Apple shouldn't be allowed to lock down APIs between system components to give themselves a competitive advantage, but that doesn't mean Meta should be allowed decide if they're getting that access. Let Apple offer users the option: allow once, allow permanently, refuse, or fake empty responses without telling the app.
Users will be faced with a dialog saying "to use Facebook, you must accept XYZ", and their only options will be to accept or to not use the app. Facebook will detect empty or fake data and lock the user out unless they acquiesce.
Citation? I think this is not true. The EU law seems to just require explicit consent. So websites and apps can ask whether user wants to share data to keep using them for free or pay a subscription fee.
A "consent or pay" model is sadly widely used, but it's at least very controversial and probably illegal. No data protection agency has gone on record to say it's definitely illegal and no fines have been given out IIRC, but the EDPB had some tactfully negative things to say about it [0], and the Czech DPA has ordered at least one company to cease the practice in a preliminary ruling [1]. (Which the company seems to be completely ignoring, as is sadly common.)
Different threat model. You're thinking of big tech companies like Meta, who are big enough to warrant regulatory attention. I'm thinking of fly-by-night shady app developers that make flashlight/weather/"security"/IoT/game apps, that fly under the radar because they're too small.
To a first approximation, the small apps don't matter because they're small.
If that doesn't work, set up a deposit requirement like Apple wanted for the 3rd party stores and then walked back. Do something wrong, lose the deposit and the entitlements.
Exactly the type of apps people would sideload. Little things that somehow violate App Store rules abusing APIs, lying about app capability, just being ethically dubious.
Use flash to create seizures, nudity people realtime, hack your ex, damage the device, cheat at games, spam your enemies, etc.
There is an infinite use case for tiny malicious apps finding malicious or gullible users and with side loading there are going to be stores created to appear very legitimate when their intentions are actually illegal.
I think the EU has very noble intentions while completely failing to understand that society is a wreck and a lot of money is made through extortion and fraud. Their apparent fix is to make the OS developers still responsible for what is installed while taking away funding for it. I am guessing the end game is more taxes and government intrusion on private devices to fix the problems they are purposely creating.
While sideloading is possible on Android, it appears to be sufficiently difficult that Google isn't effective with the argument that this makes them "not a monopoly".
As a tech person I find this weird, but then I remember the relevant XKCD: https://xkcd.com/2501/
Surely if normal people can't do a thing, even if only because it's too complicated or inconvenient, normal people aren't going to be a big source of security issues due to that thing.
The reason I would rather we'd kept walled gardens (plural is fine, given that monopolies are also bad) is that I expect such apps will quickly become sideloaded soon after it becomes possible.
We shall see — that may simply be a security mindset paranoia on my part.
People might not sideload a flashlight app, but they're probably going to sideload an IoT app (especially if they bought the corresponding product first) and games (especially if their friends are peer pressuring them into it).
Then the EU can stop them from selling their products to EU customers, since as soon as you’re providing services to EU customers you’re obliged to play by EU rules
>Then the EU can stop them from selling their products to EU customers
So you want the EU to play whack-a-mole with fly by night IoT vendors, some of which might be shipping directly from China? Or do you want to fix this with even more regulation, like requiring licenses to import IoT products or whatever?
In a discussion thread about Meta (which follows EU law) launching an app in the EU using their alt App Store laws; why would you further move the goalpost just for arguments sake?
1. characterizing this as a "discussion thread about Meta" is a stretch. While the OP is about meta specifically, it's fairly obvious that as of a comments up, the discussion is about the behaviors of app developers in general, rather than what Meta is specifically doing.
2. Discussing unintended side effects isn't "moving the goalposts". If we're talking about the student debt crisis, and someone brings up the idea of student loan forgiveness, it's not "moving the goalposts" to bring up concerns about inflation.
Unless I'm missing something, Apple only has to provide these new requested APIs to users in the EU. I presume Apple will keep everything as-is in other countries, just like with app sideloading.
Because it's crazy to think that the two dominant app stores are going to have policies that exactly match people's needs, and that they'll implement those policies competently.
Syncing files with Syncthing is no longer possible on Android because the Android team won't fix the performance of storage access framework, for example. This is 100% on Google, not Syncthing.
But I can still use SyncThing-fork because it's on FDroid. Similarly for the Fossify apps, Quillnote, KeepassDX, Privacy Browser, and dozens of others.
Apple will never put in the effort to make a community that thrives on sharing open source apps that are not profit driven. It's simply not in their DNA. And I don't want to have to live in a world where every developer that wants to make a mobile app has to pay a tithe to the overlords of Google and Apple. They will always claim that they're fixing security problems by acting as an intermediary, but there's no way for them to do that without replacing my choices with theirs, and nothing in Google's or Apple's decision-making history indicates they're better equipped to make decisions governing my machines than I am.
So why would a normal person want to sideload? Because they don't want Google and Apple telling them what software they can install on devices they purchased.
I sideload on android because the apps on f-droid are better than google play. So I would imagine the same would apply to iOS. With sideloading you can run open-source software that works in a straightforward way and isn't intentionally crippled so that it can be monetized.
