undefined | Better HN

0 pointsamiga3861y ago0 comments

Step 1: Have the iPhone pop up saying "do you want <Pebble watch> to be able to send messages?" and let the user decide which devices can send their phone messages.

Step 2: Have the iPhone pop up saying "do you want <Apple watch> to be able to send messages?" and don't just assume "yes"

Both steps would improve security, even if they harm Apple's profits.

0 comments

threeseed1y ago

We have decades of experience that users will blindly click whatever prompts they need to make the app work.

amiga386OP1y ago

Ah, but you see, they need to go to the Apple store and buy an Apple product, then with no clicking at all the app will work.

If they go to a different store, and buy a non-Apple product, that's insecure. What they need to do is return it and go to the Apple store and buy an Apple product. That's secure. Give the money to Apple.

ketzo1y ago

You're being sarcastic, but isn't this all just... correct?

Yes, I do trust the company that developed Secure Enclave more than I trust random BLE firmware in a $49 Alibaba watch.

More importantly -- my great-uncle can trust the same thing, because Apple has spent decades building that trust. Consumers generally should not trust random hardware. Apple is not random hardware.

1 more reply

Zak1y ago

Android handles a couple permissions it doesn't want people turning on accidentally by requiring that the user open the settings app and manually pick which apps to allow from a list. I wonder if that reduces the rate of people enabling things unwisely.

simion3141y ago

>We have decades of experience that users will blindly click whatever prompts they need to make the app work.

Really, how is Apple protecting you from clicking Allow on a webbrowser if it asks permissions for WebCam and Microphone? I am asking since I do not have a Mac and really want to know how well are Apple users protected compared to Linxu users from web and microphone on browsers.

rezonant1y ago

That's exactly how it works. Apple does the same thing everyone else does. But when Apple does it, it's "secure", and when everyone else does it, it's "insecure". Hope that helps.

_Algernon_1y ago

Where do you draw the line between allowing functioning adults to make their own choices (even if they are mistakes) and tech paternalism?

Currently we seem stuck in a positive feedback loop where tech becomes more and more paternalistic which creates more and more tech illiterate users which is used to justify even more tech paternalism.

It is convenient that this tech paternalism also happens to align with the profit incentive: Easy to trap people in closed ecosystems this way.

ryandrake1y ago

You're getting dumped on here but you're absolutely right. Anyone who has been in software for any amount of time knows this, too. HN is full of software developers--downvoters should know better.

You can put a button in your app that says "Tapping this will drain your bank account and give you cancer" but if it also enables functionality that the user wants, they will tap it.

DirkH1y ago

Sounds like a "make better warning messages" issue.

Most users are not able to root their device due to the number of steps needed and will give up on an app that needs root access. Make it so that you have to do something other than just clicking a warning message to enable using your Pebble then.

Warning messages can be made idiot proof with some thought.

spiderice1y ago

How would step 1 improve security over not allowing third party devices to send messages at all?

mystified50161y ago

Why let users send messages in the first place? Tell me how you can get any more secure than that.

SR2Z1y ago

If Apple had their way, they would LOVE to sell you a $2000 aluminum brick with no screen, speakers, microphone, etc., that still required a proprietary cable to charge.

3 more replies

fiddlerwoaroof1y ago

I absolutely hate these sorts of nagging popups and I’m happy that a vendor I already have to trust doesn’t pop them up when I acquire a new product and sign it into my Apple account.

Imo, if this were to happen, it should happen by allowing devices like the pebble watch to sign into an Apple account and acquire permissions through that process rather than nagging on my phone on pairing.

dns_snek1y ago

What are you proposing exactly? What can be simpler than a single Yes/No prompt?

fiddlerwoaroof1y ago

I think I was pretty clear. You setup your pebble watch via openid connect/oauth like any other API client. No nag popups, manual Bluetooth pairing, etc.

1 more reply

recursive1y ago

No prompts. No interoperability with non-Apple products or services. Maximum security. Minimum interaction with unwashed masses.

j / k navigate · click thread line to collapse

0 comments

threeseed1y ago

We have decades of experience that users will blindly click whatever prompts they need to make the app work.

amiga386OP1y ago

Ah, but you see, they need to go to the Apple store and buy an Apple product, then with no clicking at all the app will work.

ketzo1y ago

You're being sarcastic, but isn't this all just... correct?

Yes, I do trust the company that developed Secure Enclave more than I trust random BLE firmware in a $49 Alibaba watch.

More importantly -- my great-uncle can trust the same thing, because Apple has spent decades building that trust. Consumers generally should not trust random hardware. Apple is not random hardware.

1 more reply

Zak1y ago

simion3141y ago

>We have decades of experience that users will blindly click whatever prompts they need to make the app work.

rezonant1y ago

That's exactly how it works. Apple does the same thing everyone else does. But when Apple does it, it's "secure", and when everyone else does it, it's "insecure". Hope that helps.

_Algernon_1y ago

Where do you draw the line between allowing functioning adults to make their own choices (even if they are mistakes) and tech paternalism?

It is convenient that this tech paternalism also happens to align with the profit incentive: Easy to trap people in closed ecosystems this way.

ryandrake1y ago

You're getting dumped on here but you're absolutely right. Anyone who has been in software for any amount of time knows this, too. HN is full of software developers--downvoters should know better.

You can put a button in your app that says "Tapping this will drain your bank account and give you cancer" but if it also enables functionality that the user wants, they will tap it.

DirkH1y ago

Sounds like a "make better warning messages" issue.

Warning messages can be made idiot proof with some thought.

spiderice1y ago

How would step 1 improve security over not allowing third party devices to send messages at all?

mystified50161y ago

Why let users send messages in the first place? Tell me how you can get any more secure than that.

SR2Z1y ago

If Apple had their way, they would LOVE to sell you a $2000 aluminum brick with no screen, speakers, microphone, etc., that still required a proprietary cable to charge.

3 more replies

fiddlerwoaroof1y ago

I absolutely hate these sorts of nagging popups and I’m happy that a vendor I already have to trust doesn’t pop them up when I acquire a new product and sign it into my Apple account.

dns_snek1y ago

What are you proposing exactly? What can be simpler than a single Yes/No prompt?

fiddlerwoaroof1y ago

I think I was pretty clear. You setup your pebble watch via openid connect/oauth like any other API client. No nag popups, manual Bluetooth pairing, etc.

1 more reply

recursive1y ago

No prompts. No interoperability with non-Apple products or services. Maximum security. Minimum interaction with unwashed masses.

j / k navigate · click thread line to collapse