EU Has 'No Intention' to Repeal DMA Following Apple Challenge

[Timo_Existencia]

When core values are not aligned, there can be no discussion on the facts of a matter. It's why all these endless threads on the EU and the DMA never convince anyone of anything. The US and the EU just have fundamentally different mindsets.

...and both the EU and the US are f*ed in different ways. And it's only going to get worse for both in the coming years.

 

[ginkobiloba]

More than welcome, but I laughed because your whole message doesn't make any sense. The real astroturfing, namely, is happening in your own reply that is just looking for ways to praise to the Apple-church. It commences from a non-existing EU AI, and then follows on short sighted assumptions that only large-corp can pressure governments.

A "non-existing EU AI" ? You absolutely don't know what you're talking about. Educate yourself first if you think ChatControl is a non-existing threat :

The EU's proposed Chat Control legislation would mandate AI-driven scanning of all private messages, including encrypted ones, to detect child sexual abuse material. Critics, including several EU member states and digital rights advocates, warn this could undermine encryption, enable mass surveillance, and threaten citizens' privacy if implemented.[AI GENERATED]

Why's our monitor labelling this an incident or hazard?​

The proposal involves the use of AI or automated scanning systems to detect CSAM in encrypted communications, which is an AI system use case.

OECD AI Policy Observatory Portal

oecd.ai

With the so-called Chat Control law, the EU would oblige all email and messenger providers to analyze content before it gets encrypted on the phone of the sender, using AI to detect child sexual abuse material (CSAM). If content is flagged, the providers must report it to the authorities for further investigation.

The proposed EU Chat Control law is a threat to our democracy. What can you do to prevent it? - Nextcloud

Discover how to oppose the EU Chat Control Law as the proposal threatens our democracy from the inside: by our own governments.

nextcloud.com

 

[yaddam205]

Yes. That's the definition of a business. Not hard to understand.

I encourage you quote the whole post. Not just selective pieces. The point is Apple does not care about your privacy or your experience. See latest iOS macOS releases. They care about the customer not the consumer.

Defending a mega-corp is counterproductive to consumer rights. Choice, freedom, and competition make products better for all.

 

[Timo_Existencia]

I encourage you quote the whole post. Not just selective pieces. The point is Apple does not care about your privacy or your experience. See latest iOS macOS releases. They care about the customer not the consumer.

Defending a mega-corp is counterproductive to consumer rights. Choice, freedom, and competition make products better for all.

I maintain my response. If Apple tells me they care about my security and/or my experience and I find that they have no interest in my security or experience, I'll stop buying Apple products. The greatest consumer right of all is the freedom to choose among differentiated offerings from different companies.

And the EU is trying to collapse that difference.

But I still believe Apple cares about these things. So much so that their focus on making AI all on device, for security reasons, is harming their progress on AI.

 

[ToothBlueth]

A "non-existing EU AI" ? You absolutely don't know what you're talking about. Educate yourself first if you think ChatControl is a non-existing threat :

Following the parts you provided we understand it mandates AI-driven sollutions, it does not state that it requires an AI-driven sollution developed by the EU.

If we read the proposal, which doesn't even mention 'AI', it is not even clear whether the technology will be provided by the EU (page 3):

EU Centre to prevent and combat child sexual abuse (Articles 40-82, Recitals 58-74a):
- The tasks of the EU Centre are expanded to assist more strongly in the risk assessment and mitigation process, to support the vetting of detection technologies, and to develop or facilitate the development of technologies;

The whole Chat Control thing is concerning, but the technicalities are not layed out yet (lets hope it never will either). It could very well be that the EU requires companies to use and develop 'automated detection technologies' (which could be AI) themselves to comply with the law. I believe this is also how it works in regards to Social Media monitoring.

---

You also forgot to respond to 75% of the rest of my text. Where I point out that Apple is just yet another mega-corp, not some good faith advocate for humankind.

 

[yaddam205]

I maintain my response. If Apple tells me they care about my security and/or my experience and I find that they have no interest in my security or experience, I'll stop buying Apple products. The greatest consumer right of all is the freedom to choose among differentiated offerings from different companies.

And the EU is trying to collapse that difference.

But I still believe Apple cares about these things. So much so that their focus on making AI all on device, for security reasons, is harming their progress on AI.

And here's where we can both agree the landscape sucks. It's a duopoly in mobile. Yes, if you don't like what Apple is doing you can go elsewhere which is Google. They also don't give a **** about your privacy. The Duopoly won't be challenged by a 3rd party for quite sometime. So you have to address the current situation which requires some form of regulation. If Blackberry, Palm, and Microsoft we're still competing in the mobile space it would be a different ballgame.

Consolidation is the death of competition and innovation.

 

[Timo_Existencia]

And here's where we can both agree the landscape sucks. It's a duopoly in mobile. Yes, if you don't like what Apple is doing you can go elsewhere which is Google. They also don't give a **** about your privacy. The Duopoly won't be challenged by a 3rd party for quite sometime. So you have to address the current situation which requires some form of regulation. If Blackberry, Palm, and Microsoft we're still competing in the mobile space it would be a different ballgame.

Consolidation is the death of competition and innovation.

There's scant evidence that the approach the EU is taking will result in increased competition. IF the EU wants more competition, there are other/better ways to support startups within the EU. Taking the approach of penalizing the current businesses won't develop new businesses. It just won't. Apple didn't develop to defeat blackberry due to government regulation of blackberry.

 

[surferfb]

There's scant evidence that the approach the EU is taking will result in increased competition. IF the EU wants more competition, there are other/better ways to support startups within the EU. Taking the approach of penalizing the current businesses won't develop new businesses. It just won't. Apple didn't develop to defeat blackberry due to government regulation of blackberry.

Not only will it not increase competition, it actively discourages competition. As John Gruber correctly points out in this article, all of Apple's DMA problems would go away if it just installed Android on iOS in the EU. EU users would lose any meaningful competition at all, but Apple would be completely DMA compliant.

If Apple were to just switch the iPhone’s OS from iOS to Android, these DMA conflicts would all go away. Apple’s not going to do that, of course, but to me it’s a crystalizing way of looking at it. The DMA is supposedly intended to increase “competition”, which in turn should increase consumer choice. But the easiest way for Apple to comply with the DMA would be to switch EU iPhones to Android — which, by a significant margin, already has majority mobile OS market share in the EU.

 

[yaddam205]

There's scant evidence that the approach the EU is taking will result in increased competition. IF the EU wants more competition, there are other/better ways to support startups within the EU. Taking the approach of penalizing the current businesses won't develop new businesses. It just won't. Apple didn't develop to defeat blackberry due to government regulation of blackberry.

I get where you're coming from. However, how can I startup compete with Apple when the CEO has bent the knee, pledged fealty, and gave a token of loyalty to protect their stranglehold on the market? Google, MS, Apple, and others are actively weaponizing the government to protect their shareholders. Startups are typically purchased or sued into bankruptcy (then purchased) if they pose a threat.

We have all put too much trust in tech companies and now we have no choice but to rely on them.

 

[LV426]

how does chrome, edge, or firefox lower privacy and security standard on windows, macos, or even linux?
even funier when you consider not a single desktop browser actually use any sanboxing for their app (they all want wide system access so they can access other browser data), which is required on iOS

Well, here's a clue from a few days ago.

 

[ginkobiloba]

You also forgot to respond to 75% of the rest of my text. Where I point out that Apple is just yet another mega-corp, not some good faith advocate for humankind.

I answred this already somewhere else. I actually don't disagree with you on that. I just look at it differently: I don't care wether Apple is standing ground on privacy cynically because marketing tells them it will help sell more iGizmos per year , or if it's because Jesus came back from the dead and told Tim Cook it's his duty to to protect users privacy ...

It's the end result that counts. Apple monetary interests just happens to accidentally align with users privacy at this time.

EDIT : and some good news perhaps ( and it would be great if Apple joins the battle ) :

“We will not stand by while the EU destroys encryption” – Tuta Mail ready to sue the EU over Chat Control"​

https://www.techradar.com/computing...ta-mail-ready-to-sue-the-eu-over-chat-control

 

[Zest28]

Of course not.

It's a big money maker for the EU.

I bet there was alot of lobbying from EU companies behind this also.

Because EU customers can simply buy the Xiaomi 17 Pro Max if they want an "open" iPhone.

I haven't seen any campaigns from the big parties in Europe like RN/FN, AfD, PVV, Fdi ... pushing for this DMA, so it must be lobbying in Brussel from EU companies.

 

[Zest28]

There's scant evidence that the approach the EU is taking will result in increased competition. IF the EU wants more competition, there are other/better ways to support startups within the EU. Taking the approach of penalizing the current businesses won't develop new businesses. It just won't. Apple didn't develop to defeat blackberry due to government regulation of blackberry.

What competition? Europe cannot make anything. That's why they want to socialize the iPhone, and let it be a "public good" that everybody should make use free of charge.

In China, they actually are able to make amazing phones themselves. If Huwei wasn't banned in the western world, they would be the number 1 smartphone company as of today.

 

[MilaM]

What competition? Europe cannot make anything. That's why they want to socialize the iPhone, and let it be a "public good" that everybody should make use free of charge.

In China, they actually are able to make amazing phones themselves. If Huwei wasn't banned in the western world, they would be the number 1 smartphone company as of today.

What can Apple do without Taiwan, China, SK, Japan and Europe? Also, not a lot. You could even argue, that Apple hardware is more Chinese than American. The software is probably still tightly controlled from the US.

The reason why smartphones need to be more regulated is exactly because they have become a public good. Look at the UK. Soon even your ID will be on your smartphone, exclusively.

 

[Zest28]

What can Apple do without Taiwan, China and Europe? Also, not a lot. You could even argue, that Apple hardware is more Chinese than American.

The reason why smartphones need to be more regulated is exactly because they have become a public good. Look at the UK. Soon even your ID will be on your smartphone, exclusively.

Apple are the ones who creates the iPhone, not China. And Apple is already manufacturing some of the iPhone's in India and Vietnam already, outside of China. They can even move it to the USA if they want to.

And TSMC is already moving to the USA to protect itself from China, and currently 4nm chips are already produced in the USA.

Besides, Samsung is making their own chips and memory modules in Korea. You don't need Taiwan or TSMC. And Samsung is dominant in many electronics categories.

Besides, China is showing you don't need ASML, they are making their own EUV machines now and rivals ASML from a few years ago, so they are catching up quite fast.

 

[MilaM]

Apple are the ones who creates the iPhone, not China.

That's debatable. I think that Apple probably could not even create a prototype without procuring most parts in Asia.

 

[I7guy]

[…]

The reason why smartphones need to be more regulated is exactly because they have become a public good.

Smartphones are a form factor convenience. The public good are the cellular airwaves.

Look at the UK. Soon even your ID will be on your smartphone, exclusively.

A smartphone can be anything. It doesn’t have to be Apple or oppo. It can be a windows phone in a small form factor.

This argument is circular in nature.

 

[Abazigal]

It's becoming increasingly clear that both Apple and the EU commission are just speaking past each other and going straight to the people at this point to try and shape their perceptions. What's interesting here is what the EU chooses not to say.

There is some truth behind Apple's report. Already, residents in the EU are unable to access certain features they otherwise could have (I am taking Apple at their word here that they are not deliberating withholding said features out of malice; there are legitimate legal concerns if they tried to bring them to the EU), and this trend will like continue in the near future.