The last time I used iOS I found the app store quality was also really bad. People listing "free apps" that immediately require you to start an expensive monthly subscription to use. The effect on the mobile games industry has been so disastrous that people would rather carry an entirely separate mobile device on them just to play "real games".
On google play or the app store you can play a mobile version of minecraft with microtransactions for $7. With sideloading you can just play a full version of the more popular java edition PC game, for free. (pojavlauncherteam.github.io). I think that sums up the sideloading experience.
I have often used phones without bothering to comprehensively fill out an address book, and should everyone be required to own random network devices or even to take a lot of photos? The only data I can think of which maybe you could "detect" is fake would be the user's extremely course location, but that's only because you might be able to guess at it yourself, at which point the device's data isn't even relevant anymore.
This idea that apps are going to strong arm data out of users seems like one of those talking points which sounds good but doesn't pen out, but somehow simultaneously is used to prevent users from being able to increase either their freedom or their privacy. The status quo sucks, and is in the best interests of both overlords: Facebook knows if it has permission or not, and Apple can claim the only reason they won't abuse this knowledge is if you allow them curation control.
These days, that's true for pretty much everything...including my Android Phone and my iPhone and much software on my laptop. Hell, it's true for a lot of websites too.
Not saying it doesn't suck, only that it is very ordinary and ubiquitous.
That's easy to say, and much more difficult to implement than it sounds.
Careful: There's a lot of nuance in how these kinds of options are presented to the user. Depending on how they're designed, "the general public" will default to yes or no; or get frustrated / overwhelmed with pedantic permission dialogs.
Thus, part of "Let Apple offer users the option" is a commitment to studying how that option is presented, and the overall implications of such an option.
The thing is, at some point users must become comfortable with "pedantic permission dialogs." Users must take responsibility for knowing how software works and the motivations of its creators. Trying to outsource those decisions to corporations and government simply isn't working. Since computer users (I include phone users in that definition) can no longer trust software developers (Apple, Meta, etc.) to be ethically trustworthy (think: high-trust society devolving to low-trust society), users must take this burden upon themselves; if they refuse to, then the battle is already lost no matter what globogiantmegacorp "wins."
> Users must take responsibility for knowing how software works and the motivations of its creators.
This doesn't seem reasonable. Let's try to apply the logic elsewhere:
> Patients must take responsibility for knowing how medicine works and motivations of its creators/prescribers.
Requiring everyone to have deep technical knowledge about anything they use would prevent everyone from using more than the things they are experts in. So, there needs to be either a technological regression, or something to help defend users from unethical practices. The only entity really in a position to do that is a government, for better or worse.
> Patients must take responsibility for knowing how medicine works and motivations of its creators/prescribers.
This is true. If you blindly trust whatever your doctor says, you are going to have a bad time in the current medical system. Doctors are incentivized to push pills because they get kickbacks from the pharma industry. This is pretty well known (https://www.propublica.org/article/doctors-prescribe-more-of...)
When it comes to Elective surgeries, perscriptions. etc. you need to do your own research to how these things work and make an informed decision for yourself. Ultimately, if you're an adult, you are responsible for your own body and your own equipment.
It's not a matter of deep technical knowledge, it's shallow technical knowledge and political knowledge of what institutions are trustworthy.
Businesses are deciding who lives and who dies, instead of people being allowed to have their own choice in the matter. These businesses make decisions based on data stolen from users. If the data were on paper in a person's home, it would be considered private and inaccessible.
Why should a company decide that they should have access to your every move and every data, just because you purchased something from them? Why should a company decide what you're allowed to do with your device? A business shouldn't be permitted to decide these decisions for you without your fully informed consent.
It's funny, you're first sentence "Businesses are deciding who lives and who dies, instead of people being allowed to have their own choice in the matter" to me meant "Apple deciding who can and can not do business with users of iPhones"
The status quo is that Apple has this power on top of the power to collect 30% for all digital transactions (or be denied on the store) and the power to force Apple Pay support to be required (or be denied on the store). Apple also has the power to collect all the data but deny it to others.
That's the status quo that the EU is addressing.
Note: I don't want FB to have my data. I also don't want Apple to have those powers enumerated above.
>Note: I don't want FB to have my data. I also don't want Apple to have those powers enumerated above.
In an ideal world that would be great. However, right now it is either Apple of Google when it comes to smart devices for average consumers. Kinda like political dichotomy in US politics.
Democracy will not function with an educated public. And dumbing down choices are just a way to get give power to megacorp and political institutions.
> Democracy will not function with an educated public.
What makes you think that?
> dumbing down choices are just a way to get give power to megacorp and political institutions
Yes, and an educated public would find better ways to convey the same information because they can use their education to build a new thing, or build regulations or laws where they see a need, or build defenses against adversaries without sacrificing privacy. You can't do that with your local public (eg, citizens) if your citizens aren't able to comprehend the problems they're encountering.
> Democracy will not function with an educated public.
What makes you think that?
Sorry now I can't edit the parent comment now. That was miss type (bad keyboard). Meant to say "Democracy will not function with OUT an educated public. Happy New Year!
And there's nothing wrong with that. If users don't have the will power to close and delete the app when faced with such a situation then that's on them. An adult has the right to decide that their privacy is worth a 50 cent discount off a shitty burger.
