Hacker News new | comments | show | ask | jobs | submit login
The FBI, CIA and NSA say American citizens shouldn't use Huawei phones (cnn.com)
270 points by daegloe 8 months ago | hide | past | web | favorite | 253 comments



Maybe it's tinfoil hat time; the more the government says to not use Huawei, offering no proof at all, the more I think they are unable to track and log information like they can on US(ish) phones.

All US phones have components manufactured in China as well as all over the world. It is not a stretch to think the foreign governments couldn't get in the middle and create vulnerabilities or straight up drop attacks on different components they have access to. How is Huawei any different?

Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world. /shrug operations Shotgiant doesn't matter? If the NSA hack revealed that Huawei was injecting spyware it's time to release the details of how they found out.


This argument would hold more weight if the government was saying not to use any non-US phone. But they're specifically targeting Huawei and ZTE. Notice that there's no recommendation to avoid e.g. Samsung phones.


> " This argument would hold more weight if the government was saying not to use any non-US phone"

There's not even such a thing as a "US phone" though, is there? Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts. Google always outsources its Nexus/Pixel devices to third parties like LG and Motorola. Speaking of Motorola, they are now owned by Chinese manufacturer Lenovo, which has also been in hot water lately over spyware and rootkits in their laptops.

I'm of two minds about the announcement. On the one hand, Huawei and ZTE have both been caught installing backdoors and spyware on their devices in the past[1]. On the other hand, the US three letter agencies have a vested interest in US citizens carrying around easily monitored and tracked devices, and they easily find ways around Constitutional protections against spying within their own borders.

I honestly don't know who to believe in this situation.

[1] https://www.fastcompany.com/4025254/new-phone-who-dis-huawei...


"Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts."

Exactly my thought. US gov't even outsources to private contractors that then subcontract and outsource to China for electronic components including chips that can easily end up in our DOD systems. I wonder if this is more of a money or market thing being pushed by the Existing Oligopoly?

Something doesn't appear to add up completely?


What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".

That's easy. And moreover, its a bigger threat. With a Huawei phone, the Chinese government has control over everything from the processor to the userspace software. With a small piece of silicon in a fab, the threat surface is much smaller; they'd have to sneak it in against Apple's will, past all of Apple's American-loyal QA.

In the software world, we tend to think about security as an absolute, because computer logic is absolute. In the real world, security is probabilities. How can you minimize the chance of breach while minimizing costs.


>they'd have to sneak it in against Apple's will, past all of Apple's American-loyal QA.

Is Apple's QA workforce mostly American or do they have a lot of Chinese H1Bs? I mean loyalty is a fickle thing.


>What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".

If the 'threat' was real, that makes as much sense as hardening one door in your house, when you have 4 other doors because "you can't protect against every threat model".


No. It makes as much sense as securing the 4 doors because that's a relatively cost efficient way to implement basic security. But let's avoid strengthening all the walls with a titanium alloy to protect us when the threat brings a bulldozer to get in. That's expensive.

Asking Apple to manufacturer their phones outside of the US is a highly expensive action.


And the pictures of NSA employees opening parcels to modify the hardware before it gets shipped to certain targets immediatly comes to my mind.

That being said if you don’t control the software, modifying manually a handful of devices doesn’t scale. If you modify all of them the chance that you will be spotted is very high. If you control the software and it is encrypted / not readable, you can backdoor all devices of a whole country. So I can see how it is a step up in term of threat level.


Not sure why this was downvoted. Those pictures are right here:

https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...


If Huawei and ZTE put in back doors, and the CIA/FBI/NSA wants into your phone, then you'd expect they would want you to have a Huawei phone. After all, as oft repeated here, a backdoor is accessible to anybody, no matter who it was put in for.


Not necessarily. If there is a hardware vulnerability specified by the Chinese government, the NSA would not want you to use that phone. They'd rather keep China from having the easy option and then compromise your info another way (that presumably makes it more difficult for China to get your info).


Also, finding the backdoor is still some effort.


> There's not even such a thing as a "US phone" though, is there?

BLU?


No. Their phones are rebranded devices manufactured in China. I'd also steer clear.[0][1]

[0] https://www.kryptowire.com/adups_security_analysis.html

[1] https://www.bitsighttech.com/blog/ragentek-android-ota-updat...


Samsung is South Korean, a US ally and SIGINT partner. Modify the argument to, "the government is saying not to use any phones that are not from the US or its puppet states."


Are Huawei and ZTE the only phone manufacturers from a non-SIGINT partner state? That doesn't seem correct. Hell, https://en.wikipedia.org/wiki/List_of_mobile_phone_makers_by... lists 29 different mobile phone makers in China, 2 of which are Huawei and ZTE, one of which is a subsidiary, leaving 26 independent manufacturers. But the government isn't telling us not to buy e.g. a Xiaomi phone.


Which of those other 27 are big enough in the US to be worthy of mention?


How about Xiaomi? Wikipedia says that as of 2017 they're the world's 5th largest smartphone company. I don't know how popular their products are in the US, but I have at least heard of them before (which is more than I can say for ZTE).


I’d venture to say 98% of the US population couldn’t tell you if Xiaomi was a tech company or a Chinese food dish.


Considering that the name literally means little rice, they wouldn't be necessarily wrong. (at least it isn't 小蜜, which has a different meaning...)


That's true of Huawei and ZTE too, and yet the government thought it was worth saying don't buy their phones, so I'm not sure what your point is.


My point is that Xiaomi phones are not popular in the US, at all. Xiaomi had zero official distribution in the US up until recently when they started selling directly on amazon. ZTE and Hauwei phones have been sold through official distribution channels for a while. ZTE phones are given away or nearly given away for free to every cricket wireless customer.


I am more aware of Xiaomi than Hauwei. ZTEs were around, but those are garbage phones. I know that Xiaomi makes phones, smart bands and a smart tv. I literally had no idea what Hauwei was making until I looked up right now.


Huawei made one of the Nexus phones.


FYI, Xiaomi is very popular in India, because they offer perceived good value for the cost.


Xiaomi now has the largest market share amongst phone manufacturers in India.


Xiaomi has almost zero presence in the US market, you can't get their phones here unless you go via a grey market importer.


Or Amazon.com...


The witnesses only answered the question in front of them. Sen. Cotton only asked about ZTE, Huawei, China Telecom, and China Unicom, so Director Wray responded only about ZTE and Huawei. This is standard practice when testifying in front of an oversight committee.


What about OnePlus then? It is a Chinese company, and I'm sure they sell more phones than Huawei.


Calling South Korea a puppet state is quite a stretch.


Even if it was a puppet state, apparently Samsung is above the law there. They are like 70% of its GDP.


You're thinking of all of the chaebol/conglomerate companies combined, so Samsung, LG, Hyundae Kia, Posco, Hyundae Heavy Industries, SK Group, CS Group, Lotte, Hanhwa, Hanjin, Kumho Asiana, Doosan, etc., each of which have multiply companies in their portfolios and are serviced by groups of smaller local firms specialized in support for one or a few of the big ships.

But, do they feel above the law? This is certainly a common complaint of South Koreans. These groups are definitely "too big to fail" and they know it. So yes the concentration of power in a few giant firms is remarkable, and not in a good way.


1/5th of exports, 17% of GDP.

https://en.wikipedia.org/wiki/Samsung


I stand corrected. I shouldn't try to pull statistics from my failing memory anymore. Still big enough to intimidate a government from messing with them.


> Still big enough to intimidate a government from messing with them

Nope, per recent incidents.


Um, well Samsung's president hass been released from jail, but the countrie's last president hasn't... http://fortune.com/2018/02/05/samsung-j-y-lee-released-south...

I'd say that is a LOT of influence.


Released from jail necessarily implies the government will "mess" with them.


An important Samsung person was arrested and promptly released. That is not how a government messes with a company. Tax. Regulations. Things that hurt the bottom line constitute 'messing'.


The United States maintains wartime control of the South Korean military (look up OPCON to find news about the topic).


And their argument would hold more weight if they would just point at the vulnerability they're suspecting.

Even if they only had rough suspicions (with rigorous technical underpinnings, just like a security researcher taking their job seriously). The public security community has repeatedly discovered, reported and fixed serious security vulnerabilities without the NSA doing shit all to help out (which is their job) whether they knew about the vulnerability or not, going as far as deliberately pushing back.

The only reason I can see why you'd prefer one argument over the other is if you somehow believe the NSA always has the best interest of the people at heart. But I think we know a little better by now and they might support the people in theory, but there are usually other interests that are bigger and better and more important.


Do you really expect the FBI, CIA, and NSA to point to a specific vulnerability? I would imagine their specific concerns are classified due to national security.

If it was just the NSA saying this I'd be a bit more skeptical. But if the FBI and CIA agree, that seems like sufficient reason to believe that their motives are honest.


The US has a closer relationship with South Korea's security apparatus than China's, though.


Who cares about what overseas intelligence agencies know of them? I would be much more concerned about the agencies that sit close enough to actually be interested in my person. I am exaggerating (McCarthyism is probably not this hard any more and people are much less prone to take communism seriously nowadays) but just for example: if an American gets involved in an anti-communist club in the USA China will hardly care about him in particular but if some of the people in one's phonebook happen to be communists the homeland agencies can actually go after him and ruin his life :-)


If your using a phone to access email that has trade secrets or IP in it, you'd care.


Or if the relationship between China and the US becomes more confrontational, China effectively controls a large part of the US infrastructure which becomes a strategic risk. Kind of a nuclear option (no country would ever import anything running on electricity ever again from china if they were to do that).


> ... the more I think they are unable to track and log information like they can on US(ish) phones.

My first thought was "Why? Can't they snoop on us with those phones?" Then I thought that they snoop at the network level so I don't think they need anything on the handset to listen in. Maybe I'm wrong about that.


You'd still want vulnerabilities on the device in order to have access to encrypted messaging. While this type of attack would not be used on all citizens, investigative journalist and activists would certainly be citizens of interest.


Yes, I had forgotten about that case.


// Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world.

Yes, you should. More than one entity has committed a sin does not make that sin a non-sin.


What evidence do we have for the claim, though, beyond what the FBI, CIA, and NSA told us?


I suppose then the question becomes "Who would you rather have listening in?"


Let's see, if the US is listening in, then there's a small chance they will misinterpret my actions as suspicious, arrest me, and perhaps even lead to my imprisonment. This may include extraordinary rendition, should they make that decision while I am in another country.

If China is listening in, then there's a chance I will be denied a visa to visit China or, should I be given a visa and visit, then they can arrest me, etc.

Upsides in either case? None.

So I would rather have China listening in than the US.


I think you're very much mistaken about the risks involved. For example[0]. I really have a hard time understanding people who think the US is worse than China. China is orders of magnitude worse. Sure, the NSA may spy on your electronic communications but the level of invasive, oppressive surveillance is not even comparable[1]. As far as I know no people are in jail in the US for protesting the government's policies. In China that's not the case[2].

[0] https://www.theguardian.com/world/2018/feb/08/daughter-gui-m... [1] https://www.wsj.com/articles/twelve-days-in-xinjiang-how-chi... [2] https://www.huffingtonpost.com/entry/political-prisoners-chi...


I am not mistaken. I do not live in China and have no plans to visit.

What can China do to someone a US citizen, living in the US, using a Huawei phone? Even if all telephone calls are monitored?

What can the US do to someone in the same situation?

Yes, others are in different circumstances and would make a different choice. Best of course would be to have no mass surveillance system.


> What can China do to someone a US citizen, living in the US, using a Huawei phone? Even if all telephone calls are monitored?

Sell personal details like credit card numbers or the SSN to a criminal syndicate.

No one said they would spy to steal state secrets.

Another possibility is identity theft. Read about the scandal involving Australian passports used by Israeli secret services in 2010: http://www.smh.com.au/national/mossad-hit-snares-australians....


> Sell personal details like credit card numbers or the SSN to a criminal syndicate.

That kind of ticky-tack stuff seems more like the work of organized crime ring than a national government of a state like China. Anyway, that stuff is subject to much more prosaic risks, like your being at the mercy of your dentist's office's online security set-up.


If they allegedly sold organs on the black market and force prisoners to play online games to earn virtual currencies (https://www.theguardian.com/world/2011/may/25/china-prisoner...), it is not inconceivable they sell data.


The Chinese government is not monolithic. There are individual people in their government, any of which who have access can do nefarious things.


I don't think people need a reminder of that. The US government also isn't a monolith, as J. Edgar Hoover's abuse of power as the head of the FBI reminds us.


Of course. This statement:

> That kind of ticky-tack stuff seems more like the work of organized crime ring

seems like you are idealizing China. I idealize neither and wish my privacy to be wrenched back from the illegal search and seizure of the NSA.


I'm not "idealizing" China; I just think that, realistically, credit card fraud is a weird tack for a large world power to take. If we're talking about rogue individuals, OK, but you probably need a local fence, complicating things, and you could make the same argument about just about any entity you interact with. I'd say the risk of a call center employee stealing your SSN to commit fraud is higher than someone in the MSS doing the same.


That "you" isn't me.


To quote someone else on HN in the past

You should be worried about the government who has the power to imprison you.

The US absolutely does make lists of "suspicious" citizens. Just look at what the FBI did to protestors of the keystone pipeline.


DDoS the whole infrastructure. They have done that to GitHub before by hijacking traffic to Baidu. With millions of phones in the US under their control it’s fairly easy to overwhelm any website (Mercedes comes to mind in recent news) they don’t like or even cripple the whole national wireless network.

Also even if you are not of direct interest to China, what about your friends and colleagues? They can use you as a tool to get to those that you have direct communication with.


> What can China do to someone a US citizen, living in the US, using a Huawei phone?

