This is easily one of the most expansive Acts regarding computing devices passed in my lifetime. The summary is in the link. As an iPhone user, this will enable me to:
* Install any software
* Install any App Store and choose to make it default
* Use third party payment providers and choose to make them default
* Use any voice assistant and choose to make it default
* User any browser and browser engine and choose to make it default
* Use any messaging app and choose to make it default
* Make core messaging functionality interoperable. They lay out concrete examples like file transfer
* Use existing hardware and software features without competitive prejudice. E.g. NFC
* Not preference their services. This includes CTAs in settings to encourage users to subscribe to Gatekeeper services, and ranking their own services above others in selection and advertising portals
* Much, much, more.
After the Act is signed by the Council and the European Parliament in September, Apple, Google, Amazon, and other "Gatekeepers" will have six months to comply. Fines are up to 10% of global revenue for the first offense, and 20% for repeat offenses.
Interestingly enough, an iPhone that complies with these demands is actually the first iPhone I'd ever consider paying for. I wonder if this might actually increase adoption.
It’s not a popular opinion around here, but the reason I like my iPhone is _because_ it’s a walled garden. It just works, reliably, without surprises, for years on end.
Agreed. I switched from an iPhone to a Pixel because the iPhone experience is claustrophobic (admittedly I switched from Android to iPhone before that for the much better and lengthy software Apple gives). If this means the iPhone is getting things similar to F-Droid and NewPipe I'd be happy to switch back.
The new iPads have an M1 chip with virtualization capabilities, but you wouldn't know it with the stuff Apple allows on it. Imagine how much better iPads would be if Apple couldn't block Linux VMs just because it doesn't suit them.
Having used iPhones since the very earliest ones, I also fear this might turn it into an Android situation. I like iPhone because I know it’s likely the page works in Safari since iOS+Safari is a large customer group. While choice, a diverse web, competition & all that is important, I personally wouldn’t want anything but a walled garden monoculture in most cases. Being able to integrate a different voice assistant??
Sideloading apps as an advanced user concept sounds great. But if users who switch on their iPhone for the first time had to @choose a store”, that would be an absolutely terrible UX.
Same, actually. I've seen enough iPhones in the hands of friends and family to be envious of some of the features, but I've never wanted to be part of Apple's walled garden. A more open iPhone that I would be free to choose my own apps for if I didn't like Apple's offerings? Yeah I'd try that.
Same although replaceable batteries would make it even more compelling. I enjoyed the early Motorola android phones because they were phones rather than jewelry and they also kept them lightweight.
Same here. I'm dying for a phone that doesn't balk at the idea of long-term support, but I'm simply not using a platform where I can't install the software I want and can't even get a real version of Firefox.
Ironically it might be the last iPhone I use, even though I believe very much in free-as-in-speech software on my devices.
This just bludgeons so much of the security model of the iPhone. I get that this is by Apple's design, in that conflating the security model of the iPhone with App Store lock-in has been a gold mine, but I just don't see how you provide the same malware guarantees without that enforcement.
EDIT: Not sure why the downvotes, I guess it's from people that are big free-software-at-any-cost advocates. The cost of doing this is going to be too high for most iPhone users - I very much doubt this is in their best interests overall.
For me, "an iPhone that complies with these demands" would be a worse experience than the current one. I have no intention to install Microsoft app store (so I can get Outlook), Facebook app store (so I can get WhatsApp), and Google app store (so I can have Maps). I prefer having one app store to having four different ones.
If "Install any software" becomes real and I can start writing software on Linux for iPhone, without requiring me to have a Mac, I'll become an instant iPhone fanboy as the hardware is second to none. It's the software that is stopping the phone from becoming the best one around.
While I am in the camp of apple allowing side-loading, i am not a fan of monopolistic regulations like this. It opens all kind of questions, like
1. What devices have to comply? 2. Who decides what device has to comply? Should playstation open their system too. What about a niche bank transaction signing device that internally uses an android capable hardware. Is this illegal now?
3. What about a car infotainment system that can theoretically run linux.
4. What if a European startup wants to compete with the iphone? Now they have so many regulations instead of focusing on a great device for their niche.
This looks like it will kill competition and harm European innovation, while major players will find their ways around it.
Most of these rules apply only to companies above a certain size, both in number of users and revenue. Those get classified as "digital gatekeepers" and they are the companies that have to comply with extra requirements.
So no, this will not affect startups and harm innovation, it will just force the monopolistic behemoths to play nice and cease actively harming innovation.
I very much welcome this legislation (and I use an iPhone).
How would you approach this otherwise? The EU probably can't break up Google or Apple (how would this even look like?) and the walled gardens are clearly a market failure, including apples fat margins. You mention details, but regulation can be well made and just continuing the status quo is also bad. All regulations open up questions but it's not the wild west here, we have rules and they regulate the economy, even for big multinational giants like apple. Sometimes companies even get nationalised (or nationalised companies get sold)!
Monopolistic regulation? This is clearly aimed against existing monopolies, i.e. gatekeepers. Can you explain how ensuring that
1. Making unsubscribing is as easy as subscribing, and
2. Guaranteed interoperability between instant messaging services, and 3. Sharing marketing and/or advertisement performance with business users
With sideloading, unlocked nfc and alternative stores and payment providers this will likely kickstart whole new markets (eg: a better app store for the iphone).
I always see comments like this and they're so confusing. They just kind of assume that nobody has thought about these questions. Did you even check if they were addressed? If not, why are you asserting that these questioned are opened? For one, it's not about devices, it's about digital market platforms. That's why it's called the digital markets act.
> The compromise text clarifies that the definition of core platform services should be technology neutral and should be understood to encompass those provided on or through various means or devices, such as connected TV or embedded digital services in vehicles.
> “Gatekeeper”, in turn, refers to an undertaking providing core platform services that meets the following qualitative and quantitative criteria, set out in Article 3:
> First, it must have a significant impact on the EU internal market. An undertaking is presumed to satisfy this requirement where (a) it either has achieved an annual EU turnover equal to or above EUR 7.5 billion in each of the last three financial years, or where its average market capitalization or its equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and (b) it provides the same core platform service in at least three Member States.
> Second, it must provide a core platform service which is an important gateway for business users to reach end users. This requirement is presumed to be met where the undertaking provides a core platform service that had on average at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU in the last financial year.2 Users are to be identified and calculated in accordance with a methodology set out in an Annex to the DMA.
> Third, it must enjoy an entrenched and durable position in its operations. This requirement is presumed to be met where the threshold points in the paragraph above were met in each of the previous three financial years.
the first two are very important questions. For example, if I make $500 “unhackablePhone”, where it literally doesn’t run web apps and every app is vetted by top-talent security researchers for weeks, and then I sell billions of these devices, do I then have to open up the ecosystem to allow anyone to be able to take a phone, punch in the passcode, and install a third party App Store? This is synonymous with the current iPhone situation as many people only buy it for the benefit of Apple screening everything that can run on their phone, albeit at a lower security level where some mistakes are fine assuming Apple almost never allows known exploits to exist on the most up-to-date iOS release.
And I first want to approach it from the "good faith" point of view. The past 20 years have seen a sea change in what surveillance and devices can do. And as such we (society at large) needs to adjust our understanding and approach to this new technology.
Firstly the opportunities are immense. With almost (*) every person having some kind of heart, lifestyle, monitoring and measurement we could see transformational medical and epidemiology breakthroughs. On top of which access to (free, correct!) information, hell GPS is amazing. We know
Secondly there are opportunities for abuse, and there is justifiable concern about privacy, about affect on democracy, truth etc. I personally think these are..the wrong terms to use, but never mind.
I think we have to assume Good Faith from the EU here. They don't know the answers any more than the rest of us do. But they have been upfront abut tackling obvious big problems - the GDPR, for all its many faults was first, and a again big Good Faith step in right direction (pace all the stupid cookie warnings)
As for answers
Which devices apply - which ever ones are "owned" by a Gatekeeper (45 Million users / 7Bn turnover).
Should Sony open up Playstation. Yeah basically. Xbox too. Will that cause problems - I expect so. In 99% of cases a big warning saying "you are side-loading this is dangerous" will prevent most horrors.
I expect this will not lead to an Open source free for all. I expect there will be develop licensing programs and approvals - because I certainly see the walled garden of iOS as a real benefit.
The bank transaction signing thing is interesting. The definition of a gatekeeper (Article 2 in the Act) is fairly specific to things like online search engines, intermediation services, OSes etc. I think its unlikely 45 million users is a big floor for such a thing.
(#) 4.5 Bn smartphones are in use globally, that's almost every adult. In "western" countries there are 10s of millions of people with daily heart rate monitoring.
> * Make core messaging functionality interoperable. They lay out concrete examples like file transfer
It's entirely possible that to enable compliance with this will require explicit compromises to the security of iMessage, for example by requiring key exchange with startup messaging providers. The other rules seem to prohibit Apple from describing the risks involved in such a compromise.
> * Use existing hardware and software features without competitive prejudice. E.g. NFC
This appears to say that a malicious app can present UX elements that were previously limited to the OS. Read liberally, that would mean that e.g. any app could now get biometric data by presenting a fake privilege escalation screen (e.g. FaceID/TouchID) and then capturing the results from the Secure Enclave. Is this something people really want?
> * Not preference their services. This includes CTAs in settings to encourage users to subscribe to Gatekeeper services, and ranking their own services above others in selection and advertising portals
This will likely make it harder for users to find safe/private services to use. If every offering can find its way into the default browser/App Store/etc. settings page in the OS, scam services will appear to be endorsed and therefore legitimate.
Edit: Limitation of interop is still possible, the EU is just deciding to move decision making from California engineers to Brussels attorneys. From the Act:
> The gatekeeper shall not be prevented from taking strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the operating system, virtual assistant, hardware or software features provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
So Apple just needs to explain security & encryption to Brussels attorneys to keep iMessage in a silo, for example. (Obviously making iMessage interoperable with e.g. Discord or ICQ will compromise the integrity of the software features of iMessage.) I don't think this is going to increase the pace of product improvements.
> It's entirely possible that to enable compliance with this will require explicit compromises to the security of iMessage, for example by requiring key exchange with startup messaging providers.
Is that really much worse than the status quo, where all iMessage plaintexts are shared with Apple by default, unless every participant in the thread has disabled iCloud Backup?
> So Apple just needs to explain security & encryption to Brussels attorneys to keep iMessage in a silo, for example. (Obviously making iMessage interoperable with e.g. Discord or ICQ will compromise the integrity of the software features of iMessage.)
Are you arguing that it's impossible for Discord or ICQ to implement the same feature set as the native iMessage client?
> This will likely make it harder for users to find safe/private services to use.
That's what tech companies like to say. But from experiences with less tech-savy friends, the current way always leads people to share as much as possible. Opt-out is always harder than opt-in.
Article 101 and 102 from the "EU Antitrust policy" already protects against anti-competitive agreements and abusive behavior from those holding a dominant market position, I don't think that will change.
Hello, Alphabet world domination. They finally get the chance to get rid of that pesky Safari. Next stop: obligatory sign-in for using a service.
I bet that Chrome adoption on iOS remains under 25% forever. People just don't care which browser they use so long as the default one works. Safari isn't so bad that people are desperate to replace it.
See. It is frankly pointless. Chrome already has a significant amount of mindshare and will grow even more after this.
The users have already chosen Chrome (and its derivatives). Mozilla has done absolutely nothing to stop it as Firefox has become totally irrelevant today. The EU is about to allow the world domination of Chrome and its derivatives to takeover entirely.
Just like the many choices of a Linux distro, you will have the many choices of Chromium based browsers! All thanks to 'oPEn SoUrcE'.
While I agree with this, I'm interested in seeing what the long term security consequences are.
These are all the highest risk API and integration surfaces on mobile devices.
Also I hope Microsoft get pulled into this as well because they're slowly turning Windows into a marketing device.
Edit: as an iOS user I'm optimistic that this will lead to complete device network whitelist capabilities though so you can neuter any apps which circumvent the current browser restrictions. That would destroy a lot of tracking capability instantly and completely stop embedded browser side channel attacks.
I think six months is a pretty unreasonable time frame for Apple. While the security concerns around this sort of thing are often overblown, Apple will need to rework their security model for the iPhone. If there is an API surface between the OS and the App Store, they may need to rework it since it's not been designed with third party stores in mind.
> Make core messaging functionality interoperable. They lay out concrete examples like file transfer
Google, Apple, and Amazon are supposed to design, ratify, implement and ship a universal messaging standard in 6 months? This won't happen even if they skip the first two steps and use an existing standard.
Apple ships a new iOS version in September, when this timer is supposed to start. Are they supposed to upend their entire release cycle and ship these major changes to their OS by March?
I've used iPhones for years, and I'm totally down with these bullet points. But I think we can all chuckle at the timeline, given the scope of this.
They will negotiate a proper time frame. It will take years till we see the benefits. The EU will charge them a smaller fine and give them some time with that. Not their first rodeo on both sides.
What timeline do you think the Gatekeepeers would prefer? Is it a reasonable goal to let BigTech drag it's feet making these changes they didn't want to do on their own accord in the first place?
Amazing things are possible when the incentive is right. Given their VAST resources, it's only a matter of focus.
That was the unbundling of Internet Explorer from PCs.
Which in hindsight looks like small beers compared to Chrome on-every-device usage, and probably why MS are getting away with it, again, bundling Edge and crippling Firefox workarounds.
> Fines are up to 10% of global revenue for the first offense, and 20% for repeat offenses.
For Alphabet (Google) the revenue distribution from 2015 to 2021 was approximately 33% for all of Europe, Middle-east, and Africa. It's unclear to me the actual European numbers since they are combined EMEA.
For Apple in 2021 the revenue was approximately 23% for Europe (no middle-east or Africa).
For Facebook in 2021 the revenue was also approximately 23% for Europe (no middle-east or Africa).
So it's safe to say that a first offense would potential halve the revenue for the region, and a second offense would remove the financial rationale of doing business in the region.
The EU regulations are often quickly adopted in other market places in similar fashions. Leaving the EU might be a calculation worth, but leaving the rest of the world is often prohibitive.
Do not forget here: These are countries which existed hundred of years before FAANG and will exist hundreds of years after FAANG. They have to protect themselves as a society but also as a constitutional body. If you let the monopolies go their way, their own constitutional existence is in doubt (example: these companies have already gigantic control on aspects which are governed by law hate speech, nudity, etc or are normative in the society). Long rambling, short reply: Other countries will quickly adopt these laws to keep long-term relevant.
What would the money even be used for? Why does the government have to profit from enforcing this.
I’d be fine if we take the money and burn it but it’s not gonna be that is it it’s gonna be we take the money and funnel it into organizations that politicians children happen to be on the boards of.
Great, if Alphabet, Facebook and Apple leave the EU, it will be a painful few years but finally boost the EU tech sector. It's what China did: Prohibit external services to force local innovation.
Europe’s requirement of those pesky cookie notices have killed the joy of surfing the net. Every goddamn site has this stupid cookie popup show up. It is like playing whack-a-mole. They should have instead only allow necessary cookies and marketing and other cookies should be part of signing up for a specific service and not just visiting the website. The thought is noble but the implementation sucks.
Cookie banners are a brain-dead, malicious compliance way of evading the actual goal, which was to reduce the needless use of tracking and analytics cookies. AFAIK, if you only use cookies strictly when they need to be used to make your application work, you don't even need the banner.
With the right plugin (both mobile and desktop), you can automatically opt out, something that wasn't possible before. And larger ad companies actually enforce compliance here (where possible).
IMHO, extremely low. The DMA has passed final debate and review, so it's not changing now. The last step is basically a formality. The beauty of the EU is that corporate financial influence is far less pervasive than even in the governments of member nations. The level of abstraction is just too large. Apple, Google, Amazon, et al., can wage a PR campaign, but it's highly unlikely to succeed.
> Use existing hardware and software features without competitive prejudice. E.g. NFC
What this will mean for me as an iPhone user: instead of using Apple Pay which is seamlessly integrated in my phone, watch and desktop OS, I will instead have to use my bank's terrible HTML-based 'app' to perform contactless payments, making it 100 times less convenient. This probably will make me switch back to using my bank card.
But hey, my bank makes a little more profit at the expense of UX.
If that's such an important issue for you, why don't you just switch to a bank with an app with good UX? There are so many banks out there, one will surely either support Apple Pay or have a decent app.
Apple Pay will not just die, Android has no restrictions on NFC and Google Pay is still supported by banks.
What you do is fear mongering that's not based on reality. Android shows that it works and Apple just wants their cut, as always.
I have an Android phone and have every single one of my credit and debit cards from 7 different banks in Google Pay. Don't need to use the bank app for any of them.
EDIT: to be clear, currently on Android any app can handle NFC payments, not just Google Pay. Banks could easily force people to user their apps, but that's not happening.
Of course you can use Apple Pay, but if you don't like it you could also use Google Pay or Samsung Pay instead. But Apple Pay could also be used on Androids if Apple chooses to offer it.
So your bank can have more funding, instead of Apple shaving it off up to 50%, and it is able to develop a neat React-based UI instead of the simple HTML ui you so strongly disdain...
Is this potentially breaking apple's walled garden? I wonder wether they will comply at all. Besides, I'm glad to see interoperability mentioned there, perhaps one day we could text from one messenger to another one without being held back by the owner.
It depends what you mean by walled garden. If you're referring to their ability to secure iOS, then no. The legislation includes many exceptions for security purposes; but they must be demonstrable and genuine. The current iOS implementation already sandboxes applications and only provides limited permissions ad hoc, according to user approval. So even under the current architecture, allowing users to install applications doesn't undermine security.
Of course they will try not to. They will do everything to prolong the appeal process and so on - it's unthinkable they would allow any other app store on their devices, that's the very core of their identity - to be as closed and unified as possible. I don't believe the EU has enough power to fight Apple. I'll believe it when I see the first iPhone with an USB-C charger.
> Besides, I'm glad to see interoperability mentioned there, perhaps one day we could text from one messenger to another one without being held back by the owner.
By forcing message passing platforms to submit to sharing private encryption keys? And that interoperability entailing the possibility of passing messages to government eavesdropping schemes? Sounds like a utopian paradise!
What malware? I've been using Android for over 10 years now. I've never had an issue personally. But I consider myself tech savvy and I don't install apps from untrusted sources.
Also, iOS had multiple 0-days in the past. So you don't need to give users freedom over their paid for devices for them to be compromised.
Does it mean Google will have to enable call recording APIs on Android?
That would be sweet. Currently none of call recording apps work on my phone and this is a must have feature for me. When I take a call with my doctor I have to use my separate memo recorder, so that I can refer to the call in the future if I forget something.
Let's not mention usefulness of this feature when you are placing orders over the phone and then the other party claims this is what I wanted once they deliver something not as agreed. If I could record a call I had evidence in case of dispute.
Huge. What if Apple claims implementing required feature X will take more than 6 months? I could see it happening given that planning has already happened and new func will need to be smoothly introduced into UX etc.
There doesn't appear to be much of a provision for technical delays. Six months is what it appears legislators believe is reasonable and fair, given the enormous resources at the disposal of these companies. Bear in mind that this legislation has been in deliberation since 15 December 2020. It would have been prudent for Gatekeepers to be making strategic product choices - and likely prototype builds - which comply with this outcome; at least for the EU.
Nonetheless, I anticipate teething problems, including some form of malicious compliance. The latter of which the EU tends to take a dim view.
Big companies like Apple are aware of these (proposed) laws long before they actually become law. Not having the foresight to not have something ready six months after it becomes law, is stupidly poor planning if true.
One could also argue that if it takes longer than 6 months to add something dictated by law, you simply have to implement it faster or accept the consequences.
I don't think companies this big has a lot of excuses for taking so long to implement things. They have thousands of employees they can shift from other projects (projects that doesn't decide if the phone is illegal or not) to implement urgent things like this.
I'm wondering about this, too. In recent updates Windows seems to do a lot to force users into Edge under certain circumstances and use cases (and pester the user to switch to Edge entirely), in ways that at a glance appear to be incompatible with the summary of this regulation.
This will also apply to Xbox, Switch and Playstation, among other devices - unless I'm understanding the legislation wrong. The impacts are staggering.
Scams proliferate, praying on elderly and young. Widespread tracking of your location, browsing history. Same with other points, narrow, selfish thinking.
wow people sure love giving corporations the power to decide what they can do with their device... selfish thinking? naaa its a walled garden for one reason to make a ton of money...
Possibly. The other possibility is it will make it impossible to buy an iPhone in Europe.
It certainly puts a huge incentive on Apple to figure out technical solutions to problems like "How do we get other browser engines on this thing without compromising a hundred OS assumptions, battery performance, or user security," but it's also possible Apple decides that's a no-go and it'll cost more than 25% of annual revenue to comply, at which point the winning market strategy is opt-out. That's fine; win-win for the EU market because it clears the playing field for a European-originated competitor to the iPhone.
ETA I forgot the third possibility: Apple decides it will cost more than 10% (and later 20%) of revenue to comply, but the 5% bump in value is still worth it and they write off non-compliance as a tax to do business in Europe. Then if the EU tries to impose structural or behavioral changes, we're back to square one on the question of whether those changes cost more than (now) 5% of Apple's revenue.
Last I checked the EU was still the largest single market block in the world. Maybe that changed since then, but I don't think Apple will simply cede that to a competitor - especially since it would go heavily against their "we care about users" narrative.
> The other possibility is it will make it impossible to buy an iPhone in Europe.
On a practical level, it might not be all that easy to stop that entirely. Sure, Apple could stop selling iPhones in the EU (and would probably close their stores altogether). But a gray (black? In this case I'm not entirely certain) market would almost certainly appear. iPhones in the EU might acquire the cachet of Cuban Cigars in the US.
> That's fine; win-win for the EU market because it clears the playing field for a European-originated competitor to the iPhone.
I think that's what the EU is hoping for. Their technology industry completely failed in this space, so for them it makes perfect sense to simply drive competitors out of the market entirely. Worst case for them is that the international competitors actually comply.
> It certainly puts a huge incentive on Apple to figure out technical solutions to problems like "How do we get other browser engines on this thing without compromising a hundred OS assumptions, battery performance, or user security,"
Virtualization? Run a hypervisor on the phone that allows running multiple virtual smartphones. Apple can provide two virtual smartphone environments, one that works like the current native iOS, and one that provides a basic smartphone that is wide open and on which you can install anything you want (maybe based on Android?). Make this second one open source so it can be a basis third parties can use to develop more virtual smartphones for iPhone hardware.
>The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party software applications or software application stores from prompting end users to decide whether they want to set that downloaded software application or software application store as their default. The gatekeeper shall technically enable end users who decide to set that downloaded software application or software application store as their default to carry out that change easily.
Second this, Apple has shown zero interest to support my native language (they went 11 years between adding new languages to iOS). This would allow me to switch to Google Assistant which supports it and just use that.
What about the Google Play Services as a whole? Most of the Android apps don't work without these (so you can't for example use LineageOS without GApps), does the act in any way reference such things? What about contactless payment without "Google's approval" which require hiding the root, hiding the fact that the system is unsigned or has unlocked bootloader.
That is already not a problem on Android. If you can install a 3rd party app store (and you already can install a bunch of these on Android) and don't use Google Play Services your app will still work. For e.g. Amazon Appstore ships lots of the same apps but without using Google Play Services.
Six months??? What does "comply" mean? Ship a version of the OS that supports all these new features? Or begin implementation of them?
Six months is barely enough time for companies to digest and understand the new requirements, and certainly not enough time to develop and ship such dramatic changes.
> After the Act is signed by the Council and the European Parliament in September
Lol. The encryption keys being shared with security services bits have political cover. Not the rest. It’s surprising European legislation doesn’t yet have a reconciliation process, to prevent this sort of burying-the-lede gambit.
If this is an accurate description of the regulation, I can help but feel they brought it on themselves but closing the garden so hard. These were normal computing options before iPhone/Android took over.
Does it break any privacy/digital-dignity protections though?
You say the summary is in the link, but the first few things you mention are not in the summary, or called out at all in the article. I don’t think this is the “open up your App Store mechanism” regulation, as I believe there are two in flight right now
>The gatekeeper shall allow and technically enable the installation and effective use of
third-party software applications or software application stores using, or interoperating
with, its operating system and allow those software applications or software application
stores to be accessed by means other than the relevant core platform services of that
gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party
software applications or software application stores from prompting end users to decide
whether they want to set that downloaded software application or software application
store as their default. The gatekeeper shall technically enable end users who decide to set
that downloaded software application or software application store as their default to carry
out that change easily.
Gatekeepers will not be able to:
rank their own products or services higher than those of others
prevent developers from using third-party payment platforms for app sales
process users’ personal data for targeted advertising, unless consent is granted
establish unfair conditions for business users
pre-install certain software applications or prevent users from easily un-installing them
restrict business users of platforms
Gatekeepers will have to:
offer more choices, such as the choice of certain software on a user’s operating system
ensure that unsubscribing from core platform services is as easy as subscribing
provide information on the number of users that visit their platforms to determine whether the platform can be identified as a gatekeeper
give business users access to their marketing or advertising performance data on the platform
inform the European Commission of their acquisitions and mergers
ensure that the basic functionalities of instant messaging services are interoperable, i.e. enable users to exchange messages, send voice messages or files
Fair competition of digital services is key to ensure that companies and consumers can all benefit in the same way from digital opportunities. This will also generate more innovation and boost consumer protection.
Have you read it? Do you have any info on how the vendors can react to these changes in terms of policy? Like is there anything that disallow apple to offer post-sales support / warranty in case you install any software / app store? etc?
Let's hope that the Brussels effect does its magic
> The Brussels effect is the process of unilateral regulatory globalisation caused by the European Union de facto (but not necessarily de jure) externalising its laws outside its borders through market mechanisms. Through the Brussels effect, regulated entities, especially corporations, end up complying with EU laws even outside the EU for a variety of reasons.
- require the most important software (e.g. web browsers) to be installed by default when installing an operating system
How is chromebook going to exist without a chrome browser? Sometimes I wonder if the people making the laws have any knowledge of the technology landscape?
Let's have a popup that asks which browser you want to use. I am certain that Google is more than capable to create websites that work with any browser.
“ * User any browser and browser engine and choose to make it default”
This is huge and I cannot believe it has taken this long. Apple forcing everyone to use their own browser engine with all other ios “browsers” essentially just being skins for Safari was ridiculous.
Where does it mention side loading? Still skimming the legal doc, but it just says basically they need to be fair and non-discriminatory about app-store access.
This is much more negative then for Apple then google. Google subsidizes their (far less profitable) app ecosystem by selling user data in the form of advertisements. While there is language about Google having to share marketing response rates, it doesn't prohibit this practice.
Apple on the other hand makes their money by targeting features (privacy, integration, etc) that people pay more for.
Apple will have to transition to a more ad-tech focus in order to compete in Europe under this infrastructure.
Showing advertisements isn't "selling user data", it's showing ads. Being the company who shows the ads means keeping the targeting data for yourself, which is the opposite of selling it.
And yet, Apple can still charge software companies whatever they want to allow software to run on the phones. Nothing says anything about the business elements of these user experiences. So if anyone thinks this law is going to take money from gatekeepers and put it into the pockets of app publishers they are kidding themselves
>And yet, Apple can still charge software companies whatever they want to allow software to run on the phones.
This is explicitly disallowed in the legislation. See page 131:
>The gatekeeper shall allow providers of services and providers of hardware, free of charge,
effective interoperability with, and access for the purposes of interoperability to, the same
hardware and software features accessed or controlled via the operating system or virtual
assistant listed in the designation decision pursuant to Article 3(9) as are available to
services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow
business users and alternative providers of services provided together with, or in support
of, core platform services, free of charge, effective interoperability with, and access for the
purposes of interoperability to, the same operating system, hardware or software features,
regardless of whether those features are part of the operating system, as are available to, or
used by, that gatekeeper when providing such services
I think we should expect Apple and Google to fight this tooth and nail. I'm sure they've been following it and looking at ways to exploit any holes that are in it.
In short, I expect it to be years before we can do most of the things you list in your post. There will be lots of court cases before we, as consumers, see any real change.
The EU doesn't operate the same way the courts do in America. The EU will require Apple/Google to cooperate with the changes while any cases are ongoing. If these cases take years to settle, so be it. If Apple/Google wins, any damages are back-paid.
These sound great, but what is the list of bad ideas inevitably buried in the 230 pages of this act that we'll come to learn as they bite us all in the ass?
The title says it all: the EU Act aimed against literally half the top USA companies.
But that's just realpolitik for you. This is the same reason that in the USA it is legal to have California Champaign and New York Bordeaux (style in small font) wine.
It depends on how much the Republicans have started to like on Apple and Google again, there's no way a European Union starving for gas come winter-time would impose a 10-20% cut of the turnover to two out of the 4 biggest US companies. I say Republicans because most probably they'll steamroll the Dems in November.
It blows my mind how many people have bought into Apple's position on this. No, Apple restricting your freedom does not afford you greater security. You, as an adult, can choose not to install shady software. If you're not confident in your ability to tell shady from legit, just stick to the App Store. Don't demand that Apple treat the rest of us like children just because that's how you would like to be treated.
>You, as an adult, can choose not to install shady software.
For some reason every Linux user assumes everyone is as smart as they are and anyone who doesn't take the time to learn whatever esoteric config file to manage their DE is a child that can't tell left from right. Somehow the decade of directed scams and proliferation of malware and spyware isn't a problem and it's the developers "right" to be able to turn on your microphone and send that data to the cloud.
When Facebook mandates that to install Instagram you must sideload it from the Facebook store and your entire's family's location is being tracked 24/7 I hope you will thank Zuckerberg for all the freedom hes giving you
>Don't demand that Apple treat the rest of us like children just because that's how you would like to be treated.
You could just not buy from Apple. I never understand how the anti-Apple crowd is convinced that Apple is run by Satan himself, but cannot compel themselves from buying Apple products.
To your first point: I find it telling that your main concern with reducing Apple's monopoly power is that it would elevate Facebook's monopoly power. How about we design regulations that mitigate against monopoly power in all its forms? Then there would be viable alternatives to Facebook and all of the sudden their business model based on hostile tracking becomes completely unsustainable because there's meaningful competition that actually respects their users. We don't need to be serfs.
To your second point: Apple exerts influence far beyond their consumers. Even though I'm sure this isn't news to you, I'll still point you toward some interesting articles:
Much of this is invisible to the typical resident of the walled garden, but they actually cause a lot of harm to society because of their market dominance. Anybody with a small child is probably aware of the harmful effects of the "dreaded green bubbles" (I'm sure people will try to counter this point with claims that iMessage is somehow more secure / more functional than other protocols. I invite those people to do some research first. I think you'd be surprised at the gulf between your own understanding of iMessage's security vs. reality).
2. Who said spam isn't a problem or that this act allows or even enforce to circumvent the strong privacy rules that the EU (not Apple) actually guarantees for their biggest single market in the world?
News flash: you can combat spam and scams while keeping open and exchangeable basic infrastructure, without any walled garden. Otherwise, following your logic Apple would need to ban access to protocols like IP instantly, as those can be used to transport spam and exchange openly information.
People rather argue that the safety excuse is BS and people do not require being a Linux expert to detect spam, that they can also get over the landline or in person knocking on the door, for that one needs common sense and some not completely bad education.
> For some reason every Linux user assumes everyone is as smart as they are and anyone who doesn't take the time to learn whatever esoteric config file to manage their DE is a child that can't tell left from right.
Notably, most of the non-technical users I am acquainted with manage to use Windows, which will also let you install any software package you want if you click continue on the warning.
I see a lot of Apple fans make unsubstantiated claims that Apple's restrictions on its ecosystem is effective in stopping spam, malware, scams, etc... I have yet to see any data to back this up.
> When Facebook mandates that to install Instagram you must sideload it from the Facebook store and your entire's family's location is being tracked 24/7 I hope you will thank Zuckerberg for all the freedom hes giving you
How will the Instagram app evade iOS's security measures if it's sideloaded?
The hardware scene is, in practice, quite monopolistic. This is especially true nowadays that Apple’s chips are vastly outcompeting others. I don’t know if this is because of some nefarious schemes or not, but even if it is a natural monopoly, it’s still a monopoly that might take years to be undone.
There is no reason to extend this hardware monopoly to software as well though. Apple can enjoy their great margin on their hardware, without also controlling everyone’s most intimate devices.
Oh yes please, I would love to see Facebook do that. They're already in hot enough water with GDPR, doing this would absolutely nuke them out of existence in the EU.
I know it's a complicated concept to understand, but we have multiple sets of laws that are aimed at punishing exactly what you're saying. The DMA passing doesn't mean ePrivacy or GDPR is gone.
So demand regulation against the tracking. Demanding everyone spread their butt cheeks to Apple because you like something that someone else could do is nonsense.
The apparent desire for paternalism unnerves me. Any time people are free to choose who they associate with, they run the risk of coming across bad actors who would scam them or worse. In most domains of life, we have special protections for the senile elderly and children but everybody else is given freedom and subsequently expected to develop and exercise a sense of good judgement, because freedom is more important than security.
But in the specific case of iphones, the argument is made that giving rational level-headed adults the freedom to associate with the software they wish would imperil children and the elderly, and you don't have to look far to find somebody arguing that that risk outweigh any other consideration. If this belief were likely to be limited to iphones I wouldn't really care, I'd simply not buy an iphone. But I fear special-case exceptions don't stay that way forever, and I fear Apple's style of paternalism (which is very profitable) will inevitably spread and become difficult if not impossible to avoid unless stomped out soon.
> The apparent desire for paternalism unnerves me.
I find the EU imposing these conditions, under threat of force, on Apple that sells a product that people are free to buy or not buy, much more paternalistic than anything Apple does.
I absolutely agree with you, but here's a hypothesis worth considering: What if we're building a society that is so complicated that it just isn't feasible for individuals to make informed decisions about important matters any more?
Societies have long accepted that things like medical treatments have to be prescribed by an expert, and some societies have even decided that healthy people can be forced to have medical treatments even against their will (i.e. vaccines).
My hope is that we are just in a temporary phase, where society has learnt how to transmit information freely but not how to reliably transmit trust. If the reputations of software developers and medical practitioners could be established without corporate or government monopolies, then society might get past this local minimum and into a more stable state.
> But in the specific case of iphones, the argument is made that giving rational level-headed adults the freedom to associate with the software they wish would imperil children and the elderly
By whom? You are the first person I heard this from.
This is a very myopic view of what it’s like for the elderly and less tech savvy. Most aren’t capable of telling the difference and yet they constantly find themselves unknowingly getting scammed. I take it you’ve never had to clean out a horribly malware infested computer for a mother-in-law before?
While this is certainly a problem, I don't accept it as an argument for why we all have to be locked in the walled garden. Just add a system setting that controls the walls. Let people disable it if they want, and tell your mother-and-law to never ever disable it no matter what. If you're worried that they'll be tricked into disabling it, then they probably should not be in control of a bank account or anything else serious anyway.
Anyway, this isn't really relevant to this regulation. People already get scammed on iPhones all the time. It's silly to think that anybody would be more vulnerable as a result of the DMA.
How will that elderly and less tech savvy find and install another app store into their iPhone.
If they are not tech savvy enough to be able to decide something is scammy, they are not tech savvy enough to install a freaking app store in their phone.
Ah, it's so easy to write something like this, but...
> No, Apple restricting your freedom does not afford you greater security.
No, Apple restricting your freedom does not afford you greater security.
You don't know anything about me. How can you possibly make the call on what makes me secure or not? Not being able to install malware... that is by definition more secure than being able to install malware.
> If you're not confident in your ability to tell shady from legit, just stick to the App Store.
No, you believe that other people who are not confident in their ability to tell shady from legit, can just stick to the App Store.
...but that's not true for some people. Some people make bad decisions. Lots of people make bad decisions. What you believe other people should be capable of, is your choice, but it's (clearly) wrong for a certain cohort of people.
> Don't demand that Apple treat the rest of us like children just because that's how you would like to be treated.
You may feel like you're being treated like a child because you are being prevented from doing what you consider to be something you should be entitled to do.
...but, other people feel differently.
You don't represent everyone. Your opinions are not shared by everyone.
> It blows my mind
...that other people have opinions. I know, it's astonishing.
Just because you (and I) personally will be positively affected by this change, doesn't mean everyone one will be. Does the positive benefit to us few outweigh the negative benefit to many others?
I don't know. I'm pretty worried about it. I think it's gonna to end up with a lot of bad things, for a lot of people, who aren't good at making decisions, especially when it relates to computers and other technical stuff.
I, for one, don't want to waste my time being IT support for my entire family.
That's the whole reason most of us prefer the walled garden of iOS. I don't care if it is as powerful a computer as a server from some 15 years ago, I WANT to treat it like an appliance, a friggin consumer device, I want to standardize it across my home and have some peace of mind.
If I want to hack, I have plenty of other devices at home or that I can buy that are far more adequate to this end.
>You, as an adult, can choose not to install shady software.
For whatever reason, my dad cannot choose to not install shady software. Keeping him in iOS land is the only thing that has worked at keeping his devices clean.
> You, as an adult, can choose not to install shady software.
You assume that everyone is as smart as you in figuring out which software is "shady software". Majority of the population have no clue and if the path to complying with this regulation is to drop the stance on security (regardless of existing issues with default security, as implemented today) further, well... good luck. Me and you maybe will not get tricked into installing some "shady app" but I'm looking forward to reading more about how people got hacked via their phone because they have installed "a bank app" from "appstore x" thinking that it was from "appstore y".
Apple famously went with gorilla glass over plastic for the original iPhone, despite glass being more breakable, because when it would break users tended to blame themselves rather Apple. Plastic on the other hand scratched just from everyday use and users would have blamed Apple for that cheap design. Perceived fault matters.
Interestingly, I think this can be used to argue either side.
All true. At the same time it will undeniably increase opportunities for criminal actors.
For a technical user, usually not a problem (like it is currently the case on Android). For an ordinary user caught in the hype of the day, not so much.
I would argue it's a problem for a technical user as well. It's just a problem.
Defenders have to win every time. Attackers only have to win once. That gives the attackers the advantage.
And it may not even directly be your fault. All you need is a flaw in any communications system that allows privilege escalation and code execution. Then you can be compromised by someone who just happens to be in the same room.
Now while this is true even now. It's even worse when every user can download and install whatever sketchware promises to mine dogecoins while the phone is idle for guaranteed returns of 100%. Because every other phone becomes a potential attack vector.
It blows my mind how many people have bought into EU's position on this. No, the EU restricting Apple's freedom does not afford you greater choice. You, as an adult, can choose not to buy Apple hardware. If you're not confident in your ability to do that, just stick to Android. Don't demand that EU treat the rest of us like children just because that's how you would like to be treated.
What HackerNews thinks will happen: "zomg, I will finally be able to run Arch on my iPhone!"
What will actually happen: "honey, something is wrong with my phone, whenever I unlock it, a popup jumps up that says 'Please update the Adobe™ Updater™ to get up to date Adobe™ Software Updates', could you take a look at it?"
Yeah, I'm honestly shocked at how welcomed the concept of "the government is telling developers that they must make their product less secure and streamlined" is here... This will not bring the interoperability utopia many believe, unless you mean 8 different app updaters bogging down your phone because now there's "competition" and the DrainMyBattery Store only charges 15% fees so it's the only place you can get CoolApp.
Yeah, and that unsecured Linux is destroying the world!
It’s not about making products less secure. That’s what apple makes you wanna think.
It’s about giving customers choice. They can stay in Apple ecosystem (I will for example). Or they can not. Companies like Apple will have to work much harder now, to give both users and developers enough value to justify being locked in.
honestly, Apple had their chance and while claiming to self-police, in fact they enacted an obvious walled garden that went way way way beyond security requirements.
So true. On my Pixel phone, which allows alternate app stores, I had to update the Adobe Updater to update Adobe Reader, Epic EpicStore to update Fortnite Update Store to update Fortnite, TenCent Store to update Grindr, and finally F-Droid Pro Max Store to update Signal. Why do I have to download so many app stores on Android!!
>The security on iPhone comes from the app sandbox, not from App Store review.
Some of it. But Apple has the real-world identity of developers/organizations, and will ban them from the App Store for malicious behavior.
And next to no privacy protections are from App Sandbox. You can turn off things like advertising identifiers, but there are a million other unique hardware identifiers as well as things like IP addresses which can be used to track someone.
The way Apple solves this is - you need to get user consent to track, which will also hand you the advertising identifier. But if the user does not consent, you can't work around it by correlating other data from the phone. Or we will kick you out of the store.
> There are lots of scam apps on the App Store, despite Apple's review.
Just imagine how bad it would be without review.
> Apps from 3rd party stores will be sandboxed just like apps from the App Store are today.
Will they? Without someone reviewing/approving entitlements for side-loaded apps, they can all effectively seek out as many entitlements from the menu as they want.
Uh no. How many phones are running F-droid? Please stop spreading useless fear. And my inlaws or parents have yet to install any malware on their androids. I check regularly.
The magical rockstar engineers of Apple will listen for their best in the world UX and handcraft artisanal UI that will respectfully explain users what causes the popup.
Not to mention use plenty of dark patterns to steer them away from it.
Not to mention the vast majority of users will not bother to deal with alternative app stores when the vast overwhelming majority of existing apps will remain on the official App Store.
Yeah. And that totally clueless person SOMEHOW found how to install a 3rd party app store on her phone and she was able to successfully configure it as well.
The argument doesnt make sense. The user is either tech savvy or not tech savvy.
...
And even more: You people talk as if that doesnt happen today. Nobody will try to scam anyone by creating an entire freaking APP STORE while they can just phish them by sending them an email to get their credit card numbers and whatever data they can collect.
And further: Today anti-virus software is capable of detecting and preventing most of those scams already. We are not in mid 2000s. Anti virus software will not disappear with the appearance of 3rd party app stores. So the problem does not even make sense to be considered a problem.
...
It just feels like some of you people (i mostly saw Americans) are SO mentally hostage to your corporations that you really defend the indefensible.
I do wish iPhones could use alternate browser engines and bypass the Apple 30% cut, but the fact I'm having to click through one of those stupid cookie dialogs on this page just leaves the bad taste in my mouth of how much the EU regulation screwed up the internet the last time they made a change like this.
Not saying I want tracking cookies everywhere, but they should have just made tracking cookies illegal outright, rather than legal if people agree meaning I have to dismiss thousands of cookie dialogs a year.
Because they were incompetent in writing their legislation, they doomed us to cookie dialogs for the rest of my life.
the cookie law should have ended up with a browser setting. but eu bureaucrats apparently don’t know the first thing about web standards (and why would they) so we get every single website in the world having to code a custom dialog, and billions of users having to click through them forever. this legislation is the eu cookie law writ large: well meaning, ill conceived, government overreach by bureaucrats who don’t represent or understand the companies being affected. it’s a sad state of affairs when the most significant contribution of europe to technology is not technology, but bad legislation with massive global implications.
No, the EU knew that something like a DNT header could never work. And let's not forget: No one needs a cookie popup. If you don't track more than technically necessary, there's no need to get consent or inform the user. It's just that everyone likes to collect as much data as they can that these popups are necessary.
in America, as a website, you're still perfectly allowed to use marketing cookies without permission, or just not provide the option of saying no. taking away that privilege is "government overreach"?
gdpr is also much bigger than just cookies. it's also a wide-ranging law forcing companies to more careful with your data and delete it if you ask
the EU politicians rightly do not represent the companies affected
Firstly, as all should know by now there is no need to give a cookie warning for any technical cookies. This means whenever it is there it is provided because the website provider thought they need a third party tracking to manage ads or get customer info.
Secondly, the way the banners are designed is the problem, not that the banners are there. A few large providers (notably Google and an adtech alliance) have standardised intrusive, bad-default and dark-pattern heavy cookie banners. If this was a single well-remembered click on each site no one would mind, the problem is that the providers want to make it painful so you start to just click 'accept' to get it over with.
> If this was a single well-remembered click on each site no one would mind, the problem is that the providers want to make it painful so you start to just click 'accept' to get it over with.
God bless any website with a simple Reject All button.
We need a privacy API that browsers agree on and websites would have to follow, when present. Uniform dialogs per browser for this crap, rather than unique per website.
I left Europe before the full enforcement of this cookies dialog and everytime I spend time there I'm like: how can anyone accept this state of affairs
The cookie law could've been better but there's not law that says you need this banner, only that you need it if you collect an unnecessary amount of data from your users.
You left Europe because of consumer protection laws? To solve a problem that is actually global and, if it really bothers you, can be solved with a browser plugins that clicks yes?
Rather odd choice, but everyone has their priority I suppose.
I'm sort of surprised at the positive tone here. Sure, it's nice for non-technical people to enumerate a lot of nice to haves, but just asserting something doesn't make it true or possible.
As one example, making "core messaging functionality interoperable". How exactly does that work with end-to-end encryption? I suppose we'd need some sort of open system and protocol for all the tricky key sharing stuff? That would be nice but doesn't seem feasible in 6 months. And how do you know what they're using on the other end? If someone is using an app that doesn't support encryption, and they try to send a message to, say, you on WhatsApp, where you have e2e enabled by default, what happens?
Another one is they can't "limit payment possibilities to their own method". Presumably this means like iPay and Google Pay. Isn't there, again, some hardware security issues in play with that? I don't understand those systems well enough to know for sure, but I thought they were locked down and proprietary in part to protect your financial data.
> How exactly does that work with end-to-end encryption?
Exactly how we deal with everything else that works across platforms: standardization. We've done it at least once before (SSL/TLS), I'm sure these rich and "amazingly smart" companies can figure out how to achieve it once again.
> Isn't there, again, some hardware security issues in play with that?
Is there hardware security issues with accept CC details on the web? Assuming the computer itself isn't compromised, the web seems to (again) have figured out how to deal with it across platforms, both OSes and browsers, why can't phone OSes do it?
The messaging interoperability is actually very worrying with the current discourse on scanning messages for certain content from the EU. Also various factions in the EU have been completely against end to end encryption.
What we can expect is weak protection on request of the government which puts people genuinely at risk.
If that happens I cannot possibly support the DMA or the EU on this but it'll be too late before it becomes apparent.
There's no particular reason preventing us from having interoperable E2E; we could already have interoperable E2E e-mail today if we wanted. Securely bootstrapping key exchange could be done through having one phone take a picture of a QR code on the other phone. Though, to be fair, I have no idea if any existing E2E services actually let you do this. "In-band"/electronic key introduction does require the message server operator to act as a trusted bootstrapper, but nobody seems to be worrying about that as-is.
The real concern with interoperable messaging is antispam. E-mail was an absolute disaster because there was no barrier to entry for someone who just wants to send unsolicited garbage to everyone. Google killed federated messaging for Google Chat back in the day because for every one person running their own XMPP server there were hundreds who realized Google was just giving away valuable real estate on everyone's Gmail inbox to this chat service. The EU appears to be trying to mandate federation to fix the competition problems involved with iMessage[0] and I genuinely hope there's a user opt-out for this when it inevitably gets abused for spam.
[0] Which, ironically, is more of an American problem than a European one
> E-mail was an absolute disaster because there was no barrier to entry for someone who just wants to send unsolicited garbage to everyone.
Email spam is possible because of the expectation that you can contact someone you've had no prior interaction with. (Also, it at least used to be quite easy to spoof the sender address because participants couldn't cryptographically prove their identities, but we now rely on tech like DKIM to mitigate this).
Messaging apps have an easier job because the services can refuse to deliver messages to people who haven't already received your public key (or some short, per-contact, pre-shared secret).
In fact, email encryption could also work this way, if users first had to send a standardised introduction message, and servers rejected any further messages until the recipient had marked the sender as trusted.
>The level of security, including the end-to-end encryption, where applicable, that the gatekeeper provides to its own end users shall be preserved across the interoperable services
The "limit payment possibilities" means that, f.e., Apple cannot stop a banking app from using the on-device secure enclave and the NFC functionality from making payments available if Apple also offers a payment service using those functions (or to say it differently; If Google or Apple make a payments app, they must allow everyone to develop their own payment apps for their ecosystems and make all functions available that are necessary to have all functionality of Google or Apple's own apps).
If I am using, say, Signal, I do not want it to be possible to send me an unencrypted message at all. That philosophy of security sounds likely to run afoul of this legislation.
> How exactly does that work with end-to-end encryption?
One way would be for Apple to offer a web API endpoint for companies that have signed an agreement with them (covering rate limits, server identification certificates, liability, etc.).
In fact, the API could be implemented in iOS itself, so you could have something like "Signal support for iMessage" as an app in the App Store, which would basically be a headless version of the Signal app which delegates all the UI tasks (mainly message display and input) to the iMessage app.
Does anyone know if the definition of "gatekeeper" extends to infrastructure services like AWS or Cloudflare?
> A small number of large undertakings providing core platform services have emerged with considerable economic power that could qualify them to be designated as gatekeepers pursuant to this Regulation. Typically, they feature an ability to connect many business users with many end users through their services, which, in turn, enables them to leverage their advantages, such as their access to large amounts of data, from one area of activity to another. Some of those undertakings exercise control over whole platform ecosystems in the digital economy and are structurally extremely difficult to challenge or contest by existing or new market operators, irrespective of how innovative and efficient those market operators may be
Sure sounds cloudy to me
edit: it seems to be explicitly covered:
Article 2
> (1) ‘Gatekeeper’ means an undertaking providing core platform services, designated pursuant
to Article 3;
> (2) ‘Core platform service’ means any of the following:
> (i) cloud computing services;
Article 3
> 1. An undertaking shall be designated as a gatekeeper if:
> (a) it has a significant impact on the internal market;
> (b) it provides a core platform service which is an important gateway for business users
to reach end users; and
> (c) it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.
This act sounds like the US tech equivalent of Thor's hammer
I'm not sure how this would mean anything for a service provider like AWS. You can already install and run whatever version of your own services you want on bare EC2s, and if you don't want to use the xen hypervisor for some reason, you can buy bare metal instances and do whatever you want with them. It's already possible to run OpenStack on AWS if you really want to do that.
Many orgs buy AWS for the unified billing and control plane. That part is fused shut and precisely addressed by the text (not quoted above). I can't as a third party build a service that competes with AWS and give it the usability that is possible buying direct from AWS
I'm not sure how I feel about this. My gut instinct is that opening these things can lead to a ton of malware and fake app stores, which will lead to a not-insignificant number of people being victimized. I'm also annoyed that the EU produces effectively 0 innovative tech, and subsequently has very suppressed tech salaries, but is so ready to regulate the American companies that make the world go 'round.
"innovative" tech companies:
- Amazon exploits their workforce and has a turnover rate of 150%
- Facebook destabilizes democracies and drives extremism while collecting as much data as possible and tracking you over the entire web
- Google also collects as much data as possible and controls the big majority of the browser market
- Microsoft has a monopoly on Desktop OS especially for the office. Entire states are fully reliant on them to continue to function.
- Apple tries to convenience you to pay a hefty extra price for a more and more walled garden
Those companies are bigger than states, have high influence on politics and together could overthrow states. If you have a innovative idea without an entire law department they will just copy it or pressure you into a buy out. If you play by the law you cannot beat them at their game if they don't let you.
I'm more worried about product line bifurcation. Europe has chosen this point in time to say "ok, the tech is good enough we're going to regulate and mandate a tech bill of rights now, anything new requires committee and our consent." As soon as something better comes along Europeans will get nerfed Europe-compliant phones and tech savvy Europeans will be importing grey market phones from America and Asia.
Eu produces effectively 0 innovative tech because the PR marketing-machine that is geared to sell you stocks on the US stock market makes incessant noise about American companies to sell those shares to you while excluding anyone outside.
All of this, without talking about SAP and the like.
European businesses dont operate on 'Sell over-inflated shares to those suckers to "capitalize"' - they operate on traditional indicators. Hence there isnt a need in Europe to constantly hawk any company's shares to make fools part with their money for the sake of financial sector. So you end up with companies like Hetzner slowly growing from engineering roots and then suddenly jumping on to the other side of the ocean to kick incumbent cloud butt there.
> I'm also annoyed that the EU produces effectively 0 innovative tech, and subsequently has very suppressed tech salaries, but is so ready to regulate the American companies that make the world go 'round
Because its almost impossible to compete?
These companies have so many resources, its impossible for any local competitor to compete.
Amazon can just crash the prices till the competition dies, Google can just not allow YouTube on it, Facebook will exist because of the network it has.
What the EU is doing is what is needed to happen long ago.
These companies are not currently successful because they offer the best experience or the best innovativtion, they are successful because they crush anyone else.
For example WhatsApp has many many better alternatives, which have better features and better privacy, but it still the #1 because of the monopoly it has on communication.
What the EU did here is smart, they didn't outright ban WhatsApp, or funded a direct competitor.
They forced them to play fair, to stop the monopolistic behavior and force them to compete on features, rather than succeeding only because my familly is on WhatsApp.
The same thing applies to Apple, which forces to everyone to use its crappy, intentionally handicapped browser engine.
And also forcing everyone to use its payment services while taking percentage of the profits and not even allowing you to increase the prices to cover their percentage!, this is absolutely outreagous and finally something is being done about it.
Explain the number of American unicorns and the (almost) complete lack of European unicorns then? Somehow American companies and startups find ways to compete and be relevant, and it just does not happen in Europe.
If you could snap your fingers and force Apple and Google to implement this today, these new markets (app stores and browsers for iOS) would be 99% filled by American companies.
The parent comment was being unfair. There is one market where Europeans dominate both in sheer volume and in innovation: excuses.
Excusing business, excusing governments; an international pastime of the Europeans, apparently.
Europeans did in fact exist before all of the listed examples came into being, and so could have outcompeted any of them even if they are now dominant. But I still think Europeans _could_ compete, even if culturally they are not prepared to be competitive. Amazon is only a fraction of retail sales and has huge weaknesses; Europeans who know their markets better could compete if they wanted to (especially with the huge amount of protectionism national governments are willing to engage in). LINE exists in Japan, presumably a smaller market than Europe that has managed to produce a viable WhatsApp competitor. Facebook was unstoppable until TikTok ate their lunch.
Again, I’m astounded by the European affinity for excusing uncompetitive businesses.
Well, at one point of history it was "impossible to compete" against Nokia on mobile market. I find statements that we are living at the point of the market where competition is no longer possible to be very naive.
> For example WhatsApp has many many better alternatives, which have better features and better privacy, but it still the #1 because of the monopoly it has on communication.
No, it’s because users don’t feel the need to switch. I have uninstalled WhatsApp 4 years ago, same time when I deleted my Facebook account. Haven’t had a single regret. When people ask me to contact them via WhatsApp, I tell them I don’t use it. Anyone can do that.
It's worth noting that Android already allows such things and there has been no malware apocalypse. In all the years Android existed I've never encountered someone with a malware filled phone. People stick with the default app store and are fine.
The entire history of Android is filled with malware stories. Google has gotten better about moderating their PlayStore, but there have been plenty of flashlight apps or similarly dumb apps that are just rootkits, bitcoin miners, or more malicious forms of malware.
One would think that if there is truly a Europe wide market for such an unlocked device a competitor should be able to challenge Apple and Google dominance. Europe could even subsidize it.
But instead, it’s more engineering by bureaucrats. Why is Europe so afraid of competing in the open market?
The "invisible hand of the free market" doesn't work when manufacturing a device requires such a huge infrastructure around it, and benefits so much from economy of scale. "Exploitative business practices must not be that bad or the free market would step in" is a painfully naive take.
You're totally right. How ever will a tiny company like Apple compete against Blackberry with their massive marketshare advantage and extensive supply chain...
There is free movement of good, services, money and people. But it is still 28 similar markets with different cultures, different languages, different bureaucracies and sometimes different currency.
It is 400 million people but comparing the EU to the US is wrong on so many levels.
Also calling the US an "open" market is like saying China is a "free" democracy.
"One would think that if there is truly a US wide market for such an affordable healthcare service a competitor should be able to challenge the current market dominance. The US could even subsidize it."
Also it doesn't matter if the EU could do it themselves. Our market, our rules. If you don't like the rules, don't play.
Apple is not even close to a monopoly, especially in Europe, where they have less than a third of the mobile market. That said, the rest of the market is divided up between several different Android phone companies, so Apple is in fact the largest single mobile vendor in the EU (Samsung is neck and neck with them though, and may have overtaken them since I last checked).
So from a regulatory standpoint, Apple is the problem child even if it isn't a monopoly. The EU sees a third of its phone-using population as being "captured" by a uncompetitive foreign corporation that is far more restrictive and locked down than any of its competitors. Apple has also tenaciously resisted any attempts to open its platform by citing user security as a reason for its draconian level of control over the iPhone platform, so it became necessary for the EU to resort to powerful big-guns legislation to act. Well the big guns are here, and I don't think Apple's "user security" defense is going to be aegis enough against them.
How does Apple have a monopoly? The only thing that comes close is the App Store, which requires you buy an iPhone, which is not the most common mobile device.
Further, other phone companies start from nothing and become quite successful in market place, and some fail, but consider OnePlus - they decided to make a "Flagship Killer" and are still delivering high quality devices.
> One would think that if there is truly a Europe wide market for such an unlocked device a competitor should be able to challenge Apple and Google dominance.
The problem is that such a device doesn't really have a chance because it's not compatible with existing infrastructure such as WhatsApp, Instagram, your banking app, what-have-you. It could be the best device in the world, but there's always a catch-22 problem with software that's fundamentally closed and can't be implemented by a third party.
> Why is Europe so afraid of competing in the open market?
Because they haven't been winning. It's not a coincidence that the revenue thresholds for this bill is conveniently higher than any Europe-based companies.
Readit News
* Install any software
* Install any App Store and choose to make it default
* Use third party payment providers and choose to make them default
* Use any voice assistant and choose to make it default
* User any browser and browser engine and choose to make it default
* Use any messaging app and choose to make it default
* Make core messaging functionality interoperable. They lay out concrete examples like file transfer
* Use existing hardware and software features without competitive prejudice. E.g. NFC
* Not preference their services. This includes CTAs in settings to encourage users to subscribe to Gatekeeper services, and ranking their own services above others in selection and advertising portals
* Much, much, more.
After the Act is signed by the Council and the European Parliament in September, Apple, Google, Amazon, and other "Gatekeepers" will have six months to comply. Fines are up to 10% of global revenue for the first offense, and 20% for repeat offenses.
The new iPads have an M1 chip with virtualization capabilities, but you wouldn't know it with the stuff Apple allows on it. Imagine how much better iPads would be if Apple couldn't block Linux VMs just because it doesn't suit them.
Sideloading apps as an advanced user concept sounds great. But if users who switch on their iPhone for the first time had to @choose a store”, that would be an absolutely terrible UX.
This just bludgeons so much of the security model of the iPhone. I get that this is by Apple's design, in that conflating the security model of the iPhone with App Store lock-in has been a gold mine, but I just don't see how you provide the same malware guarantees without that enforcement.
EDIT: Not sure why the downvotes, I guess it's from people that are big free-software-at-any-cost advocates. The cost of doing this is going to be too high for most iPhone users - I very much doubt this is in their best interests overall.
Dead Comment
1. What devices have to comply? 2. Who decides what device has to comply? Should playstation open their system too. What about a niche bank transaction signing device that internally uses an android capable hardware. Is this illegal now? 3. What about a car infotainment system that can theoretically run linux. 4. What if a European startup wants to compete with the iphone? Now they have so many regulations instead of focusing on a great device for their niche.
This looks like it will kill competition and harm European innovation, while major players will find their ways around it.
So no, this will not affect startups and harm innovation, it will just force the monopolistic behemoths to play nice and cease actively harming innovation.
How would you approach this otherwise? The EU probably can't break up Google or Apple (how would this even look like?) and the walled gardens are clearly a market failure, including apples fat margins. You mention details, but regulation can be well made and just continuing the status quo is also bad. All regulations open up questions but it's not the wild west here, we have rules and they regulate the economy, even for big multinational giants like apple. Sometimes companies even get nationalised (or nationalised companies get sold)!
