Hacker News new | past | comments | ask | show | jobs | submit login

This is useful but it would also be helpful to have a similar database of the opposite cases too.

Having a list of the times when a warrant was served and a phone unlocked with details of which OS+version, which jurisdiction and which unlock method would balance out the research.




it would be incredibly difficult to get data on this. LE is on a budget, and they're not the NSA. In Switzerland for example LE (such as Europol) uses the lab facility from "Kudelski Security" to crack mobile devices and help with forensics. Outsourcing this to a consultancy allows them to hide things like invoices to offsec shops (FinFisher, HackingTeam et al). So this is like a poor-mans NSA where exploits get sold/brokered with these companies who then help compromise the device. Still the budget means that they're using tools which might do all sorts of things. e.g. if you sell off-sec tools you might offer a feature that allows LE to copy (read) things from the device memory/storage.

The problem is that these tools not only allow you to read but actually write to the device. ("if you're a dev working for HackingTeam why on earth would you limit the feature to reading when you can provide r/w access?")

The implication is that it's as easy to plant things on a device as it is to retrieve info. And if you know that the device has 99.9% child porn on it but end up not finding any why not plant something that gets you to court order you desperately need to convict the suspect?

What you're asking for is transparency in a world that is very much opposed to this because they consider themselves the good guys. And the response from them is always: "how dare you?!"


You build up a rather imposing strawman! Do you really think there are authorities planting evidence on phones?


if a device that is taken from me by whoever without my consent would automatically lead me to assume that it has been compromised. whether that's the case or not is beside the point. if you're only worried about surveillance-capitalism maybe it isn't in part of your threat model. for me it is. there are plenty of people in LE who overstep simply because they can.

> Do you really think there are authorities planting evidence on phones?

I don't think so I know it. please read the HackingTeam leaks and other OSINT sources. you'll find plenty of attempts in them making every effort to do so. You don't need a tinfoil hat, just travel to an area that is hostile to your passport.


> HackingTeam leaks and other OSINT sources

I would love to read more about this if you can point me in the direction of those leaks and sources.



Sure, can you provide some links?





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: