Hacker News new | past | comments | ask | show | jobs | submit login

The problem here is that it's very easy to argue a lot of these prompts as "security".

- Upgrade to Windows 11, our most secure operating system ever!

(more secure against which benchmark?)

- Switch to Bing, our most secure browser ever!

- Enter your phone number into Facebook to help secure your account!

(translation: we want another data point to track you)

None of the above is technically wrong, but it doesn't mean that the intention of the nagging is to protect users.




> (translation: we want another data point to track you)

Wasn't it more of "just confirm the data we slurped from one of your friends when they allowed us access to their contacts. we already have your number, we just want it official from you so we can move it from the dark profile to your main profile where it is absolutely already being used to track you, so why not?"


> - Upgrade to Windows 11, our most secure operating system ever!

This one should be in comparison to Windows 10 wrt benchmark.


The problem is "secure" is a vague term and thus easy to gamify.

eg is it secure because of fewer CVEs? You'd probably expect fewer CVEs because it is newer, so that doesn't mean it is more "secure" in any meaningful way but it's definitely an easy position to defend if someone were to challenge Microsoft's claim.


Look up the number of CVEs by OS and you'll find the results are... amusing.


Not if the claim contains "ever". They would need to prove that Windows 11 has fewer vulnerabilities than e.g. MS-DOS 6.22.


how secure is MS-DOS 6.22 though. sure, there's no networking access, but is the code secure in other ways? what kind of code was just never exposed to fully reveal how fragile they were? there has always been software slightly less fragile than a house of cards. people were just much less incentivized to poke them the way they are today


Everytime someone asks "But where's the line?", the answer is "somewhere"

When I push an update that prompts my users to update their software, it's because it fixes a CVE


IDK, the line seems fairly clear. Asking someone to upgrade an existing product for security makes sense. Similarly, asking to switch to two factor isn't a bad idea at all, even if there are secondary motives.

Asking someone to come over from a competitor's current product doesn't sound like an actual security intent.


Can Google really complain? For years they bundled Chrome installers that set the browser as default with other random software. And every time you visited Google with Internet Explorer or Firefox, they told you to "upgrade" to Chrome.


Yes. Making deals to distribute their software is a well accepted practice and Chrome is far from the worst thing to come preinstalled. Advertising your wares on your own website is even more reasonable than that.

Observing when a competing browser is used to visit a competing site and then having the desktop OS open a popup crosses a very different line.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: