this post was submitted on 05 Sep 2024
942 points (99.6% liked)
Technology
60111 readers
3844 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Effective [some future date], in order to sell any device connected to the Internet (or Bluetooth, or whatever), you must register your entire codebase and all internal documentation with the FTC, and keep it updated, along with any signing keys to lock bootloaders. The day you abandon support, if you haven't provided everything required for end users to take complete control of their device, your code base and any other IP enters the public domain, and the FTC uses their discretion on release of keys.
It would take new laws, and you'd have to be careful with language and structure to prevent abuse of "third party" code and abuse of corporate structure to try to prevent old devices from being usable, but you could do it.
I have had a similar idea. Basically some third party that is trusted to be the escrow for all the source code and documentation would basically release it once the company stops supporting it.
This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.
I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.
The government holds loads of confidential information, including keys. It's perfectly fine.
Anything short of the code already existing and being ready to release allows bankruptcy to kill devices and isn't good enough.