Are you saying if you listen to hatespeech all day, then you feel compelled to commit violent acts? Or are you saying you need to lock others away for speech that merely offends you?

If the former, then maybe you need to be locked up. If the latter, then you need help working on your authoritarian tendencies begging for a thought police.

should be locked up

They should start with you.

Germany make a strong stance against any “trolling” nazi joke/imagery/salute

And look how that’s working for them: clamping down on pro-Palestinian protests as antisemitism, raids & arrests over calling a politician pimmel.

America’s First Amendment seems to not understand that reason

The 1st Amendment “understands” just fine. You don’t understand and want a thought-police state.

hate speech

Nope: unless you’re arguing people are mindless automatons who must act on whatever message they’re exposed to, people can be expected to self-control.

However, the “don’t generate and distribute infringing material” is a whole different story. IP holders are on pretty solid ground there.

Is any of it infringing? Explain the knock-off music & art in popular media when they don’t want to pay royalty fees for the authentic article. Explain knock-off brands. Cheap imitations to sidestep copyright restrictions have been around long before generative AI, yet businesses aren’t getting sued: they apparently understand legal standards enough to safely imitate. Why is shoddy imitation for distribution okay when human-generated yet not when AI-generated?

I don’t think your understanding of copyright infringement is solid.

Even supposing someone manages to generate work whose distribution infringes copyright, wouldn’t legality follow the same model as a human requesting a commercial (human-based) service to generate that work?

The rest of the help explains headings, paragraphs, line breaks (if you want those to render). Otherwise, it’s better.

Nope: the horizontal scroll boxes (marked up as code blocks) don’t contain code & no one should have to horizontally scroll long prose. Those code blocks should be blockquotes.

Mozilla’s blockquote documentation

The markdown documentation is built right into the lemmy editor (as the help icon).

long, horizontal scroll boxes of text that isn’t code
proper blockquotes elsewhere

You clearly know how to blockquote: use it correctly.

Seems you don’t care about grandmas & gen z.

forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast

They can manage.

whenever Google decides that unregulated social media services like Lemmy are not family-safe I won’t have to listen to your malicious horseshit

So casual users can get wrecked, yet I’m malicious? Maybe think of users other than yourself, weigh the potential losses to them by successful attacks, and consider whether OS designers have a legitimate claim in preventing exposure of known threats to casual users while still allowing power users to bypass those checks.

You’re assuming I use an Android app (trash) to get on here, and not a proper workstation or web browser. You’re welcome to this “malicious horseshit” for eternity.

What percentage of them do you think has the capacity and capability to use ADB?

All of them: they can follow procedures, plug a cable, and push buttons if they really want to. Most won’t bother: capacity isn’t willpower.

it’s a pain in the arse

That’s the idea: welcome to an effective deterrent.

even I’m not going to do it to install a trusted open source app

Good, then it’ll deter as designed.

the only reason

Nah, the use cases are legitimate:

• It will actually deter installation of malicious software once it’s been identified & flagged that way in their system.
• It also verifies install packages haven’t been tampered (possibly maliciously) from their original releases.

Malicious software on devices connected to everything including highly sensitive information poses high-cost risks that you & casual users overlook because muh inconvenience 😭. If casual users can’t bother with a straightforward procedure as you say, then how prepared are they to handle the real challenges of a successful attack?

From a security perspective, it makes sense for OS designers to choose to limit exposure to that threat to power users who can be expected to at least have a better idea of what they’re getting themselves into.

I don’t understand why you can’t read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn’t.

You just don’t like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don’t like handholding my dumbass folks through preventable IT problems they created.

I don’t think you should comment on security if “open source” means anything to you

Anyone can look at the source, brah, and security auditors do.

For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”.

Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.

Analysts review the design & code, subject it to various security analyzers including those that inspect source code, analyze dependencies, check data flow, test dynamically at runtime.

There are implementations of some mechanisms from Signal.

Right, the protocol.

Can you confidently describe

Stop right there: I don’t need to. It’s wide open for review by anyone in the public including independent security analysts who’ve reviewed the system & published their findings. That suffices.

Do security researches have to say anything on DARPA that funds many of them?

They don’t. Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren’t exactly secret.

Information security analysts aren’t exceptional people and analyzing that sort of system would be fairly unexceptional to them.

Oh, the surveillance state will be fine in any case!

Even with state-level resources, it’s pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time. That cryptography is straightforward to implement by any competent programmer.

Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.

I do agree, though: the surveillance state has so many resources to surveil that it doesn’t need another one.

You misidentified your objection. It isn’t sideloading removal, which isn’t happening. It’s developer verification, which affects the sideloading that remains available.

Just because you don’t understand the value of verifying signatures doesn’t mean it lacks value.

I recall the same alarm over secureboot: there, too, we can (load our certificates into secureboot and) sign everything ourselves. This locks down the system from boot-time attacks.

I will never ever ever be able to get friends and family access to third-party applications after this change.

Then sign it: problem solved.

Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.

Even so, it’s mentioned only in regard to devices certified for and that ship with Play Protect, which I’m pretty sure can be disabled.

Google promised they would allow on-device sideloading

Promise kept.

their word means fuck-all and you know that

No, I don’t. Developers are always going to need some way to load their unfinished work.

Google will soon stop you sideloading unverified apps

unverified

ie, unsigned, so they are not

fighting tooth & nail to remove side loading too

Sideloading is still available: you can sign it yourself or bypass verification with adb as they documented.

Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.

If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.

So, cool misinformation.

Are they?

I don’t think you understand anything you wrote about. Signal is open source, is publicly audited by security researchers, and publishes its protocol, which has multiple implementations in other applications. Messages are encrypted end-to-end, so the only weaknesses are the endpoints: the sender or recipients.

Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound. Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.

This won’t increase security.

I don’t know, man. If every app were signed, and one of them fucked my system, the signature would make the author of the app that enabled the fuckery pretty clear. With an unsigned app, anyone could tamper with the package before I get it: I can’t authenticate the package is untampered, and the author can repudiate they introduced any fuckery.

because they know exactly whom the devs are and have their government IDs

They already wrote the free developer account for limited distributions doesn’t require those.

None of that is necessary when installs over Android Debug Bridge bypass verification entirely.

Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.

If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.

Enforcement only applies to certified Android devices, ie, those certified for and that ship with Play Protect, and even Play Protect can be disabled.

This all seems like a huge nothingburger by the willfully illiterate.