So while it's huge Google was told what to do, it's not surprising as this is business as usual. And back to an earlier point... The best place to siphon data in 2019? Your phone. Times have changed, data collection by governments hasn't.
But can't you reverse engineer your phone and see what it's doing? And can't you monitor the network data it's sending? With a backdoor in long haul transport gear, academics, researchers, random hackers, watchdog groups, journalists, competitors, etc, don't have the ability to monitor for bad behavior.
I honestly believe that the theoretical DMA backdoor attack (and most other similar attacks) have been mitigated thoroughly. I am much more concerned about secretly held 0days (RCE) and most concerned about warrantless orders against cloud storage.
Are you citing "To protect the device from vulnerabilities in network processor firmware, network interfaces including Wi-Fi and baseband have limited access to application processor memory. When USB or SDIO is used to interface with the network processor, the network processor can’t initiate Direct Memory Access (DMA) transactions to the application processor. When PCIe is used, each network processor is on its own isolated PCIe bus. An IOMMU on each PCIe bus limits the network processor’s DMA access to pages of memory containing its network packets or control structures."? Correct?
The attention to hardware isolation and separation is appreciated, but I don't hold my breath for iBoot and SEPOS protecting an iPhone from powerful adversaries.
I think that these mechanisms completely frustrate "bulk" in-field collection efforts; for example, scanning all phones at DUI checkpoints.
No technical control is perfect. If you personally piss off a nation state adversary, they are more likely to yeet you off to a black site and hit you with a wrench until you cough up your passcode.
Surely, someone will break iBoot, and surely, someone will break SEPOS. And surely, someone will chain a kernel exploit with a userspace exploit . And surely, someone will leak the signing keys for a widely deployed cheap android phone . And surely, someone will push 777 permissions to a cloud provider . And most surely, powerful government adversaries will hold brutal exploits close to their chest in the service of power and politics .
So I guess, if you want to breath freely: host your infrastructure yourself where feasible. Choose providers who respect your privacy. Make a modest but financially fair donation to the EFF. Become politically active. Use better practices - not best - to avoid fatiguing yourself in the windmill chasing effort of being Perfectly Secure. Most importantly, stay awake and aware and ready to fight.
> The surveillance is performed through the use of wiretaps on traditional telecommunications and Internet services in voice, data, and multiservice networks. The LEA delivers a request for a wiretap to the target's service provider, who is responsible for intercepting data communication to and from the individual. The service provider uses the target's IP address or session to determine which of its edge routers handles the target's traffic (data communication). The service provider then intercepts the target's traffic as it passes through the router, and sends a copy of the intercepted traffic to the LEA without the target's knowledge.
Responding to lawful warrants and subpoenas is everyone’s obligation, and has been for hundreds of years under American law, and English law before that. The government is entitled to almost any evidence—it just has to follow the proper process to get it. Lawful intercept just supports that process. That’s also why the FBI having access to US data is fundamentally different than Chinese back doors in US networks. US law enforcement has legal ways to access data flowing in networks to perform their legitimate law enforcement functions. The Chinese have no legitimate reason to access data in US networks.
First of all PRISM was not purely "a system for handling paperwork for lawful intercepts", see .
Second your assertion assumes that somehow all requests within these programs abided by "lawful purpose", which we also know is not true. Whether FISA rubber stamps were lawful is subjective and your opinion but not fact. Your answer purports a black and white perspective on the past which I simply don't find appropriately represents all the shades of grey presented by all of the legal angles during this time.
Just because it was never settled that way doesn't change the history of it.
You could have made the argument you were trying to make colorably and defensibly. All you had to do was not try to sound like you'd been "read in" to NSA's SIGINT programs. But, like I said above: you managed to cite one of the few NSA program examples that is in fact totally banal and, ironically, an almost perfect example of lawful intercept.
As I said above: it's not hard to come up with cases where NSA is doing things that appear to contravene US law, but you managed to cite the one instance where all they're managing is paperwork.
I can't imagine much useful material comes from wiretapping these days. Maybe once in a while, but the real value largely exists in the application layer, which is obtained in a different way.
Foreign-hosted services seem like they'd be hard to crack, but it's extremely likely their data flows though Cloudflare, Amazon, GCE, or a similar US-based company.
