On Tue, Dec 31, 2019 at 7:32 AM Royce Williams <ro...@techsolvency.com> wrote:
> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <m...@netfire.net> wrote: > >> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen <se...@rollernet.us> wrote: >> >>> On 12/31/19 12:50 AM, Ryan Hamel wrote: >>> > Just let the old platforms ride off into the sunset as originally >>> > planned like the SSL implementations in older JRE installs, XP, etc. >>> You >>> > shouldn't be holding onto the past. >>> >>> >>> Because poor people anywhere on earth that might not have access to the >>> newer technology don't deserve access to Wikipedia, right? Gotta make >>> sure information is only accessible to those with means to keep "lesser" >>> people out. >>> >> >> The better solution here isn't to continue to support known-flawed >> protocols, which perhaps puts those same populations you're referring to >> here at greatest risk, but rather to enable access to open technologies for >> those populations which ensures that they can continue to receive security >> updates from a vendor that doesn't have a big financial motive to deprecate >> devices and force users to purchase upgraded hardware instead of just >> receiving security updates to their existing devices. >> > > Unfortunately, this is the high-tech privilege equivalent of saying "let > them eat cake" - because of upgrade friction on mobile in under-resources > areas (including, I might add, specific sub-populations of US consumers!) > > If there were reliable, official, clean replacement Androrid ROMs for > older hardware, the cottage industry of end-user phone repair in many > countries could take a perfectly good phone and get basic modern services > working on it. > > But there aren't - and there's little financial motivation for the phone > OEMs to provide one. And there isn't really much you can do to replace the > OS on an old iPhone, either. > > One of the best things that Google could do for the security of the > Android ecosystem is to provide clean, OEM-bloat-free, reference ROMs for > older phones with minimal backported security updates. I would expect that > such ROMs must actually exist internally, as needed for OEM patch > integration testing. > > The answer to why such ROMs will likely not be made publicly available is > left as an exercise for the reader. > But perhaps you were suggesting that a *grass-roots* effort to create such ROMs might be in order? I would love to donate to such a project. But short of a million-dollar grant, or legislation, I am not optimistic. Royce
