[HN Gopher] Senate panel approves antitrust bill restricting big... ___________________________________________________________________ Senate panel approves antitrust bill restricting big tech platforms Author : clairity Score : 92 points Date : 2022-01-20 20:18 UTC (2 hours ago) (HTM) web link (www.wsj.com) (TXT) w3m dump (www.wsj.com) | sto_hristo wrote: | Tech world is such garbage they would even pass actual laws take | it less horrible. | | Without this stagnation of progress we have right now, because of | the unrestrained abuse of power major providers have been doing | for so long, we'd be using phones like actual laptops right now. | In fact, we wouldn't be calling them phones at all. | | Every new model is just like the model from 10 years ago, but | with an extra camera on the back. And that is all. It's like | living in a world of endless Pentium 4 refreshes due to the lack | of AMD. Truly Terri Gilliam material. | zepto wrote: | > Every new model is just like the model from 10 years ago | | This statement is totally false. | dang wrote: | " _Please don 't fulminate._" | | https://news.ycombinator.com/newsguidelines.html | xoa wrote: | Very glad to see some consideration of this sort of thing. That | said I'd really like a minimally crafted law to start that | created new options for consumers while also recognizing the | value the existing situation brings, as well as tying corporate | power to responsibility which seems like it'd do a better and | more flexible job of getting finding the right dynamic balances | in the market. Dealing with externalities is always really | important as well. Using as Apple as an example: | | - In terms of cryptographic chain, I'd like to see it mandated | there be an _option_ at buy time to allow owner access to | software root key store, hardware root key store, or both. Many | people would be best served in their threat models by the current | situation of leaving Apple in charge, which also means they can | 't be socially engineered or pressured into offering access. It | also unionizes diffuse buying power into one actor with different | incentives than other powerful actors. It is unlikely that | Apple's advertising privacy changes vs Facebook say could have | happened in a fully open environment for example since Facebook | has enough pull to get people to sideload whether they like it or | not. Others would really like full stack access. And many would | fall into one bucket or the other. Those less technical in areas | with poor Apple support options might still want the software | side of things as a walled garden but be able to allow arbitrary | 3rd party hardware repairs. Conversely, I at least would like | full software side control, but I'm more concerned about evil | maid attacks than I am about the rare need to go to an Apple | store for a hardware repair. There isn't really a one-size-fits- | all here, but that doesn't have to be mandated either. | | - In terms of power and responsibility, I think that'd be a great | way to handle repair, and it has the advantage of not singling | out just "big companies". If a product creator wants to maintain | full hardware and software control, it should also have to fully | support the product. If after X years it no longer wishes to | offer support, it should also be required to give up control (in | terms of necessary crypto keys and documentation). Then everyone | gets to decide where the right balance is in terms of support. An | open source startup doing a risky new product also avoids being | on the hook for much support if things go pear shaped because | everything is fully available to the community. At the opposite | end a company like Apple could maintain total control for 10 | years if they wanted, but only if they offered 10 years of | updates and hardware repair or replacement. At any point they | could get off the hook for that, but then they'd have to let | owners take it over themselves. No having cake and eating it too. | And everything in between. An Android OEM only wants to support a | phone for 18 months? Fine (maybe, within below), but no locked | bootloader after that, they need to have full docs for it etc. | There would be room for all kinds of brands fitting all kinds of | needs and price points. | | - The above said, I do think there is an externality/information | asymmetry situation when it comes to warranty repair. There is a | general expectation amongst the public is that there is some tie | between buying something decent and how long it will last. | Imagine if an iPhone said "this product will break after two | years four months" on the label at buy time, that'd pretty | radically change the market reaction to it. But some small | percentage of people get screwed, and the standard warranty | doesn't match expectation at all. Essentially the consumers are | all gambling, and the side with the best information on risk | keeps it to themselves and gets to sell "extended warranties" at | enormous profit. The sticker price doesn't accurately reflect all | the potential costs. That shouldn't be allowed. Standard warranty | coverage should either be longer period, or have some sort of tie | to pricing/tier. If someone wants something ultra dirt cheap and | disposable that should be ok, but if someone buys something where | a reasonable expectation would be it lasts 4-6 years at least | that should be part of the price. Or if nothing else, there | should be a requirement that all repair/replacement data is | public with a clear standardized "% failure by year for first 5 | years" infographic or something of that nature. Special | warranties should only be for truly extended business support | periods, or stuff like advanced replacement or SLAs. When people | compare prices, they should be able to have upkeep factor into | that easily. Hidden pricing is the bane of good markets. | endisneigh wrote: | > Senator Dianne Feinstein criticized the bill and said that it | targets a "small number of specific companies," and Senator Alex | Padilla said that it was difficult to "see the justification for | a bill that regulates the behavior of only a handful of companies | while allowing everyone else to continue engaging in that exact | same behavior." | | This bill should pass but that's also a good point. | | More fundamentally there should be a bill that affectively taxes | the top 10% of companies in all industries and credits the bottom | 25%. Call it an innovation bill. In addition the bottom 25% | percent should get discounts on all licensing fees charged by the | top. | | More generally our government should use financial incentives and | disincentives for creating the behaviors we want. | eps wrote: | > Call it an innovation bill. | | This will result in a boatload of scam and zero innovation. | endisneigh wrote: | How so? | DerpyBaby123 wrote: | Not op, but I can imagine it would be easy to be in the | 'bottom' tier of an industry by revenue/sales/etc - if I | want to be credited, just make a tiny barely functioning | company and collect the credits | endisneigh wrote: | A well operated implementation would probably be in the | form of reduced taxes, not a check as the point is to | help grow smaller competitors, not create zombie | companies. | dereg wrote: | > More fundamentally there should be a bill that affectively | taxes the top 10% of companies in all industries and credits | the bottom 25%. Call it an innovation bill. In addition the | bottom 25% percent should get discounts on all licensing fees | charged by the top. | | No. How is this at all promoting innovation? The practical | effect of this would be to allow crappy companies to stay alive | as zombies, doing the opposite of promoting innovation. This | would also encourage companies to split into a hojillion shell | companies to qualify themselves as what you define "the bottom | 25%." | | This isn't even speculation. If you look at states' tax credit | programs to "encourage innovation" in x industry, you see those | tax credits are absorbed by the best of financial engineers. | | The more levers, and thus complexity, you create in an economy, | the more likely that it's the extreme wealthy who benefit. | endisneigh wrote: | I disagree with you. If companies split themselves into | smaller companies that wouldn't necessarily be a bad thing. | Without having described _how_ exactly the money would be | distributed or the specific criteria I 'm not sure how you | can confidently say it would create zombie companies. | | In any case, the point of what I was saying was to help fund | strong competitors. You could just as well transfer funds | from the top 10% to the third and fourth deciles. | dereg wrote: | What's your desired outcome of a program like this? The | purpose of antitrust is to encourage competition for the | benefit of consumers. Improving competition is a necessary, | but not sufficient outcome. Creating competition for | competition's sake, irrespective of the consumer effect, is | against the spirit of antitrust. | endisneigh wrote: | I think competition for competition's sake is good. | Historically and inherently it will ultimately result in | better outcomes for consumers as ultimately that's the | purpose of all companies - providing goods and services. | pumanoir wrote: | Isn't the very definition of antitrust to target "a handful | companies" and prevent them from running an entire industry? | syshum wrote: | Why do you believe that taking money from the top 10% and | gifting it to the bottom would result in innovation? | | Is is not possible that the bottom 25% is there for a reason, | that they failed or their product is not viewed as innovative | by the public? | | I fail to see how this wealth redistribution scheme would be | effective or produce the stated outcome. Like most wealth | redistribution scheme it is lofty on the goal, but unclear on | the results with no objective measurements and not real way to | assess its value. It is more a "do it and assume it was | successful" program like many government program are | endisneigh wrote: | Depending on how it's implemented it could result in | innovation by reducing the cost for competitors, to well, | compete. Tremendously poor companies would still fail, but it | would effectively create more breathing room for potentially | viable competitors. | echelon wrote: | > Why do you believe that taking money from the top 10% and | gifting it to the bottom would result in innovation? | | The economics occurring atop the Apple platform should not | belong to Apple. Apple created a great product in the iPhone, | they slayed the competition, and they have forever positioned | themselves as 50+% of American computing. They're making boat | loads of profit on hardware sales, accessory sales, first | party services and subscriptions. This should not come with | the right to tax almost everything happening in mobile | computing. | | Apple is not innovating in the dating space, the gaming | space, the business management space, or the productivity | space. They are taxing these industries simply because they | established themselves as the toll keep of the winning | platform. | | None of these companies cares about Apple. They're only | building in Objective-C/Swift/iOS because that's what won the | market. They'd be much happier to build for an open web | platform, but Apple has artificially knee-capped it. Web apps | suck because of Apple. | | Apple needs to be told by the government this isn't okay. | This won't hurt Apple in the slightest. They have a dragon's | hoard of cash, will still have the best mobile platform, and | have a ton of other incredible revenue streams. | | They need to let their stranglehold go so that others can | grow too. | | Imagine if the roads were 50% Tesla and Tesla took 30% of | every Amazon delivery, every trip to the grocery store, and | every date you went on. That's what Apple is doing right now. | It sounds absurd because it is. | formvoltron wrote: | How about standardizing battery replacements as well as | standardizing on battery packs for power tools? | twblalock wrote: | I'd rather not. Competition in the power tool market has | resulted in very impressive batteries over the last few years. | | If we had standardized on the old 18v-style batteries, with the | stick that goes up into the tool handle, we might still be | stuck with them. | | Similarly, if the EU had gone through with standardizing on | micro-USB plugs for smartphones several years ago, as it | threatened to do, I doubt we would now have phones with USB-C | which is so much better. | endisneigh wrote: | I'm surprised no one has made a series of adapters for this so | you can use any battery on any tool. | bin_bash wrote: | yes they have https://badaptor.com/us/ | aaomidi wrote: | I mean, there's always going to be more things. | | This one is a huge step and I hope it goes through. | sneak wrote: | The real question here is will it allow you to sideload without | an Apple ID? | | Right now, to get _any_ app onto an iPhone, you have to use an | Apple ID, which requires providing a phone number (verified with | sms), an email (verified with a code), and some other stuff that | 's not verified (name, country, street address, etc). It also | sends the serial number of the device when you create the ID (and | you can only create so many per device). | | There's really no privacy on Apple devices unless you can a) buy | a device without providing PII, and b) load apps onto the device | without providing PII (including VPN/DNS apps, so that you can | block all the phone-home crap it constantly does to Apple). | | I'm in the process of a painful switch to Graphene and the no- | good, very-bad Android ecosystem as a result. I don't like the | approach to solving the problem, here, but if Apple devices | become usable again without compromising privacy it would be nice | to be able to continue to use them. | | Sideloading is sort of enabled already, in that you can use any | Apple ID to get signatures for self-built apps (or downloaded | apps) to load on to your own device (registered to that Apple | ID). If they comply with such legislation by allowing sideloading | for ID-identified customers only, it's little comfort for those | that care about privacy or freedom/choice. (It also means they | can turn off sideloading on a per-person or per-country basis | from Central Command during wartime, or if you become persona non | grata for some reason.) | [deleted] | ortusdux wrote: | It sounds like this might apply to Oculus/Meta head-sets as | well. I would buy one tomorrow if they didn't require a | facebook account in good standing. | clairity wrote: | yes, tying sideloading to an apple ID would be a real blow to | privacy and freedom, but sideloading at all would be a | meaningful improvement. | | it'd be a win to be able to install and run an application- & | network-level (outbound & inbound) firewall for everything on | the phone, not just some subset of web content on safari. | LatteLazy wrote: | More poorly defined legislation with no predictable outcomes that | will spend decades with judges who never used a computer trying | to guess their way through? | throwawaymanbot wrote: | neonate wrote: | https://archive.is/q31Xz | dang wrote: | Url changed from https://www.macrumors.com/2022/01/20/senate- | panel-sideloadin..., which points to this. | | Submitters: " _Please submit the original source. If a post | reports on something found on another site, submit the latter._ " | | https://news.ycombinator.com/newsguidelines.html | eatonphil wrote: | > Sideloading would "hurt competition and discourage innovation" | by making it "much harder" to protect the privacy and security of | personal devices in the United States, according to Apple. | | Taking Apple at their word here, I still don't get it. Can anyone | explain the argument they're trying to make? As written it just | sounds so ridiculous (but I'm still trying to understand it). | joe_the_user wrote: | Proof by 1st order corporate brochure logic (CBL): "Hurting | security" is a bad thing. "Hurting competition and discouraging | innovation" is a bad thing too. One bad thing always leads to | another. | | QED. | xoa wrote: | > _Taking Apple at their word here, I still don 't get it. Can | anyone explain the argument they're trying to make? As written | it just sounds so ridiculous (but I'm still trying to | understand it). _ | | There are at least three aspects to this: active attacks, | negotiating power between various actors, and platform | maintenance. | | 1. To the first, certain classes of attacks and malware are | dramatically harder to execute on locked down platforms like | iOS devices than on open systems. Remember, on the PC or Mac | enormous amounts of real world risk isn't the result of 0-days | but social engineering, pressure, user error or laziness, etc. | On iOS, it's simply impossible to just give somebody root | access. The user doesn't have it. It's even harder to have a | persistent root kit, let alone go down below the kernel. When | there are exploits, the owner community as a whole tends to see | and have deployed upgrades faster. There are more barriers to | the kinds of low effort mass adware and the like that plagued | many non-technical (this does _not_ mean stupid or undeserving) | people before, like the classic of opening your relative 's | browser and discovering a hundred competing searchbar and ad | injecting add-ons and such. And on and on. | | Of course, there are security issues that can arise from this | too. And if a player is _more_ powerful than Apple is (like a | major government) then the whole thing can go very bad, because | now there isn 't any way to bypass that either. On balance I | think the long term risks are higher with no owner controlled | root cert like the current situation, but we shouldn't be blind | to the fact that Apple worked to solve a huge problem with | computing that the tech community were really assholes about | (me included to some extent in the 90s, I remember the BOFH | type admin and jokes that went around hell desk quite well). | There is some baby amongst the bath water. | | 2. To the second and per above, that Apple has a secured | position as powerful player on the iOS platform shouldn't | obscure that there are other very powerful players vs the | normal user. Many people find certain things like Facebook | effectively indispensable. And individually they lack the | weight to negotiate. Facebook and the like do not give a single | shit about you individually. If you tell them "you better stop | XYZ tracking or no more service from me!" that likely won't | even get a reply. But Apple's control means it acts as the | focal point of hundreds of millions of very valuable users | combined. Apple can say "thou shalt disclose privacy practices | and formulate and obey a policy" or "thou shalt not have | persistent device traction" and attach an OR ELSE to it and | actually have it stick. But if a player of Facebook's scale | could then just say to everyone "you must go and sideload | Facebook Store and grant it full permissions to keep using our | product" that power might well completely dissolve. In | principle government could be dealing with some of this, but | government is often pretty slow, heavy handed, and faces its | own problems with corruption, lobbying etc. | | 3. To the third, while Apple is obviously making plenty of | profit and some of their resources are obviously going into | irritating bikeshedding UI-cycle stuff, that shouldn't disguise | that upkeep of a modern networked platform isn't free. There | really is a major cost to keeping up security, to developing | and maintaining system frameworks, infrastructure etc, and then | keeping up with that for years after a product