Law enforcement still had to go to a judge, get a court order, and take it to the ISP. The ISP could then configure the devices to siphon off traffic from a single customer to a collection device.
The same functionality and process has existed in phone networks basically since they became electronically switched.
Remember the context of my conversation was 2010-2011 which was pre-Snowden. It's likely state, local and national agencies have less of an interest, today, at route/switch infrastructure simply because of the post-Snowden crypto push.
It was later discovered the NSA capability was the direct result of tapping fiber optic cables between international data centers, nothing to do with lawful intercept capabilities.
Tell me if I am mistaken, but in these specific case it looks more to me like forbidding customers and companies from using foreign made secure vaults because the government can't force them to secretly provide a master key.
Then sure, the argument is also valid that these vault makers could be providing a master key to their respective governments, but that would be a different argument and different enforcement.
Yes, and these actions are the US finally shooting back after enduring years of industrial espionage, forced technology transfers, and market access restrictions.
The assertion that there's going to be consequences seems... inevitable? To me at least.
After 9-11, the FBI's mandate was expanded from investigating terrorist attacks to include preventing them from occurring.
However, if I were Apple, I'd be really worried about retaliation. Apple is wholly dependent on manufacturing in China and its supply chain, and even small disruptions could cause huge mounts of pain.
This particular leverage is also why iMessage isn't blocked in China.
The one exception is apparently Apple's keychain as per https://blog.cryptographyengineering.com/2018/01/16/icloud-i.... But, if the hardware used to enforce the security is different in China, even that could be cracked.
China, a country which mandates spyware be installed on phones. Which uses deep packet inspection to block access to foreign websites, that bans VPNs in app stores. China, a country which forces the population of Xinjiang to install Jingwang (https://en.wikipedia.org/wiki/Jingwang_Weishi), a spyware app so they can grab your on-device files. Which has deployed facial recognition cameras in many cities. Which blocked access to Wikipedi because it switched to HTTPS.
That China, you think, is going to allow all of that to be circumvented just by buying an iPhone? Right. Chinese Government: "You're not allowed to use VPNs. But if you're in Xinjiang, and you need privacy, we recommend buying an iPhone, since it doesn't work with Jingwang, nor deep packet inspection. Just tell the police you have an iPhone, and we'll wave the usual regulations we impose on Android devices."
Last time I was in Xinjiang, people there had iPhones. No one believes iMessage would be snoop proof.
As far as I can tell, the way iMessage works according to Apple's documentation, is that endpoints generate 1280-bit RSA encryption keys, hold the private keys on the device, but publish the public keys to a centralized IDS Directory Server. Note that their published security documents curiously don't say anything about man-in-the-middle mitigation, and indeed, MITM attacks against iMessage on IOS9 were publicly documented.
Now, what do you know about where the IDS servers are located in China, and who controls them? Because if Apple doesn't control them, and control them in a way that makes them impossible to spoof, then it is easy for the Chinese government to attack iMessage.
Thus, Tim Cook could say "We haven't put any backdoors into iMessage for the Chinese government and it is end to end encrypted" and it would be a true statement, but also Apple engineers could know full well the IDS in China could be subject to a MITM.
A plausible way this could happen, after Apple moved the iCloud keys to China, is that the Chinese government could request to intercept communications from a particular user, and the public keys of every recipient that user communicates with could be replaced with a MITM key so they can rely the messages and see the unencrypted content.
We don't know, but what we do know is that iMessage has been attacked with MITM before, and we know the PRC isn't going to let unbreakable encryption be sold to Uighurs in Xinjiang. It defies logic.
If imessages are backed up to icloud, then the govt will have keys to see them. But if a user doesn't back up, I was under the impression not even apple could decrypt iMessages.
As an autocracy, China could easily compensate workers for any loss of work. But another obvious answer is that if Apple were banned in China, Huawei and Xiaomi would pick up the slack.
If China really wanted to, they could shut down all iPhone production for the immediate future.
Nationalism is a play card in every country.
I think this view is too narrow. For the Chinese government, there is something more important than revenge. Why kick that cash machine out of your country if it still paying your people paid and make then happy?
I guess the retaliation will come in a different form, even something out of the trade section maybe, depends on what's on Xi's table.
They build them there because all the supply chain is already there. In Shenzhen, the capacitors, resistors, PCBs and most chips are sourced in bulk from around the block. That's something no other country in the West or even East has and it's such a complex interconnected ecosystem that you can't replicate it anywhere else right now.
Most of the CNC, tooling and moulding craftsmen are there as well, the west has far too few left to be able to take over such volumes. Training so many can take years and that's assuming you even find enough people willing to be trained.
It's like their transport latency is so low and reliable that they don't need as much buffering. It's amazing to see what small and large quantity production lines can look like.
Reading this, I begin to scratch head hearing people complaining about factories being squeezed out towards boundaries of Shenzhen municipality.
I remember people thinking of that as some end of the world event.
And Tesla is well behind the major car manufacturers in using automation.
can you recommend any sources for learning more about the state of automated CE/smartphone manufacturing, or this based on personal experience?
Why hasn't any other auto manufacturer thought of this?!
Tesla doesn't have this problem you see.
Vietnam also has hundreds of thousands of CNC, toolings and craftmen to produce in Samsung's volume. This supply chain narrative is something Apple marketing folks invented to justify their outsourcing. Trump's trade war with China, as many contract manufacturer move out of China, will prove none of that supply chain myth is true within a year or two.
An iPhone built in the US from domestic components would probably cost more than most peoples' cars.
in China, they are now the most expensive phones, people are willing to pay more $$$ to get the top of the line Huawei than an iPhone which used to be the previous "look am me, I'm rich and trendy" device to own there. It's one reason why iPhone sales in China have declined.
There's no world in which you can't claim they are not a world leading phone manufacturer and that their devices aren't premium. Sure, the heavy modded Android sucks and is probably spyware and you can't get vanilla android on it, but hardware wise, it is premium. The P30 Pro runs for almost $1000.
People who live in the US kind of live in a reality distortion field around Apple, and are somewhat blind to what is happening in Europe and Asia. And this complacence is a pretty bad way to evaluate your competitors.
>People who live in the US kind of live in a reality distortion field around Apple, and are somewhat blind to what is happening in Europe and Asia. And this complacence is a pretty bad way to evaluate your competitors.
It isn't RDF, it is "leading premium manufacture" does mean what you think it means. It would be more accurate if it was "leading premium Android manufacturers".
Leading premium manufacturer means largest volume of premium smartphones sold. Huawei doesn't sell a lot of P30 (although I agree it's a premium device).
In 2018, they shipped 16 million P20s in 9 months. And they shipped 100,000 in a single day which could translate to 3 million units a month or 27 million in 9 months, but even if they ship 20 million in 9 months which is 25% more than the P20 you can’t wave you hands and act like no one is buying these phones.
No one, me or the previous one who replied said anything about P20 not selling. Nor the P30. It is simply not leading premium Smartphone, where Smartphone here is inclusive of iOS. Not by commonly used matrix, where the word leading would directly referred to market ASP and not leading as in technically. And I said this again, it would be correct if the sentence was leading premium Android Smartphone. Or Leading Smartphone ( Excluding Android ) or Leading Android would also be correct.
And I am out.
In market share they lead Apple in China, and they ship more units.
Trying to act like they’re a low end bit player is ludicrous. They’re the Samsung of China now, and on track to overtake Samsung globally.
Huawei is #2 or #1 by unit shipment. That doesn't immediately make them a "leading" Premium Smartphone maker. I could sell 200M of $200 Phones and 10M of $700 Phones. Would that make them leading? Would that make them premium?
I predict their own Android fork and China-focused app store will do fine in China, but struggle big time in other markets.
While if Huawei uses the Android open source base, the only thing they have to do is entice developers to submit another copy of their app to their store, which is a much lower barrier than the one MS faced to develop a whole new ecosystem
The Shenzhen ecosystem has taken the idea of 'Open' and 'Open Source' further than perhaps anywhere else in the world. Huawei the company is built on that kind of information sharing. I highly doubt it's alien to Huawei.
white people have a way of saying incredibly insulting, demeaning things about non-whites in a way that it is acceptable in common discourse.
statement such as these need to be called out for what they are - biased opinions based on an irrational fear of "the chinese"
You've assigned a race to another poster based on your own preconceptions of the attitudes and behaviors of members of that race (kicking off your reply to snaky with "white people have a way of [...]") and lumped all members of a race together (accusing all white people of making derogatory statements regarding other races).
