> If this precluded the ability to eg install a program via curl or brew, or even just a .dmg you download from your browser
I expect that governments will offer a "compromise" which is that you can run these "unapproved" apps, but they must be signed by a developer key which is tied to a domain name, and that domain name must be checked (by the OS) against a blacklist of banned applications/developers/websites.
That should be enough to block any encrypted messaging apps without backdoors, or apps like Tor, or bittorrent clients.
There could be a cat-and-mouse game as developers try to rename their apps, generate new keys, and register new domains, but when governments notice that their ability to censor is at stake, they will spare no expense on whichever intelligence agency or defence contractor is tasked with keeping the blacklists updated faster than any banned applications can reach mass adoption.
In parallel to this, governments will require that ISPs only let devices access the internet if they pass a "secure boot" check, which confirms that the device is running an operating system which enforces this blacklist.
We're probably less than 5 years away from some G7/EU country mandating this system, with the timeline only limited by the rate of adoption of technology like Windows 11 and Pluton. Older devices (and those running "unapproved" OSes) will be limited to specific ports and IP ranges, for "cyber-security" reasons.
I expect that governments will offer a "compromise" which is that you can run these "unapproved" apps, but they must be signed by a developer key which is tied to a domain name, and that domain name must be checked (by the OS) against a blacklist of banned applications/developers/websites.
That should be enough to block any encrypted messaging apps without backdoors, or apps like Tor, or bittorrent clients.
There could be a cat-and-mouse game as developers try to rename their apps, generate new keys, and register new domains, but when governments notice that their ability to censor is at stake, they will spare no expense on whichever intelligence agency or defence contractor is tasked with keeping the blacklists updated faster than any banned applications can reach mass adoption.
In parallel to this, governments will require that ISPs only let devices access the internet if they pass a "secure boot" check, which confirms that the device is running an operating system which enforces this blacklist.
We're probably less than 5 years away from some G7/EU country mandating this system, with the timeline only limited by the rate of adoption of technology like Windows 11 and Pluton. Older devices (and those running "unapproved" OSes) will be limited to specific ports and IP ranges, for "cyber-security" reasons.