• conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    2
    ·
    3 months ago

    Effective [some future date], in order to sell any device connected to the Internet (or Bluetooth, or whatever), you must register your entire codebase and all internal documentation with the FTC, and keep it updated, along with any signing keys to lock bootloaders. The day you abandon support, if you haven’t provided everything required for end users to take complete control of their device, your code base and any other IP enters the public domain, and the FTC uses their discretion on release of keys.

    It would take new laws, and you’d have to be careful with language and structure to prevent abuse of “third party” code and abuse of corporate structure to try to prevent old devices from being usable, but you could do it.

    • whatwhatwhatwhat@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.

      I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        The government holds loads of confidential information, including keys. It’s perfectly fine.

        Anything short of the code already existing and being ready to release allows bankruptcy to kill devices and isn’t good enough.