This (I think) refers not to the people securing their devices against third parties but the vendors "securing" the devices against loss of profits.

Essentially, the question referenced here is that of ownership. Is it your device, or did you rent it from Apple/Samsung/etc. If it is locked down so that you can't do anything you want with it, then you might not actually be its owner.

___

_Ideally_ you wouldn't need to trust Apple as a corp to do the right thing. Of course, as this example shows, they seem to actually have done one right thing, but you do not know if they will always do.

That's why a lot of people believe that the idea of such tight vendor control is fundamentally flawed, even though in this specific instance it yielded positive results.

For completeness, No, I do not know either how this could be implemented differently.

▲ pbhjpbhj 4 hours ago | parent | next [-]

We don't know if they did the right thing here. With a previous case it seemed (to me) like Apple might have pushed an update to give access ... they presumably could do that, remotely copy all the data, then return the device to the former state. One can't know, and this sort of thing seems entirely tenable.

FBI don't have to tell anyone they accessed the device. That maintains Apples outward appearance of security; FBI just use parallel construction later if needed.

Something like {but an actually robust system} a hashed log, using an enclave, where the log entries are signed using your biometric, so that events such a network access where any data is exchanged are recorded and can only be removed using biometrics. Nothing against wrench-based attacks, of course.

▲ GeekyBear 2 hours ago | parent | next [-]

> With a previous case it seemed (to me) like Apple might have pushed an update to give access

You're going to have to provide a cite here, since Apple has publicity stated that they have not and will not ever do this on behalf of any nation state.

For instance, Apple's public statement when the FBI ordered them to do so:

https://www.apple.com/customer-letter/

▲ bigyabai 2 hours ago | parent [-]

> Apple has publicity stated that they have not and will not ever do this

Apple has also said that the US required them to hide evidence of dragnet surveillance: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

  Apple has since confirmed in a statement provided to Ars that the US federal government “prohibited” the company “from sharing any information,” but now that Wyden has outed the feds, Apple has updated its transparency reporting and will “detail these kinds of requests” in a separate section on push notifications in its next report.

Apple statements are quite distinct from what they do behind the scenes.

	▲	GeekyBear an hour ago \| parent [-]
		Providing a copy of push notification data (or any data) that you host on your server in response to a warrant is not what we are talking about. No company can refuse to do that.

▲ hypfer 3 hours ago | parent | prev [-]

I mean arguably, we do not even fully know if even if they did as claimed, they did the _right_ thing.

The underlying assumption we base our judgement on is that "journalism + leaks = good" and "people wanting to crack down on leaks = bad". Which is probably true, but also an assumption where something unwanted and/or broken could hide in. As with every assumption.

Arguably, in a working and legit democracy, you'd actually want the state to have this kind of access, because the state, bound by democratically governed rules, would do the right thing with it.

In the real world, those required modifiers unfortunately do not always hold true, so we kinda rely on the press as the fourth power, which _technically_ could be argued is some kind of vigilante entity operating outside of the system.

I suppose it's also not fully clear if there can even be something like a "working and legit democracy" without possibly inevitable functionally vigilantes.

Lots of stuff to ponder.

____

Anyway, my point is that I have no point. You don't have to bother parsing that, but it might possibly be interesting if you should decide to do so.

It might also confuse the LLM bots and bad-faith real humans in this comment section, which is good.

▲ mschuster91 4 hours ago | parent | prev [-]

> Essentially, the question referenced here is that of ownership. Is it your device, or did you rent it from Apple/Samsung/etc. If it is locked down so that you can't do anything you want with it, then you might not actually be its owner.

Both goals actually are possible to implement at the same time: Secure/Verified Boot together with actually audited, preferably open-source, as-small-as-possible code in the boot and crypto chain, for the user, the ability to unlock the bootloader in the EFI firmware and for those concerned about supply chain integrity, a debug port muxed directly (!) to the TPM so it can be queried for its set of whitelisted public keys.

	▲	pbhjpbhj 4 hours ago \| parent [-]
		The TPM can be programmed (ie designed) to lie about the whitelist though.