Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

> [article] editing your /etc/hosts file. Personally, I wouldn’t suggest doing that as it prevents an important security feature from working.

Exactly the apologetic that you are talking about. Everyone has a different security update cadence (e.g. patch Tuesday for Microsoft), but each application launch is not a reasonable one. Given Apple's recent propensity for banning developers who stand against them (whether you agree with those developers or not), this is aimed squarely at dissent.



I don’t see how you can so confidently reach that conclusion. It seems perfectly plausible that Apple wants a way to quickly quash malware, worms, etc.


> I don’t see how you can so confidently reach that conclusion.

I'm not going to 100% say that control is the reason Apple is doing this. I'm sure that they do genuinely want a way to quickly quash malware, worms, etc...

But we've also seen that Apple is clearly willing to use security features to ban developers that stand against them, so I don't understand how people can be so confident that they wouldn't be willing to use this feature in the same way, even if they did internally think of it as primarily a security tool. It would be very consistent to how we've seen app signing evolve from a pure security feature into a contract-enforcement tool.


Can you remind me of which developers have been banned for standing against Apple AND haven’t broken their contract with Apple?


Security features should not be used for contract enforcement.

My point stands, Apple introduced a security feature then used it for contract enforcement against a company that opposed them. There is no reason to believe that they wouldn't do the same thing here. Whether or not you believe that Epic was the villain in that story is irrelevant to the current conversation.


Oh, Epic broke their contract and therefore I think can be seen as bad for security.

If they are willing to break their contract for money what is to stop them from harvesting my data for money?

The security feature is a part of the apple ecosystem. I bought a Mac because of that not desire of it.


> Oh, Epic broke their contract and therefore I think can be seen as bad for security.

> If they are willing to break their contract for money what is to stop them from harvesting my data for money?

This argument was weak enough that a judge specifically rejected it after Apple failed to prove any kind of immediate threat was being presented from the Unreal Engine.

> what is to stop them from harvesting my data for money?

The fact that the contract dispute in question had nothing to do with data harvesting in the fist place.

> I bought a Mac because of that

That's fine. And if Apple wants to try and tie all of this to security, then honestly whatever. But when this signing feature came out, people made fun of critics for suggesting Apple would do the exact thing you're now saying they're justified in doing. Try to lump it under the banner of security, try to lump it under the barrier of whatever you want. When avalys says:

> I don’t see how you can so confidently reach that conclusion. It seems perfectly plausible that Apple wants a way to quickly quash malware, worms, etc.

they're expressing doubt that Apple would do any of the things that you're praising Apple for doing with app signing. And the fact remains, it's very plausible that they would use this as a tool to enforce contracts. You're in the comments, right now, saying that they should use this feature as a tool to enforce contracts.

So what exactly do you disagree with me on? It still seems pretty reasonable to believe that Apple will be willing to use app logging as a contract enforcement tool, and that when they do people will jump on HN to defend them, given that you are currently defending them for doing so right now.

The argument over whether preemptively blocking app updates based on a vague sense of 'distrust' falls into the category of security is a semantic argument, and I don't really care about digging into it. The point stands, people are worried that Apple will use this feature to target apps beyond normal malware, trojans, or worms, and they are right to be worried about that.


Apple didn’t not ban them for standing against them. Apple banned them for breaching their contract.

It’s not each application launch. It’s from time to time. It’s for each application as it might be detected to have malware in the future. Also if the app isn’t signed there is no check.


Apple hasn’t banned any developers who stand against them.


They have used security features of their OSs to ban developers who were simply in breach of contract with Apple, but not distributing malware or any other kind of content harmful to users.

Sure, Apple was completely in the right to stop distributing Epic software after they breached their contract with Apple. But Epic didn't breach any contract with their users, so there was no reason to remove Epic's software from user devices, or affect companies redistributing Epic software. Those are obvious overreach.


“Simply in breach of contract with Apple”

Epic lied about the content of their software. If Apple doesn’t remove software from suppliers who lie about the contents, people will continue to exploit this.

There was no overreach. This was the consequence of Epic intentionally lying about the content a software update.

It’s also worth pointing out that Epic expected this result, and caused it on purpose. Both Apple, and the court gave them the chance to rectify the situation which they refused.

That makes Epic responsible for the outcome. No one else.


Didn't Epic actually create an entire presentation video advertising the contents of their update?

Again, I fully agree that Epic was knowingly in breach of their contract with Apple, and wanted to use the public as leverage. But that doesn't, in any way, make their update malicious for the end user.


The presentation video was released after the update was submitted to the store with the contents hidden and activated later.

As for whether the update was malicious for the end user, we could say we trust epic to operate a payment method, and therefore the update was not malicious.

But there are many actors who would use this exact same methodology, and the update is malicious. Such Trojans exist on Android.

Security policies always prevent behaviors that could be used for non-malicious purposes.

If the argument is that the end users should be the ones to decide, it’s really just another way of saying that Apple shouldn’t be allowed to enforce any security policy.

Of course there are those who believe that Apple shouldn’t be able to enforce security policies, but there is no overreach here.


[flagged]


You'd be more aligned with HN values by refuting parent's point with examples than making ad hom attacks.


It is nevertheless the case that some users are VERY LOUD on particular topics, essentially repeating themselves on many leafs of the discussion. I find this very tiresome. It isn't an ad hom to point this out.


This is true. I’d be totally up for a ‘no repetition’ rule, however that’s completely impractical.

I find myself repeating certain points, usually because I am responding to repeated points.

Having said this, I do it because sometimes the person I am responding to says something new. It sounds like their point is a repeat, but they turn out to have a point of view that is different when you challenge them about it.


The accuser should also be held to the same standard. Without evidence those are just empty words.


Just look at our comment history, it's pretty easy lol




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: