It boggles my mind why anyone would update anything in 2025. Most products are shipped with full feature set and then updates ensure enshittification. The security argument doesn't apply because classic hacks rarely happen, it's mostly social engineering.
It's not a crime, but it's a foolish thing to do if you care about your data. Find vendors that aren't user hostile and still deliver security updates. For me that's various flavors of Linux (Debian, Fedora, arch, depending on my mood) and GrapheneOS on mobile.
I update my PC but I don't update my phone. Android is pretty much a complete product, and new updates just shuffle around the icons.
> Major changes in Android 16
> Battery icons are changed to landscape, with the percentage shown inside the icon
I think it boils down to how much you trust the software vendor to operate in good faith. My PC runs on Fedora and those people don't have any QA, but at least they do their honest best. My gaming handheld is on Bazzite and it's a similar situation. But Google has a proven record of enshittification of Android. I turned off TV software updates long ago because I only use it as a dumb screen so I don't understand what is there to update. My headphones yell at me "there's firmware update available" but I don't want to discover what new problems were introduced, current firmware works correctly. I have a smart robot that's fully cloud-operated and they recently introduced a completely new app. I'll keep using the old app as long as I can because I don't want to be their beta-tester and the old app works. I have smart light system and there's no reason to update anything because the functionality "use remote control to choose the desired light setup" mostly works with small glitches that aren't too annoying.
Click ‘Install’ on Plasma Bigscreen page -> oops, here's a notice that you can't use it. What's the point? Why not at least suggest instructions for a dev/testing/at-your-own-risk build?
Hey pabs, think about it. You know this doesn't work.
It doesn't work for the same reason the electricity company doesn't let you reprogram your electricity meter. Unlike the raucous response here as far as I far as I can tell, no one complains about that arrangement, despite the fact the meter is on your property, on land you own, and you effectively pay for it. They put up with it because of want the electricity, they know the electricity can't trust all their customers with metering it, and when it's all said and done putting a small box on their property the electricity has absolute control over is hardly a big deal.
It's exactly the same deal with your computer, or should be. There is a little area on a device you own that you have no control over. Ideally visible and running open source software with reproducible builds, so you can verify it does what it says on the box, and yes neither you nor anyone else can change it, so it meets your condition.
But it's purpose doesn't. It's purpose is to load the equivalent of electricity meters, which are software other people can change and you can't. Thus this area on the your device carves out others areas it can give ironclad guarantees to a third party they solely control, you can not reprogram, and you can't even see the secrets they store there (like encryption keys). These areas don't meet your definition. The third party can reprogram them, but you can't, you can't even see into them.
These areas can do things like behave like a credit cards, be a phones eSim, house a FIDO2 key that some their party attests is only ever stored securely.
Currently we depend on the likes of Google and Apple to provide us with this. I'm not sure Apple can be said to provide it, as they insist on vetting everything you can run that doesn't live in a browser. Google does better because you can side load, if you are willing to jump through hoops must people can't. Wouldn't it be great if debian could do it too? But to pull that off, debian developers would have to be believe allowing users to hand over control of a space on their computer they can't see or alter, to a third party debian didn't trust somehow works open source. It's not a big jump from the current firmware policy.
It would also mean that any GPL code recipient could sue for compliance, and since Conservancy is a small underfunded org, that is a huge win since it means others could do that work too.
We can have both freedom and safety by requiring re-certification after modification. Like when you heavily physically modify a car then you can still drive it after the authorities decide it is safe.
reply