Once a computer (a smart phone is a computer) stops getting security updates, it should not be connected to a network. The reason is that device will get hacked and that is not good.
This person should have upgraded his iPhone 8 as soon as Apple stopped offering security updates. He either already got hacked or would have eventually got hacked if he continued to use an insecure phone. Note that not all hacks are visible. For example, information stealers (malware which steals passwords and data) are designed to run silently in the background. They don't want to victim to know they have been hacked.
I see this statement all the time. And it's frequently a universally-applied authoritative statement like this comment. I think it's incorrect and short-sighted to unilaterally decree things like this.
Instead, I think the correct way to approach this is on a case-by-case basis that takes into consideration the function of the computer, the needs/priorities/legal obligations of the users, and importantly their risk tolerance and risk appetite. A security policy that is not in some way modulated by risk is a policy that does not account for the real-world complexity of its systems. There is an increased risk to using out-of-date software, but without knowing this person's risk tolerance or priorities, we are not in a good place to advise a security policy.
This kind of “security ransom” should not be acceptable. Oh I should throw away my perfectly working phone because the OS vendor just up and decided to stop fixing its security, leaving the device useless? Shouldn’t they compensate me for making my perfectly good hardware useless, since I should not be connecting it to the web now?
This person is doing the right thing: complaining loudly about corporate practice that should not be accepted by consumers.
If I want to produce a device, am I required to put work in to maintaining it forever? An iPhone 8 is really old by this point, honestly I’m impressed it still works.
What timeline would you recommend that is fair to both consumers and producers?
Maybe not forever, but we have really short timelines for product longevity in this industry, even at the hardware level. A washing machine or kitchen appliance that had to be replaced every <7 years (taking the timeframe from the post) would be considered low quality; furniture that can't last 10-15 years is considered nearly disposable. Cars -- maybe the thing closest in comparison in terms of complexity and engineering required to build, even if several orders of magnitude more expensive -- are expected to last decades with proper maitenance.
Certainly there is a trend towards this in a lot of industries besides computers, but given how powerful and expensive these devices are now, the current upgrade cycles are crazy fast. I think consumers are souring on them a bit as well (both because of the price, and because the annual new models have really slowed down in the visible feature improvements they offer).
I know the economic incentives for the producers are aligned towards repeated purchases, and that's super tough to realign, but how long can the market and the environment support four-digit phone price tags that are upgraded every 1-3 years?
I have been using an iphone6s (ios 15. Received an update 4 months ago). for some time already. It works fine. Granted, I don’t use it for “important” stuff, but it works fine for browsing, checking train timelines, Uber, radio, youtube, whatsapp, Slack, camera, maps…
The problem will not be solved by laws requiring corporations to act ethically. That will never work as long as their incentives are what they are. IMO the only way to address these issues is to have a free software phone-OS alternative that users can have control of.. that is to say if you want the government involved, it would be best served by funding an free software project along these lines.
I agree that this area is more complicated than simple statements will be able to cover, but at first thought I like the idea of some sort of rule for opening up any device that is not being maintained. That when a company decides a device will no longer receive updates, some amount of source code/documentation needs to be released to allow third parties to take over.
Tying software support to how long the hardware lasts will ensure that every hardware manufacturer builds in a time-based killswitch into every device they make.
Then users should be compensated when the manufacturer decides to remotely kill their devices (whether by a kill switch or by stopping maintaining the software).
Then we will simply see fewer and more expensive models available for sale as some manufacturers and investors decide these regulations are too much and exit; others will raise prices to pay for the compensation and extended software support.
This person should have upgraded his iPhone 8 as soon as Apple stopped offering security updates. He either already got hacked or would have eventually got hacked if he continued to use an insecure phone. Note that not all hacks are visible. For example, information stealers (malware which steals passwords and data) are designed to run silently in the background. They don't want to victim to know they have been hacked.