I was referring to virtualization. The experiences doesn't have to be bad. For example on Windows 11 you can double click on a shortcut to a Linux app and when it opens it looks like a regular window like any other program on the computer, but it's actually running on Linux.

This is mostly true. You can run a VM in the trusted OS to do untrusted stuff. For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.

That resolves the tinkering vs intrusive vendor issue. However it doesn't address the privacy, autonomy, or user freedom angles.

By autonomy I mean (for example) the inability to perform a proper backup on a "secure" android system. By privacy I refer to the fact that the vendor can see everything you do even in the VM. User freedom is only an issue when you can't boot an "insecure" OS on the platform, but if nothing will run when you do that the situation isn't much different. For example, technically I have the freedom to run DOS today but in reality I won't be getting much done if I do.

Addressing the privacy issue we've at least got confidential VMs now. However at that point we've just pushed all the issues down a level and the same drama plays out again with the hardware vendor.

>For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.

No, a single GPU can support virtualization and be shared among multiple visitors.

>the inability to perform a proper backup on a "secure" android system.

This is by design as a "proper" backup violates Android's security model. Instead a backup system that respects Android's security model was built. Autonomy is given up but in exchange the high level functionality remains the same and there is better security.

>By privacy I refer to the fact that the vendor can see everything you do even in the VM.

What does this even mean? There is no fundamental reason for spyware to exist and even if there was that is independent to using virtualization.

>User freedom is only an issue when you can't boot an "insecure" OS on the platform

User freedom and security are orthogonal, but due to Turing completeness almost everything will support booting insecure operating systems.

>but if nothing will run when you do that the situation isn't much different.

If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.

> No, a single GPU can support virtualization and be shared among multiple visitors.

Do you really think I'm unaware of that? Have you tried it lately? Most (nearly all) consumer level hardware doesn't support it and (I might be wrong about this next bit but IIRC) you won't get full performance because most solutions partition the hardware rather than multiplexing it.

> This is by design as a "proper" backup violates Android's security model.

I'm aware. That doesn't address the problem.

> the high level functionality remains the same

Absolutely false. Apple at least built a solution that appears to perform as advertised even if I vehemently disagree with the underlying security model and believe that it is actively making society worse off in the long run. Google has failed miserably at that (at least last I checked, which was a few years ago TBF).

> and there is better security.

By whose definition? The officially sanctioned security model does not provide anything of value to me (from a technical perspective) relative to having full control over my device.

> What does this even mean?

It means that if someone else has control over the software on my device then outside of a truly unusual end-to-end code auditing arrangement I can never be confident that I'm not being watched.

> There is no fundamental reason for spyware to exist

What sort of drugs are you on over there? Ad tech is a massive industry. There are all manner of motivations to hoover up user data from market research to selling it to authoritarian tendencies.

> User freedom and security are orthogonal

Notice the quotes. By "insecure" I mean not provided by BigTech and system state attested by a whitelisted HSM.

> due to Turing completeness almost everything will support booting insecure operating systems.

Have you tried customizing the OS on a vendor bootloader locked mobile device lately?

> If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.

Sophistry. It's user choice due to a combination of lack of awareness and understanding, a preference for convenience even when that's detrimental to society in the long term, and the resultant network effects.

>Most (nearly all) consumer level hardware doesn't support it

Some cards are just limited by the firmware and have hardware support. Microsoft can work together with GPU vendors to get the ecosystem into a state where things will work.

>The officially sanctioned security model does not provide anything of value to me (from a technical perspective)

What about things like malware not being able to steal all of your accounts from your device?

>I can never be confident that I'm not being watched.

Most operating systems have implemented features to let you know when the camera is being used.

>Ad tech is a massive industry.

Adtech is not spy tech. And it doesn't work by seeing everything you do.

>Have you tried customizing the OS on a vendor bootloader locked mobile device lately?

If it's locked then you can't change the operating system that initially loads up, but you can still run a second operating system within the other.

>detrimental to society in the long term

I fail to sympathize when these "detriments" are antisocial things like being unable to cheat in games or being unable to pirate copyrighted works. We already experienced a reality where there was 0 security and it turned out that it was extremely abused inspiring the next generation of computing platforms that offered security and were able to partially mitigate antisocial behavior.

> Instead a backup system that respects Android's security model was built.

... that many apps don't use and that's the point. Even today there are still games that don't even do cloud synchronization.

The problem is, as always, cheaters and microtransaction forgeries.

You're still running untrusted code on the same devices. IOMMUs aren't enough, not since side-channel attacks entered the field, not to mention the consistent availability of IOMMU and Secure Enclave bypasses, or exploits for the GPU to access data from other contexts.