> As great as smartphones are, do you want a future where everyone is required to purchase one, an a cell plan to exist in society, to engage in commerce, enjoy shelter, health care and security?
It's an even more dire question: do you want a future where you're required to carry that cellphone on your person at all times?
And for the slippery slope: do you want a future where it's legal to arrest people until their phones can be verified? To prevent impersonation, maybe chip people like dogs so that they can be reliably matched to their phones, and make it a crime (maybe "attempted impersonation") to tamper with the chip or to help someone tamper with the chip?
It's even worser, tons of applications are not working properly if your phone is rooted (so if you put there proper adblocker etc.) or without google apps.
This is a false statement that one can bypass root detecting in just one or two more steps. Anyone saying this might not know implications of Google Safety Net. And, popular tools like magisk have been defeated repeatedly. It is a cat and mouse game.
Magisks have stopped providing patches to games that helped to bypass root detection.
But I pretty much don't. I hoped that it will be as easy as disabling cortana on windows 10, but degoogling your phone is super user-unfriendly and something that almost has to become your hobby.
But for people thinking about it, its still worth it, with Afwall+ to not have ads in any app, newpipe to have functionality of youtube premium and barinsta to make sure you are not dragged into endless reels recommendations on instagram, its magic.
Barinsta got DMCAed or something, F-Droid page is up [1] but the GitHub (linked from there) isn't, and the F-Droid package is still from last summer 2021.
I use a Pi-Hole in my LAN, and Wireguard to it. Low latency so works very well, and given it has a killswitch my connection is always secure -- public WLAN or WAN be damned. The downside is my device and all apps have access to my LAN. Although some of my devices are on a DMZ, and the Pi-Hole works from there as well but the rest of the LAN not.
Adding to that, smartphones can also be extremely distracting. If you'll be effectively unable to put away your phone for longer periods of time because almost everything requires that you interact with it, that can't be good for your mental health.
It's only a fallacy when there are no valid reasons to think that the events will actually progress the way you claim they are.
In this case, there is a clear government and/or corporate motive in increased data mining and social control, so the only thing restricting them is they need to make people accustomed and not consider it too intrusive in non-totalitarian societies.
Things like "contact tracing" or "preventing terrorism" or "think of the children" are among the ways that the powerful actors at the top are convincing the populus that such a measure would be necessary (and beneficial), and the majority of the population does not seem to care much about this to do anything. Hence, it is reasonable to believe that the claimed event (phone being required at some level) is going to happen at some point.
I think that using a single source for authentication/authorization of any kind is stupid: be it a smartphone, a password, a certificate or anything of the sort. Multiple sources should always be used, such as logging it with a username/password and getting an e-mail/SMS/TOTP code to enter, though even those can be compromised if people don't use randomly generated passwords for all of their sites/e-mail accounts/apps.
But on topic of the questions in this discussion, allow me to offer an unpopular opinion, just because it sounds like an interesting thing to think about.
> As great as smartphones are, do you want a future where everyone is required to purchase one, an a cell plan to exist in society, to engage in commerce, enjoy shelter, health care and security?
Required to purchase one? How about given one instead? In my country, we have eID cards, which can be used for digitally signing documents and can serve as methods of authenticating against a government site - due to legislation, now everyone gets one, much like people got passports. And yet, nobody questions needing these cards or passports, even though technically if you lose yours, you do have to pay for a new one because "it's government property".
Alternatively, if people would still have to purchase one, force the manufacturers to be open about their production costs and profit margins, mandate certain specs of devices not to exceed certain pricing - much like Chromebooks have already taken over education in many places of the world due to their relatively simplistic nature, i don't see why we couldn't have basic spec Android devices in abundance either.
Better yet, protect phones and being able to use them like one would treat the likes of eID cards and similar:
- all phones need security updates for 5-10 years from the manufacturer
- all phones need certain levels of battery life: if a new Nokia 105 can last for a week, i don't see why you couldn't cut down the standby modes of Android phones to do the same
- all phones need their batteries to be replaceable by the user, should they want to do so, no phone can be sold without them as available replacement parts for purchase
- all phones need proper permission setups: a passcode for installing apps, and full control over network requests, similar to NetGuard https://netguard.me/
- all phone OSes need to be open source and open to modification, no more locked bootloaders or other stuff like that (might need a confirmation with the user's code first)
- all phones need their hardware drivers and all documentation pertaining to those be open source
- all phones must support custom apps being written, installed and run by the owner, much like a *nix machine doesn't constrain you
- all phones must support third party app stores, should the user choose to use them, e.g. FOSSHub/Fossdroid
- to fight malicious usage of the above, have a LED indicate whether a custom ROM is or isn't being loaded and have a checksum or something show up during boot with info about any digital signatures of the ROM
Edit: perhaps the term "phone" here should be replaced with something like "gov-compatible-phone" or whatever one could come up with - i don't doubt that dumb phones would still have their uses. Technically, all of the above should have been achievable on something like the Symbian OS as well.