1. Making unsubscribing is as easy as subscribing, and 2. Guaranteed interoperability between instant messaging services, and 3. Sharing marketing and/or advertisement performance with business users
will "kill competition"?
If anything, this is anti-monopolistic.
With sideloading, unlocked nfc and alternative stores and payment providers this will likely kickstart whole new markets (eg: a better app store for the iphone).
This is just great.
Let's see what we get when we google this? Here's one: https://www.akingump.com/en/news-insights/digital-markets-ac...
Core platform services include:
> The compromise text clarifies that the definition of core platform services should be technology neutral and should be understood to encompass those provided on or through various means or devices, such as connected TV or embedded digital services in vehicles.> “Gatekeeper”, in turn, refers to an undertaking providing core platform services that meets the following qualitative and quantitative criteria, set out in Article 3:
> First, it must have a significant impact on the EU internal market. An undertaking is presumed to satisfy this requirement where (a) it either has achieved an annual EU turnover equal to or above EUR 7.5 billion in each of the last three financial years, or where its average market capitalization or its equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and (b) it provides the same core platform service in at least three Member States.
> Second, it must provide a core platform service which is an important gateway for business users to reach end users. This requirement is presumed to be met where the undertaking provides a core platform service that had on average at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU in the last financial year.2 Users are to be identified and calculated in accordance with a methodology set out in an Annex to the DMA.
> Third, it must enjoy an entrenched and durable position in its operations. This requirement is presumed to be met where the threshold points in the paragraph above were met in each of the previous three financial years.
> This looks like it will kill competition and harm European innovation
I don't really understand how you got from "you are not allowed to stifle competition" to having less of it?
And I first want to approach it from the "good faith" point of view. The past 20 years have seen a sea change in what surveillance and devices can do. And as such we (society at large) needs to adjust our understanding and approach to this new technology.
Firstly the opportunities are immense. With almost (*) every person having some kind of heart, lifestyle, monitoring and measurement we could see transformational medical and epidemiology breakthroughs. On top of which access to (free, correct!) information, hell GPS is amazing. We know
Secondly there are opportunities for abuse, and there is justifiable concern about privacy, about affect on democracy, truth etc. I personally think these are..the wrong terms to use, but never mind.
I think we have to assume Good Faith from the EU here. They don't know the answers any more than the rest of us do. But they have been upfront abut tackling obvious big problems - the GDPR, for all its many faults was first, and a again big Good Faith step in right direction (pace all the stupid cookie warnings)
As for answers
Which devices apply - which ever ones are "owned" by a Gatekeeper (45 Million users / 7Bn turnover). Should Sony open up Playstation. Yeah basically. Xbox too. Will that cause problems - I expect so. In 99% of cases a big warning saying "you are side-loading this is dangerous" will prevent most horrors.
I expect this will not lead to an Open source free for all. I expect there will be develop licensing programs and approvals - because I certainly see the walled garden of iOS as a real benefit.
The bank transaction signing thing is interesting. The definition of a gatekeeper (Article 2 in the Act) is fairly specific to things like online search engines, intermediation services, OSes etc. I think its unlikely 45 million users is a big floor for such a thing.
(#) 4.5 Bn smartphones are in use globally, that's almost every adult. In "western" countries there are 10s of millions of people with daily heart rate monitoring.
Dead Comment
It's entirely possible that to enable compliance with this will require explicit compromises to the security of iMessage, for example by requiring key exchange with startup messaging providers. The other rules seem to prohibit Apple from describing the risks involved in such a compromise.
> * Use existing hardware and software features without competitive prejudice. E.g. NFC
This appears to say that a malicious app can present UX elements that were previously limited to the OS. Read liberally, that would mean that e.g. any app could now get biometric data by presenting a fake privilege escalation screen (e.g. FaceID/TouchID) and then capturing the results from the Secure Enclave. Is this something people really want?
> * Not preference their services. This includes CTAs in settings to encourage users to subscribe to Gatekeeper services, and ranking their own services above others in selection and advertising portals
This will likely make it harder for users to find safe/private services to use. If every offering can find its way into the default browser/App Store/etc. settings page in the OS, scam services will appear to be endorsed and therefore legitimate.
Edit: Limitation of interop is still possible, the EU is just deciding to move decision making from California engineers to Brussels attorneys. From the Act:
> The gatekeeper shall not be prevented from taking strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the operating system, virtual assistant, hardware or software features provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
So Apple just needs to explain security & encryption to Brussels attorneys to keep iMessage in a silo, for example. (Obviously making iMessage interoperable with e.g. Discord or ICQ will compromise the integrity of the software features of iMessage.) I don't think this is going to increase the pace of product improvements.
Is that really much worse than the status quo, where all iMessage plaintexts are shared with Apple by default, unless every participant in the thread has disabled iCloud Backup?
> So Apple just needs to explain security & encryption to Brussels attorneys to keep iMessage in a silo, for example. (Obviously making iMessage interoperable with e.g. Discord or ICQ will compromise the integrity of the software features of iMessage.)
Are you arguing that it's impossible for Discord or ICQ to implement the same feature set as the native iMessage client?
Regulator: what are the others using?
Apple: something very similar but slightly different
Regulator: and it's impossible to develop an open standard thet allows p2p encryption to be maintained?
Apple: Yes obviously in this specific field of technology that's not possible at all.
(Not the) Regulator: Sounds legit
Deleted Comment
That's what tech companies like to say. But from experiences with less tech-savy friends, the current way always leads people to share as much as possible. Opt-out is always harder than opt-in.
Hello, Alphabet world domination. They finally get the chance to get rid of that pesky Safari. Next stop: obligatory sign-in for using a service.
Apple is no underdog anymore, if their browser couldn‘t compete on its own merit I won’t be crying a river over it.
Firefox, while mired with its own problems, is another story; but I don’t see Mozilla losing from this decision.
I bet that Chrome adoption on iOS remains under 25% forever. People just don't care which browser they use so long as the default one works. Safari isn't so bad that people are desperate to replace it.
The users have already chosen Chrome (and its derivatives). Mozilla has done absolutely nothing to stop it as Firefox has become totally irrelevant today. The EU is about to allow the world domination of Chrome and its derivatives to takeover entirely.
Just like the many choices of a Linux distro, you will have the many choices of Chromium based browsers! All thanks to 'oPEn SoUrcE'.
These are all the highest risk API and integration surfaces on mobile devices.
Also I hope Microsoft get pulled into this as well because they're slowly turning Windows into a marketing device.
Edit: as an iOS user I'm optimistic that this will lead to complete device network whitelist capabilities though so you can neuter any apps which circumvent the current browser restrictions. That would destroy a lot of tracking capability instantly and completely stop embedded browser side channel attacks.
Negligible; most large-format computing devices already allow you to do all of these things.
> Make core messaging functionality interoperable. They lay out concrete examples like file transfer
Google, Apple, and Amazon are supposed to design, ratify, implement and ship a universal messaging standard in 6 months? This won't happen even if they skip the first two steps and use an existing standard.
Apple ships a new iOS version in September, when this timer is supposed to start. Are they supposed to upend their entire release cycle and ship these major changes to their OS by March?
I've used iPhones for years, and I'm totally down with these bullet points. But I think we can all chuckle at the timeline, given the scope of this.
Amazing things are possible when the incentive is right. Given their VAST resources, it's only a matter of focus.
That was the unbundling of Internet Explorer from PCs.
Which in hindsight looks like small beers compared to Chrome on-every-device usage, and probably why MS are getting away with it, again, bundling Edge and crippling Firefox workarounds.
For Alphabet (Google) the revenue distribution from 2015 to 2021 was approximately 33% for all of Europe, Middle-east, and Africa. It's unclear to me the actual European numbers since they are combined EMEA.
For Apple in 2021 the revenue was approximately 23% for Europe (no middle-east or Africa).
For Facebook in 2021 the revenue was also approximately 23% for Europe (no middle-east or Africa).
So it's safe to say that a first offense would potential halve the revenue for the region, and a second offense would remove the financial rationale of doing business in the region.
Do not forget here: These are countries which existed hundred of years before FAANG and will exist hundreds of years after FAANG. They have to protect themselves as a society but also as a constitutional body. If you let the monopolies go their way, their own constitutional existence is in doubt (example: these companies have already gigantic control on aspects which are governed by law hate speech, nudity, etc or are normative in the society). Long rambling, short reply: Other countries will quickly adopt these laws to keep long-term relevant.
Also, it has to be global revenue, because otherwise they would just use funny accounting tricks to hide their revenue (they already do that).
I’d be fine if we take the money and burn it but it’s not gonna be that is it it’s gonna be we take the money and funnel it into organizations that politicians children happen to be on the boards of.
Cookie notices was the industry response, ignoring the spirit of the law and complying at a minimal rate
And you know who does the actual implementation, right?
This is mostly a case of malicious (arguably non-) compliance.
This is like blaming the dentist for your tooth pain.
The GDPR wasn’t watered down but in the end it just wasn’t enforced (at least not enough) against the biggest offenders it was meant to regulate.
What this will mean for me as an iPhone user: instead of using Apple Pay which is seamlessly integrated in my phone, watch and desktop OS, I will instead have to use my bank's terrible HTML-based 'app' to perform contactless payments, making it 100 times less convenient. This probably will make me switch back to using my bank card.
But hey, my bank makes a little more profit at the expense of UX.
Thanks EU!
Apple Pay will not just die, Android has no restrictions on NFC and Google Pay is still supported by banks.
What you do is fear mongering that's not based on reality. Android shows that it works and Apple just wants their cut, as always.
EDIT: to be clear, currently on Android any app can handle NFC payments, not just Google Pay. Banks could easily force people to user their apps, but that's not happening.
Maybe the ui app will stop being shitty as the usage goes up? That is the point
They will or there will be a repetition of Microsoft Corp. v. Commission, but with much higher fines.
Of course they will try not to. They will do everything to prolong the appeal process and so on - it's unthinkable they would allow any other app store on their devices, that's the very core of their identity - to be as closed and unified as possible. I don't believe the EU has enough power to fight Apple. I'll believe it when I see the first iPhone with an USB-C charger.
By forcing message passing platforms to submit to sharing private encryption keys? And that interoperability entailing the possibility of passing messages to government eavesdropping schemes? Sounds like a utopian paradise!
I wonder if, just like in Android, this will open the doors for a lot of malware targeting iOS users.
That would be sweet. Currently none of call recording apps work on my phone and this is a must have feature for me. When I take a call with my doctor I have to use my separate memo recorder, so that I can refer to the call in the future if I forget something.
Let's not mention usefulness of this feature when you are placing orders over the phone and then the other party claims this is what I wanted once they deliver something not as agreed. If I could record a call I had evidence in case of dispute.
It might not be legal to do that, in all cases, and the evidence might not be valid.
Nonetheless, I anticipate teething problems, including some form of malicious compliance. The latter of which the EU tends to take a dim view.
One could also argue that if it takes longer than 6 months to add something dictated by law, you simply have to implement it faster or accept the consequences.
I don't think companies this big has a lot of excuses for taking so long to implement things. They have thousands of employees they can shift from other projects (projects that doesn't decide if the phone is illegal or not) to implement urgent things like this.
Then that will increase the implementation cost by at least (edit: up to) 10% of their global revenue.
Scams proliferate, praying on elderly and young. Widespread tracking of your location, browsing history. Same with other points, narrow, selfish thinking.
It certainly puts a huge incentive on Apple to figure out technical solutions to problems like "How do we get other browser engines on this thing without compromising a hundred OS assumptions, battery performance, or user security," but it's also possible Apple decides that's a no-go and it'll cost more than 25% of annual revenue to comply, at which point the winning market strategy is opt-out. That's fine; win-win for the EU market because it clears the playing field for a European-originated competitor to the iPhone.
ETA I forgot the third possibility: Apple decides it will cost more than 10% (and later 20%) of revenue to comply, but the 5% bump in value is still worth it and they write off non-compliance as a tax to do business in Europe. Then if the EU tries to impose structural or behavioral changes, we're back to square one on the question of whether those changes cost more than (now) 5% of Apple's revenue.
I doubt Apple will be willing to forego sales in the world's third largest economy, tbh.
On a practical level, it might not be all that easy to stop that entirely. Sure, Apple could stop selling iPhones in the EU (and would probably close their stores altogether). But a gray (black? In this case I'm not entirely certain) market would almost certainly appear. iPhones in the EU might acquire the cachet of Cuban Cigars in the US.
I think that's what the EU is hoping for. Their technology industry completely failed in this space, so for them it makes perfect sense to simply drive competitors out of the market entirely. Worst case for them is that the international competitors actually comply.
Virtualization? Run a hypervisor on the phone that allows running multiple virtual smartphones. Apple can provide two virtual smartphone environments, one that works like the current native iOS, and one that provides a basic smartphone that is wide open and on which you can install anything you want (maybe based on Android?). Make this second one open source so it can be a basis third parties can use to develop more virtual smartphones for iPhone hardware.
> * Install any App Store and choose to make it default
I don't see mention of this in the summary. Where is it described?
>The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party software applications or software application stores from prompting end users to decide whether they want to set that downloaded software application or software application store as their default. The gatekeeper shall technically enable end users who decide to set that downloaded software application or software application store as their default to carry out that change easily.
Cool. I have an iPhone but everything in my house uses Alexa. It would be great to have my phone control my using using ‘Alexa’ as a wake word.
It will also be nice to have a real Brave or Opera or whatever (with Blink not WebKit) on my iPhone.
Six months is barely enough time for companies to digest and understand the new requirements, and certainly not enough time to develop and ship such dramatic changes.
Lol. The encryption keys being shared with security services bits have political cover. Not the rest. It’s surprising European legislation doesn’t yet have a reconciliation process, to prevent this sort of burying-the-lede gambit.
Does it break any privacy/digital-dignity protections though?
>The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party software applications or software application stores from prompting end users to decide whether they want to set that downloaded software application or software application store as their default. The gatekeeper shall technically enable end users who decide to set that downloaded software application or software application store as their default to carry out that change easily.
It includes the following section:
I believe that they will find a way to somehow undermine these rulings. EU hasn't won yet.
> The Brussels effect is the process of unilateral regulatory globalisation caused by the European Union de facto (but not necessarily de jure) externalising its laws outside its borders through market mechanisms. Through the Brussels effect, regulated entities, especially corporations, end up complying with EU laws even outside the EU for a variety of reasons.
https://en.wikipedia.org/wiki/Brussels_effect
> Make core messaging functionality interoperable. They lay out concrete examples like file transfer.
Encrypted messaging by someone not in the U.S.' jurisdiction. More privacy, more terrorism.
> Fines are up to 10% of global revenue for the first offense, and 20% for repeat offenses.
Ouch, that'll impose some discipline.
Could we have something like F-droid on iOS? I guess that's Cydia now but could Cydia be installed without requiring jailbreaking?
That wasn't one of the bullets in the posted article. Do you have a reference to the language of the law that says this?
https://arstechnica.com/gadgets/2022/06/developers-get-linux...
> But they can no longer reuse private data collected during a service for the purposes of another service.
I hope this is applied retrospectively (for even data gathered before the DMA was legislated and came into effect).
How is chromebook going to exist without a chrome browser? Sometimes I wonder if the people making the laws have any knowledge of the technology landscape?
Let's have a popup that asks which browser you want to use. I am certain that Google is more than capable to create websites that work with any browser.
This is huge and I cannot believe it has taken this long. Apple forcing everyone to use their own browser engine with all other ios “browsers” essentially just being skins for Safari was ridiculous.
Install any app you've previously purchased, from any app store, I think regardless of whether they'd otherwise offer said app
I think that will get rid of selling the same game, app, whatever on many platforms. Buy once, use everywhere
Apple on the other hand makes their money by targeting features (privacy, integration, etc) that people pay more for.
Apple will have to transition to a more ad-tech focus in order to compete in Europe under this infrastructure.
...only works if the OS doesn't unchange it every. sodding. day.
This is explicitly disallowed in the legislation. See page 131:
>The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services
In short, I expect it to be years before we can do most of the things you list in your post. There will be lots of court cases before we, as consumers, see any real change.
Enforcement for the large gatekeepers is with the commission,and they have a good amount of tools to enforce compliance.
I'm sure A/G will try to drag it out, but it won't be years.
I wonder why Google is there, they don't block any of this.
Dead Comment
Dead Comment
But that's just realpolitik for you. This is the same reason that in the USA it is legal to have California Champaign and New York Bordeaux (style in small font) wine.
For some reason every Linux user assumes everyone is as smart as they are and anyone who doesn't take the time to learn whatever esoteric config file to manage their DE is a child that can't tell left from right. Somehow the decade of directed scams and proliferation of malware and spyware isn't a problem and it's the developers "right" to be able to turn on your microphone and send that data to the cloud.
When Facebook mandates that to install Instagram you must sideload it from the Facebook store and your entire's family's location is being tracked 24/7 I hope you will thank Zuckerberg for all the freedom hes giving you
>Don't demand that Apple treat the rest of us like children just because that's how you would like to be treated.
You could just not buy from Apple. I never understand how the anti-Apple crowd is convinced that Apple is run by Satan himself, but cannot compel themselves from buying Apple products.
To your second point: Apple exerts influence far beyond their consumers. Even though I'm sure this isn't news to you, I'll still point you toward some interesting articles:
https://proton.me/blog/apple-app-store-antitrust
https://lapcatsoftware.com/articles/unsigned.html
Much of this is invisible to the typical resident of the walled garden, but they actually cause a lot of harm to society because of their market dominance. Anybody with a small child is probably aware of the harmful effects of the "dreaded green bubbles" (I'm sure people will try to counter this point with claims that iMessage is somehow more secure / more functional than other protocols. I invite those people to do some research first. I think you'd be surprised at the gulf between your own understanding of iMessage's security vs. reality).
2. Who said spam isn't a problem or that this act allows or even enforce to circumvent the strong privacy rules that the EU (not Apple) actually guarantees for their biggest single market in the world?
News flash: you can combat spam and scams while keeping open and exchangeable basic infrastructure, without any walled garden. Otherwise, following your logic Apple would need to ban access to protocols like IP instantly, as those can be used to transport spam and exchange openly information.
People rather argue that the safety excuse is BS and people do not require being a Linux expert to detect spam, that they can also get over the landline or in person knocking on the door, for that one needs common sense and some not completely bad education.
Notably, most of the non-technical users I am acquainted with manage to use Windows, which will also let you install any software package you want if you click continue on the warning.
How will the Instagram app evade iOS's security measures if it's sideloaded?
No idea what they're doing with the data but there's no other way to fly your drone.
The hardware scene is, in practice, quite monopolistic. This is especially true nowadays that Apple’s chips are vastly outcompeting others. I don’t know if this is because of some nefarious schemes or not, but even if it is a natural monopoly, it’s still a monopoly that might take years to be undone.
There is no reason to extend this hardware monopoly to software as well though. Apple can enjoy their great margin on their hardware, without also controlling everyone’s most intimate devices.
I know it's a complicated concept to understand, but we have multiple sets of laws that are aimed at punishing exactly what you're saying. The DMA passing doesn't mean ePrivacy or GDPR is gone.
Build operating system level controls that function regardless of app source?
But in the specific case of iphones, the argument is made that giving rational level-headed adults the freedom to associate with the software they wish would imperil children and the elderly, and you don't have to look far to find somebody arguing that that risk outweigh any other consideration. If this belief were likely to be limited to iphones I wouldn't really care, I'd simply not buy an iphone. But I fear special-case exceptions don't stay that way forever, and I fear Apple's style of paternalism (which is very profitable) will inevitably spread and become difficult if not impossible to avoid unless stomped out soon.
I find the EU imposing these conditions, under threat of force, on Apple that sells a product that people are free to buy or not buy, much more paternalistic than anything Apple does.
Societies have long accepted that things like medical treatments have to be prescribed by an expert, and some societies have even decided that healthy people can be forced to have medical treatments even against their will (i.e. vaccines).
My hope is that we are just in a temporary phase, where society has learnt how to transmit information freely but not how to reliably transmit trust. If the reputations of software developers and medical practitioners could be established without corporate or government monopolies, then society might get past this local minimum and into a more stable state.
By whom? You are the first person I heard this from.
Anyway, this isn't really relevant to this regulation. People already get scammed on iPhones all the time. It's silly to think that anybody would be more vulnerable as a result of the DMA.
How will that elderly and less tech savvy find and install another app store into their iPhone.
If they are not tech savvy enough to be able to decide something is scammy, they are not tech savvy enough to install a freaking app store in their phone.
> No, Apple restricting your freedom does not afford you greater security.
No, Apple restricting your freedom does not afford you greater security.
You don't know anything about me. How can you possibly make the call on what makes me secure or not? Not being able to install malware... that is by definition more secure than being able to install malware.
> If you're not confident in your ability to tell shady from legit, just stick to the App Store.
No, you believe that other people who are not confident in their ability to tell shady from legit, can just stick to the App Store.
...but that's not true for some people. Some people make bad decisions. Lots of people make bad decisions. What you believe other people should be capable of, is your choice, but it's (clearly) wrong for a certain cohort of people.
> Don't demand that Apple treat the rest of us like children just because that's how you would like to be treated.
You may feel like you're being treated like a child because you are being prevented from doing what you consider to be something you should be entitled to do.
...but, other people feel differently.
You don't represent everyone. Your opinions are not shared by everyone.
> It blows my mind
...that other people have opinions. I know, it's astonishing.
Just because you (and I) personally will be positively affected by this change, doesn't mean everyone one will be. Does the positive benefit to us few outweigh the negative benefit to many others?
I don't know. I'm pretty worried about it. I think it's gonna to end up with a lot of bad things, for a lot of people, who aren't good at making decisions, especially when it relates to computers and other technical stuff.
Not being able to drive is also much safer than being able to drive.
Not having internet access is also much safer than having it.
Not getting out is also much safer than getting out.
I, for one, don't want to waste my time being IT support for my entire family. That's the whole reason most of us prefer the walled garden of iOS. I don't care if it is as powerful a computer as a server from some 15 years ago, I WANT to treat it like an appliance, a friggin consumer device, I want to standardize it across my home and have some peace of mind.
If I want to hack, I have plenty of other devices at home or that I can buy that are far more adequate to this end.
For whatever reason, my dad cannot choose to not install shady software. Keeping him in iOS land is the only thing that has worked at keeping his devices clean.
Deleted Comment
Deleted Comment
You assume that everyone is as smart as you in figuring out which software is "shady software". Majority of the population have no clue and if the path to complying with this regulation is to drop the stance on security (regardless of existing issues with default security, as implemented today) further, well... good luck. Me and you maybe will not get tricked into installing some "shady app" but I'm looking forward to reading more about how people got hacked via their phone because they have installed "a bank app" from "appstore x" thinking that it was from "appstore y".
But apparently you, as an adult, can't choose to not buy Apple if you don't like their policies? Strange.
Interestingly, I think this can be used to argue either side.
Deleted Comment
You clearly do not play tech support to elderly family members, or have kids
Defenders have to win every time. Attackers only have to win once. That gives the attackers the advantage.
And it may not even directly be your fault. All you need is a flaw in any communications system that allows privilege escalation and code execution. Then you can be compromised by someone who just happens to be in the same room.
Now while this is true even now. It's even worse when every user can download and install whatever sketchware promises to mine dogecoins while the phone is idle for guaranteed returns of 100%. Because every other phone becomes a potential attack vector.
What will actually happen: "honey, something is wrong with my phone, whenever I unlock it, a popup jumps up that says 'Please update the Adobe™ Updater™ to get up to date Adobe™ Software Updates', could you take a look at it?"
It’s not about making products less secure. That’s what apple makes you wanna think.
It’s about giving customers choice. They can stay in Apple ecosystem (I will for example). Or they can not. Companies like Apple will have to work much harder now, to give both users and developers enough value to justify being locked in.
honestly, Apple had their chance and while claiming to self-police, in fact they enacted an obvious walled garden that went way way way beyond security requirements.
Deleted Comment
This is exactly the bad duopolistic behaviour this act is trying to break open.
Apps from 3rd party stores will be sandboxed just like apps from the App Store are today.
Some of it. But Apple has the real-world identity of developers/organizations, and will ban them from the App Store for malicious behavior.