How do you even know he or she is white? Why racialize a comment in this manner?
For example, there are a ton of SDKs that provide push notifications, such as Baidu, Tencent, etc...
There are also "super apps", such as WeChat, that offer their own API surface and can be preferable to some app devs.
Then there are some things, such as "advertising id", which none of these SDKs provide (at the moment?).
So yeah, the answer is somewhere between "it's complicated" and "no one".
then, I think they have a chance to attract app developers.
Otherwise, I doubt it.
For the rest of the world, it would be completely different story. It is hard to imagine Huawei won't loss huge market share from the EU and rest of the world without Google's Play Store.
The Chinese market on the other hand will always have users, is huge and I presume most developers won't be willing to give up on it. If they do, someone else will serve their customers and might become a future competitor globally.
China-focused apps will only have to re-implement google services. That sound a lot easier to me than supporting an entirely different OS. If those versions can run on google phones as well, devs have the option to drop the play store version down the line to save cost.
I wouldn't bet a lot on it, but this might be the best chance we ever had to get a real play store competitor.
Palm was a dominant mobile platform until Palm nuked itself with 5 years of clownade with Palm OS 6
Symbian was the biggest, most dominant mobile OS globally until Nokia didn't decide to simply trow it away.
JM2E was the most largely adapted app platform, even into early Android years, until Oracle/Sun simply stopped licensing it...
Now think just how thin is the ice Google is on now with it flirting with idea of "rebooting" Android with Fucsia
I'm not familiar with Palm OS, but Symbian and JM2E both has the iPhone and Android OSs as growing threats. Google hasn't officially stated that it is rebooting Android, and even if they did (and did it right), there isn't a major alternative lurking around the corner...
They have experience on chat and payment software and infrastructure system used by millions of people in their country.
It was the one and only Chinese brand with whom Google made a Nexus phone in the past — at least in part to lessen their enthusiasm in throwing out Google market in Western countries
If one thing the last 50 years has taught us is that whatever the US can do an Asian competitor can do as well.
Generalized, I think it's safe to assume any developed country willing to invest in manufacturing is capable of doing what any other country can do [in manufacturing] as well.
Why would they need it to be popular anywhere other than China?
I guess you don't get the relative security of app stores, and there's no widespread culture of free apps on phones like on PCs.
I'd really love, not a new phone or OS, but just an app store that works under a different model. Cheap or free for developers to post, but curated to exclude the most predatory forms of monetization.
How do we solve the trusted app problem on PCs?
We don't install whatever random thing comes up in google. We look for a trusted recommendation.
App stores are just teaching us that it's ok to install any app, which is not necessarily the best security model.
> SCMP is owned by Alibaba, they're far from impartial: https://en.wikipedia.org/wiki/South_China_Morning_Post .
And given the PRC's enormous, well-documented investments into perverting the truth and framing the narrative worldwide, more developed than most; even an arm's length relationship is too close for me to put that sort of trust into a a venture like this.
Here is a helpful read, http://zeihan.com/my-way-or-the-huawei/
Google Android in no longer a universal platform and moving forward, I doubt I'll ever buy anything again Google or US related again in terms of tech.
This si no longer a China vs US issue, it's the US vs the world.
Europeans are really critical of China and their policies (esp. their human rights record). But they don't like the US that much more (apart from the Brits) and with a struggling economy you really don't want to make them choose between money and ideology.
Anti-US circlejerk is mostly confined in Western europe (sans Brits). Eastern europe has totally different sentiment.
Yeah, wow, it must be completely impossible for someone without decades of US residency or decades of intense interest in the US to understand the US government!
I like to flatter myself that after 58 years of living in the US, I have recently started to be able to predict most of the major decisions of the US government. (Youtube videos of speeches and interviews by Peter Zeihan and George Friedman helped me in my understanding. Most of the senior editors and reporters at, e.g., the New York Times and the Washington Post, although passionately interested in the US government, have only a shallow understanding of it IMO.)
Even if democracy in West (or at home) is far from perfect, it's lightyears ahead of China.
So has the US though, even on it's allies as Snowden showed us.
In addition australia has the same stance as nearly every western country when it comes to Huawei, namely "only we get to spy on our people, so get out"
I'm sure that the EU/australia/the west is breathing a sigh of relief that Trump did this instead of forcing them to make up some more draconian law about foreign device mfg that would have unintended consequences.
That said, others have only had good experiences. YMMV.
This is just an expansion of official government policy put in place during the Obama administration to the rest of the private sector.
tl;dr: this isn't new territory for Huawei.
Now obviously, every country has its own agenda, but there are (arguably) stronger reasons to be concerned about China than most others. They are undemocratic and suppress significant parts of their population (the Uighurs, Tibetans, Christians, ..), don't believe in free speech or freedom of religion, but also have a large economy and military presence. Now of course, other countries are not saints, but the differences with China (and in particular its disregard for human rights) make future disagreement much more likely.
Huawei could sue the Australian government over the ban: https://www.afr.com/business/telecommunications/huawei-won-t...
Chinese companies, on the other hand, have no such recourse against their government.
Show me the push back to the following:
- NSA backdooring
- The whole Prisma scandal
- The current trade war with China
And tell me how EU governments benefit from US companies avoiding taxes, and repatriating revenues generated in the European market to the US.
The US is a highly unreliable, politicized provider. The US uses technology to steal data and taxes from other countries. And abuses its position to impose its will.
We can not build our digital infrastructure like this anymore.
I assume EU governments are following this very closely.
This news, if true, will affect the devices made by Huawei and sold worldwide though.
Apart from that the other options you have, are (in random order): /e/, PureOS, KaiOS, SailfishOS, Ubuntu Touch, Plasma Mobile, postmarketOS, among others.
That's not going to be good enough for Huawei.
Similarly, all of those alternative OSes aren't going to work if they're not binary, and more importantly API compatible with Android + GMS.
The question is rather: given that it is FOSS is it good enough for them to extend the functionality on the short-term?
> Similarly, all of those alternative OSes aren't going to work if they're not binary, and more importantly API compatible with Android + GMS.
KaiOS has some compatibility (by design not fully compatible).
SailfishOS has an Android emulator. Other OSes could also use one such as Anbox.
/e/ and LineageOS are binary and API compatible with Android.
GMS is an issue, but given that Google is under a magnifying glass concerning monopoly position related to Android in EU I have some hope that alternatives for GMS (or FOSS implementations) could happen.
It's good for me¹. I want a device that does no phone home to its mothership outside my control. This requires Googles Services not to be installed.
I don't doubt that many nevertheless still use Googles Services.
¹ compared to Googles Android. I'm still desperately waiting for a device with mainline Linux support without blobs.
Will never happen.
If you do unlock the device and install Lineage OS (which doesn't support more than a few devices), you now basically have a crappy camera app, probably your FreeBuds won't work properly anymore and you really should have bought a different phone.
I love Lineage OS and used it for years (OPO and other phones). It would ruin my P30P though.
Not only that, the ban encourages a long term move away from US-based tech as alternatives are needed within China. This new tech will ultimately be available worldwide, but no longer owned or controlled by US companies.
As someone from neither China or US, it seems crazy. It’s one thing to ban Huawei from your own markets for security concerns, but by making such a heavy handed ban on working with them, the US government seem to be making the US less secure short term, but also US companies will be less competitive and less influential in the world long term.
China blocked Google play years ago and repeatedly blocks every attempt Google tries to make to relaunch back into china  so they did that a long time ago.
Like they have no choice with tax laws. Or no choice with cartel laws. Or no choice with data protection laws.
They are agressively trying to circumvent many laws all the times to extend their monopoly and grow their profits. They have multi-billion fines from the EU and several member states pending and no somewhat critical thinking citizen would claim that EU has been particularly tough on their monopoly and tax evasions.
Google is fighting hard to keep their app store on Huawei devices, because they don't want 10Ms of users to force-adopt alternative app stores.
Heck, if you look at where Chinese officials try to stash their money and their families, it's clear they trust Western countries a lot more too.
As an EU citizen, idk, China seems more locally focused, the U.S reaches everywhere. Speaking of NZ, the whole Kim Dotcom situation makes it look like a U.S.vassal state, honestly.
Huawei's products are vulnerable by default, anyone can look up the applicable CVEs and run the proof of concept code for said CVE to pop a shell. China doesn't have exclusive access :)
Remember that Huawei settled out of court to the 'allegation' that they copied Cisco's source code.
So, are Facebook a front for the CIA?