There are always going to be unforeseen circumstances with any new piece of legislation, no matter how well crafted the authorities feel it is (think Microsoft and and how EU legislation prevented them from patching a "flaw" in Windows that would eventually lead to Crowdstrike years down the road), and I don't think there is any shame in admitting that sometimes, you really just don't know.

We are starting to see one right now, we don't know what others may rear their heads in the future, and the EU commission will never admit that these issues are a direct result of rules they are trying to impose, because they have staked their reputation on the DMA allowing everyone in the EU to have their cake and eat it too. And that Apple can be expected to just pick up the bill and plug whatever problems surface as a result, all out of their own pocket.

It's also interesting that iOS is generally considered the more secure platform compared to android (eg: we see way more scam apps on android compared to iOS), and the EU's solution is to force iOS to become like Android in the name of fostering more competition for users in the EU.

So far, the loudest voices in favour of the DMA have come from developers such as Epic, but I suspect that if we were to poll the average person on the street, reactions will be a lot of mixed and you will not see the consensus online discourse would have you believe. That's because developers, like any other person, is only looking out for their own self-interests. It is not the job of Tim Sweeney or Spotify or even the average app developer in the EU to ensure the safety, security or privacy of the iOS platform or its users, which is why it is easy for them to champion policies that line their own pockets, regardless of the cost to the end user.

At the end of the day, life is but a bundle of compromises, but I doubt we will hear any government official publicly release a statement claiming "Yes, you won't be able to access iPhone mirroring or live translation as a result of our policies, but I think that's a small price to pay for your children to be able to sideload questionable apps onto their iOS devices or the privilege of managing 6-7 app stores on your device". This, however, is not an EU issue, but a worldwide government quirk. No one will jeopardise their career by admitting that their laws are flawed and that yes, everything is a tradeoff.

Can you imagine if one EU official was willing to say on record to Apple - "Yes, we are almost certainly violating your property rights here, but I think it's a small price to pay for increased competition on your platform. There's going to be a FRAND type licensing regime, and we are measuring this tradeoff as a society. You are still going to make a ton of money, and you will still continue to invest in the platform because it's good for end users", and the EU commission can't even be honest and upfront about this.

Which is why I appreciate Apple continuing to push back against the DMA until we get more clarity on just what it is that the EU is after.

 

[Big_D]

There is some truth behind Apple's report. Already, residents in the EU are unable to access certain features they otherwise could have (I am taking Apple at their word here that they are not deliberating withholding said features out of malice; there are legitimate legal concerns if they tried to bring them to the EU), and this trend will like continue in the near future.

I would believe Apple, if they actually explicitly stated that they have spoken to the EC and the feature is not allowed. So far it is all, it may not be allowed or it could possibly be banned. Neither are definitive statements that they have spoken to the EC and the EC has said they can't do that.

The wording suggests, "we want to hold our users hostage, so they go to the EC and complain, although that could backfire. And most of the things they are talking about make absolutely no sense at all.

"We might have to add Android to iPhone mirroring," why? Google/Samsung/Oppo etc. could simply write a display program for the Mac that displays the notifications from the phone, mirrors the screen (they already have Dex or the Google equivalent, so it would be a cut down version of that) and uses the keyboard and mouse to input information into the phone. The hard part is on the Android side and they already have part of that for the equivalent feature in Windows, it might not be as tightly integrated, but they could certainly easily add a simple app to do 99% of what iPhone Mirroring does with little effort.

Likewise the Live Translation, they "might have to make it available to other manufacturers," why? They don't even make it available to all of their own AirPods, let alone Beats headphones, from at least 9 models of wireless headphones, more if you include the old cabled headphones, Live Translations is supported on 2 models (AirPods Pro 2 and 3), if they can't even support it on their own "other" hardware, including the current versions of AirPods 4 and AirPods Max 2, I can't see how the EC would have a leg to stand on to force it to be available on other headsets. If Apple made it available on ALL AirPods and current Beats headsets, yes, there is an argument about allowing it for other manufacturers, but I see a strong case for Apple in this one, which makes it sound like they aren't really interested in finding a solution, just trying to blackmail the EC into repealing the DMA.