What can the US do to someone who's not a citizen, living outside the US, with access to their communications? It's not difficult to find an answer to this. China would do the same to you and you won't be able to fight against it because you're not a citizen of China.


US get extradite people from all around the world quite easily. On the other hand, extraditing a US citizen to another country is very difficult as US is more likely to block such efforts. For this reason it might be safer for US citizens to be listened to by Chinese government instead of US. It's a tradeoff you need to make and it depends on your circumstances of course.


I think the US is far more likely to be able to persuade most states to extradite you than China is.


They can target business leaders and steal secrets. Not sure how many are using a Huawei phone.


His point wasn't that the US is worse than China, but that he lives in the US, and not China. As bad as china is, they are not likely to abduct him from the US. His own government however can do as they please.


I'm sure some could care less about Constitutional rights for those who are undocumented, but ICE most certainly is targeting activists for immigration reform, aka those protesting government policies.[1]

"First they came for the Socialists, and I did not speak out— Because I was not a Socialist...."

https://theintercept.com/2018/02/08/ice-nypd-ravi-ragbir-cit...


You may feel that from a human rights perspective China is morally inferior to the US. This has no bearing on whether you're better off being spied on by one or the other. If you're located in the US, the US government has an extreme amount of power over you and China has almost none; it's obviously better to be spied on by China. If you're in China, the logic reverses.


The thing is since I am in the US, the Chinese government has very little power over me compared to the US. Since I am a US citizen, they also have very little interest in me compared to the USA. Concerns may differ for those in a different position than I am. My industry isn’t a target for espionage.


Not to mention, with the NSA, the primary concern should be transparency and whether what they're doing is legal/allowed by the constitution. With China there are real national security concerns.

We can have discussions and concerns about the NSA while also recognizing foreign nations pose an equal or worse threat. At least with the NSA there is some hope of reigning them in when they overstep.


> At least with the NSA there is some hope of reigning them in when they overstep.

Honestly? The response to the Snowden leaks would seem to indicate the opposite.


> With China there are real national security concerns.

I'm not sure what you mean by this. Certainly China does face national security concerns.


I do not live in China and am unlikely to be extradited to China for anything I get up to online.


Dont fool yourself. If you get a Huawei phone and use it with a U.S. carrier with any services by U.S. tech companies that can be back-doored or subpoenaed, then you could potentially have both the U.S. and China spying on you. It has already been proven in the past that these Chinese phones send considerable amounts of data to Chinese servers.

If you are someone working with a military contractor or the government(with any kind of security clearance) I dont think the U.S. would want you using a Chinese phone for obvious reasons


>It has already been proven in the past that these Chinese phones send considerable amounts of data to Chinese servers.

Not that I don't believe this, but can you provide a canonical source to support this claim? I don't keep up with this literature.


Also, what are they sending? My natural response to this would be "well of course they do" because presumably most phones come with some software/services from the manufacturer.


What about blackmail? They can use your surfing data (porn, social media) to blackmail you. If you do your banking or shopping on your phone, they will have access to your credit card data, social security #, etc. that can be sold or used for cyber warfare. You're right, no upsides, but there are huge risks with having the Chinese steal your information.


Ahh, you are right. I didn't think about that possibility because I don't have a smartphone.


And because I read "listening in" literally, as intercepting audio, rather than metaphorically as being able to intercept all traffic.

Also, the US has blackmailed people, like the FBI attempt to blackmail Martin Luther King Jr. We know the US gathers the porn habits of people who it considers might be a threat, including of a US person (https://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n... ).

So really it's a matter of balancing the odds. The odds are low that either government will care about me. It feels more likely that my life will be upended by a mistake, like what happened with Brandon Mayfield, and a mistake by the US government is far more likely to affect me than a mistake by the Chinese government.


The US gov't is unlikely to jack the results of $200M and 11 years of research and give it to state-controlled companies.


If these are intelligence agencies, wouldn't they also consider assassinating you?


I'm honored that you think I'm that important.

The hypothetical choice is, would I rather have the US or China listening to my phone, if I had to choose one, and "none of the above" was not an option.

It is not easy to assassinate someone in another continent, and I don't live in China.

There's also the chance that the assassination will fail, and even backfire, where the further investigation might reveal agent identities. I'm just not that worthwhile to possibly waste those resources.


I mean, if you're that worried that something is going to happen to you, then you do think you're that important.


It was an intellectual exercise to answer the posed question "Who would you rather have listening in?"


I sometimes feel like the smartest move is to use a product coming from a country ruled by a hostile government. Like, if you're in the US, sign up for Chinese services, but if you're in China sign up for American ones.

(yeah the relationship is more complicated than "hostile" but you get my drift)


If this is your perspective, maybe it would be better if everyone bought phones from Finland.


I believe his point with 'hostile' is to choose nations where they would be both likely and able to say 'no' should the host nation of an individual request sensitive information on the individual in question.

For instance Switzerland had some of the most secure and private banking in the world. It was actually a criminal act in Switzerland to reveal the name of an account holder - to anybody, including governments. And so if the US were to request information on a possible US account holder, they would be likely to say no. But given the influence of the US on both Switzerland and on the nations it most heavily depends upon, they've proven themselves unable to say no, and ended up passing all sorts of special laws, just to bend over to US requests that infringed their nation laws and more generally their sovereignty.

Another interesting example with Switzerland is Champagne. Champagne, Switzerland has been making a local wine known as Champagne since the 9th century. Many centuries before the champagne of France even existed. In 2004 the EU told them to stop using the name. And again even if they were likely to say no, they would be unable to do so. As another interesting aside Champagne, using the ubiquitous méthode champenoise, was not invented in France. It was created by an Englishman. What a sordid tale that little drink has!

Would Finland be likely to say no? I don't know - I have very little knowledge of the security arrangements between Finland and the US. Would they be able to say no to the US? Not a chance.


Maybe not. https://www.militarytimes.com/news/pentagon-congress/2016/10...

I'd think China, Russia, or Iran would be your best bets if you were seeking countries unlikely to cooperate with US intelligence services.


Is Finland hostile to anyone?


Huawei is not that good with phone updates. I don't think they need special access to hack or record Huawei phones, especially if they find the Chinese backdoor in there.


> they are unable to track and log information like they can on US(ish) phones

This seems remarkably unlikely. One would have thought the security industry would have noticed if Huawei had particularly robust security.


People tend to believe narratives that mirror or support their beliefs.

Blame North Korea for Sony hack? Nah, no way. Blame Russia for election hacking (even though at most they bought some ads on FB and ran some twitterbots) oh yeah, those manipulative Russians.

You're free to ignore their advice, btw.


And what about the facts coming out about voting system intrusion and all the buzz about manipulated voter rolls that could easily have accounted for the number of votes that dictated the outcome of the election in key states?

It was quite a bit more than "some ads on FB and twitterbots" and to downplay the extent of their actions is disingenuous.


Even NPR reports that there was no voting machine fraud perpetrated by Russian actors, only that intelligence agencies say it appears they tried and expect them to try some more.

