| ▲ | pc86 5 hours ago |
| Serious question: What are the "valid concerns" about people securing their computing devices against third parties? |
|
| ▲ | hypfer 5 hours ago | parent | next [-] |
| This (I think) refers not to the people securing their devices against third parties but the vendors "securing" the devices against loss of profits. Essentially, the question referenced here is that of ownership. Is it your device, or did you rent it from Apple/Samsung/etc.
If it is locked down so that you can't do anything you want with it, then you might not actually be its owner. ___ _Ideally_ you wouldn't need to trust Apple as a corp to do the right thing.
Of course, as this example shows, they seem to actually have done one right thing, but you do not know if they will always do. That's why a lot of people believe that the idea of such tight vendor control is fundamentally flawed, even though in this specific instance it yielded positive results. For completeness, No, I do not know either how this could be implemented differently. |
| |
| ▲ | pbhjpbhj 4 hours ago | parent | next [-] | | We don't know if they did the right thing here. With a previous case it seemed (to me) like Apple might have pushed an update to give access ... they presumably could do that, remotely copy all the data, then return the device to the former state. One can't know, and this sort of thing seems entirely tenable. FBI don't have to tell anyone they accessed the device. That maintains Apples outward appearance of security; FBI just use parallel construction later if needed. Something like {but an actually robust system} a hashed log, using an enclave, where the log entries are signed using your biometric, so that events such a network access where any data is exchanged are recorded and can only be removed using biometrics. Nothing against wrench-based attacks, of course. | | |
| ▲ | GeekyBear 2 hours ago | parent | next [-] | | > With a previous case it seemed (to me) like Apple might have pushed an update to give access You're going to have to provide a cite here, since Apple has publicity stated that they have not and will not ever do this on behalf of any nation state. For instance, Apple's public statement when the FBI ordered them to do so: https://www.apple.com/customer-letter/ | | |
| ▲ | bigyabai 2 hours ago | parent [-] | | > Apple has publicity stated that they have not and will not ever do this Apple has also said that the US required them to hide evidence of dragnet surveillance: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-... Apple has since confirmed in a statement provided to Ars that the US federal government “prohibited” the company “from sharing any information,” but now that Wyden has outed the feds, Apple has updated its transparency reporting and will “detail these kinds of requests” in a separate section on push notifications in its next report.
Apple statements are quite distinct from what they do behind the scenes. | | |
| ▲ | GeekyBear an hour ago | parent [-] | | Providing a copy of push notification data (or any data) that you host on your server in response to a warrant is not what we are talking about. No company can refuse to do that. |
|
| |
| ▲ | hypfer 3 hours ago | parent | prev [-] | | I mean arguably, we do not even fully know if even if they did as claimed, they did the _right_ thing. The underlying assumption we base our judgement on is that "journalism + leaks = good" and "people wanting to crack down on leaks = bad".
Which is probably true, but also an assumption where something unwanted and/or broken could hide in. As with every assumption. Arguably, in a working and legit democracy, you'd actually want the state to have this kind of access, because the state, bound by democratically governed rules, would do the right thing with it. In the real world, those required modifiers unfortunately do not always hold true, so we kinda rely on the press as the fourth power, which _technically_ could be argued is some kind of vigilante entity operating outside of the system. I suppose it's also not fully clear if there can even be something like a "working and legit democracy" without possibly inevitable functionally vigilantes. Lots of stuff to ponder. ____ Anyway, my point is that I have no point. You don't have to bother parsing that, but it might possibly be interesting if you should decide to do so. It might also confuse the LLM bots and bad-faith real humans in this comment section, which is good. |
| |
| ▲ | mschuster91 4 hours ago | parent | prev [-] | | > Essentially, the question referenced here is that of ownership. Is it your device, or did you rent it from Apple/Samsung/etc. If it is locked down so that you can't do anything you want with it, then you might not actually be its owner. Both goals actually are possible to implement at the same time: Secure/Verified Boot together with actually audited, preferably open-source, as-small-as-possible code in the boot and crypto chain, for the user, the ability to unlock the bootloader in the EFI firmware and for those concerned about supply chain integrity, a debug port muxed directly (!) to the TPM so it can be queried for its set of whitelisted public keys. | | |
| ▲ | pbhjpbhj 4 hours ago | parent [-] | | The TPM can be programmed (ie designed) to lie about the whitelist though. |
|
|
|
| ▲ | nicoburns 5 hours ago | parent | prev | next [-] |
| One valid concern about "locked down computing" is the potential for 3rd parties to secure computing devices against their owners. |
|
| ▲ | zuminator 4 hours ago | parent | prev | next [-] |
| In this case I think "valid concerns about locked down computing" is referring to the owner's use of the phone being restricted, so that they can't download applications they want to use, they don't have unrestricted access to the filesystem, they are forced to pay an Apple commission to engage in certain forms aloft commerce, etc. These may be acceptable tradeoffs but they're valid concerns nonetheless. |
|
| ▲ | bayindirh 4 hours ago | parent | prev | next [-] |
| I don't have to have any concern to be able to secure my device against third parties, it's just good operational discipline. I don't do anything classified, or store something I don't want to be found out. On the other hand, equally I don't want anyone to be able to get and fiddle a device which is central to my life. That's all. It's not "I have nothing to hide" (which I don't actually have), but I don't want to put everything in the open. Security is not something we shall earn, but shall have at the highest level by default. |
|
| ▲ | shaky-carrousel 5 hours ago | parent | prev | next [-] |
| Corrupt government officials gunning down inconvenient people. |
| |
| ▲ | pc86 4 hours ago | parent [-] | | I'd love to hear what you think that has to do with this? | | |
| ▲ | shaky-carrousel 3 hours ago | parent | next [-] | | Sure you will. | |
| ▲ | nutjob2 4 hours ago | parent | prev [-] | | If we've learned anything from this administration it is that the government can ignore the law longer than you can stay alive. Arming yourself against lawless government in every legal way is advisable. | | |
| ▲ | pc86 4 hours ago | parent [-] | | I'm not even saying you're wrong, I'm saying what does that have to do with a valid search warrant being executed? | | |
| ▲ | macintux 4 hours ago | parent [-] | | There's a fair bit of dispute about whether this is valid. The active criminalization of journalism is worrisome. | | |
|
|
|
|
|
| ▲ | buckle8017 5 hours ago | parent | prev | next [-] |
| Lockdown mode significantly effects the usability of the phone. It completely disables JIT js in Safari for example. |
| |
| ▲ | pc86 4 hours ago | parent | next [-] | | "Don't secure your phone it might mess up JavaScript" is not something I had on my 2026 bingo card. | | |
| ▲ | odo1242 2 hours ago | parent | next [-] | | JavaScript is actually the only reason that the iPhone has runtime code generation capabilities at all, so it kinda makes sense | |
| ▲ | buckle8017 4 hours ago | parent | prev [-] | | I mean I tried it for a bit and I have to say it was a significant compromise. All kinds of random things don't work. | | |
| ▲ | Marsymars 3 hours ago | parent [-] | | I find all kinds of random things already don't work on mobile Safari - the web is effectively unusable without an adblocker, and over the past few months I've seen an explosion in the use of sites using "AdShield" which, if they detect ad-blocking, breaks websites (and lies to the user about the cause). Desktop browsers are able to handle this still, but on mobile Safari it just results in a bunch of the web being broken. |
|
| |
| ▲ | prophesi 4 hours ago | parent | prev | next [-] | | You can choose to exclude Safari from these protections[0]. Honestly, looking at the list of "limitations" you'll have while running Lockdown mode, I'm surprised most of them aren't the system default. [0] https://support.apple.com/en-us/105120 - under "How to exclude apps or websites from Lockdown Mode" | | |
| ▲ | buckle8017 4 hours ago | parent [-] | | Sure but the JIT js disable and limiting of image/video decoders are combined basically all the security from lockdown mode, so disabling it seems pointless. | | |
| ▲ | prophesi 3 hours ago | parent [-] | | I do wish it worked more like GrapheneOS, but the other protections outside of web browsing seem to make it worth enabling lockdown mode. Personally, I'm only reading articles on my phone's browser so I'd wonder if I'd be fine with disabled JIT and crippled decoders. |
|
| |
| ▲ | peterspath 2 hours ago | parent | prev | next [-] | | I do have it enabled and webbrowsing is still fine, the things I use are or websites or simple web apps that aren't javascript heavy anyway... when I want to do something for longer I will pickup my MacBook anyway. | |
| ▲ | blibble 4 hours ago | parent | prev [-] | | you can enable it for certain trusted websites |
|
|
| ▲ | reactordev 2 hours ago | parent | prev | next [-] |
| Pegasus. Jedi. SKyWIper. Rogue Actors. Rogue thief’s. Rogue governments. Your spouse. Separating corporate IT from personal IT. There’s plenty of reasons. |
|
| ▲ | blitzar 3 hours ago | parent | prev | next [-] |
| Oh, come on. Don't look at another man's Portal Gun history. We all go to weird places. |
|
| ▲ | whynotminot 4 hours ago | parent | prev | next [-] |
| I get so annoyed by this Socratic line of questioning because it’s extremely obvious. Terrorist has plans and contacts on laptop/phone. Society has a very reasonable interest in that information. But of course there is the rational counter argument of “the government designates who is a terrorist”, and the Trump admin has gleefully flouted norms around that designation endangering rule of law. So all of us are adults here and we understand this is complicated. People have a vested interest in privacy protections. Society and government often have reasonable interest in going after bad guys. Mediating this clear tension is what makes this so hard and silly lines of questioning like this try to pretend it’s simple. |
| |
| ▲ | anonymous908213 4 hours ago | parent | next [-] | | The better rational counter argument is that "privacy is a human right enshrined in international law". Society has zero business knowing anyone's private communications, whether or not that person is a terrorist. There is nothing natural about being unable to talk to people privately without your speech being recorded for millions of people to view forever. Moreover, giving society absolute access to private communications is a short road to absolute dystopia as government uses it to completely wipe out all dissent, execute all the Jews or whatever arbitrary enemy of the state they decide on, etc. You do not get to dispense with human rights because terrorists use them too. Terrorists use knives, cars, computers, phones, clothes... where will we be if we take away everything because we have a vested interested in denying anything a terrorist might take advantage of? | | |
| ▲ | whynotminot 4 hours ago | parent | next [-] | | Who decided absolute privacy in all circumstances is a fundamental human right? I don’t think any government endorses that position. I don’t know what international law you speak of. You’re basing your argument on an axiom that I don’t think everyone would agree with. This sounds like a Tim Cook aphorism (right before he hands the iCloud keys to the CCP) — not anything with any real legal basis. | | |
| ▲ | anonymous908213 4 hours ago | parent | next [-] | | Article 12 of the United Nation's Declaration of Human Rights: > No one shall be subjected to arbitrary interference with his privacy [...] which has later been affirmed to include digital privacy. > I don’t think any government endorses that position. Many governments are in flagrant violation of even their own privacy laws, but that does not make those laws any less real. The UN's notion of human rights were an "axiom" founded from learned experience and the horrors that were committed in the years preceding their formation. Discarding them is to discard the wisdom we gained from the loss of tens of millions of people. And while you claim that society has a vested interest in violating a terrorist's privacy, you can only come to that conclusion if you engage in short-term thinking that terminates at exactly the step you violate the terrorist's rights and do not consider the consequences of anything beyond that; if you do consider the consequences it becomes clear that society collectively has a bigger vested interest in protecting the existence of human rights. | | |
| ▲ | whynotminot 4 hours ago | parent [-] | | > No one shall be subjected to arbitrary interference with his privacy “Arbitrary” meaning you better have good reasons! Which implies there are or can be good reasons for which your privacy can be violated. You’re misreading that to mean your privacy is absolute by UN law. | | |
| ▲ | anonymous908213 4 hours ago | parent | next [-] | | Admittedly "arbitrary" is something of a legal weasel word that leaves a lot of room for interpretation. I lean towards a strong interpretation for two reasons: the first is because it is logically obvious why you must give it a strong interpretation; if the people responsible for enforcing human rights can arbitrarily decide you don't have them, you don't have human rights. The second is because we have seen this play out in the real world and it is abundantly clear that the damage to society is greater than any potential benefits. The US in particular has made an adventure out of arbitrarily suspending human rights, giving us wonderful treats like Guantanamo Bay and the black sites across the Middle East. I don't know what part of that experiment looked remotely convincing to you, but to me they only reinforced how clearly necessary inviolable human rights are for the greater good of society. | | |
| ▲ | pbhjpbhj 3 hours ago | parent [-] | | >if the people responsible for enforcing human rights can arbitrarily decide you don't have them, you don't have human rights But the "arbitrary" there is too account for the situation where the democratic application of the law wants to inspect the communications of suspected terrorists, and where a judge agrees there is sufficient evidence to grant a warrant. Unfortunately, that law does nothing against situations like the USA/Russia regime where a ruler dispenses with the rule of law (and democratic legal processes too). You can't practically have that sort of liberalism, where society just shrugs and chooses not to read terrorists communications, those who wish to use violence make it unworkable. |
| |
| ▲ | danaris 4 hours ago | parent | prev [-] | | But if you want to make it possible for the Feds to break into a terrorist's secure phone, you have to make it impossible for anyone to have a secure phone. That is arbitrary interference with all our privacy. |
|
| |
| ▲ | 4 hours ago | parent | prev [-] | | [deleted] |
| |
| ▲ | PatentlyDC123 3 hours ago | parent | prev [-] | | Usually such "international laws" are only advisory and not binding on member nations. After decades of member nations flouting UN "laws" I can't see them as reliable or effective support in most arguments. I support the policy behind the privacy "laws" of the UN, but enforcing them seems to fall short. | | |
| ▲ | anonymous908213 2 hours ago | parent [-] | | Enforcement mechanisms are weak, but they still exist to set a cultural norm and an ideal to strive towards. Regardless, I have also laid out an argument at length as to why society would logically want to have this be a human right for its own good, regardless of any appeal to existing authority. |
|
| |
| ▲ | Brian_K_White 4 hours ago | parent | prev | next [-] | | This means there are no valid concerns. There are just things some people want and the reasons they want them. So the question that you are so annoyed by remains unanswered (by you anyway), and so, valid, to all of us adults. @hypfer gives a valid concern, but it's based on a different facet of lockdown. The concern is not that the rest of us should be able to break into your phone for our safety, it's the opposite, that you are not the final authority of your own property, and must simply trust Apple and the entire rest of society via our ability to compel Apple, not to break into your phone or it's backup. | |
| ▲ | pc86 4 hours ago | parent | prev | next [-] | | At the risk of being kind of ass, which I've been trying to be better about lately, I'm going to offer some advice. If you can't even respond to a question about secure computing without bringing American presidential politics into things, perhaps you need to take a break from the news for a few weeks. The reason I asked that question is because I don't think it's complicated. I should be able to lock down my device such that no other human being on the planet can see or access anything on it. It's mine. I own it. I can do with it whatever I please, and any government that says otherwise is diametrically opposed to my rights as a human being. You are more likely to be struck by lightning while holding two winning lottery tickets from different lotteries than you are to be killed by an act of terrorism today. This is pearl-clutching, authoritarian nonsense. To echo the sibling comment, society does not get to destroy my civil rights because some inbred religious fanatics in a cave somewhere want to blow up a train. Edit: And asking for someone to says "there are concerns!" to proffer even a single one is not a Socratic line of questioning, it's basic inquiry. | | |
| ▲ | adleyjulian 4 hours ago | parent | next [-] | | The line of reasoning is more like this: if you make and sell safe-cracking tools then it would not be unreasonable for the government to regulate it so only registered locksmiths could buy it. You don't want people profiting from the support of criminal acts. The government could similarly argue that if a company provides communication as a service, they should be able to provide access to the government given they have a warrant. If you explicitly create a service to circumvent this then you're trying to profit from and aid those with criminal intent. Silkroad/drug sales and child sexual content are more common, but terrorism would also be on the list. I disagree with this logic, but those are the well-known, often cited concerns. There is a trade-off in personal privacy versus police ability to investigate and enforce laws. | |
| ▲ | whynotminot 4 hours ago | parent | prev [-] | | This article is about the Trump admin seizing a reporter’s phone. The politics was here from the start. |
| |
| ▲ | hypfer 4 hours ago | parent | prev | next [-] | | > I get so annoyed by this Socratic line of questioning because it’s extremely obvious. Yeah after seeing the additional comments, my gut also says "sea lion". Truly a shame | |
| ▲ | handedness 4 hours ago | parent | prev [-] | | > ...the Trump admin has gleefully flouted norms around that designation... One would have to hold a fairly uninformed view of history to think the norms around that designation are anything but invasive. The list since FDR is utterly extensive. | | |
| ▲ | whynotminot 3 hours ago | parent [-] | | I didn’t say he was the first to abuse powers. Indeed it’s kind of silly to even have to clarify “but other administrations…” because that’s fairly obvious to anyone old enough to have seen more than one president. But the article is literally referencing the Trump administration seizing a reporter’s phone so the current administration’s overreach seems relevant here. | | |
| ▲ | handedness 3 hours ago | parent [-] | | But that's not what I said. My point was that your stated assumption of what the norms are is inaccurate. If nearly every modern administration does it, that is literally the norm. The present administration, like many before it, is following the norm. The norm is the broader issue. Which makes the rest of it (and your followup) come across as needlessly tribal, as both major parties are consistently guilty of tending to object to something only when the other side does it. | | |
| ▲ | whynotminot 3 hours ago | parent [-] | | Frankly I really don’t care about both sides-ism anymore. I can agree with you that a lot of administrations have been irresponsible on this point while also believing that the current administration is particularly dangerous in this area. If I lose you here because of “needless tribalism” oh well. |
|
|
|
|
|
| ▲ | Joel_Mckay 4 hours ago | parent | prev | next [-] |
| Some platforms will side-load anything the telecom carrier sends. It is naive to assume iOS can be trusted much more than Android. =3 |
| |
| ▲ | pc86 4 hours ago | parent [-] | | Let's assume for the sake of argument you're making a valid point. What does that have to do with my question? | | |
| ▲ | Joel_Mckay 4 hours ago | parent [-] | | Location telemetry, listening devices, and exfiltration of protected sources. A 3rd party locked down system can't protect people from what the law should. =3 |
|
|
|
| ▲ | ambicapter 5 hours ago | parent | prev [-] |
| Think of the children |
| |