There are always going to be unforeseen circumstances with any new piece of legislation, no matter how well crafted the authorities feel it is (think Microsoft and and how EU legislation prevented them from patching a "flaw" in Windows that would eventually lead to Crowdstrike years down the road), and I don't think there is any shame in admitting that sometimes, you really just don't know.

I do blame Microsoft for this one. Pushing everything out of the Kernel and making it signed and secure was such an obvious solution and one that benefitted everybody, that they had a very strong argument to stick to their guns, but they were at a point where they capitulated too easily, after having lost the long fight with the EU and the US justice systems.

Again, this was one that made so much sense that it would have been easy to justify, but they caved without even really putting up a fight, at least not publicly. Working in corporate cybersecurity at the time, the move was so obviously good, I was seething that they didn't even put up a fight.

It's also interesting that iOS is generally considered the more secure platform compared to android (eg: we see way more scam apps on android compared to iOS), and the EU's solution is to force iOS to become like Android in the name of fostering more competition for users in the EU.

Again, this was Apple's fight to lose. If they had cooperated over the last 10 years, this would have all blown over, but they were so arrogant and stubborn in defending the indefensible that they forced the EU to come down on them even harder.

They literally dug out the biggest Streisand spotlight they could find and shined it on themselves. If they had quietly allowed 3rd party stores with restrictions, but done it quietly, hardly anyone would have noticed and hardly anyone would have used it, they wouldn't be profitable and Apple could have said, "see, nobody wanted this," when they failed, but they made such a fuss about it, that it was forced on them with fanfare. To be honest, living in the EU, I've not seen anyone yet to has said they are using these 3rd party stores and I've never seen them advertised.

So far, the loudest voices in favour of the DMA have come from developers such as Epic, but I suspect that if we were to poll the average person on the street, reactions will be a lot of mixed and you will not see the consensus online discourse would have you believe. That's because developers, like any other person, is only looking out for their own self-interests. It is not the job of Tim Sweeney or Spotify or even the average app developer in the EU to ensure the safety, security or privacy of the iOS platform or its users, which is why it is easy for them to champion policies that line their own pockets, regardless of the cost to the end user.

As an average person on the street, I think the DMA is a good thing, but I also think Big Tech forced it upon themselves by being too greedy and refusing to do the right thing on multiple occasions over the years. They could have easily avoided this and gone the self regulation route.

Another one is the Micro-USB self-regulation. The EU said, "industry, sort yourselves out, use a single adapter for all devices, at the moment Micro-USB is the front runner, and we won't have to get involved, but we want a single adapter for all devices." What did the industry do? 90% went Micro-USB, but Apple went Lightning, some other went with other proprietary adapter to force customers into buying their cables and power bricks and after nearly a decade the EU said, enough is enough and forced USB-C on the industry.

The benefits? I have 3 USB-C power bricks in the house instead of a couple of dozen with USB-A or other ports, or hard-cabled bricks with different adapters, and 2 wireless charging stands, 4 USB-C cables and the Apple Watch wireless puck. I threw out a huge box of adapters and cables when I made the last move, left over from tech I no longer used or had. I also don't get drawer fulls of new adapters when I buy new devices, at most the USB-C cable drawer fills up and need to be emptied on a semi-regular basis.

At the end of the day, life is but a bundle of compromises, but I doubt we will hear any government official publicly release a statement claiming "Yes, you won't be able to access iPhone mirroring or live translation as a result of our policies, but I think that's a small price to pay for your children to be able to sideload questionable apps onto their iOS devices or the privilege of managing 6-7 app stores on your device". This, however, is not an EU issue, but a worldwide government quirk. No one will jeopardise their career by admitting that their laws are flawed and that yes, everything is a tradeoff.

Users won't have to manage 6-7 app stores on their devices. I still just have the Apple App Store and I am not interested in other stores, but if others want to use them, that is their prerogative and not Apples. The stupidity in this case is on both sides (Apple and 3rd Party stores), a lot of the apps seem to go for one side or the other, if an app is only in a 3rd party store I won't be using it, likewise if they choose to use an alternate payment method only, I probably won't use it (companies that I trust, where I already have a payment method set up, like Amazon, Alternate, Kobo etc.) being the exception.

 

[MilaM]

A smartphone can be anything. It doesn’t have to be Apple or oppo. It can be a windows phone in a small form factor.

The hardware or form factor does not matter that much. The issue is, that smartphones have become a kind of digital ID. Many essential services can only be installed on either iOS or Android. I have crossed borders this year where installing an app was practically required to submit the necessary paperwork. So yeah, unless you want to live your life like a hermit, you have to own either an Android or an iOS based device.

 

[MilaM]

There are always going to be unforeseen circumstances with any new piece of legislation, no matter how well crafted the authorities feel it is (think Microsoft and and how EU legislation prevented them from patching a "flaw" in Windows that would eventually lead to Crowdstrike years down the road), and I don't think there is any shame in admitting that sometimes, you really just don't know.

This is repeated here again and again as an example of regulation gone wrong. I disagree. The way I see it legislators never mandated that security software needed to be embedded directly into the kernel. The deal with MSFT was that third-party security software should have the same access as equivalent first-party tools.

The sane way to deal with this requirement would have been to develop privileged but secure APIs for the kernel that would allow security software to do their job while running as a regular program outside the kernel. This article at The Verge gives a good overview about the issue and how Microsoft is going to deal with it in the future, without getting too much into technical details.

Why did Microsoft let security software run in the kernel for 20 years after the deal, knowing well that this would make its operating system vulnerable? I have no idea. But it's not like the EU deal forced them to make the OS vulnerable. It was Microsoft's choice to take the easy route and just grant kernel access to third-parties instead of doing the work to improve security for all vendors.

 

[MilaM]

Can you imagine if one EU official was willing to say on record to Apple - "Yes, we are almost certainly violating your property rights here, but I think it's a small price to pay for increased competition on your platform. There's going to be a FRAND type licensing regime, and we are measuring this tradeoff as a society. You are still going to make a ton of money, and you will still continue to invest in the platform because it's good for end users", and the EU commission can't even be honest and upfront about this.

Why do they have to state the obvious thing? Property rights are a cornerstone of rule of law, sure. But they are not absolute. Every government has the ability to curtail those rights when corporations abuse their power to the detriment of society.

What also conveniently gets left out of the discussion is that tech companies profit enormously from man made rules around "Intellectual Property". You want less regulation and a truly free market for tech products, without pesky regulator telling you how to do business? Sure! Let's scrap patents, copyright and trademarks first and then see how that works out for Big Tech.

 

[Abazigal]

The deal with MSFT was that third-party security software should have the same access as equivalent first-party tools.

Which was precisely the issue, because the way I see it, said legislation removed any incentive Microsoft might have had to patch the issue and secure their OS, because Microsoft would need to subject itself to the same constraints as its competitors. On paper, it may sound "fair" to give companies like purveyors of anti-virus software the ability to compete on an equal footing. But perhaps in reality, antivirus software is not a business model that needs to exist, and maybe I am fine with there being less consumer choice in the market if that results in a single but more optimised solution for the end user.

Symantec says Vista will “reduce consumer choice”

Symantec issued a statement charging that Windows Vista will reduce the …

arstechnica.com

Vista: we're keeping an eye on it, says EC - Operating Systems - Breaking Business and Technology News at silicon.com

Say in an alternate reality where Microsoft was never subjected to EU regulations, and only Microsoft retained access to kernel level, they would be able to sufficiently lock down and secure their OS without having to worry about the feasibility of ensuring that third parties could also access the same permissions and privileges, because Microsoft alone held the keys to the kingdom. Microsoft could bundle its own antivirus solution (again, using privileged access only it itself enjoys), companies like Symantec and Mcafee would long be out of business, and I wouldn't shed a tear. I feel like in this case, my incentives would have been more in alignment with Microsoft's than that of the EU's.

https://www.wsj.com/tech/cybersecurity/microsoft-tech-outage-role-crowdstrike-50917b90

A Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.