Interestingly WaPo is going counter tight wing as well as left wing predispositions and calling for national voter id.


What happens with a lot of this stories is something gets carelessly published, a lot of people read it, and then it's retracted and the retraction is seen by far fewer people.


This comment is highly understating the power of social media micro-targeting by dubbing it as buying a few ads on FB and running twitterbots. I would request you to check out the Ted talk by Zeynep Tufekci (https://www.youtube.com/watch?v=iFTWM7HV2UI) to get a sense of how effective social media campaigns can be.


Well that would explain why they were so effective in the Ukaine campaign, right?

Or you're saying Americans are so much more deceived and gullible?

The Kochs and the Soroses pump so much more money into manipulating elections what the Russians did was peanuts. People would hardly be complaining if they had instead been on Team Bernie. But since the candidate who could not possibly lose lost a Sure shot, people want and need a ready made answer, enter twitterbots and FB ads.

Anyway, the agreeing narrative phenomenon is most clearly evident in the Assange issue. When he was exposing America's behavior in Europe and the middle east and it also aligned with left ideology, he was a hero, Swedish accusations be damned. Now that his leaks hurt the left, he's a tool of the Russians, of course.


> The Kochs and the Soroses pump so much more money into manipulating elections what the Russians did was peanuts. People would hardly be complaining if they had instead been on Team Bernie. But since the candidate who could not possibly lose lost a Sure shot, people want and need a ready made answer, enter twitterbots and FB ads.

The Kochs (etc) are Americans manipulating the system with their wealth and probably within the law. I resent them for it, but that’s very different from a foreign government attempting to influence the results of a US election. I don’t pretend to know the actual pervasiveness of Russian influence; I’m only saying that your comparison falls flat.

I have to wonder if you might realize this yourself, but choose to ignore it in order to justify your own agenda.

Also, I would be angry with any outcome that was shown to be the result of election tampering. That goes for any candidate, even if I voted for them myself.


Would anyone even care about the Facebook ad spend and meetings with campaign officials if it were Israelis or Saudis instead of Russians? I think if you do this mental exercise a lot of the "Russiagate" stories start to look weird.


This gets tricky. So does that mean suddenly it's meddling when Saudi Arabia makes political FB ad buys, or Egypt, or Japan, or whomever wants favor from Americans?


Not the OP, but:

Yes. What’s so tricky about that?


Ok, where is the line drawn?

Can a Russian, Israeli or Saudi or Mexican citizen in their respective country buy political ads targeting Americans and favoring or disfavoring a particular American candidate for office?

What if they are on vacation in the US?

What if they have jobs in the US, are not citizens, but live here and have an interest in politics?

What if they are here illegally and buy ads favoring or disfavoring a candidate for office?

What if in some cases it was their own money, what if in other cases they were hired by people in their home countries to buy ads?

What if they work in DC and act as foreign agents and pay for lobbying?

Does FB, Tw, etc. track all that?


> Can a Russian, Israeli or Saudi or Mexican citizen in their respective country buy political ads targeting American and favoring or disfavoring a particular American candidate for office?

Yes, lawfully [1]. This is a complicated area of law, which is why foreigners and foreign governments seeking to properly lobby in America hire proper counsel.

[1] https://www.fec.gov/updates/foreign-nationals/


So Twitter found some $100k spent on ads from Russia during the campaign. Are you really suggesting that someone spending $100k could decide the outcome of an election as big as the U.S. one?

It's time to stop this "Russia hacked the Election" non-sense and just accept the fact that Hillary lost in a fair election.


> Are you really suggesting that someone spending $100k could decide the outcome of an election as big as the U.S. one?

You are very conveniently omitting recent disclosures from facebook that over 126 million Americans may have seen Russia based political posts over a two-year period leading to the election. Source: https://www.reuters.com/article/us-usa-trump-russia-socialme...

This isn't about a particular candidate winning or losing the election. The case would be equally horrifying if Hillary had won the election with the help of a foreign-state-sponsored social media campaign.

And I would implore you to check out the Ted talk I have posted above. It is not about supporting any particular candidate - it simply talks about how powerful these micro-targeted campaigns can be, and we ignore their potential and their effects on democracy at our own peril.


I feel that if some Facebook posts are able to affect the elections to a large degree, we as a people have failed and it doesn't matter what the outcome is since it's just a symptom of a larger problem.

Just like it didn't matter what the exact process by which GW won the contested election. The very fact that the counts were so close means we might as well have tossed a coin.


The last election showed that you only need to target a small amount of people in a few key states. $100k, coupled with some convenient gerrymandering, could easily reach that many people.


This is not new. I worked for a Comcast subsidiary who owned and operated a multi-state "cable" company who owned all of their end to end transport and had a customer base of around 250k at the time. They installed all fiber and HFC networks in the ground, thus they also owned all the fiber transport gear. We had been in a bake off between Infinera (US based) and Huawei for long-haul transport until a three letter agency paid a visit and made the decision for us.

So... Either one of two things was true: the three letter agency was protecting US consumers or the three letter agency already had Infinera backdoored. My personal opinion in the matter was the former. Why? Because later that same year the data center was shut down one night and off limits for all changes and users. The next day a large, locked and tamper taped mobile rack was in the DC with 100Gb link into core routing. That led me to believe gaining access to siphoning traffic was not really the issue. But I could also be wrong because I wasn't in the know.

This was in 2010-2011, pre-Snowden.


A third possibility is that they're using this influence to give an economic advantage to US-based companies, and a disadvantage to foreign (or specifically Chinese) ones.

Could also be all three of course.


You're right it could be anything and everything. But knowing what I know about intelligence agencies and China it was most likely a fair warning to the US citizen.


The economic argument is difficult to make, because it raises costs on American companies who are consumers.


Unless of course those consumers have less influence on politicians that huge telcos (and the costs are negligible anyway)


I don't think that's true. You just need one party to be on good terms.


you don't want the only source of essential infrastructure to be an adversary so the "economic" argument may also be strategic but in a different way.


The same thing happened to Vodafone (the major cellular carrier and therefore nation's largest ISP) in Australia circa 2013. Next-gen gear bids were under consideration, Huawei came in by far cheapest, but an Australian government agency visited and essentially suggested they were free to buy Huawei however they may not have their licenses renewed.


"There is a risk of letting any company "beholden to foreign governments" inside the country's telecommunications infrastructure, he said."

At it's face value this is indeed true. However, it is interesting there is no mention of Samsung then, right? Why would they be exempt from this recommendation, especially given Samsung phones are hundreds or perhaps thousands of times more prevalent than Huawei and ZTE phones in the US.

Shouldn't the argument from the FBI, CIA, and NSA be that US citizens shouldn't purchase any non-US manufactured phone? I'm skeptical as to the true purpose of the statement. This might possibly indicate that for whatever reason Huawei and ZTE don't play ball with the US when it comes to surveillance and the US intelligence agencies don't like it. If anything, this just raised the probability of me purchasing one of these phones. I'll probably stick with BlackBerry, but I will at least consider these next time I need to buy a new phone.


However, it is interesting there is no mention of Samsung then, right?

Well, if you follow the news, apparently South Korea is beholden to Samsung, not the other way around ;)

https://www.cnbc.com/2017/12/27/south-korea-prosecutors-seek...


The US has 23,000 soldiers in South Korea.

It may also be relevant that there are no US-manufactured phones. Indeed, even Samsung phones are full of chips from mainland China and Taiwan.


Isn't the issue more about design though? It seems to me that it'd be easy enough to take a random sample of chips made by your Chinese manufacturer, cut the top off and verify it matches your design with a microscope. However if the complex product is designed by an adversary it's easier to hide a backdoor, probably also easier to plausibly claim it was an accidental bug.


Samsung is "exempt" because they are beholden (in theory) to a government that shares American values (in theory).

It's notable that Director Wray's response included language about "foreign governments that don't share our values":

> "We're deeply concerned about risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunciations networks."


Their military is also quite intertwined with ours -- the US maintains operational control in the event that S. Korea goes to war, at least for a few more years.


Because US has a military presence in South Korea. The US army present on SK soil is a very strong deterrent against them trying something like that. If you have tens of thousands of soldiers stationed in a foreign country it means the country with army in your backyard has quite a lot of influence over you.


The government lost this argument with me, when they outsourced missile chips to be manufactured in the same country as where the missiles were pointed.


Samsung is not a Chinese company no?


It's South Korean.


The reason is probably that Samsung caved to the US intelligence industry while Huawei and ZTE did not.

It was laughable that the Australian Government forbade NBN bids that included Huawei equipment, but happily accepted gear from Cisco.


Australia? We're totally in lockstep with America on foreign policy and surveillance as part of 5-eyes and ANZUS. Duplicitous politicians walk a fine line between China being our biggest trading partner and "All the way with LBJ".


That's really funny, because a couple of years ago, Snowden demonstrated very clearly that American tech companies are all infested by NSA mass surveillance tools or dominated by mass surveillance activities, constantly profiling pretty much all citizens.


In that sense, it might actually be "safer" for an individual American to use a Chinese phone. It may be backdoored, but at least the PLA isn't going to share your vacation pics with the DEA, but the NSA might.


Exactly why I use Russian services like Yandex mail. Russia can read it all they want but they'll never give it to the U.S.



If you're an American and you use services outside of the US, you are in fact enabling - entirely legally - the NSA to do dramatically more aggressive things to target your information / data / email.


But... they were already doing it.. And no signs of stopping..


[flagged]


That crosses into personal/national attack and is not ok here. Please don't do it again.

https://news.ycombinator.com/newsguidelines.html


It's my first time getting flagged but how is claiming that a Russian resident (national or permanent or otherwise) preferring to use Yandex mail a national/personal attack in any way?


I interpreted it through the filter of the current discourse re trolls, bots, manipulation, meddling, and collusion. If you didn't mean to insinuate about any of that, I'm sorry for misreading you!

I wasn't the only one, though (https://news.ycombinator.com/item?id=16381477). It's sad, but if a comment doesn't include enough information to rule out the most inflammatory interpretations, that's where readers will go.


Ah, fair enough. I didn't mean it that way but will be more mindful next time. Thanks, Daniel.


I love the smell of fresh astroturf in the morning.


As far as I’m aware he didn’t demonstrate that (say) Apple was infested by NSA mass surveillance tools. And those options that could be used to profile users can be switched off. What am I missing?


Rex, the Qualcomm baseband os, is a binary blob that’s really annoying to reverse engineer and it shares a bus with the top-level os.


No, that's not in fact how basebands work; the baseband is connected to the AP via HSIC, which is an internal USB bus. "Shares a bus with the top-level OS", by the way, is a sequence of words that doesn't really make sense.


I checked and you're right! I misunderstood a series of articles from 5 years ago on this subject. Please excuse my confusion :(.

Edit: Also Rex is the kernel and RtOS is the OS.

http://www.osnews.com/story/27416/The_second_operating_syste...


I guess that's a +1 for why new iPhones are changing over to Intel LTE chips


Isn't this still a problem with the new Intel chips? Is the baseband processor actually separate?


https://leaksource.files.wordpress.com/2013/12/nsa-ant-dropo...

Also:

https://www.engadget.com/2017/08/02/apple-vpn-restrictions-c...

http://www.slate.com/blogs/future_tense/2017/08/02/apple_and...

http://fortune.com/2017/08/01/apple-ceo-cook-china-vpn-apps/

> “We would obviously rather not remove the apps, but like we do in other countries, we follow the law wherever we do business,” Cook said on a call with analysts to discuss quarterly financial results.

If Apple wants to remain competitive globally from a market share perspective, they need to compete in China (http://gs.statcounter.com/os-market-share/all/china). If the only way to do that is remove apps from the app store, they'll do it.

In fact, the app store is probably the most noticeable change. There could be others that haven't been widely publicized.


> What am I missing?

Quite a lot, I'm afraid. Please do read the Snowden leaks, it's extremely important historical data. For starters, all major US tech companies are PRISM partners.


What do you think PRISM actually accomplished, on a budget of ~$200,000 USD/year?

Hint: It wasn't a firehose of compromised user data gathered by 'mass suriveliance tools'. It's budget is missing a few zeroes for that.

It was, however, a firehose for serving legal documents.


Based on said leaks and a fact sheet from DNI Clapper himself, PRISM is simply an efficient warrant processing system based upon legal authority, nothing more. While troubling and worthy of debate, particularly regarding its 702 legal authority and targeting of Americans, it does not involve malware, surreptitious access to any of the involved tech companies, or an infestation of NSA tooling. The author of the PRISM slides was not careful to make this clear, which meant without context, everyone seemed to assume PRISM was a Room 641A situation. It's become clear that to be a 'partner' in PRISM simply means that the entity is capable of responding to warrants using the system, and citing PRISM as an example of compromise in the same vein as this Huawei announcement is disingenuous at best. Some companies built systems on their side to help (like Facebook), while Google delivered their PRISM data via SSH, for example; Twitter, interestingly, did not play ball.

Having responded to warrants before, I can tell you that it's a drawn out, paperwork-intensive process. Something like PRISM is actually net good for both parties, since governmental relationships are extremely human intensive on both sides at the scale of the large tech players. I can actually understand and sympathize with the USG designing a system to make it more efficient, though the leaks tell us it was flagrantly misused (primarily via NSLs, back door searches, and so on).


What about talk of being able to turn on any phone microphone etc


What about talk of unicorns?


Came here to say this. Do these 3-letter "agencies" still have any credibility left since they're now known to have repeatedly cheated "their people" (citizens, uhum tax payers, that to some extend keep these agencies in existence)?

Maybe Huawei devices are harder for them to "bug", and that's why they say this. I have no reason to believe they are not lying, after all the lies and cover ups that have been exposed.


