, the challenge is to demarcate what rights does an owner get when they buy a phone. To side with Epic Games, the discussion is even more complicated by Apple's (purposeful) confusion of owning a phone with having access to an ecosystem of apps for that phone. I can do whatever I am capable of with my iPhone, but I may lose access to the ecosystem of apps.
You not being allowed to drive a car without seat belts has nothing to do with the car, and everything to do with the road.
You own the car. You share the road.
You can drive that car anywhere you want with permission from the owners, you just can't share the road we all paid for together unless you put on a god-damned seat belt so that John the EMT doesn't have to see the 4th smeared human body on the shared road this week when you crash it.
Messing with the software, to this day, is also allowed as you own the device. The only thing stopping OP is their own technical skills/the publicly available tools that allow modification of the code in the right way (as in: jailbreaking is still legal, but Apple has the right to put barriers in the way of it for security reasons).
Right - if you ripped the ROM chip off and replaced it with your own ROM containing your own OS and drivers for all the hardware you could make the hardware do anything it’s physically capable of accomplishing. And Apple would have no legal recourse.
The fact that that is an extremely complicated thing to do is not apple’s problem.
I agree with you - As long as the barrier is genuinely complexity.
My issue is that Apple (and many other manufacturers, this isn't really Apple specific) add complexity solely to act as digital locks on what is otherwise a fairly obvious and achievable task.
Take your ROM example - Why should I even need to rip it off and replace it? I know damn well how to flash ROM. I have the software tools available. I have the image file with all the drivers I need/want. The only thing stopping me is digital locks in the device.
Are the locks themselves evil? No, clearly not - I lock my house when I leave, and I'll probably leave my phone locked most times too.
Are the locks evil if I don't own a key? Pretty clearly yes.
Can I rip the whole device apart, interface directly with the ROM, and flash it? Probably - assuming I buy some much more expensive hardware. But that sorta defeats the point of having the device, yes?
Just like it's not reasonable to sell me a car without a key.
---
- Congratulations - you own this brand new car you just bought!
- Great! Thank you so much, can I have the keys to drive it now?
- No, no... of course not. When you want to drive it, you phone us up, and we come unlock and start it for you
- Wait... what? That's bullshit - I just bought this car!
- Well, you're welcome to break a window and hotwire it to drive it. But do be aware we'll report this as theft to the police, and depending on what you tinker with we might also throw the DMCA at you
It's not a car without a key, though, is it? It's more like a car with a factory-installed speed limiter, which the manufacturer is not obliged to help you remove or disable... and which, in fact, the manufacturer has good reasons for needing to make it hard to disable.
- I just want to be able to drive MY car as fast as I like!
- okay, but the trouble is the way this car works, if we give you the ability to disable the speed limiter, there's literally no way we can do that that doesn't also open up the possibility that when you turn on the radio, the radio station might broadcast an ad that causes an uncontrolled acceleration.
- that's a stupid way to design a car
- well yes, but this is an analogy car, not a real car. The real system in question is a turing-complete networked device designed to run arbitrary third-party software, so... the analogy is going to be slightly flawed.
And no, Apple isn't going to report a theft if you physically damage your phone, nor are they going to have a DMCA complaint if you hack your own phone in ways that let you change the way the software on it behaves (you might run into DMCS issues if you try to distribute tools to help other people do that, which is... definitely dubious, but that's what the law says; it doesn't have a great deal to do with this case of the Apple restrictions on which software the OS trusts to use its multicast API, though.)
- okay, but the trouble is the way this car works, if we give you the ability to disable the speed limiter, there's literally no way we can do that that doesn't also open up the possibility that when you turn on the radio, the radio station might broadcast an ad that causes an uncontrolled acceleration.
---
This - this piece here is the fallacy in your argument. There absolutely are ways to do this. Matter of fact, Apple themselves have a nice little set of digital keys that lets them turn all these locks off as they please.
So the argument is not "We have no way to do this safely" it's "We don't believe you (the owner of the damn device) can be trusted to do this safely."
Which brings me right back to - you don't own the damn thing.
Your car analogy sounds a lot like Tesla with phone-as-key, and last I checked Tesla sold 500k of those last year and are on track to sell 800k this year. People have been locked out of their Teslas when their phone is dead and they didn't bring a physical key with them.
Apple adds these arbitrary digital locks since they protect against the threat model of physical access, whether that be an attack thanks to leaving the phone unlocked or giving your passcode to your friend to use for a while. This is all in disregardless of whether or not the customer actually has this as part of their personal threat model.
Adding an optional "You phone us and we can unlock your car with a copy of your key" is fine by me. As long as I still have the fucking key.
----
For the second part - The security boogey man is not a compelling argument to give up ownership rights and enter digital serfdom where you only own a device if you use it in the way the manufacturer intends and approves of.
I'm not asking them to stop selling devices with locks. Hell, I'm even fine with them keeping a copy of the keys (which they have right now). I'm just saying: As the owner of a computer, I deserve to have a copy of the fucking keys that make it work.
My point is that, Short of an actual physical key, by giving the user the key, they give everyone the key to do this to any iPhone in their possession, regardless of ownership. Any regulatory change shouldn't nullify Find My iPhone protections to the point that theft of iPhones becomes lucrative again.
There is always a point at which you don't control the stack, that's been the case for decades now. Just look at the CPU and how you can't change the code that interprets microcode (I think I'm using that term right) or, even more insidious, the Intel ME. Yes, Apple has moved their control up the stack but some people pretend the world was an open source utopia before Apple created the iPhone. As someone who has to provide tech support to my family/friends I can tell you I couldn't be happier that they can't screw up their phones like they do their computers.
That t-shirt analogy feels a little stretchy to me.
The configuration option used to exist. All iPhone developers were able to use it.
Now Apple is revoking that permission. That’s hardly “reconfiguring to our will.”
This is incorrect! If you rearrange certain atoms in ways not approved, you are in violation of 17 U.S.C. § 1201. If this improves your financial standing, you have committed a crime under 17 U.S. Code § 1204 and are subject to not more than $500000 or 5 years in prison.
Under the DMCA, if you rearrange the atoms or attempt to describe how to rearrange the atoms in a way not approved by the phone manufacturer, you are a criminal.
Copyright, and in particular the DMCA, has superseded your ownership of the atoms. You must do with them as the true owner of the atoms (Apple for example) permits.
If you rearrange the atoms into your neighbor’s head you violate a bunch of laws as well. Owning an object certainly doesn’t immunize you from your obligations to use it in ways that comply with the law.
> But your belief that physical ownership of the object should mean you can make it do anything you want is… bounded by your actual capability to do so.
No object should ever actively, uncompromisingly preclude me from using it to do something of which it is capable. Objects can suggest I take a certain course of action, but ultimately they must follow my instructions without trying to impede me. Any other way and I don’t truly own the object.
The object of your iPhone will absolutely not impede you in any way from using its antenna to transmit a multicast IP packet on a WiFi network.
It is up to you to figure out how to get the electrons in the antenna to wiggle in the appropriate manner to make that happen, but there are absolutely no constraints preventing you, as the owner of said iPhone, from doing so.
You want Apple to give you some software that lets you do that without restriction. They don’t want to. So if you want to do so without restriction you’ll have to make your own software - as in, literally replace the entire software stack, rom/os/drivers with software that does what you want.
Good luck with that, but don’t blame the device - the object you bought and own - for your failure to be able to.
> The distinction between buying and renting a house, or buying and leasing a car
In the UK you can buy a freehold house for £250k and that's it. Or you can rent one for £800 a month, although that confers certain rights. But between those two, you can buy a leasehold house, which has obligations to pay a ground rent. You can buy a freehold house where you are obligated to pay a management company to maintain common areas.
"Buy" and "Rent" are certainly not clear cut.
With a car, I can rent a car from Hertz, or I can buy one for cash, or I can lease one, or I can buy one with a loan payment secured against the car, again there's no clear line between "buy" and "rent"
Leasehold houses are a crazy idea and the government should certainly have stepped in early as developers began selling the freehold (and thus the entitlement to receive ground rent indefinitely) as an investment. Historically most of these leases were "peppercorn rent" which means they had some notional requirement of rent to be paid, but you were not in fact expected to pay rent. But legally any consideration works, so if you can charge a peppercorn (as a legal fiction to make this a contractual arrangement between freeholder and leaseholder since cutting up the freehold was for whatever reason impossible) you can charge £250 per year. Or £1000 per year...
Because the government didn't step in early and say "Oh, that's just an obsolete feature, you can't do that with it, we'll remove it" and pass legislation in say 2005 to set the maximum ground rent at a notional £1, the "investors" got bolder. They added escalator clauses, after all £1000 per year is a nice earner today, but it won't be much in a hundred years, so let's say it doubles every 25 years to account for likely inflation plus some profit.
Actually wait, the idiots are still buying them, let's say it doubles every 10 years.
And next thing you know, some of the people who "own" a house are paying almost as much rent as people who don't "own" a house, oops.
Funny that the property owning, rich investor classes in the Tory party don't seem to be in a big hurry to actually fix this, although they do say it's a "Priority" (like everything else) when confronted. I wonder how much money Rishi earns every day from this "mistake" that he never got around to doing anything about as chancellor for example...
Never heard of peppercorn rent until reading your comment- as a nice coincidence I was reading a Reddit thread on weird NYC trivia that included a link out to this article of the Queen visiting NYC in 1970s to collect 279 years worth of back rent for Trinity Church (which was literally 279 peppercorns)
I think there is because “rent” and “lease” implies your intent is to stay there short-term. “Buy” says you literally are buying the home whether it’s with your money or someone else’s via some mortgage terms.
With an Apple device it certainly is muddy waters because you purchase hardware while simultaneously in some weird lease agreement for the software.
I guess it’s like buying a house in a gated community with very strict home owners association. You can purchase the house but if you want to put a new door on it you gotta go through the motions to ultimately get denied the color you want, etc.
And if Apple was the association they’d have a neighborhood watch ensuring 8PM curfews.
In a home owner's association, the home owners are part of the association. You have to play by the rules, but you are also part of the body that makes the rules.
In this case, the party setting the rules is more like the rich person who originally built and "sold" the houses (but still enforces curfew, and changes the rules whenever they feel like it).
As they said, with leasehold or some things with freehold it's not quite so simple.
I used to have a leasehold house, which I "bought" but also sort of rented, or at least rented-ish the land while owning-ish what was within the bricks.
I have a freehold house now, but there are restrictive covenants which technically govern what I am allowed to do to my own property (these are not council/etc permissions but private ones).
Indeed, until recently I lived in a freehold house which had a covenant saying my hedge could be no higher than 4' high, couldn't change the colour of my front door, couldn't park a van on my drive, that I had to pay a specified private company money each year to do various things, with no say over that company.
The term "buy", at least in the UK when it comes to housing, is a sliding scale.
I nominate Sweden to be the weirdest country when it comes to housing ownership.
When buying a flat or a non-detached house, you usually fall into an ownership law called "bostadsrätt". In essence, you don't buy a house. You buy stocks in a housing association, which grant you the right to use the chosen flat/house. The housing association is pretty much run like a company, with a yearly board meeting, a CEO, a CFO, etc. Your ownership is proportional to the surface area you bought.
It’s not much different in the US. Leasehold arrangements are less common, but still possible, particularly when dealing with “mobile” homes (that generally aren’t mobile at all once placed).
The main difference between each of those scenarios and the one I describe is that we have words to describe them. From your post: freehold, leasehold, buy, rent, loan (and I'll add: mortgage). You don't need to read the fine print to know that these are meaningfully different.
I'm on board with the idea that there's a lot of arrangements in between full ownership and pure rental, as long as we have terms to describe the meaningful differences.
The dividing line between "buy" and "rent" can be as clear-cut as you like, or as much a grey-zone continuum as you like as long as it is spelled out clearly up front to the buyer.
The problem is not that there are gradations of "ownership". The problem is that Apple (and many others) conflate the terms and deliberately obfuscate exactly what your rights are when you "buy".
But those various ownership models aren’t buried behind 100s pages of EULAs. Or, when they are, you hire a lawyer to represent your interests in the purchase.
You seem to have missed the last half of my comment.
And completely missed the main point - buying/owning a house can be complicated, so we frequently involve lawyers to represent our interests.
Buying a phone shouldn't be so complicated. But, not only are EULAs overly long, they're often written in legalese which is beyond the comprehension of the average person.
Maybe someone can mount a legal challenge and establish case law. Document the whole buying process, copious advertising where Apple says you can purchase the device, then request the unlock code from Apple to run custom software.
If they refuse to provide it for purely commercial reasons despite having full technical ability to do so, you might have a case that you were misled into purchasing a subscription service. Ideally, you would find some advertised capability that is only enabled for apps sold though the App Store, a hidden subscription fee especially considering its onerous value.
As much as I want the court to decide that “buy” cannot mean anything less than “indefinite and irrevocable license” I’m expecting the judge to decide the case in Apple’s favour on the basis that consumer expectations have changed over the past 15 and that no “reasonable person” would expect a $15 impulse-buy of an intangible product to _last_. After all, you may have your VHS tapes from K-Mart you bought 30 years ago, but can you actually watch them? And you are “buying” a license to DRM’d content after-all and “buy” isn’t legally defined that way (Yes, I recognise it’s a terrible argument, just playing Devils’ advocate)
…or Apple will just change “Buy” to “Get” and it won’t make a difference to their bottom-line at all. I’ll bet that Apple’s profits - or even revenues - from purchases on iTMS for movies and TV shows are a rounding error compared to AppleTV+ subscriptions - and iPhone hardware sales, of course.
> After all, you may have your VHS tapes from K-Mart you bought 30 years ago, but can you actually watch them
I can't tell if this is sarcasm or just a bad example. Yes, you can still watch VHS tapes, since they're physical media that can be decoded by a VHS playback device. You might have trouble finding the hardware, but if you have the hardware, it will still run – it's not going to require a software update.
> I can't tell if this is sarcasm or just a bad example
A bad example given HN's audience - but I imagine of most normal-people, the majority of those with a VCR will have left it in the attic or basement and never bothered to connect it to their modern LCD TV. If it was a home-video camcorder vid then it's likely already converted to DVD if it's worth preserving.
My guess is that Apple will say: “You’re free to root it and do what you want, but we don’t cover that with a warranty.”
In that sense, you do own an Apple product. But if you want to stay in their nice little walled garden, that ownership is more like buying a house that comes with a benevolent dictatorship HSA.
Apple will never publicly admit to the possibility of rooting their devices, especially not to allow bypassing DRM: they'd lose all their friends in Hollywood overnight.
Yes, but a non-insignificant portion of their revenue comes from content from third-party media companies. They very much have an incentive to play ball with the likes of Disney & Sony, despite having the upper hand in terms of market cap.
Houses are similar really - you need permission to make changes, and are restricted in what you're allowed to do with them. Only difference is it's not a private company with that control.
I’m looking at spending 100k to bring a property up to fire code, and possibly rebuilding the floor. Until that happens, I won’t be able to move in. So, yes, buildings do become obsolete at the whim of some other entity.
Usually (at least where I live) properties that were at code in maintain that status through "grandfathering" even if the code changes.
We have an old elevator in my building. It gets inspected year to year. If replaced it has to be up to code. A new up to code elevator, won't physically fit in the space the old one is). We're also in a "historic" district which is another entity of denial.
You are right that upgrades can become a nightmare of codes/regulations.
At least in the US these entities are controlled by a government we in theory elect so its at least partially our fault. Also at least in the US, when the government "takes" or changes a rule that destroys value, there is always the threat of a lawsuit for the value destroyed.
Good point, but at least with a government, if you pay taxes there's usually at least some recourse and a potential to get things changed. With a private company, you're almost always told to go pound sand.
Following the Grenfell disaster in London, flats up and down the country have been valued at £0 and are thus unmortgagable due to their use of cladding material that no longer is deemed safe.
In reality they are misusing the words "buy" and "own" to make sales... If they would talk about "rents" in marketing, sales would drop... So they are "bending the truth" to make sales...
Would you object to the use of the word "buy" for the purchase of a house if there is a homeowner's association around that can restrict how you paint your house, how often you mow your lawn, or whether you can hang laundry outside?
If my Apple purchase gives me an equal level of control in Apple's policies as every other holder of an Apple device, such that it only requires a majority of votes cast to change any of those policies, then no.
If my purchase of a home meant I had no participatory rights in the HoA, and they can still change the rules at any time on me, and didn't have to disclose in plain language the existing ones upfront, then yes.
It's the same model that has been the mainstream for games consoles and mobile games platforms for decades. iOS devices are pretty well locked down pro/consumer products that come with a managed application distribution system. If that's not what you want, there are other options.
It seems to me that if Apple had no more than 10% of the mobile market anywhere this just wouldn't be an issue. If that's what some people wanted, fine, they could get it. The reason it's a problem is, as it turns out, this model works really well for a lot of people and is fantastically popular.
There are no options - there are no longer any mobile devices you actually own and control. The right to private property has been cancelled by, ironically, free market extremists.
I really don't consider myself a free market extremist. I fully support regulation for health and safety reasons, mandatory accurate and informative product descriptions, minimum quality requirements in many areas, consumer protection laws such as minimum warranty periods. There are many areas where it makes sense for us collectively, through our governments, to make sure we as consumers are not getting ripped off and get a fair deal. It's just balancing out the power disparity between vendors and individual customers.
So I am open to arguments for regulating mobile phone platforms, if that proves to be necessary. I just don't think it is, none of the arguments Ive seen so far are compelling. They mostly seem to be sour grapes. "I want to buy X product with P, Q, R features and nobody is making one, we should force them to by law". No, that's not how that works.
And, if by mobile, you mean network connected, even if you built your own hardware from components, you still don't own and control the networks (cellular or otherwise) over which that device will communicate.
ADDED: And if it's not obvious from the context, by "network" I mean a network that can communicate with the broader world, not just a LAN.
Also, you probably don’t have the right to make your own mobile modem unless you’re fine with it needing its own car battery and alternator thanks to Qualcomm’s patents.
Standards patents must be made available to license. Apple tried really hard to invest in a competing cellular modem provider (Intel) and gave up. Turns out, they’re really hard to build, and that’s why you can’t build one. Not patents.
Apple did purchase Intel's modem division[0], so while they temporarily have started purchasing from Qualcomm, maybe they're throwing more R&D at it than Intel did to actually compete with Qualcomm within the next few years.
For a LAN: Nothing, but you won't be able to communicate to anyone outside of it. You also won't be able to access it away from wherever you set it up.
For the primary networks at issue here, cellular networks: The FCC, and regulations restricting what devices can access which EM frequencies legally.
> They mostly seem to be sour grapes. "I want to buy X product with P, Q, R features and nobody is making one, we should force them to by law". No, that's not how that works.
I think it’s closer to: I bought a 10% black box (90% open) widget in the 1990s, and now in 2020 that same widget (with a few more functions) is 80% closed. And: why can I no longer use a generic computer for what I want to use it for? We’ve forgotten that an open distributed learning web is possible, and how instead computer literacy (programming) is very low because most of us can no longer follow our curiosity and look inside technological systems; only ‘experts' are allowed to do that (someone wrote about that recently, that whenever he talked to older/earlier computer hobbyists, how most of them mention that they are pretty disappointed by today‘s black box world/web).
And no they’re not ‘sour grapes‘, they’re just sensing the painful ways in which the commons has been plundered, and feeling frustrated by the way people such as yourself pretend that there are still many benefits to be found in locked down/black box platforms and devices, which there aren't.
The completely ludicrous part is how normalized all this is today. How much our tools are now over-engineered, non-modular and non-repairable; how much black box shit we produce. Literal shit. Single use shit. Biological systems have no waste, yet our current production systems produce the most toxic, anti-life sludge the world has seen (see Baotou -> https://www.youtube.com/watch?v=t_UdqZdFr-w). Today we produce coffee machines that have iPads sitting in a dock with virtual buttons to choose options. An iPad. What the fuck. What is that? Infinitely less complex technology was used to send people to the moon. What a complete and total waste of valuable resources and laborers' time!
I'm talking about how we could have so many more open standards and decide to produce only high quality stuff. But no, our culture teaches us to discredit those who came before and to commoditize tiny incremental updates, slapping our own names on them (‘branding’) to please our neglected and alienated souls. I’m so tired of this false story of the need for competition. Humans are copying machine. It’s ok to copy! It’s how we learn and grow.
Anyways, to get closer to a 'universal basic inheritance' - a commons that respects actual scarcity, and thus also the abundance of digital resources (scientific knowledge and technological blueprints), we need a new system for accounting. I believe http://valueflo.ws can offer us a very possible way forward https://www.youtube.com/watch?v=vymAHXGSM14: they are radically distributed supply chain systems using the Resource-Event-Agent ontology, built on fully distributed tech, e.g. holochain and activitypub.
This is so out of touch with the actual real world it's a bit concerning. There are plenty of open computing platforms kids can learn from these days, and schools are full of them. PCs are still pretty open, Linux is easy to install, Raspberry Pi and similar devices are cheap and accessible. My kids learned about all that stuff at school here in the UK. In most developed countries almost every kid in school gets to learn how to write at least simple programs. I taught my kids Python on their iPads.
>...pretend there are still many benefits to be found in locked down platforms and devices, which there isn't.
Now you're in lala land. People derive enormous benefits from ubiquitous access to easy to use computer technology all the time. They're just not the benefits you personally seem to value or understand.
And roughly zero of them can make a phonecall, or a contactless payment, or to find directions on the go because they are not portable and internet connected.
Yeah, I'm not sure where this incredibly open world of 1999 (to say nothing of 1989 or 1979) existed.
Telephony has always been very closed--fringe phone phreaking notwithstanding. Heck, some of us have been around long enough to remember when you had to rent a phone from a regulated monopoly.
And in the 90s, Windows was mostly your choice in a computer. You could build your own PCs but you mostly had to run Windows. (Linux was still quite early days at that time.)
Access to computing under the hood is much more democratized than it used to be even if the vast majority of people choose to use effectively appliances for certain tasks.