And next to no privacy protections are from App Sandbox. You can turn off things like advertising identifiers, but there are a million other unique hardware identifiers as well as things like IP addresses which can be used to track someone.
The way Apple solves this is - you need to get user consent to track, which will also hand you the advertising identifier. But if the user does not consent, you can't work around it by correlating other data from the phone. Or we will kick you out of the store.
> There are lots of scam apps on the App Store, despite Apple's review.
Just imagine how bad it would be without review.
> Apps from 3rd party stores will be sandboxed just like apps from the App Store are today.
Will they? Without someone reviewing/approving entitlements for side-loaded apps, they can all effectively seek out as many entitlements from the menu as they want.
The magical rockstar engineers of Apple will listen for their best in the world UX and handcraft artisanal UI that will respectfully explain users what causes the popup.
Not to mention the vast majority of users will not bother to deal with alternative app stores when the vast overwhelming majority of existing apps will remain on the official App Store.
The argument doesnt make sense. The user is either tech savvy or not tech savvy.
...
And even more: You people talk as if that doesnt happen today. Nobody will try to scam anyone by creating an entire freaking APP STORE while they can just phish them by sending them an email to get their credit card numbers and whatever data they can collect.
And further: Today anti-virus software is capable of detecting and preventing most of those scams already. We are not in mid 2000s. Anti virus software will not disappear with the appearance of 3rd party app stores. So the problem does not even make sense to be considered a problem.
...
It just feels like some of you people (i mostly saw Americans) are SO mentally hostage to your corporations that you really defend the indefensible.
Not saying I want tracking cookies everywhere, but they should have just made tracking cookies illegal outright, rather than legal if people agree meaning I have to dismiss thousands of cookie dialogs a year.
Because they were incompetent in writing their legislation, they doomed us to cookie dialogs for the rest of my life.
in America, as a website, you're still perfectly allowed to use marketing cookies without permission, or just not provide the option of saying no. taking away that privilege is "government overreach"?
gdpr is also much bigger than just cookies. it's also a wide-ranging law forcing companies to more careful with your data and delete it if you ask
the EU politicians rightly do not represent the companies affected
Firstly, as all should know by now there is no need to give a cookie warning for any technical cookies. This means whenever it is there it is provided because the website provider thought they need a third party tracking to manage ads or get customer info.
Secondly, the way the banners are designed is the problem, not that the banners are there. A few large providers (notably Google and an adtech alliance) have standardised intrusive, bad-default and dark-pattern heavy cookie banners. If this was a single well-remembered click on each site no one would mind, the problem is that the providers want to make it painful so you start to just click 'accept' to get it over with.
God bless any website with a simple Reject All button.
One example: https://github.blog/2020-12-17-no-cookie-for-you/
The cookie law could've been better but there's not law that says you need this banner, only that you need it if you collect an unnecessary amount of data from your users.
Rather odd choice, but everyone has their priority I suppose.
As one example, making "core messaging functionality interoperable". How exactly does that work with end-to-end encryption? I suppose we'd need some sort of open system and protocol for all the tricky key sharing stuff? That would be nice but doesn't seem feasible in 6 months. And how do you know what they're using on the other end? If someone is using an app that doesn't support encryption, and they try to send a message to, say, you on WhatsApp, where you have e2e enabled by default, what happens?
Another one is they can't "limit payment possibilities to their own method". Presumably this means like iPay and Google Pay. Isn't there, again, some hardware security issues in play with that? I don't understand those systems well enough to know for sure, but I thought they were locked down and proprietary in part to protect your financial data.
Exactly how we deal with everything else that works across platforms: standardization. We've done it at least once before (SSL/TLS), I'm sure these rich and "amazingly smart" companies can figure out how to achieve it once again.
> Isn't there, again, some hardware security issues in play with that?
Is there hardware security issues with accept CC details on the web? Assuming the computer itself isn't compromised, the web seems to (again) have figured out how to deal with it across platforms, both OSes and browsers, why can't phone OSes do it?
What we can expect is weak protection on request of the government which puts people genuinely at risk.
If that happens I cannot possibly support the DMA or the EU on this but it'll be too late before it becomes apparent.
The real concern with interoperable messaging is antispam. E-mail was an absolute disaster because there was no barrier to entry for someone who just wants to send unsolicited garbage to everyone. Google killed federated messaging for Google Chat back in the day because for every one person running their own XMPP server there were hundreds who realized Google was just giving away valuable real estate on everyone's Gmail inbox to this chat service. The EU appears to be trying to mandate federation to fix the competition problems involved with iMessage[0] and I genuinely hope there's a user opt-out for this when it inevitably gets abused for spam.
[0] Which, ironically, is more of an American problem than a European one
Email spam is possible because of the expectation that you can contact someone you've had no prior interaction with. (Also, it at least used to be quite easy to spoof the sender address because participants couldn't cryptographically prove their identities, but we now rely on tech like DKIM to mitigate this).
Messaging apps have an easier job because the services can refuse to deliver messages to people who haven't already received your public key (or some short, per-contact, pre-shared secret).
In fact, email encryption could also work this way, if users first had to send a standardised introduction message, and servers rejected any further messages until the recipient had marked the sender as trusted.
Also there's a line in the final full act:
>The level of security, including the end-to-end encryption, where applicable, that the gatekeeper provides to its own end users shall be preserved across the interoperable services
On the iPhone, this is done visually with the blue/green bubbles. But other solutions can be implemented.
One way would be for Apple to offer a web API endpoint for companies that have signed an agreement with them (covering rate limits, server identification certificates, liability, etc.).
In fact, the API could be implemented in iOS itself, so you could have something like "Signal support for iMessage" as an app in the App Store, which would basically be a headless version of the Signal app which delegates all the UI tasks (mainly message display and input) to the iMessage app.
Client side lock downs aren’t security. They’re security theater.
Quite simply: it doesn't. It can only work the same way as iMessage interoperates with SMS, by throwing away security.
There's literally zero benefit that Apple, Google, FB or whoever is able to offer with their in-house implementation.
TBH , unlike GDPR, this seems a lot more pragmatic and feasible
> A small number of large undertakings providing core platform services have emerged with considerable economic power that could qualify them to be designated as gatekeepers pursuant to this Regulation. Typically, they feature an ability to connect many business users with many end users through their services, which, in turn, enables them to leverage their advantages, such as their access to large amounts of data, from one area of activity to another. Some of those undertakings exercise control over whole platform ecosystems in the digital economy and are structurally extremely difficult to challenge or contest by existing or new market operators, irrespective of how innovative and efficient those market operators may be
Sure sounds cloudy to me
edit: it seems to be explicitly covered:
Article 2
> (1) ‘Gatekeeper’ means an undertaking providing core platform services, designated pursuant to Article 3;
> (2) ‘Core platform service’ means any of the following:
> (i) cloud computing services;
Article 3
> 1. An undertaking shall be designated as a gatekeeper if:
> (a) it has a significant impact on the internal market;
> (b) it provides a core platform service which is an important gateway for business users to reach end users; and
> (c) it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.
This act sounds like the US tech equivalent of Thor's hammer
Those companies are bigger than states, have high influence on politics and together could overthrow states. If you have a innovative idea without an entire law department they will just copy it or pressure you into a buy out. If you play by the law you cannot beat them at their game if they don't let you.
Eu produces effectively 0 innovative tech because the PR marketing-machine that is geared to sell you stocks on the US stock market makes incessant noise about American companies to sell those shares to you while excluding anyone outside.
https://www.weforum.org/agenda/2017/10/meet-europe-top-tech-...
Those are the 'hot up and coming'.
https://www.value.today/top-companies/top-technology-compani...
Those are by size.
All of this, without talking about SAP and the like.
European businesses dont operate on 'Sell over-inflated shares to those suckers to "capitalize"' - they operate on traditional indicators. Hence there isnt a need in Europe to constantly hawk any company's shares to make fools part with their money for the sake of financial sector. So you end up with companies like Hetzner slowly growing from engineering roots and then suddenly jumping on to the other side of the ocean to kick incumbent cloud butt there.
Deleted Comment
Because its almost impossible to compete? These companies have so many resources, its impossible for any local competitor to compete. Amazon can just crash the prices till the competition dies, Google can just not allow YouTube on it, Facebook will exist because of the network it has.
What the EU is doing is what is needed to happen long ago. These companies are not currently successful because they offer the best experience or the best innovativtion, they are successful because they crush anyone else.
For example WhatsApp has many many better alternatives, which have better features and better privacy, but it still the #1 because of the monopoly it has on communication.
What the EU did here is smart, they didn't outright ban WhatsApp, or funded a direct competitor. They forced them to play fair, to stop the monopolistic behavior and force them to compete on features, rather than succeeding only because my familly is on WhatsApp.
The same thing applies to Apple, which forces to everyone to use its crappy, intentionally handicapped browser engine.
And also forcing everyone to use its payment services while taking percentage of the profits and not even allowing you to increase the prices to cover their percentage!, this is absolutely outreagous and finally something is being done about it.
Explain the number of American unicorns and the (almost) complete lack of European unicorns then? Somehow American companies and startups find ways to compete and be relevant, and it just does not happen in Europe.
If you could snap your fingers and force Apple and Google to implement this today, these new markets (app stores and browsers for iOS) would be 99% filled by American companies.
Excusing business, excusing governments; an international pastime of the Europeans, apparently.
Europeans did in fact exist before all of the listed examples came into being, and so could have outcompeted any of them even if they are now dominant. But I still think Europeans _could_ compete, even if culturally they are not prepared to be competitive. Amazon is only a fraction of retail sales and has huge weaknesses; Europeans who know their markets better could compete if they wanted to (especially with the huge amount of protectionism national governments are willing to engage in). LINE exists in Japan, presumably a smaller market than Europe that has managed to produce a viable WhatsApp competitor. Facebook was unstoppable until TikTok ate their lunch.
Again, I’m astounded by the European affinity for excusing uncompetitive businesses.
No, it’s because users don’t feel the need to switch. I have uninstalled WhatsApp 4 years ago, same time when I deleted my Facebook account. Haven’t had a single regret. When people ask me to contact them via WhatsApp, I tell them I don’t use it. Anyone can do that.
Agree about the EU though.
But instead, it’s more engineering by bureaucrats. Why is Europe so afraid of competing in the open market?
There is free movement of good, services, money and people. But it is still 28 similar markets with different cultures, different languages, different bureaucracies and sometimes different currency.
It is 400 million people but comparing the EU to the US is wrong on so many levels.
Also calling the US an "open" market is like saying China is a "free" democracy.
"One would think that if there is truly a US wide market for such an affordable healthcare service a competitor should be able to challenge the current market dominance. The US could even subsidize it."
Also it doesn't matter if the EU could do it themselves. Our market, our rules. If you don't like the rules, don't play.
Dead Comment
Deleted Comment
Dead Comment
Do you really believe the EU would be better off if all US businesses left?
So from a regulatory standpoint, Apple is the problem child even if it isn't a monopoly. The EU sees a third of its phone-using population as being "captured" by a uncompetitive foreign corporation that is far more restrictive and locked down than any of its competitors. Apple has also tenaciously resisted any attempts to open its platform by citing user security as a reason for its draconian level of control over the iPhone platform, so it became necessary for the EU to resort to powerful big-guns legislation to act. Well the big guns are here, and I don't think Apple's "user security" defense is going to be aegis enough against them.
https://gs.statcounter.com/os-market-share/mobile/europe
Further, other phone companies start from nothing and become quite successful in market place, and some fail, but consider OnePlus - they decided to make a "Flagship Killer" and are still delivering high quality devices.
The problem is that such a device doesn't really have a chance because it's not compatible with existing infrastructure such as WhatsApp, Instagram, your banking app, what-have-you. It could be the best device in the world, but there's always a catch-22 problem with software that's fundamentally closed and can't be implemented by a third party.
I thought it's common knowledge that consolidation and cartels cripple free markets to the point of not functioning and benefiting society anymore?
Because they haven't been winning. It's not a coincidence that the revenue thresholds for this bill is conveniently higher than any Europe-based companies.
The open market employs children to work in coal mines. No one should trust the open market.
Deleted Comment
Deleted Comment
Dead Comment