It's a double-whammy: Not only do the Chinese get all that precioussss data, also the Americans don't! Unless, maybe, they manage to buy or trade for it. Facing that kind of loss, I would be concerned, too!


Makes sense - They're just worried about losing marketshare.


I guess I'd rather be spied on by the NSA than foreign states, if that was a choice and I couldn't choose "none of the above."


And all while profiting from their users (and non-users) behind their back.


The headline seems sensationalized. The article doesn't mention a recommendation not to use, it simply was the absence of a recommendation at all.

"...asked the group to raise their hands if they would recommend private American citizens use products or services made by Apple competitor Huawei or smartphone maker ZTE."

The US Government is not in the business of recommending device brands or services to private individuals, and not making a recommendation is not the same as recommending against.


Yes. I would say there it is pertinent to consider why the Senator did not word the question as "Would you recommend private American citizens avoid using products or services...".


60 Minutes did a segment on Huawei a couple of years ago where they discussed the extreme concerns intelligence officials had with Telcos using Huawei equipment. At the time it just seemed like a very strange segment, this was of course before the Snowden revelations. I have thought about that segment many times since the Snowden revelations and it starts to make sense why intelligence officials where so concerned.


I recall seeing that segment. If I remember correctly it was focused on the Chinese stealing trade secrets and intellectual property from US companies. One example they gave was Cisco source code that was found in Huawei network devices.


I'm going to make two assumptions: China is spying on us through these phones, and the US is not spying on the Chinese through US phones.

Now consider what real harm is going to come from US citizens using these phones when don't have any influence on the US government. Are the Chinese going to siphon the data of everyone in the country and use it to plan attacks on the government? Could be. But considering the relationship these two counties have right now, does this seem probable?

We aren't at war with China. But we are slowly giving up market share to foreign companies, which weakens our economy and our negotiating power. Really, the biggest threat to the US from China is not intelligence leaks. It's customers. Once we lose the mobile market, everything else people use through the mobile phone may follow. China's startups could position themselves to become the center of the tech world with a captive user base and tailored platform.

It could be that ZTE and Huawei simply can't be bought, and the US gains nothing by allowing China to dump cheap and powerful smartphones on the market. It's one thing to screen phones in the public sector - but nationally? I'm not buying it.


> Huawei has not made strides in the U.S. market in large part because of government concerns that the Chinese government can use its smartphones and other products for intelligence gathering.

This is a great opportunity for Huawei to be the first major manufacturer to have a totally open-source stack. It would be immediately unimpeachable; a feature that no other smartphone manufacturer has.


They'll never get the modem from qualcomm, that thing has it's own os and can download and run anything


You do realize that they design and manufacturer their own modems, right?


Huawei has a soc? I swear they use mediatek

I stand corrected HiSilicon


HiSilicon is wholly owned by Huawei.


It's a sad state of affairs when one can't tell whether China really has backdoors on Huawei phones, or USA just wants you to use phones with their own backdoors.

Too much smoke and mirrors.


Maybe it's a budget-saving measure. Keeps the TLA's from having to buy all of our information from Facebook and Google.


What we need is a phone that neither the Chinese nor American governments can monitor. Failing that, since I live in the USA, perhaps a phone that the Chinese can monitor but the American government cannot (at least until China and USA ink a pact to trade intelligence info).

What irks me is why does the government insist upon having the ability to monitor everyone willy-nilly when it has been shown consistently that by far most of the information gathered is worthless for both espionage and criminal investigations?Why not return to the older court-approval method for warrants (and get rid of FISA courts and the FISA system entirely).


What in the world would lead you to believe if the Chinese can monitor your phone, that the US can't? That's so far out there in terms of logic, I can hardly imagine where you're coming from.

This entire thread is overloaded with posts that seem to not understand the US intelligence system, its legal authority, how FISA works, how the court system works, et al.

I keep seeing people say that they might be better off with their information outside of the US, because China or Russia can't arrest them if they reside in the US. If your information is outside the US, transited to a foreign service provider, you just dramatically increased the US Government's authority to target your information.


adventured says >"What in the world would lead you to believe if the Chinese can monitor your phone, that the US can't? That's so far out there in terms of logic, I can hardly imagine where you're coming from."

Firstly, What makes you think you know and can state here what I believe? You have no idea.

Secondly, I don't believe that. But I do believe that surveillance is a constantly-changing game (like stepping into a river) and a Chinese vendor will be slower to provide updates to USA intelligence agencies than will a domestic vendor. Hell, domestic communications vendors have willingly followed the instructions of the 3-letter agencies. The time lag could allow one to avoid surveillance.

adventured says >"This entire thread is overloaded with posts that seem to not understand the US intelligence system, its legal authority, how FISA works, how the court system works, et al."

Best to save your breath and worry about the gaps in your own knowledge.

adventured says >"I keep seeing people say that they might be better off with their information outside of the US, because China or Russia can't arrest them if they reside in the US. If your information is outside the US, transited to a foreign service provider, you just dramatically increased the US Government's authority to target your information."

Firstly, that was true for awhile but not now. Foreign or domestic, your data is being collected and is being examined by computers, indexed and stored for future reference. We're already at "Big Brother".

Secondly, I'd like to see the FBI try to bring evidence to a U.S. criminal court that was collected by almost any foreign government's intelligence services. That would be a fast track to dismissal of charges.


I posted a link to a company making secure laptops and iphones on a previous, similar thread and got down-voted and accused of shilling/trolling. If you are interested look for : laptops and phones where you are in control and have complete visibility into the operating system, all bundled software, and the deeper levels of your computer.

(The phone has not been released yet.)


All three of these orgs have done questionable things to their own citizens - some in recent history - however, they're what Americans have. Not trusting them when they're being so ridiculously direct seems unwise. If I had to choose my lesser evil, I'll go with my government's agencies over the word of a foreign government. I don't think China is fundamentally evil, but I do think that it's viciously competitive and very organized. So for now, I'll take the warnings at face value and avoid Huawei phones.


how about ask for proof? let it be debated by elected people first? seems like secret agencies are running things there... if you want to achieve your goal just scream "national security"; nice system.


https://www.pbs.org/newshour/nation/spy-fears-drive-us-offic... Can't find the article but there was a warning not to discuss trade secrets or use the free wifi in conference rooms at Chinese-owned hotels in the US or Canada (which includes Starwood brands). Before anyone starts talking about "hackers"... why sneak around when you can just own the building.


I used to make mobile phones for a European company. High end expensive phones - very few phones produced. I was responsible for gathering telemetry data and was always wondering why some of the first telemetry data we got from phones was from Guam.


Maybe because Guam is near the international date line, and telemetry that turns on on a certain day is likely to come from there first?


Makes sense.


vertu?


Huawei is a government sponsored entity. It will be natural for them to spy on our citizens and companies and steal their data for the betterment of China. We just have to be aware of that. Going into conspiracy theories won't help us much, we have to be clear-eyed.


What an odd comment thread. In what twisted world are people holding the Chinese government as a bastion of liberty compared to the US?


