That's a difficult question because it might limit supply of open machines for users who want the freedom to hack their own stuff. I think it's okay to offer computers that are basically Facebook appliances, but there should always be a toggle somewhere that allows people who know what they're doing to do whatever they please.

Macs do have such a toggle. You can boot from the recovery partition, launch the terminal and issue the `csrutil disable` command.

This will turn off all the security features that have been added over the years, including the “Catalina Vista” prompts people were complaining about in September.

The reason this requires booting from the recovery partition is to make it impossible for malware to flip the switch and to make it convoluted enough that even the most gullible of users will question their actions when pushed to do these steps by malware.

(Apple has stated publicly and in very clear language that they fully intend for the Mac to continue to be able to run unsigned code, so I believe this toggle isn’t temporary)

> This will turn off all the security features that have been added over the years, including the “Catalina Vista” prompts people were complaining about in September.

I installed it back in June, so my memory might be a bit hazy, but as far as I’m aware SIP doesn’t control TCC.

You are right. That's controlled by gatekeeper which you disable with `spctl --master-disable`

You sure turning off Gatekeeper turns off TCC too?

What do you think of the counterargument that, as soon as you put a switch like that in, people will get manipulated into flipping it?

I think the risk of that can be made sufficiently low so that it won't be a serious problem in practice.

This clothing is made with slave labor.

"But is it allowed for customers to choose to buy this?".

"allowed" is irrelevant here.