has been sold. | How that is paid for also has implications for effectiveness. | It's not necessarily feasible to build all of it into hardware | pricing. If users are asked to pay (remember, paid OS upgrades | were once the rule in the proprietary world), lots of them | won't, which means the platform becomes more fragmented and | more people miss out on critical security updates sooner or | later. Having it be part of developer prices might be a least- | bad way to do it. There is some link between those who benefit | most and those who pay most, and it doesn't create the same | negative incentives for users. | | People mock the "Apple Tax" but honestly paying taxes for | infrastructure isn't always a bad idea. If anything I wonder if | Apple shouldn't actively lean into that and announce they're | going to make it more progressive, with 0% fee for the smallest | fish rising to the highest amount for the biggest ones. But it | too depends on some level of enforcement, same as taxes IRL. | | ---- | | Again, none of this is to say there aren't major, obvious | downsides to the level of control Apple has too. Their | accountability is limited, and their incentives certainly | aren't all aligned with their customers. Their control has been | used for anti-competitive ends and moving into other services | that should be more competitive (backups being a simple | example) with negative effects (not just money, but lack of | E2EE encryption). I do think there is room for legislative | improvements. But it's not entirely simple. | legutierr wrote: | I have some questions about how access to Secure Enclave, and | in particular hardware keys, would work in a sideloaded app. | | Could one sideloaded app somehow impersonate another sideloaded | app, and thereby trick the PKA/SKP into signing a message with | a private key that it shouldn't have access to? | | If there is no way to securely distinguish between two | sideloaded apps, such that one app could impersonate another in | getting access to OS- or hardware-level cryptographic services, | then that could be a real problem, I think. | | I don't yet know enough about how these crypto services are | implemented to know whether this would actually be a problem in | practice, however. | olliej wrote: | Ok it's very simple. | | If Facebook says "we're going to put Facebook on a different | store", now the majority of americans use Facebook, so now | install the second App Store. This App Store fails to maintain | the security rules of the real App Store, and now users devices | a compromised. | | A core part of the security model of iOS is the App Store. The | App Store makes sure that all applications have a sandbox, and | that the sandbox entitlements are safe. | | The reason one app can't build a list of your other apps is | because the sandbox prevents it. The reason it can't read your | address book is because it lacks the entitlements to do so | without your permission. | | As far as privacy: The reason Facebook, or any app, is required | to ask for your permission before violating your privacy is | because of App Store policy. | | This legislation explicitly makes restrictions on collecting | user data unlawful. | JumpCrisscross wrote: | > _Can anyone explain the argument they 're trying to make?_ | | If Facebook removes their app from the App Store (or cripples | it), and says you have to side load this app, most Americans | will do so. Even if that app violates a number of user-friendly | policies. The OS, of course, could enforce that at a technical | level, which weakens the argument significantly. | | Also lots of people will click links and side load spam apps, | but that's par for the course. | olliej wrote: | What technical restrictions can they do? | | It can't be sandboxing, as the entitlements and/or existence | of sandboxing for an app is enforced by the App Store, and | we've just said we're not using that. | | It also removes privacy protections: Facebook is required to | ask permission to track you on iOS. It's only required to by | platform policy in the App Store license agreement. They're | not using that any more, so goodbye opt-in tracking. | ThatPlayer wrote: | Why couldn't they make the entitlements enforced by the | operating system with user prompts, rather than the App | Store (or both)? Just because that's how it's done right | now doesn't mean we're just flipping a switch and suddenly | allowing everything. It's still up to Apple on how they | implement it. If that's how they choose to implement it, | that's on Apple. | zepto wrote: | > The OS, of course, could enforce that at a technical level, | which weakens the argument significantly. | | This is simply not true. An app can lie about what it does, | and nothing at a technical level can prevent that. | JumpCrisscross wrote: | > _An app can lie about what it does, and nothing at a | technical level can prevent that_ | | I was thinking of the tracking restrictions when I wrote | this. The OS simply doesn't give the app the data. | zepto wrote: | It's much harder than that to prevent fingerprinting, or | the use of legitimate APIs for illegitimate purposes. | | In any case the idea that you can achieve privacy and | security solely through managing APIs is simply false. | whatshisface wrote: | Apple defends their absolute control over software that runs on | their devices by arguing that malicious actors could give | instructions for sideloading malware. | kart23 wrote: | I think the headline is wrong. Sideloading or alternate app | stores wouldn't be required, thats not the purpose of the bill. | Sideloading and alternate app stores is a legitimate | privacy/security problem that will be exempted under the bill. | | >"unless necessary for the security or functioning of the covered | platform," from https://www.congress.gov/bill/117th- | congress/senate-bill/299... | | I think it would actually be very good for the app store, | outlawing a lot of the restriction that Apple places on things | like payments. | | I really don't know what to think about the bill overall. It | would definitely have the largest impact on Amazon, their basics | line would pretty much be killed by the law. Google rankings | would also be overhauled, no more flights at the top of the page. | | The testimony in support of the bill by Sonos [0] and Tile [1] is | also a good read. | | [0] | https://www.judiciary.senate.gov/imo/media/doc/Eddie%20Lazar... | | [1] | https://www.judiciary.senate.gov/imo/media/doc/04.21.21%20Ki... | dang wrote: | The headline was originally "U.S. Senate panel approves | antitrust bill that would allow sideloading" (before we changed | the URL from https://www.macrumors.com/2022/01/20/senate-panel- | sideloadin.... | sebow wrote: | Using terms like sideloading is precisely why the vast majority | of the public doesn't give a damn about this issue.Free 'social | experiment' idea: ask everyone who was a smartphone what is | sideloading, what is installing, what's the difference and | what's common. | | Altering our language to appease companies and somehow pretend | like sideloading means something different than installing is | why we're losing, precisely because it's a tactic to erase | correlation of the word and the meaning. | repiret wrote: | You know where else I can side-load apps? Desktop PCs. You know | what my in-law's desktop PCs are full of? Spy-ware and search | bars and other crap they got tricked into side-loading. | | Here's how I think this will go down: | | 1. Some indie developers and hobbyists will be enabled by not | having to pay $99/year and jump through hoops to distribute apps. | That will be good. | | 2. Some mainstream apps will require side-loading to get around | the Apple tax for purchases, but they won't lower their prices. | That will redirect some money from Apple to Amazon or EA or | whoever. Thats bad for Apple, good for those companies, but I | don't think it will affect most people very much, except for a | better flow for in-app purchases where you're current directed to | the web-site. | | 3. The mainstream apps eventually condition people that side- | loading is an okay way to get legitimate app. Then publishers | will leave the app-store in mass, and the crapware will be as | prolific as on PCs. This will be bad. | | 4. Side-loading will enable piracy, and so honest users will | suddenly become more burdened by software DRM type crap. This | will be bad. | | I am honestly not convinced the good that comes from #1, and the | connivence that come from #2 are worth the costs of #3 and #4. | Karunamon wrote: | I'm less convinced that piracy^wcopyright infringement is as | much of a problem as the people who stand to profit most from | its demonization claim it is. | repiret wrote: | I don't think copyright infringement is a big problem either, | but many software publishers do, and that fear leads them to | make the software worse for all of us. | nullifidian wrote: | The senators will get their donations from the affected | companies, and nothing will come out of it. | pm90 wrote: | Absolutely. Big Tech is already spending a lot, they will just | spend more. | | However, it _is_ upto the electorate (us) to vote in people who | don 't make decisions that way, and there are quite a few of | them today. | whatshisface wrote: | Senators don't get donations for passing laws, companies | establish annual donations which then may be revoked if the | right laws _aren 't_ passed. | topspin wrote: | I share your cynicism. My suspicion is that it's in the bill | specifically to motivate campaign donations. Like you I doubt | this survives. | | If it does Apple et al. will ensure the mandated sideloading | capability is accompanied by scary warnings, unnecessary | downsides and any other dark patterns they can get away with | inflicting. ___________________________________________________________________ (page generated 2022-01-20 23:01 UTC)