So is it a choice between getting spied on by the Chinese government or my own government?

Which phone does the US government recommend I buy?


Buy American.

Buy iPhone.

Made in China*.


Hardly any of the iPhone is made in China. Taiwan is not China. The same is true about Samsung phones, they've almost entirely eliminated China from their manufacturing process. Three times as many Samsung phones are made in Vietnam as in China at this point. Before another five or six years out, barely any non-domestic smartphones will be made in China.


It might be just about money... more money stays in the US if you buy from Apple


I'd separate jurisdiction from information.


Here is a video[1] of the part of the testimony being reported here.

It's also worth mentioning that several years ago, the BT in the UK basically installed Huawei equipment all over their core telecom infrastructure.[2]

[1]: https://www.c-span.org/video/?c4714734/zte-huawei

[2]: http://www.bbc.com/news/uk-22803510


Without evidence this sounds a lot like fearmongering.

But at the same time the FBI, CIA, and NSA are probably best informed about just how powerful (smart)phone surveillance can be.

I still want to see the evidence though.


You guys, I can't tell if it's foreign bots flooding this thread with disinformation, but it's obvious that using a Huawei phone isn't going to keep you off of American intelligence servers. All it's going to do is make it easier to get on Chinese ones too. I'd take these warnings seriously. The Chinese have a long history of stealing IP and disregarding norms.


> All it's going to do is make it easier to get on Chinese ones too. I'd take these warnings seriously. The Chinese have a long history of stealing IP and disregarding norms

Agreed. To those arguing "the Chinese having all my information is better than the Americans," three points:

1. As 3pt14159 says [1], just because the Chinese have access to your phone doesn't make it safer against American law enforcement.

2. Every phone isn't made by American or Chinese firms. Don't force a false dichotomy.

3. Economic espionage is a scary threat model. Consider what you know that someone else might find valuable. Few people answer "yes" in respect of political information. Many more answer "yes" in respect of commercial information. That is your blackmail value. Choosing to expand your security cross-section to foreign economic espionage plus domestic political espionage, versus simply the latter, is irrational.

[1] https://news.ycombinator.com/item?id=16381401


The argument is not favoring one versus the other.

The argument is that being exposed to any peeping tom is bad, no matter who it is.

If no one can't prove to me that there are no peeping toms at all, then a hotel room with a peep hole is still a shitty hotel. But as second class citizens, for all of us, choosing a room with a peep hole is compulsory. Gee, who's fault is that?

Sorry. If I have to sleep in a room with a peep hole, it really doesn't matter much to me who does the heavy breathing on the other side of the wall. I'm supposed to pretend it's not there anyway, and so I shall.

Can the Chinese arrest me and throw me in jail? No. But, for sure, I could get thrown in jail, based on the contents of an electronic device. Are the people who conspire to imprison me friends? Wait, what are they peeping on us for?


> The argument is that being exposed to any peeping tom is bad, no matter who it is

This is not the argument I refute. I specifically state what I am refuting: "the Chinese having all my information is better than the Americans." Two things being bad doesn't make them equally bad.

Buying a Huawei phone to safeguard against the NSA is akin to leaving one's door open so there is no peephole for peeping Tom to look through. Yes, within a narrow construction, one is correct. But practically speaking, now both the peeping Tom and the person who opened the door can see in.


I want a room without a peeping tom. If that’s not an option, then I sincerely no longer care about my own safety.


>economic espionage is a scary threat model

RE: commercial information

Can you suggest any good books on what kind of information a "pragmatic" first world government might collect on citizens for blackmail?

I'm having a hard time thinking of examples aside from say sexual taboos or things that people find shameful for diverse personal social reasons (e.g. eating habits, media habits and so on).

When a citizen isn't engaged in explicitly illegal behavior is it really that easy to threaten someone's life/career in exchange for commercial/political information? The types of social/taboo espionage I mentioned above don't seem broadly applicable enough for a government to really bother with it as a generic model for blackmail.


I really don't think it's bots. Being contrarian, anti-US government and skeptical bordering on conspiracy are all strong HN norms.

I'm not really saying that to be dismissive but it seems like a shared culture on this site since the fallout of Snowden (right or wrong, I'm just describing how I see things play out here).

HN seems to lean more towards the conception of reality where we're playing 9-Dimensional chess vs "attribute things to ignorance not malice."


It's hand-wavy for now, but I've generally found that older more connected accounts are much less likely to be conspiratorial about this type of thing. Not attributing cause, just gives me pause sometimes.

Take your account for example. Your username doesn't obviously connect you to a real person, you don't have details in your profile, your submission history is a single article of the NYT but then again, your comment history seems real / thoughtful so you're probably a real person operating a single HN account, but when a whole topic is flooded with the same type of thinking and mostly from accounts that haven't been around that long I get a little suspicious. Of course I'm never bothered enough to put in the work to figuring it out.


I actually have yearly reminders set in my calendar to make new usernames on sites I frequently comment on (with new registered emails, etc).

People with deviant opinions value anonymity. People who have to live and work in the US don't want to be associated with anti-US opinions for pragmatic reasons.


> I'd take these warnings seriously.

Between the likes of "Iraq WMDs" or "FISA memo", I don't think I'm going to trust anything the U.S. intelligence and counterintelligence community says, thank you very much.


I doubt foreign bots are flooding this thread.


Yeah that would never happen /s.

This is one of the most frequented social media sites for tech people. This place is a perfect target for foreign bots.


I think we have plenty of homegrown distrust of intelligence agencies post-Snowden without needing to import it from abroad.


What's much more important, HN is a constant source of reposts. Half of what I see on all other tech sites I see on HN first.


> foreign bots

Everyone I disagree with is a "foreign bot". I swear this is the new form of American elitism. The fact that the leftists of the coastal regions apply this kind of thinking to even their countrymen only proves my point further.


I have a Xiaomi. And given the choice I prefer being spied upon by the chinese... Rather than the Yankees.


This argument has strong extra-territorial qualities because they forced the "five eyes" compatriots in AU and NZ to drop Huawei as core technology in domestic and international fibre deployment.

But, there is this other quality. The in-senate presentation mainly focussed on the governance structures behind Huawei. The government is cross because ex PLA members are vested and its not a transparent company structure.

I think the FBI/CIA/NSA reports are deeply troubling for their lack of specificity, in a context of international trade I am not drawn to entirely believe them.

Remember, this is the nexus of people who alleged sound reasons to go to war in Iraq which turned out to be flawed. Sometimes rumour is conflated with fact.

I know people who work in Huawei. I do not believe they are people of bad intent.


Do you all think this would apply to the Nexus 6P as well? Google branded but made by Huawei..right?


Presumably. I own a 6P and it is an amazing phone. If I had to buy a new phone today it would probably be a Pixel 2. However it seems to be having some issues with a blue screen tint, perhaps due to a poorly manufactured polariser. That just leaves Samsung, which is out of the running due to their poor history for android updates.

I don't really give a shit myself whether China is spying on me, as I myself have nothing to do with China and don't have any secrets worth stealing, but it would probably be best avoiding any Chinese networking hardware if you have any concerns.


What if they could remotely blow up your battery?


Why would the Chinese government want to remotely blow up my battery? Would the NSA want to remotely blow up my battery?


It could be targeted attacks on important targets.... a bit like drone strikes, but much more precise ...

Reminds me a bit of the Slaughterbots: https://www.youtube.com/watch?v=9CO6M2HsoIA


What if they could remotely blow up your town with a nuclear missile?

Qui bono?


The takeaway being that the Kirin line of CPUs is proving difficult to create a backdoor for.


Don’t use those phones because the Chinese government did get information off them?

Odd. Isn’t that EXACTLY what the US government was trying to do a few years ago to Apple phones? Get their own personal back door put in?



If the FBI, CIA and NSA say I shouldn't use Huawei phones then I guess maybe that means I should :)


Between the devil and the deep blue sea; we either let the Chinese spy on us, or the Americans.


Not only TLAs from the USA.

Australia's ASD would have the same opinion.

And I personally wouldn't get an other Huawei phone after seeing the app shit that had all permissions, was pre-installed, force started and uninstallable.


This would carry more weight if someone funded serious reverse engineering efforts against some of these phones.


Its kinda surprising they haven't cited any evidence, I would expect they have numerous examples.


I posted a link to a company making secure laptops and iphones on a previous, similar thread and got down-voted and accused of shilling/trolling.

If you are interested look for : laptops and phones where you are in control and have complete visibility into the operating system, all bundled software, and the deeper levels of your computer.

(The phone has not been released yet.)


Makes sense, it was a big deal to never use Huawei equipment in routing or cell equipment.


Extremely easy to have provided proof, none provided, useless fud.


Any reason to believe the same wouldn't go for OnePlus?


next time when anyone wants to complain the fact that facebook, google and twitter are all banned in China, think about this news.


Time to get a Huawei phone and new VPN....


... and then login into Google and Facebook accounts, use Google Maps for navigation, Whatsapp/Snapchat for private messages, Amazon to buy nearly everything, Youtube search for political statement. Bonus points if you run some "free" apps with ads served from all over the world.

If wish it were possible to get off the hook by just changing the phone brand and IP.


I worry that it's sort of the same line of thinking that leads folks to skip vaccinations for their children, i.e. "What about the Tuskegee experiments and MKUltra? We can't trust government claims about health risks."


We detached this subthread from https://news.ycombinator.com/item?id=16379164 and marked it off-topic.


To be fair, anti-vaxxers do have legitimate examples of vaccines being harmful [0]. Calling them all out as crazies just reduces the communication between sides and doesn't help further vaccination promotion.

[0] https://www.sciencemag.org/news/2015/07/why-pandemic-flu-sho...


There is such a thing as overstating one's case though, especially when it comes to advocacy.

To a rational mind, 200 years of practical evidence and the elimination of several deadly pathogens should outweigh a handful of legitimate but isolated counterexamples, but they argue against it anyway to the extent that they would risk their children contracting measles, tetanus, diptheria, mumps or rubella over an anecdotal correlation of autism...which even if causal, is difficult, time-consuming and expensive to treat, but not deadly. Yes, sometimes vaccine supplies get contaminated or have adverse effects, but so do batches of milk, spinach, peanut butter, and Chipotle burritos. It hardly justifies a concerted argument against any of these things.

It is craziness, and no amount of logic, evidence, patience or negotiation ever convinces these people otherwise. We may as well dismiss them and move on.


https://www.cdc.gov/flu/about/qa/vaccineeffect.htm

>During years when the flu vaccine is not well matched to circulating influenza viruses, it is possible that no benefit from flu vaccination may be observed.

I'm crazy for not allowing myself to be injected with several strains of influenza virus when the most-optimistic estimates of efficacy are around ~40%.

Calling it a flu "vaccine" seems like a misnomer to me, given the rapidly-mutating nature of the virus.

>We may as well dismiss them and move on.

This is HN.


The influenza shots are really not the subject of antivax sentiment, nor are they pushed the way tdap etc are. And this latter group has much more efficacy, not even including herd immunity effects.


Indeed, I was referring to the flippant dismissal of the above poster’s comment, and I addressed the flu-shot’s status as an exception.

Of course that won’t save you from the “I f’ing love science”-brigade down voting without rebuttal.


To be fair, you can find an issue with all sorts of medicine in the past. That doesn't mean we stop taking medicine. Do we also stop using software because some app had a bug? Of course not.

So no, I don't think defending anti-vaxxers with that example is being "fair". I realize you're not really defending their overall position, but even the line of thinking you proposed is deeply flawed.


I don't know why you're being downvoted. The article you cite is a legitimate example of a case where vaccines have caused harm, you're not directly advocating that people stop having vaccinations.


Because nobody who is anti-anti-vaxxer is claiming that vaccines have never caused harm.


Claims without evidence, let alone proof, absolutely should not be trusted.


Intelligence agencies generally avoid saying exactly why they suggest something and how they came to that conclusion. If agencies were fully open, adversaries would know what holes _they_ need to plug.


I'd go one step further and say that intelligence agencies rarely say what they mean. It would be naive to take any of their statements at face value.


I think that’s a fair distinction to make.


But in this case we know with practical certainty that the NSA is still spying on us, don't we?


There are some vaccines that don't make sense. The flu vaccine does not make sense to get because you still have a chance of contracting that strain after getting it and you're still as likely to get other strains and it makes you go to the doctors during flu season (a not-so-smart time to go). As for this situation, the FCC and NSA should be the ones talking about it. Seeing network communications is easy enough (especially if you have a backdoor). Buying Huawei means you have the possibility of them spying on you and the US. I'm not too thrilled about surrendering random information to the spies...


Before Flu season. Or, I mean maybe the US does it differently but as somebody who apparently has a compromised immune system (it had cancer a long time ago, fixing that is bad for it but good for not being dead) I got my jab months ago as usual, letter in the post "come get jab" phone up, pick a time "sharp prick coming" all done.

The flu jab isn't very good, but, in most years it's better than nothing and it's pretty cheap for the government to give me a jab compared to hospitalisation if I get really sick.


Doctors defer to the experts when they need some javascript written. Maybe do the same when you're so clearly out of your depth?


This comment would have been better without the ad hominem.

Perhaps something like: "maybe it makes sense for the average person to defer to a doctor's opinion with regard to flu vaccine".


In the US, you can walk in and get the flu shot at any of the big pharmacy chains; no need to visit a hospital or doctor's office.


> makes you go to the doctors during flu season (a not-so-smart time to go).

In Australia it is common for an employer to pay for their employees to have the seasonal flu vaccine, one or two nurses come to the office / work site to administer the vaccine. So the only new people you're being exposed to are those nurses, for a brief few minutes


In the US I've seen flu shots offered at every CVS I've been to. I doubt CVS is the only pharmacy chain that does it.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: