Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
stouset 4 hours ago

Absolutely every aspect of it?

What’s so hard about adding a feature that effectively makes a single-user device multi-user? Which needs the ability to have plausible deniability for the existence of those other users? Which means that significant amounts of otherwise usable space needs to be inaccessibly set aside for those others users on every device—to retain plausible deniability—despite an insignificant fraction of customers using such a feature?

What could be hard about that?

gabeio 4 hours ago | parent | next [-]

> despite an insignificant fraction of customers using such a feature?

Isn't that the exact same argument against Lockdown mode? The point isn't that the number of users is small it's that it can significantly help that small set of users, something that Apple clearly does care about.

achierius 2 hours ago | parent | next [-]

Lockdown mode costs ~nothing for devices that don't have it enabled. GP is pointing out that the straightforward way to implement this feature would not have that same property.

stouset 2 hours ago | parent | prev | next [-]

Lockdown mode doesn’t require everyone else to lose large amounts of usable space on their own devices in order for you to have plausible deniability.

PunchyHamster 3 hours ago | parent | prev [-]

now I want to know what dirty laundry are their upper management hiding on their devices...

tosapple 2 hours ago | parent [-]

The 'extra users" method may not work in the face of a network investigation or typical file forensics.

Where CAs are concerned, not having the phone image 'cracked' still does not make it safe to use.

billfor 4 hours ago | parent | prev | next [-]

Android phones are multi-user, so if they can do it then Apple should be able to.

Gud 4 hours ago | parent | next [-]

And how do you explain your 1TB phone that has 2GB of data, but only 700GB free?

3 hours ago | parent | next [-]
[deleted]
deno 3 hours ago | parent | prev | next [-]

The "fake" user/profile should work like a duress pin with addition of deniability. So as soon as you log in to the second profile all the space becomes free. Just by logging in you would delete the encryption key of the other profile. The actual metadata that show what is free or not were encrypted in the locked profile. Now gone.

tosapple 2 hours ago | parent [-]

Good idea, but this is why you image devices.

morkalork 3 hours ago | parent | prev | next [-]

The same way when you buy a brand new phone with 200GB of storage that only has 50GB free on it haha

davidwritesbugs 3 hours ago | parent | prev | next [-]

"Idunno copper, I'm a journalist not a geek"

heraldgeezer 3 hours ago | parent | prev [-]

System files officer ;)

stouset an hour ago | parent | prev | next [-]

That is about one fiftieth of the work that needs to go into the feature the OP casually “why can’t they just”-ed.

jb1991 4 hours ago | parent | prev [-]

This is called whataboutism. This particular feature aside, sometimes there are very good reasons not to throw the kitchen sink of features at users.

NitpickLawyer 4 hours ago | parent | prev | next [-]

Truecrypt had that a decade+ ago.

ratg13 3 hours ago | parent [-]

Not sure if you know the history behind it, but look up Paul Le Roux

Also would recommend the book called The Mastermind by Evan Ratliff

edm0nd 3 hours ago | parent [-]

imo Paul Le Roux has nothing to do with TrueCrypt

ratg13 3 hours ago | parent [-]

He wrote the code base that it is based on in combination with code he stole. The name is also based on an early name he chose for the software.

Whether he was involved in the organization and participated in it, is certainly up for debate, but it's not like he would admit it.

https://en.wikipedia.org/wiki/E4M

hackerfoo 3 hours ago | parent | prev | next [-]

Maybe one PIN could cause the device to crash. Devices crash all the time. Maybe the storage is corrupted. It might have even been damaged when it was taken.

This could even be a developer feature accidentally left enabled.

greesil 3 hours ago | parent | prev | next [-]

Android has work profiles, so that could be done in Android. iPhone still does not.

skeptic_ai 2 hours ago | parent | next [-]

Police ask: give me pass for work profile. If you don’t: prison.

reaperducer 3 hours ago | parent | prev [-]

Android has work profiles

Never ever use your personal phone for work things, and vice versa. It's bad for you and bad for the company you work for in dozens of ways.

Even when I owned my own company, I had separate phones. There's just too much legal liability and chances for things to go wrong when you do that. I'm surprised any company with more than five employees would even allow it.

greesil 42 minutes ago | parent | next [-]

What's the risk? On Android, the company can remotely nuke the work profile. The work profile has its own file system and apps. You can turn it off when to don't want work notifications.

PunchyHamster 3 hours ago | parent | prev [-]

you're surprise corporations are cheap

izzydata 4 hours ago | parent | prev | next [-]

It doesn't seem fundamentally different from a PC having multiple logins that are accessed from different passwords. Hasn't this been a solved problem for decades?

bsharper 4 hours ago | parent | next [-]

You can have a multiuser system but that doesn't solve this particular issue. If they log in to what you claim to be your primary account and see browser history that shows you went to msn.com 3 months ago, they aren't going to believe it's the primary account.

inetknght 3 hours ago | parent [-]

My browser history is cleared every time I close it.

It's actually annoying because every site wants to "remember" the browser information, and so I end up with hundreds of browsers "logged in". Or maybe my account was hacked and that's why there's hundreds of browsers logged in.

paulryanrogers 4 hours ago | parent | prev | next [-]

Apple's hardware business model incentivizes only supporting one user per device.

Android has supported multiple users per device for years now.

compiler-guy 4 hours ago | parent | prev [-]

Multi-user has been solved for decades.

Multi-user that plausibly looks like single-user to three letter agencies?

Not even close.

izzydata 4 hours ago | parent [-]

Doesn't having standard multi-user functionality automatically create the plausible deniability? If they tried so hard to create an artificial plausible deniability that would be more suspicious than normal functionality that just gets used sometimes.

wtallis 3 hours ago | parent [-]

What needs to be plausibly denied is the existence of a second user account, because you're not going to be able to plausibly deny that the account belongs to you when it resides on the phone found in your pocket.

vlovich123 3 hours ago | parent | prev | next [-]

iPhone and macOS are basically the same product technically. The reason iPhone is a single user product is UX decisions and business/product philosophy, not technical reasons.

While plausible deniability may be hard to develop, it’s not some particularly arcane thing. The primary reasons against it are the political balancing act Apple has to balance (remember San Bernardino and the trouble the US government tried to create for Apple?). Secondary reasons are cost to develop vs addressable market, but they did introduce Lockdown mode so it’s not unprecedented to improve the security for those particularly sensitive to such issues.

achierius 2 hours ago | parent [-]

> iPhone and macOS are basically the same product technically

This seems hard to justify. They share a lot of code yes, but many many things are different (meaningfully so, from the perspective of both app developers and users)

ashdksnndck 3 hours ago | parent | prev [-]

You think iPhones aren’t multi-user for technical reasons? You sure it’s not to sell more phones and iPads? Should we ask Tim “buy your mom an iPhone” Cook?