And I think this is the real legacy underpinning EU regulation. Microsoft did / could not implement a shift in computer security they knew was crucial 2 decades ago because of a ruling by the EU, and the entire world suffered for it (rather than simply being confined to the EU).

At the end of the day, I go back to my original point that everything is a tradeoff. The EU wants to rein US tech giants in by passing legislation it believes will favour local businesses. I also understand the EU's decision to treat the openness of operating systems as a public good that ought to be regulated. And this decision in itself will not be without its share of tradeoffs.

Just as we are now starting to see the ramifications of the DMA on users in the EU.

 

[MilaM]

And I think this is the real legacy underpinning EU regulation. Microsoft did / could not implement a shift in computer security they knew was crucial 2 decades ago because of a ruling by the EU, and the entire world suffered for it (rather than simply being confined to the EU).

Don't you think it's a bit naive to use one quote by a Microsoft spokesperson as a proof that the regulation is to blame for the Crowdstrike fiasco? Of course they will blame everyone but themselves 🙄, and conveniently point to a deal that was made 20 years ago. If you provided a quote from a reputable independent security researcher, maybe your argument would be more convincing.

There was always a way to adhere to the EU deal AND improve the stability of Windows, they just chose not to do it. Well now they finally have an incentive, as described in the article I linked to.

 

[Big_D]

Which was precisely the issue, because the way I see it, said legislation removed any incentive Microsoft might have had to patch the issue and secure their OS, because Microsoft would need to subject itself to the same constraints as its competitors. On paper, it may sound "fair" to give companies like purveyors of anti-virus software the ability to compete on an equal footing. But perhaps in reality, antivirus software is not a business model that needs to exist, and maybe I am fine with there being less consumer choice in the market if that results in a single but more optimised solution for the end user.

Symantec says Vista will “reduce consumer choice”

Symantec issued a statement charging that Windows Vista will reduce the …

arstechnica.com

Vista: we're keeping an eye on it, says EC - Operating Systems - Breaking Business and Technology News at silicon.com

Say in an alternate reality where Microsoft was never subjected to EU regulations, and only Microsoft retained access to kernel level, they would be able to sufficiently lock down and secure their OS without having to worry about the feasibility of ensuring that third parties could also access the same permissions and privileges, because Microsoft alone held the keys to the kingdom. Microsoft could bundle its own antivirus solution (again, using privileged access only it itself enjoys), companies like Symantec and Mcafee would long be out of business, and I wouldn't shed a tear. I feel like in this case, my incentives would have been more in alignment with Microsoft's than that of the EU's.

https://www.wsj.com/tech/cybersecurity/microsoft-tech-outage-role-crowdstrike-50917b90

And I think this is the real legacy underpinning EU regulation. Microsoft did / could not implement a shift in computer security they knew was crucial 2 decades ago because of a ruling by the EU, and the entire world suffered for it (rather than simply being confined to the EU).

At the end of the day, I go back to my original point that everything is a tradeoff. The EU wants to rein US tech giants in by passing legislation it believes will favour local businesses. I also understand the EU's decision to treat the openness of operating systems as a public good that ought to be regulated. And this decision in itself will not be without its share of tradeoffs.

Just as we are now starting to see the ramifications of the DMA on users in the EU.

Microsoft should have done the right thing back then and do what they are doing now, pull the AV software out of the Kernel and make secure APIs for monitoring purposes. Instead, they just capitulated without actually taking a stand for more security.

The only problem was that AV vendors should have the same access as Microsoft's AV tools. If Microsoft had said, "fine, everybody, including us, only has access from outside the Kernel," that would have been fine and is what they are actually now doing.