What happens when Apple decides the hardware is 'out of support' due to being 'too old'? When they stop providing the signature it will no longer be possible to restore a hosed system, no matter what OS you intend to install.

From experience with iOS, this probably won't happen. Apple continues to sign the last ever released firmware version even for long obsolete devices like the iPhone 3GS.

But if they did decide to stop signing all versions for some reason, you'd be probably right. T2 is vulnerable to checkm8 so there may be a chance to get around it there, but M1 is not vulnerable.

Ridiculous - especially considering how expensive they are. It needs regulation, even ignoring the consumers, all these verification/ always-online designs create unusable software or e-waste as the years pass by.

Buy from a competitor then

1. I do

2. Most consumers have no next to no information that wasn't given to them by the marketing departments of the companies, so that isn't an argument against basic regulation on things like consumer freedom.

The regulation doesn’t have to prohibit the existence of the product, but it can ensure that consumers are made explicitly aware before / during purchase: this product requires an internet connection, and may not function without one.

There’s nothing obvious at purchase time that this new breed of Apple laptops require an internet connection to reinstall. That’s what will cause some consumers material harm. If informing your customers up front about your product’s limitations causes your business material harm, maybe your product needs a rethink.

The entire industry is slowly moving in this direction. What do you do when there isn't a competitor that meets your needs?

You can just turn off signature verification, can you not?

This is for activation, not boot security.

The online activation happens after the Recovery kernel is already booted from the installer USB.

Very informative write-up. Claiming that the removal of the police mapping app was mandated by CCP is a leap, though.

I have no doubt that this is a walled garden dilemma where the gardener is held responsible if an app is seemingly used to cause damage. However, the claim that the gardener was influenced by an oppressive power doesn’t hold water given facts available and my personal observations[0].

It’s true that the level of trust required makes Apple hardware unsuitable for users with extremely heightened security needs. However, for the more casual user, trusting Apple is undoubtedly a more reliable bet than trusting their own infosec faculties.

I’d be happy to be proven wrong or given some other example as to why Apple should not be trusted.

[0] First, if they were, one would assume that (A) the app would not have been reinstated in App Store a couple days later, and (B) E2E-encrypted messengers such as Signal, WhatsApp and Telegram would have been taken off HK App Store, as groups there were used as the source of much more up-to-date information.

Second, considering the political split I have personally witnessed within Hong Kong population itself, a significant portion of citizens likely reported this app to Apple at their own volition.

On a more sentimental note, I was on location at the time and have seen first hand the destruction of property (such as breaking into and destroying ground-floor storefronts and bank branches) when the police were known to be away. It is far from clear to me that those were in fact actions of honest pro-democracy protesters. All protesters I know personally (about a dozen or so) either condemned those actions or were unable to explain what they were aiming to achieve. Meanwhile, the events seemed to obviously play into CCP’s hand, alienating more politically neutral HKers from the freedom movement, and later used by Beijing as an excuse to force the new “security” law on Hong Kong.

Bear in mind that genuinely peaceful pro-democracy protests—attended by many thousands of people—did not require police evasion apps.