And, if I recall correctly, in the '90s, you had to pay for developer tools for Windows. (Or Mac, but Windows was, indeed, mostly your choice in a computer.) Today, every mainstream computer shipped—Mac and Windows—has a dizzying variety of free-as-in-beer development environments available for them, many also free-as-in-freedom.
Yes. Developer tools (and consumer software generally) were quite expensive. A typical compiler from Microsoft was hundreds of dollars. (Borland drove pricing down somewhat.) I forget what an MSDN subscription cost but it wasn't cheap.
> I bought a 10% black box (90% open) widget in the 1990s, and now in 2020 that same widget (with a few more functions) is 80% closed.
My mobile phone in the 90s was certainly not 90% open, it was far less open than my current iphone. I guess it was easier to change the battery, if that's what you mean? Swapping a proprietary battery doesn't count as open in my book.
My desktop computer in the 90s on the other hand was far more closed than my current one.
> The right to private property has been cancelled by, ironically, free market extremists.
This line of argument is frankly incoherent. That many, not all, available mobile devices remain firmly under the control of their makers after purchase is not because some free marketeer (or cabal thereof) foisted these devices onto unwilling recipients. This situation came about because the majority of mobile device users saw the deal on offer and decided they were better off taking it that walking. The real source of the status quo is the average consumer... no matter their ideology. That buyers weigh promises of "Just Works", the status of owning the cool new device that's in fashion, and some guardian supposedly lurking in the background keeping them safe over your own (seemingly apparent) priorities is a matter of each individual choice.
Private property rights haven't been cancelled at all or by anyone. There simply aren't enough people interested in owning devices that they fully control. Insofar as there are few alternatives to the status quo... blame the privacy activists and those clamoring for "full control" for not better convincing the masses that what they're giving up for iOS & Android is more than they're getting by buying these devices. As a free market extremist myself, I guarantee you: if people stop buying these devices because the deal is perceived as bad the situation will change.
Finally, if I try to infer what you might be for (rather than what you're against), which I do because it's the only reason to call out "free market extremists", is that you want a small group of "our betters" to decide what exactly a mobile device should be, over and above all those that find the current deal sufficiently satisfactory. You would have your priorities made the only choice over the interests of the majority of consumers. Ironically, perhaps, you'd eliminate the broader spectrum of choices by forcing what choices were allowed... wanted and valued or not. Naturally, I'm reading a lot into your short comment... but what solution do you really see that isn't a free market extremist position that doesn't come close to what I think you're saying?
Its so ironic to see 'freedom people' defend a system that would make Stalin green with envy.
"saw the deal on offer and decided they were better off taking it that walking"
The same reasoning applies to loan sharks, drug dealers and mafia. 'Unlimited' free market always degrades into oligopoly or Mafia rule.
"you want a small group of "our betters" to decide what exactly a mobile device should be"
You want that, and you have that- a small group of powerfull men decide to do with your device. Tomorrow your device uodates and startps reporting you to police for speeding, and there is fuck all you can do.
I am not asking for a communist mobile pgone comitee, I am asking for the word ownership to mean something. It's not a difficult concept.
Seems like you could copy paste this into every single "complaining about Apple" thread on Hacker News for the last few years. That people think that Android doesn't exist or is exactly the same as Apple, and you can't sideload apps or root at least some devices has become a widely held belief on Hacker News that has to get corrected in every single thread. I count several different comments that are mistaken in this way in this post alone.
That's because we don't like telling the people who need to be told that you can sideload apps, because they're the very same people who will later complain that they downloaded a "Free APK" of Sparkle Monkey Defenders eX from some Chinese app store and now their phone is vomiting up full-screen interstitial ads every few minutes. ...and we're supposed to fix it for them.
God forbid we hold users responsible for exercising due diligence. No, we must assume everyone is too incompetent to distinguish between shady and legit software.
> No, we must assume everyone is too incompetent to distinguish between shady and legit software.
As someone who has worked retail in the past, and who currently works in IT: starting with this assumption generally minimizes headaches down the road.
There are only so many hours in the day: people learn what they need to get their job done, and tend to move on. Some people are quite dim, but others don't have the time/energy/motivation/need to learn the details.
I think us enthusiasts tend to lose sight of the fact that most people don’t care to learn about how their computers work, just like how most people don’t care to learn about how their cars work.
Is not like the Google and Apple stored are not filled with garbage, it was recently revealed that Apple refused to notify the users that got infected from their "safe" store.
About Aunt Susan , you could have the device locked by default and have a more complex process to root the device, like some code/password that is in the box of the device, in that envelope Apple PR team could inform Aunt Susan that she should not do this unless she is tech competent or a communist.
Also you can install AOSP which is open source android operating system on some devices. And some other open source Android flavours. Yes, may be with few driver blobs, but that's not a restriction, you still can do anything with your device on every level.
Well and at least some suppliers offer you the option to install your own OS on it. At which point any restrictions the phone has are at least technically self-imposed.
> The reason it's a problem is, as it turns out, this model works really well for a lot of people and is fantastically popular.
Turns out a lot of people don't want to deal with the responsibilities of completely owning a device (updates, anti-malware, app origin), and are willing to give up some control/ownership in exchange for convenience and being able to get on with life. (Certainly not everyone of course.)
Whether this view of convenience is short-sighted and will be regretted long-term remains to be seen.
You frame it as a conscious choice, but in my experience more than 9 of 10 Apple users are completely ignorant of the issues. They only "know what they like" or think "Apple is best. " There's no consideration at all of reasons or consequences.
There absolutely is consideration of the reasons or consequences relevant to them, that they care about. The fact is the things you think they should care about, they just flat out don't, and that's fine.
When I have conversations with non techy friends and introduce them to my take on the privacy and consumer rights issues, and they take the time to look into the problems and think about it, they've almost always come back and said the costs in loss of rights, market diversity, ecological impacts, or simply in dollars, are not worth the value provided by huge companies like Apple and Google.
They both ruthlessly squash competition and innovation that threaten their bottom lines, but somehow project wholesome images as innovation engines and friends of consumers. They both ruthlessly exploit employees and partners, while somehow appearing to be wholesome and desirous places of employment.
They're both soulless megacorps with institutional algorithms that prevent any threat to the control over a domain of profit. When such institutions arise, outside the control of any human or group of humans in the loop, they should be forcibly broken up. That level of power and influence belongs in the hands of people, not inhuman constructs.
Certainly, the vast majority of people in rich countries can afford to care more about fashion (including bubble color) than functionality, and this is reflected in their smartphone purchases. The frustration you see in these comments comes from technologists like the OP thinking the same way and repeatedly running into leopard ate my face moments.
> Certainly, the vast majority of people in rich countries can afford to care more about fashion (including bubble color) than functionality,
I've been an iOS and Android developer—as in, paid to do it. Was an Android phone user before doing any mobile dev. Finally got my hands on IIRC a 3rd-generation Surface at work a few years back, as a test device.
Having extensive experience with the competition, I now choose Apple phones and tablets for a few reasons, functionality very much among them.
I don't doubt your experience, but I would expect you to be an outlier and that more technologists would prefer a device they can program with the same APIs as the manufacturer without any gatekeeping and non-buggy web access most of all. Having better photo sharing and phone call capabilities, less device restarts, notification filtering, the ability to caption audio for times when having the speaker on is inconvenient or not loud enough, and supporting restricted guest accounts are also features that most people who don't worry as much about fashion would not want to give up.
> I would expect you to be an outlier and that more technologists would prefer a device they can program with the same APIs as the manufacturer without any gatekeeping and non-buggy web access most of all.
I doubt most "technologists" care about writing code for their phone to begin with, and I don't know what you mean by "non-buggy web access". That doesn't mean I think most "technologists" would pick Apple (I really don't know) but I don't think I'm the outlier here, preferences-wise, even if I am on which platform I choose.
> Having better photo sharing and phone call capabilities, less device restarts
Photo sharing's never been a problem—what am I missing? I don't talk on the phone much so maybe that's actually terrible (it seems entirely fine?) and I just don't know it. Device restarts? How often do you think I restart my iOS devices?
> the ability to caption audio for times when having the speaker on is inconvenient or not loud enough
That is cool. Not something I'd use personally, but it's cool.
> supporting restricted guest accounts are also features that
Account management is my biggest complaint about I-devices. Mostly the iPad—I don't really care if iPhones continue to have only two modes (full, and PIN-restricted "screen time" mode—which I don't use anyway, so I wouldn't mind if that disappeared, really) but true multi-account would be great on the iPad.
> most people who don't worry as much about fashion would not want to give up.
> I doubt most "technologists" care about writing code for their phone to begin with
I program my computing devices constantly, and with my phone being a computing device I have near me almost all the time, I naturally program that as well.
> I don't know what you mean by "non-buggy web access".
Webkit is extremely buggy and the only supported way to access the web on iOS. On other platforms, if one engine is buggy, I can use another.
> Photo sharing's never been a problem—what am I missing?
Uploading photos to your server in the background.
> I don't talk on the phone much so maybe that's actually terrible
You can't route calls through other services, you can't record calls (which the first makes trivially possible), you can't have your phone answer the call for you and show you a realtime transcription or save the transcription for later viewing, you can't have the phone wait on hold for you, etc. The iPhone is extremely limited as a phone.
> Device restarts? How often do you think I restart my iOS devices?
Every single time you need to update a system app.
I'd be willing to be those 9 out of 10 users barely know how to use a desktop computer beyond "click on the button for the internet".
I suppose that's the difference: the price they pay in user control and freedom is swapped for experiences and abilities to which they would never otherwise be exposed.
I prefer not to frame those people as ignorant in a negative way. It is we who set them up with those devices and taught them how to use them, we were just as ignorant.
The same can be said for Android users. Are you really taking the snobby attitude that 'real' technical people would hack together their phone from parts and open source software?
All of today's desktop browsers come with developer tools built in. How many people know that, and how many know how to use them?
Many Android phones come with unlockable bootloaders. Again, how many of those who bought such a phone know about this capability?
What I'm trying to say that it's fine to sell a device in a locked down state. What's not fine, however, is not providing an unlocking mechanism, possibly deliberately well-hidden like it is in case of Android bootloaders, for those who know what they're doing.
They won't, if those products aren't available on the market. Which they won't be, because currently the "managed" approach yields more revenue.
"Voting with your wallet" doesn't work on most technology markets, where products and services are not commodities, and where the barriers to entry are insanely high. Yes - insanely high. Sure, you can get a $100 computer and a $10/month Internet connection and start writing software for millions, except it won't do you much good - software is the easy part. To compete with Facebook, you need to bootstrap a whole social network. To compete with Apple and Google on the phone market, you'll need to bootstrap your own hardware manufacturing, because all the smartphone vendors are into the same user-hostile crap these days.
Projects like PinePhone are probably as far as you can reasonably get on the "smartphone, except not user hostile" front. It's worth looking into why they don't succeed. It's not as simple as "people must not truly want it because they aren't paying the premium to get it".
The App Store model is about extracting rents. That the walled garden offers "protection" to consumers is incidental. The "privacy" and "security" stance taken by Apple is about protecting their revenues and burnishing their image in the eyes of the public. When their revenues are at risk (like their concessions with China) they take the financially expedient route.
> Not according to many on HN who argue that it is precisely why they purchased an iOS device instead of an Android one.
raises hand
It's not the only reason, but it is a reason. With government asleep at the wheel on regulating things like subscriptions, scams, spyware (which is, like, most software these days), et c., I'm living the anarcho-libertarian dream of paying a corporation to be my regulator. As it naturally would in the real world, this requires them to be big enough to distort and control markets, for it to be worth paying for. Does that mean they're behaving as a monopoly? Yeah, probably.
This situation leaves me so conflicted on the whole antitrust, “just force iOS open” thing.
On one hand, the locked down iOS clearly hurts a lot of businesses and broader market competition.
On the other hand, Apple has been open and honest (and rather boastful) of the locked down nature of iOS since Day 1. Consumers have very clearly voted with their wallet time and time again that this system (and it’s tradeoffs) is the one they prefer.
To force iOS open is to undo the choices that consumers have made. But to leave iOS restricted is to harm broader business competitiveness.
You’re right that if Apple had marginal market share, this behaviour would not be problematic.
Broadly speaking, I’m not all that sympathetic to the plight of the big-name developers like Facebook and Match Group. They’ve collectively made users so cynical about privacy, security and the general trustworthiness of software that it’s prompted users to take refuge behind these hardened walled gardens. I just hate to see good independent developers have to be harmed as a consequence of that as well.
Isn’t it rather reductionist to say that the closed nature of iOS is why people buy it?
I chose iphone because a string of bugs left a sour taste in my mouth with android, and inertia locked me in. I definitely don’t want this level of locking it down, and I doubt a majority of iphone buyers want this.
I can't speak for others, but in my case it is indeed one of the reasons.
I am using my iPhone and iPad solely as communication, productivity and entertainment tools. The consistency of experience, the relatively higher app quality and slightly improved ecosystem safety are valuable things to me.
I can still create whatever application I want in XCode, as long as it doesn't push the boundaries of the allowed, and yes, those boundaries are a restriction, but one that I am fully aware and accepting of.
I am also fully aware that if I want a mobile hackable device I will have to find another option and I am fine with it.
And by any measure, this already put me in the minority of minorities. I doubt most users would want a more open iphone if they are made aware of the trade ofs. Why should a businessman want to know more technical stuff in order to use his phone? just so we geeks would be able to sideload stuff? Well, he don't want it, he actively don't want the device to give him this freedom, because them he would have to be aware of boundaries that he didn't have to before, more cognitive workload for him for no value added.
Security, privacy, reliability and “it just works” was always a major selling point of the iPhone. The various software restrictions were a major part of delivering that assurance that some third party software wouldn’t mess with your device. It might not have been a motivating factor for you, but it certainly was for a lot of consumers.
And regardless, Apple has never hidden the nature of iOS. These consumers have clearly decided that the tradeoffs of the walled garden were acceptable, despite there being plenty of more open alternatives on the market in the early days of the iPhone.
> Security, privacy, reliability and “it just works” was always a major selling point of the iPhone.
Security, privacy, reliability and “it just works” was always a major selling point of the Macbook too.
The dichotomy between secure and locked and open but unsecure is a complete strawman. It is possible to be both open and secure. People would still be able to only install applications from the App Store even if the iPhone was less locked.
I would say that iOS is clearly more secure, private and reliable than OS X is.
Apps on Mac OS X can absolutely screw up your machine. Adware in particular is a big problem for novice OS X users (speaking first hand here, having had to support these users). That’s an exceptionally rare occurrence on iOS.
I’m comfortable with the security model on macOS, but would be very concerned if that same model were applied to iPhoneOS, where users (myself included) carry significantly more private information.
On my phone, I want applications to have access to as little private information as possible, even if it’s detrimental to functionality. Call me a security nihilist, but security and privacy is by far my #1 overriding concern on mobile platforms, given the wealth of personally identifying information these devices gather.
More succinctly: the threat model on mobile devices is not the same as the threat model on personal computers. It’s inappropriate to apply the same security to both platforms.
I don't think so. 99.9% of people don't need or want to do anything beyond what iPhone/Android currently offers, I would put money on the fact that a majority of iphone buyers are completely happy with things as they are.
It’s interesting that, specifically with regards to the App Store and iOS API restrictions, the complaints more or less exclusively come from two groups:
1. Third party developers
2. A subset of power users
The broader end user appears to be quite satisfied with the status quo.
It’s a weird situation where anti-trust law (which ostensibly exists to protect the consumer) is likely in opposition to broader consumer sentiment.
It’s a very different situation than Microsoft’s antitrust in the 90s, where consumers strongly supported the antitrust actions.
> It’s a very different situation than Microsoft’s antitrust in the 90s, where consumers strongly supported the antitrust actions.
Customers mostly didn't care about Microsoft antitrust trial in the 90s either. It was mostly affecting third party developpers and companies selling computers. The situation is not particularly dissimilar except Microsoft had a clear monopoly while Apple and Google are a duopoly and Apple is seen as a lifestyle brand to defend by a rabid minority of its customers while Microsoft was strictly seen as a tech company then.
Most end users loved Microsoft because they put real computing power in the average user's hands at an affordable price.
It is also important to note that Internet Explorer was a VASTLY SUPERIOR PRODUCT to Netscape. So Microsoft competed, fair and square. The antitrust trial was just Netscape getting assmad that they were beaten at their own game.
> That's funny, he believes he owns an Apple device. Sorry, no. Apple locks down the device with strong crypto and rents you limited permissions, they sell a computing service, not a device. Apple are the only ones who get to say what code ultimately runs on their hardware.
If you buy a car, is it your car? You very possibly cannot do things with it independently, on your own, without manufacturer involvement or without voiding any warranties you have. The same idea extends to many things. I'm defending Apple here, but this idea that it's not your own device is silly IMO.
I'm not really sure I follow this logic as when you buy a car you can do whatever you want to it without effecting the warranty as proven by the Magnuson-Moss Warranty Act of 1975 which states that only if the modification is directly responsible for the issue could it be grounds to not service under warranty.
The Magnuson-Moss Warranty Act of 1975 was likely created for a reason. If the same reason is valid for modifying the OS on a Tesla, then either the law still apply or the law need to be updated to include the words "also valid if done in software".
I'm very fine with voiding my warranty when doing modifications to the system, but all I want is to run custom software in the userspace (at least). That's how computers work and Apple wants us to consider their devices computers[0].
Some people might want to have full access to the OS, but allowing custom software in the userspace would still be a huge step and enough for most people.
p.s. It's hard to compare a computing device to a car because what's an equivalent of usespace in car? Changing oil? Changing tires? You can do it yourself, you can even change spark plugs, without voiding your warranty.
More to the point, with a car if you modify it you may very well render it illegal to operate on a public highway. Same can certainly apply to a phone’s use of the cell network.
I don’t believe the author is under any such illusion or confusion. It seems clear from the precisely worded text of the article that he’s perfectly aware of the circumstances, doesn’t like them, and is willing to articulate that in public with a specific example.
By all means throw shade at Apple for tripping on a power complex that puts Battersea to shame, but insulting this writer’s awareness doesn’t fly. They are not such a fool as suggested.
Well, no. Legally you do own the device with all it's molecules. It is just a limited, damaged device.
This is one of thoses cases where I agree with the free market people that competition is good. If there were more companies that made Apple devices, then you would be able to buy a non-defective Apple device, too.
And: In a rational society, I could just download the source code and make the change myself. Actually, in a rational society the people that make the computers would not be incentivized to artifically restrict them!
And only if he wants to publish it in the store; with a developer certificate he can install his own app on his own device whenever he pleases.
But if you make something for the world at large, you should stick to the rules. They're not unreasonable, and they are one reason why iOS devices are some of the most secure devices out there.
You own the hardware. You license but do not own the software (as is the case with almost all software nowadays, including FOSS software). If the software from Apple is not to your liking, jailbreak the hardware and install software that is more to your liking.
This might take some effort as newer releases of Apple software are harder to jailbreak so you might have to stop installing new Apple OS releases to give the jailbreaks a chance to catch up to what is on your phone.
It's funny - because we ALSO have folks posting on HN upset that things like tiktok want multi-cast permissions / local device discovery.
In particular, the author complains about "prostrating" themselves, when they actually want to write apps that would run on ANY users device that could have relatively serious privacy implications because instead of providing a specific service they want to do a wildcard discovery.
Your argument gets us nowhere. Because we accept the control Apple currently has, we are entitled to nothing and should accept any arbitrary change? No, that's not how it works. We accept the walled garden in a mutually beneficial exchange.
> Because we accept the control Apple currently has, we are entitled to nothing and should accept any arbitrary change?
Nothing has changed, Apple maintained full control all the time. You have absolutely no power in this matter and no rights, you are simply a revenue source, the only thing you can do is cease supplying money to Apple.
I fully support Apple remote bricking all hardware past a certain age to drive the sales of newer models. It's just a matter of time until you will start to see phones with "3 years limited software support". Once the 3 years are done, a splashscreen appears warning you that the device is no longer supported and insecure, thus unusable.
It's a very similar scam to buying a timeshare. The marketing pitch is "ownership" but what you are really buying is a contractual commitment to pay rent in perpetuity.
This isn’t really true. The entitlement is to stop malicious apps from listening to all of the mDNS beacons coming from devices on your network. It doesn’t stop you listening for/advertising specific named services using the NetService API, and it doesn’t stop you from sending/receiving unicast traffic using regular sockets.
Looks like its gotten worse the second half of the decade and even wages for it have stagnated (except for the FAANGs that pay everyone indiscriminately)
Another strange Apple broadcast “feature”: If you try to block ARP MAC address broadcast (not IPv4 .255 type) on the router, your iPhone and MacBook will not connect to the WiFi.
Try yourself:
ebtables -A INPUT -d ff:ff:ff:ff:ff:ff -j DROP
ebtables -A FORWARD -d ff:ff:ff:ff:ff:ff -j DROP
(Tried on standard ASUS router by adding ebtables rules using SSH)
To clean: ebtables —-flush
Or restart the router, because this also flush ebtables
That's the ethernet broadcast address, not multicast. In addition, if you block ARP, you will probably find that not very much of IPv4 anything will work on any platform.
I think macs can add static arp entries if you did want to disable arp for some reason.
If I remember rightly, apple devices when connecting to wifi
1) Get IP, router, DNS details (either static or via dhcp)
2) Attempt to load a http page to detect any portals
3a) If page loads, is connected.
3b) If page doesn't load but redirects, pops up the portal page (in a cut down browser), then eventually connects
3c) If it doesn't load at all it asks if you want to use the wifi even with no internet access
I suspect if it cant configure an IP at all (because you're blocking arp and dhcp), it doesn't fully bring the interface up. Are you saying that with a static IP entered in wifi you can't connect to a wireless network?
It's weird how a company can be so internally disconnected. This entitlement is a good privacy-preserving hurdle to prevent scummy apps from interfering with your local network and fingerprinting you. On the other hand, the on-device scanning of nudes in imessage and csam in iphoto is a total snitchware swatting-as-a-service piece of software which only serves to incriminate and harass the owner of the device. Such a shame.