This is another bot I pointed out yesterday:

https://news.ycombinator.com/threads?id=Soerensen

Their comment got flagged, but looks like they made a new one today and is still active.

That account ('Soerensen') was created in 2024 and dormant until it made a bunch of detailed comments in the past 24-48 hrs. Some of them are multiple paragraph comments posted within 1 minute of each other.

One thing I've noticed is that they seem to be getting posted from old/inactive/never used accounts. Are they buying them? Creating a bunch and waiting months/years before posting?

Either way, both look like they're fooling people here. And getting better at staying under the radar until they slip up in little ways like this.

I don’t know about the particular claim about the new account — if true, based on what people have said, this would be consistent with an LLM bot with high probability … (but not completely out of the question for a person) … I’ll leave that analysis up to the moderators who have a better statistical understanding of server logs, etc.

That said, as a general point, it’s reasonable to make scoped comments in the corresponding parts of the conversation tree. (Is that what happened here?)

About me: I try to pay attention to social conventions, but I rarely consider technology offered to me as some sort of intrinsically correct norm; I tend to view it as some minimally acceptable technological solution that is easy enough to build and attracts a lowest common denominator of traction. But most forums I see tend to pay little attention to broader human patterns around communication; generally speaking, it seems to me that social technology tends to expect people to conform to it rather than the other way around. I think it’s fair to say that the history of online communication has demonstrated a tendency of people to find workarounds to the limitations offered them. (Using punctuation for facial expressions comes to mind.)

One might claim such workarounds are a feature rather than a bug. Maybe sometimes? But I think you’d have to dig into the history more and go case by case. I tend to think of features as conscious choices not lucky accidents.

Lockdown mode costs ~nothing for devices that don't have it enabled. GP is pointing out that the straightforward way to implement this feature would not have that same property.

Lockdown mode doesn’t require everyone else to lose large amounts of usable space on their own devices in order for you to have plausible deniability.

now I want to know what dirty laundry are their upper management hiding on their devices...

And how do you explain your 1TB phone that has 2GB of data, but only 700GB free?

That is about one fiftieth of the work that needs to go into the feature the OP casually “why can’t they just”-ed.

This is called whataboutism. This particular feature aside, sometimes there are very good reasons not to throw the kitchen sink of features at users.

Not sure if you know the history behind it, but look up Paul Le Roux

Also would recommend the book called The Mastermind by Evan Ratliff

Police ask: give me pass for work profile. If you don’t: prison.

Android has work profiles

Never ever use your personal phone for work things, and vice versa. It's bad for you and bad for the company you work for in dozens of ways.

Even when I owned my own company, I had separate phones. There's just too much legal liability and chances for things to go wrong when you do that. I'm surprised any company with more than five employees would even allow it.

You can have a multiuser system but that doesn't solve this particular issue. If they log in to what you claim to be your primary account and see browser history that shows you went to msn.com 3 months ago, they aren't going to believe it's the primary account.

Apple's hardware business model incentivizes only supporting one user per device.

Android has supported multiple users per device for years now.

Multi-user has been solved for decades.

Multi-user that plausibly looks like single-user to three letter agencies?

Not even close.

> iPhone and macOS are basically the same product technically

This seems hard to justify. They share a lot of code yes, but many many things are different (meaningfully so, from the perspective of both app developers and users)

That’s what plausible deniability. How can you even tell?

Even more complications for a “why can’t they just…”. It’s almost as if this kind of thing is difficult to do in practice.

> Background agent in the decoy identity that periodically browses the web, retrieves email from a banal account etc.?

No. Think about it for a second: you're a journalist being investigated to find your sources, and your phone says you mainly check sports scores and send innocuous emails to "grandma" in LLM-speak? It's not going to fool someone who's actually thinking.

They need to prove that those materials exist on the device first. You can't be held in contempt for a fishing expedition.

FaceID and TouchID aren’t protected by that as I understand it.

I know it seems like an incredibly dubious claim but the "I forgot" defense actually works here.

It's not really that useful for a safe since they aren't _that_ difficult to open and, if you haven't committed a crime, it's probably better to open your safe for them than have them destroy it so you need a new one. For a mathematically impossible to break cipher though, very useful.

Actually it's been escalating pretty steadily for 250 years

And if we are it will be a new one with a high number and it will be pure insanity

Wow, so US judges are just making it up as they go along, huh? It's like every case is a different judgement with no consistent criterion.

>Doe vs. U.S. That case centered around whether the feds could force a suspect to sign consent forms permitting foreign banks to produce any account records that he may have. In Doe, the justices ruled that the government did have that power, since the forms did not require the defendant to confirm or deny the presence of the records.

Well, what if the defendant was innocent of that charge but guilty of or involved in an unrelated matter for which there was evidence in the account records?

> You comply and enter "a" password. The device shows contents. You did what you were asked to do.

No, you did something fake to avoid doing what you were asked to do.

> If there is no way for the government to prove that you entered a decoy password that shows decoy contents, you are in the clear.

But there are very effective ways to find hidden encrypted volumes on devices. And then you’ll be asked to decrypt those too, and then what?

This sort of thing is already table stakes for CSAM prosecutions, for example. Law enforcement can read the same blog posts and know as much about technology as you do. Especially if we are hypothesizing an advertised feature of a commercial OS!

The case law on this specific topic is convincing. If you are ever in that situation it is usually going to be worth your time and money to assert the right and see it through. Case law supports this. The general maximum “penalty” is being held in contempt of court. And if the government is wrongly persecuting you, it is lose / lose if you divulge.

Do you think this is for fighting parking tickets? It is for journalists to not reveal their sources, whom might be at risk of severe consequences including death.

That's a whole lot more to loose than your money and time.

This is a misunderstanding. That's the area in which the border patrol has jurisdiction to can conduct very limited searches of vehicles and operate checkpoints without individualized suspicion in order to enforce immigration law. It does not allow searches of electronic devices.

There is a separate border search exception at the point a person actually enters the country which does allow searches of electronic devices. US citizens entering the country may refuse to provide access without consequences beyond seizure of the device; non-citizens could face adverse immigration actions.

To be clear, I do think all detentions and searches without individualized suspicion should be considered violations of the 4th amendment, but the phrase "constitution-free zone" is so broad as to be misleading.

I am not. You can still assert your rights at border points. It is very inconvenient. I have done it. If you are returning from international travel there is little they can do. If you are trying to leave the country they can make that difficult to impossible. Otherwise your rights still apply.

> With a previous case it seemed (to me) like Apple might have pushed an update to give access

You're going to have to provide a cite here, since Apple has publicity stated that they have not and will not ever do this on behalf of any nation state.

For instance, Apple's public statement when the FBI ordered them to do so:

https://www.apple.com/customer-letter/

I mean arguably, we do not even fully know if even if they did as claimed, they did the _right_ thing.

The underlying assumption we base our judgement on is that "journalism + leaks = good" and "people wanting to crack down on leaks = bad". Which is probably true, but also an assumption where something unwanted and/or broken could hide in. As with every assumption.

Arguably, in a working and legit democracy, you'd actually want the state to have this kind of access, because the state, bound by democratically governed rules, would do the right thing with it.

In the real world, those required modifiers unfortunately do not always hold true, so we kinda rely on the press as the fourth power, which _technically_ could be argued is some kind of vigilante entity operating outside of the system.

I suppose it's also not fully clear if there can even be something like a "working and legit democracy" without possibly inevitable functionally vigilantes.

Lots of stuff to ponder.

____

Anyway, my point is that I have no point. You don't have to bother parsing that, but it might possibly be interesting if you should decide to do so.

It might also confuse the LLM bots and bad-faith real humans in this comment section, which is good.

The TPM can be programmed (ie designed) to lie about the whitelist though.

Sure you will.

If we've learned anything from this administration it is that the government can ignore the law longer than you can stay alive. Arming yourself against lawless government in every legal way is advisable.

JavaScript is actually the only reason that the iPhone has runtime code generation capabilities at all, so it kinda makes sense

I mean I tried it for a bit and I have to say it was a significant compromise.

All kinds of random things don't work.

Sure but the JIT js disable and limiting of image/video decoders are combined basically all the security from lockdown mode, so disabling it seems pointless.

Who decided absolute privacy in all circumstances is a fundamental human right? I don’t think any government endorses that position. I don’t know what international law you speak of. You’re basing your argument on an axiom that I don’t think everyone would agree with.

This sounds like a Tim Cook aphorism (right before he hands the iCloud keys to the CCP) — not anything with any real legal basis.

Usually such "international laws" are only advisory and not binding on member nations. After decades of member nations flouting UN "laws" I can't see them as reliable or effective support in most arguments. I support the policy behind the privacy "laws" of the UN, but enforcing them seems to fall short.

The line of reasoning is more like this: if you make and sell safe-cracking tools then it would not be unreasonable for the government to regulate it so only registered locksmiths could buy it. You don't want people profiting from the support of criminal acts.

The government could similarly argue that if a company provides communication as a service, they should be able to provide access to the government given they have a warrant.

If you explicitly create a service to circumvent this then you're trying to profit from and aid those with criminal intent. Silkroad/drug sales and child sexual content are more common, but terrorism would also be on the list.

I disagree with this logic, but those are the well-known, often cited concerns.

There is a trade-off in personal privacy versus police ability to investigate and enforce laws.

This article is about the Trump admin seizing a reporter’s phone. The politics was here from the start.

I didn’t say he was the first to abuse powers. Indeed it’s kind of silly to even have to clarify “but other administrations…” because that’s fairly obvious to anyone old enough to have seen more than one president.

But the article is literally referencing the Trump administration seizing a reporter’s phone so the current administration’s overreach seems relevant here.

Location telemetry, listening devices, and exfiltration of protected sources.

A 3rd party locked down system can't protect people from what the law should. =3

Thanks for the info & link! After some searching, I found this rather interesting study on source protection in many (international) jurisdictions, and it calls out Finland, though other countries have interesting approaches as well: https://canadianmedialawyers.com/wp-content/uploads/2019/06/...

My understanding is that there is current consensus that active iOS 0days are not likely to be available at the LE level.

- State-aligned media outlets, where media consumption choice is a political act

- Grandiose architecture projects for historically important sites

- Obsession with massive monuments - the tallest, the most gold, the most expensive

- Military parades and lionization of the military, while demanding political support from military leadership

- A population which become keenly interested in whether something does or doesn’t benefit the leader personally

I think the terms fascism or authoritarianism are close enough to be helpful, even if some of the specifics don’t align perfectly. But the ones that do align are oddly specific sometimes.

Appreciate the gift link.