There are also just normal bugs and known limitations and acceptable risks.

So are nearly all security vulnerabilities.

Is bypassing the lock screen a security bug?

The lock screen isn't bypassed in either of these.

He didn't say it was.

Is parental lock really "security-related" ?

Like it's a frustrating response to this valid bug report, but it's not really a security risk here, either. You don't actually bypass the lock screen or anything.

I think it really is and could have serious safeguarding issues.

Also other features are effected like kiosk mode etc. The implications are unclear but could conceivably be quite serious in some scenarios.

> Also other features are effected like kiosk mode etc

Is it? That's not demonstrated nor claimed in the linked article.

> I think it really is and could have serious safeguarding issues.

Elaborate. What's the security risk from your child using a browser after the parental control timeout expired? It's annoying that the automatic limits didn't fully happen, but data isn't compromised as a result, either.

Browse the open internet (or internal network?!) from a McDonalds ordering kiosk?

No skin in the game, but this is very similar to the old Win95 "About... Help... $BROWSER" style bypasses.

>Win95 "About... Help... $BROWSER" style bypasses

Could you tell me more about this?

We are worried about children being compromised. This is as much about data getting into their heads as it is about basic exfiltration.

That is still out of scope. And as parents you have to accept that you cannot keep control of everything. Your child might see stuff in the streets, might see stuff on someone else's device for which you weren't prepared, or find ways to circumvent any limitation you put to his life.

And being educated != being in jail.

Oh sure, kind of like we adults cannot keep control of everything, like secret browser loopholes. Hey, one dev parent's scope is another dev parent's creep!

But honestly, maybe re-read the HN guidelines: https://news.ycombinator.com/newsguidelines.html

> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

These are parental controls. They aren't working in this one specific way. That's. The. Scope.

scope related to security risk. The device and its data are not being compromised by the kid escaping to a browser.

I think “your threatmodel is not my threatmodel” applies here. I can easily see a parental lock being relevant in certain abuse cases for example.