Guys really, we need to start treating _choice_ as a first class software feature, something more than a "nice" thing that we can just snatch away from young or old people, or people we deem too stupid.

I don't know. On the one hand - yes, let's stop patronizing people. On the other hand we need to be responsible. There are many vulnerable people, they can't just get their shit together and become tech-savvy.

There are many ways we can be responsible.

You and I differ on digital literacy. To me it's the only way to ultimately solve this problem. It's not about educating people technically. See my paper on "Digital Self Defence as Civic Cyber-Security". Here in the UK we're taking that line (officially) at last. And starting young!

Before limiting peoples' options to corporate walled gardens on the assumption that "its safer" we can try actually scuring the products, hardware and OS is the foundation. Got to stop listening to the negative, defeatist voices who say "that's impossible".

And y'know there are laws against computer misuse. We ought to seriously try enforcing them, even if that means the inconvenient truth of exposing criminals with fancy brand names and logos. :)

I like your optimism and on my best days I mostly agree with it.

My skepticism is rooted in two phenomena:

1. Our society seems to be unable to address criminal behavior at the current scale, how can we expect it to improve if we expand the attack surface? Counties are unable to stop basic phone and tech support scams for decades now. There are just a few dozen companies that are responsible and we still fail. I can’t trust the authorities to be able to address more sophisticated scams at a bigger scale. Corruption is at the core of this. So now we also have to solve corruption.

2. Tech literacy is not enough to effectively avoid tech scams. It’s helpful for sure, but look at how many educated people got burned by crypto. I agree it’s work in progress and maybe we will become better as a society. But I need to see more proof to feel confident in that.

It is true that many essential organizations cannot effectively defend their networks. But it is also important to point out that there are many orgs that _are_ effectively defending their networks. I've worked in IT in a huge range of companies, orgs, and context. One thing that is clear is the culture plays a huge role. Those with a culture of supporting people who deal with real problems fare much better, those with a culture of "Cover Your Ass" or "When you say jump, I say how high" are getting hacked left and right.

I think I see where you are coming from, but I don't think that's the argument being made.

Forcing everyone to use a decentralised system where anything goes "wild west" style is probably a terrible idea.

I don't think that is what is being argued.

What is being argued is the right to use a decentralised system over a centralised walled-garden, if you so wish.

I'd rather my mum used a walled garden where the apps are (probably) safer and much less scammy.

I might sound too antagonistic on this topic, that's not my intention.

F-droid is a great app repository, no problem with them whatsoever. I am highlighting the fact that a purist argument for a technological change that does not extensively invest into understanding the negative impacts on consumers is bogus. How many iPhone users really need an alternative store? Versus how many iPhone users want to have safeties around installing apps critical to their well-being?

To your point: maybe a hard to enable setting for allowing sideloading would satisfy both the safety and the flexibility concerns. But at the end of the day, if I ever need a hackable device I will just get an Android or jailbrake my iPhone. I explicitly separate my own needs from what I perceive as a very dangerous change for 99.99% of iPhone users.

I agree with basically all the points in this thread, one thing that is missing is that most of these points are not mutually exclusive. A decentralized system like F-Droid does not close out the possibility of walled gardens, it just gives users choice of whether they want to remain in it. For example, you can buy a CalyxOS device now and only enable F-Droid as the app source. That is a walled garden of the safest kind: all free software reviewed by bots and humans before inclusion. Users then can opt into other sources.

We have recently implemented some rudimentary controls where you can use Device Admin mode to lock F-Droid to a given set of repositories. That strictly enforces the walled garden, but doesn't require a single monopolist have all the power.

FWIW I agree with you about the crypto scammers.

But is it our place to make decisions for people that way? I say not.