Who knows, maybe eventually the majority of phones would once again become more blocky and more of them would be IP-68 certified, or something like that. In my mind, phones should be dependable computing devices, more like a Raspberry Pi/Arduino with a sturdy case in your pocket, rather than dainty status symbols. Think along the lines of these:
> It's an even more dire question: do you want a future where you're required to carry that cellphone on your person at all times?
I already do, so nothing would change for me. I cannot imagine leaving a phone at home, much like i cannot imagine spending a day without Internet (this is probably a controversial statement, should lend itself to some discussion about how people live nowadays, especially the younger generation). Doing so would be depriving myself not only of a means to communicate and navigate, but also of the ability to look things up, like tutorials, or information about something that i'm interested in. Some might extend those arguments to things like note taking, audio notes included, as well as entertainment. Alternatives exist, of course, but they're rather unwieldy - who wants to drag a notepad, a map and a compass, as well as a voice recorder, maybe a dumb phone or a walkie talkie with them separately?
Edit: probably interesting to compare this with carrying a wallet around - since it has money/bank cards and quite possibly ID and other pieces of information as well. Which could be replaced by a phone. And it's not like you could use it after stealing/robbing it off of someone, since it would be behind a passcode or additional lock mechanisms.
> And for the slippery slope: do you want a future where it's legal to arrest people until their phones can be verified?
I have no illusions about this not being abused if that were ever the case, which kills argumentation in favor of anything like it from the onset. Similarly to how there were various "tests" put in place before voting in US, many of which targeted ethnic minorities. I bet similar excuses could be made about officers "failing" to validate a phone/identity due to "technical issues" and thus depriving people of their freedoms.
That said, i am in favor of means to identify people that actually work for a change - you should not be allowed to start a company on someone's behalf after presenting pieces of information that could easily be found out, like someone's name and any sort of a national identifier. My country basically had the same problem - a national identification number for each person, which many sites still asked for during signup. Due to this value ever leaving the confines of something that holds and uses it as necessary, it's no longer reasonable to rely upon. Consider the eID cards instead - it stores a private key and can only be used to sign things with PIN codes that the user must know/store themselves. The certificates never leave the physical device. We need more of that approach. PII leaking would suddenly become a less harmful thing, because it's not like you could actually do anything with that information.
> To prevent impersonation, maybe chip people like dogs so that they can be reliably matched to their phones, and make it a crime (maybe "attempted impersonation") to tamper with the chip or to help someone tamper with the chip?
Pretty dystopian, admittedly. Some people already do, to enjoy the benefits of RFID chips. Personally, for the most part, i'd prefer to stick with fingerprints for opening biometric locks with phone apps and such acting as alternatives. Then again, if i were writing a dystopian novel (you know, more dystopian than real life, where every action that we take online is catalogued and can be looked up by the powers that be) it'd be curious to explore the benefits and drawbacks of having everyone have chips in them. If the society were ruled by a benevolent AI? Probably less crime and strong application of the law. If the society were ruled by regular people? Probably blackmailing and discrimination like you cannot even imagine.
(note: none of these views are exactly held strongly, just something fun to ramble about)
I myself am a "single source for authentication/authorization" and i dont think it is stupid at all.
It is just hard to tell it to a machine. So i am ok to use a token for that.
The trouble for me are the instances, that want to certify, that i am me. I dont need them, but they are there. The middleman, who wants to have a say, to allow or deny.
I have no problem to tell a token, that it is me. I am pretty happy to self-certify myself.
Actually it is - while you provide for yourself and that may be fine, if you have dependents, having daddy be the single source of authentication for everything is pretty damn stupid. You might have accounts for your kids but they need to actually access those accounts.
If you end up in a coma in the hospital, again, having yourself as the single source of authentication for medical purposes is pretty dumb, too.
If you have any group of people dependent upon a thing, having yourself as the single source of authentication is pretty damn stupid. Look up how nuclear missiles are/were protected, if you want a real world tech example.
This thing where people assume they are the only thing in the world so whatever they want is fine for everybody else, that the real fucking stupid thing.
Well, that's the crux of the problem, isn't it? We need a way for you to confirm that it's you and not someone else who has stolen your credentials. Multiple factors of authentication generally work well enough against this. Same for physical devices, be it those eID cards or something like YubiKey or whatever.
> I am pretty happy to self-certify myself.
Well, that's how GPG/PGP works - as long as you give your public key to other people by yourself, be it in person or otherwise. Then you can manage the private certificates for signing stuff yourself however you wish - be it keeping them in a cloud account somewhere (hopefully not), on a local HDD, a USB stick, or printed on a piece of paper where you'd re-type it as necessary (just a silly example).
The problem is that people want a central authority for certain cases, such as interacting with the government - with the appropriate set of software and middleware built around it, so less technically literate people could just put the card in a reader, input a few codes in some official software and be on their way, rather than trying to figure out what the hell a keychain is.
It's an even more dire question: do you want a future where you're required to carry that cellphone on your person at all times?
And for the slippery slope: do you want a future where it's legal to arrest people until their phones can be verified? To prevent impersonation, maybe chip people like dogs so that they can be reliably matched to their phones, and make it a crime (maybe "attempted impersonation") to tamper with the chip or to help someone tamper with the chip?