Also, there's a big difference between letting NSA protect US against Real Threats - real national security people-are-going-to-die threats, and spying not just on every single citizen on the planet (which includes corporate espionage), but on American citizens and companies, too.
Just like everyone has a little "evil" in them, without all of us being Hitler, the NSA can do a little bit of spying on important targets, without going 10/10 on the scale of evil spying.
So no, I really don't think "this is their job" or that "everyone knew they were doing this". I think the vast majority of people thought NSA would be reasonable with their spying.
I also hate it when people say, "didn't you see when they passed the Patriot Act? You should've expected this." Perhaps, but if you go back to when they passed it, they did it in literally hours, and if you watch Bush speak about it , he makes it sound as if they are only going to use it to spy on the terrorists' communications - not everyone's. Going by how fast they passed the bill, and how few details were offered, you can't really blame most people for "not knowing".
Heck, it was even called the "anti-terrorism bill" on TV, so I don't think people imagined that meant all of their communications are going to be swept up, because they were now thinking everyone is a potential terrorist (which is what "collecting it all" means) until proven otherwise by their systems.
 - http://www.youtube.com/watch?v=DfRcfTakhFo
There are enough prominent technology and finance people reading this who back controversial and truly disruptive technologies like bitcoin, biotech hacker spaces, open source crypto, etc. that they may have a reasonable concern about being a target.
I first encountered speculation that this was the case in a textbook from 1986, in a chapter discussing encryption algorithms in wide use that were contributed to by the NSA.
"Who really thought they'd go to US service and hardware companies and ask them to implement backdoors"
The fascinating book The Puzzle Palace, from 1982, describes the precursors to the NSA setting up shop in telegraph offices and copying all traffic with the collusion of the new industry.
None of this is new, and none of it is in the least bit surprising.
Since not everyone who reads this site meets those criteria, I suspect that it is even a not-insignificant subset on hacker news as well.
To see the effect, let's try it with some headlines I've just cherry-picked from a Google search results page for purposes of demonstration:
"Black Chamber team spies, hacks to gather intelligence on targets, report says"
"Appelbaum: 'Scary' Black Chamber will spy on you – every which way they can ..."
"Black Chamber Secret Toolbox: ANT Unit Offers Spy Gadgets for Every Need ..."
"Black Chamber 'spying on Europe-Asia undersea telecom cables' - Yahoo News"
"The Black Chamber Is Building the Country's Biggest Spy Center"
"Black Chamber can spy on offline computers wirelessly, says security expert"
"A Peek Inside the Black Chamber's Spy Gear Catalog"
"Report: Black Chamber intercepts computer deliveries"
"Black Chamber targets foreigners, catches Americans: Column"
I mean, how can you not love a name like that? You can't even say it in an ordinary tone of voice. See for yourself! No matter how you try, you'll find yourself saying not merely "the Black Chamber," but...the Black Chamber.
I think an official change of name is long overdue.
True, but perhaps someday we can learn to not advocate the passage of bills in such a short amount of time that representatives themselves do not have a chance to read or digest them, much less have debate about the specific contents. I say perhaps because I suspect we'll continue to see much more of this until there's some sort of mechanical change requiring a X day waiting period on any legislation introduced, and/or something requiring reps to sign a document with real penalties for perjury that they've read the damn things before voting on them.
Many bills today (perhaps most) are not written by legislators and their staff, but rather by lobbyists. That might have been the case since forever (if the movie "The Aviator" is not too dramatized, this has been true in the 1930's as well)
To this point has there been any evidence that a company has add in a "backdoor" at the request of the NSA?
The media keeps using the term "backdoor" when they talk about covert access but that doesn't mean that some company added a "NSA Access" feature to their product. It is possible (I would even say probable) that the NSA has exploited unknown vulnerabilities rather than used built in backdoors.
Covert access is only effective if it remains covert. If companies are building in these features then a lot more people know about it and it reduces the likely hood of staying covert.
I disagree, the article implies that Apple might (probably?) is helping them with their spying. This is not a minor point for me. I think it's very important to expose which tech companies are betraying their customers, and conversely which are not.
But no evidence was presented that any of the hardware companies were coordinating with the NSA. Given that jail breaking continues to exist, it is entirely possible that Apple and other companies are victims of security exploits identified by the NSA.
That being said, it would be good to get some companies on record on this.
He based this assertion on an NSA slide that said 100% of iPhones could be tapped. In the rest of the talk there was frequent mention (in bulletpoints or even more interestingly graphs) of efficacy rates, and as I recall most were between 50-80 percent. Apple was the only slide cited with 100% which is why this was noteworthy.
It's a resources/efficacy decision on the part of the NSA for targeting.
It's the same reason there were "no" mac viruses for many years: there were far more windows users to target.
Charlie Miller (that apple 0day guy) is ex NSA. In 2009 or so, he made huge waves with his iphone hacks.
I also find it appaling how widely revered charlie is. In this context, he is clearly an example of the kind of hacker we should be fucking shaming.
No more free bugs finds its logical conclusion. 0xcharlie: NSA stooge.
If you start your company today and put all your stuff on newly bought Apple machines (or Windows boxen), in case your stuff is stolen by the NSA or GCHQ or whoever in five years time, you will recieve (and deserve?) little compassion: When you complain, people will tell you that you should have known. After all, you started after the Snowden affair caused "all of us" to lose trust in these companies.
I'm starting to arrange myself with the "new" situation to maintain my sanity. If there is some life-or-death info, that should go into a crypto-container on an airgap linux box. For everything else, I'll have to become accustomed to the thought that there is someone out there who can get at it if they want and that all my efforts can make it only marginally more difficult for them.
"Here’s a problem: I don’t really believe that Apple didn’t help them."
That is a bullshit statement. It is pure speculation without a SHRED of facts to back it up.
There's a whole paragraph about that. You quoted part of it. It's not a minor point of the article. There's no smoking gun but that doesn't mean it shouldn't be discussed.
i'm guessing most people thought that spying of US agencies was an activity that was carried out abroad, and aimed at real threats.
that's true of course. but i'm afraid that the revelations of the past months have almost turned "jumping to conclusions" into a legitimate response to this kind of information.
I guess they'd still be hoovering up everything they could, just in case, if it weren't for the threat of terrorism. Public opinion is strategically important (if a foreign power starts a war, how will their people react?), but it wouldn't be so important.
Next on the NSA revelations list: A backdoor software "implant" capable of exploiting holes in everything from Froyo to KitKat, and which subverts the device's power management circuitry, such that a remote command can short-circuit and overheat the battery. Results, and especially the likelihood of explosion, depend strongly on battery capacity and charge state, but in-house testing suggests probability of fire should be ca. 95%+ across all device models susceptible to the implant.
(Speaking of which: "Implant", I like that choice of term, it's got just the cyberpunk flavor today's world needs.)
And yet today we find ourselves in a situation where bit by bit those limitations have been eroded so severely that they might as well not exist. We have organizations, such as the NSA, who have multi-billion dollar budgets with limited oversight and little public transparency. Who similarly operate with limited oversight in conditions of near utter secrecy. Who, through those conditions, have essentially unfettered ability to undertake any conceivable surveillance effort imaginable and much else besides.
It is simply untenable to have so many people with such power and no accountability and also maintain democratic institutions and preserve individual liberty. We should be thankful that, so far as I am aware, there has not been an individual with an excess of competence and ambition combined with a scarcity of morals or we would be in a much worse place today. But realistically it is only a matter of time before this power falls into the wrong hands. We have already been dangerously close in relatively recent history, such as with J. Edgar Hoover, we should not be courting fate again.
It would not be an exaggeration to say that how we handle this crisis will greatly affect the near-future history of the United States and significantly affect the future of all mankind in the 21st century and beyond. This is potentially a defining moment for this generation.
Increasing income disparity. Exposure to versus shelter from the legal system and justice -- as stated in the U.S. in published, public laws and mounted through public, accountable law enforcement activities. Freedom of movement, or constraint of same (e.g. the secret, unaudit-able, un-appealable, unaccountable no-fly list). Etc.
I'd argue that, in the large, a democratic society is based upon the willing participation of its members. Who share in responsibility for its security.
What is being created seems already to be, and regardless of ones opinion of current circumstances, capable of being made into and becoming, rather something else.
In other words, "equality before the law" already seems to be going out the window. (Well, that has always been somewhat of a myth, but, in many opinions, it seems to be getting worse.) Our democratic societies deserve and need to know about this, for the sake of remaining democratic.
And it's time to pull out a potent word in description of what has been and is going on: Hypocrisy.
Our leaders actions and their words -- platitudes -- do not align.
And it's time for us to think hard about whether our own do.
I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.
Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.
I'm not American, so obviously I'm less emotionally involved. My view on it is that the US is not under any meaningful threat of terrorism. 9/11 was big, but on the scale of decades it is still far down the likelihood list of violent ways an American may be harmed. Murder, Rape and other assaults are a reality too, a far more likely reality.
The real "solution" is "ignore terrorism, it's not a big threat." That's contrary to human nature, but I think it is the most rational response.
Consider a few problems with your statistics. First, 20k of those gun deaths in the US are suicides, which distorts the statistics into pretending to show a certain level of gun violence that's not actually evident. Second, dying in terrorist attacks is not the same thing as dying at the hands of terrorists or terrorist organizations. There are tens of thousands of people being killed every year in Syria, for example, at the hands of al qaeda or other terrorist aligned soldiers. There have been about ten thousand people killed every year in Mexico at the hands of drug cartels in what is effectively a weird kind of civil war happening there. During the Iraq war and during the war in Chechnya terrorists and terrorist aligned fighters killed tens of thousands of people, many of them civilians.
Moreover, very few people die every year from jet crashes. However, that low figure is due to a truly enormous amount of effort and resources put forth, probably in the trillions of dollars per year range, to keep air travel safe and reliable.
That's the danger of using naive statistics and straight death-toll comparisons the way you are doing. Sure, more people are going to die from cheeseburgers than likely will ever die from terrorism. But A: overall that's a good thing, and B: it's not necessarily meaningful.
More importantly, there are much more direct and more substantive attacks against NSA surveillance effectiveness, TSA screening, etc.
For example, with regard to TSA screening it's notable that the TSA has not thwarted even one terrorist attack on a plane since 9/11. However, there are many documented accounts of TSA failures to prevent weapons of various sorts (knives, guns, even bombs) from getting on planes. And there have been attempted attacks on planes which the TSA did not stop but which passengers did.
The case with regard to the ineffectuality of the NSA's surveillance efforts is even stronger. They put out a list of foiled plots where the NSA surveillance had some role and it is wall to wall bullshit. Most of the "plots" are little more than entrapment, and there appears to be no case at all where surveillance was the lynchpin that made the difference between shutting down a plot when that plot would have gone undetected without the surveillance data. Worse yet, there are several examples of cases, such as the Tsarnaev brothers, of outright incompetence where the FBI/NSA et al had a case handed to them on a golden platter and they screwed the pooch and let someone they were warned about end up murdering American civilians. And one has to wonder if those sorts of failures, which vastly outweigh the vast majority of phony "successes", happened because federal law enforcement agencies were too focused on this high-tech bullshit instead of actually doing their fucking jobs.
Any action constitutes terrorism if it is intended to cause death or serious bodily harm to civilians or non-combatants with the purpose of intimidating a population or compelling a government or an international organization to do or abstain from doing any act.
The risk of terrorism that scares governments is not necessarily the casualties (though that undoubtedly is a factor), but longer-term consequences. For example, repeated terrorist attacks on U.S. soil may deteriorate the confidence of citizens in their government, increase the audacity of terrorists, make the U.S. appear weak, etc.
I don't agree with the U.S.'s response to terrorism, but I'm also not convinced that tallying casualties provides an accurate risk assessment. The political risk of terrorism is much higher than, say, automobile fatalities (or firearms, as digitalengineer pointed out in a sibling reply).
People will not lose confidence in the government unless their lives are constantly affected, just like other crimes.
So my question becomes, do the supposed large swathes of angry terrorists not want to damage it in traditional terrorist attacks, or are they being prevented from doing so by the security services, surveillance and border controls etc.
I genuinely believe that some attacks are being foiled though whether it's 1 a year or 1000 a year is extremely unclear.
Just try applying the same logic you apply to other horrible problems which are dealt with but never fully eradicated. Pedophilia. It's a crime. Many cases are foiled. Many are not.
You seemingly don't understand this abstract trade-off the correct way. Nowhere did anybody state that giving total power to the government would be the way to gain total security. You could just as well create a giant prison run by a private corporation and put every single citizen permanently in a cell. Then you'd have basically no freedom and almost total security without any government involvement.
In his case, and the case of Chinese communism, it somewhat debatable whether a strong government is preferable.
I would further never trust any statistics from the old USSR. For instance, the communists were able to dramatically "reduce" infant mortality by simply not recording births until the first birthday, when the child became one.
If you think Stalin was good for USSR you are an ignorant idiot. I am sorry to be so touchy on the subject, but Stalin killed more of my people than Hitler.
...as many important historians have said
And my view is based upon this thread in reddit /r/askhistorians which is managed by professional historians and is generally a reliable source for historical analysis :
His policies screwed up a significant part of the world for decades.
We have not a lot of diversity in government, government is nowadays about managing a country rather than anything ideological. Some diversity is better even if other systems are not how one would want to live.
This is not true, at least not in Europe. Most countries have some form of universal health care, and there are benefits for people who do not work, etc. That is more than vaguely socialist, and is definitely not taboo.
You should read the things Lenin did, and the many more things he advocated doing. Read his pre-revolution material as well, he was one of the leading theorists.
> These systems of government did not have all of the answers
That's not true, read anything by Marx, Engels, Trotsky, or Lenin and not only did they have an answer for almost everything, they (especially the latter two) believed maximally that there is "only one way".
> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." 
OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.
> "A remote installation capability will be pursued for a future release"
Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.
Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?
I'm sure NSA/Google does the same with Google Play Services.
This is a pretty limited view of remote exploits. It could easily be a browser-based exploit for example, with the payload as part of an image served by an ad, thus not requiring any open ports.
I cannot imagine the NSA waited for iCloud to get access to iPhones.
More info on Zdziarski's blog.
Anyway, all devices with centralized managment like Android, iPhone, Blackberry can't be secured IMHO against such a capable adversary. When an actor can push stuff to the device it's hopeless.
When the NSA wants to use your phone, you don't have to worry about them exploiting something. A special packet will come down using one of the many available 'official backdoors' on your device to redirect your device to an NSA server.
> Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it.
Well, you also put that sort of statement in a document because a manager you're presenting to asked you about it and you need to acknowledge it, but you don't have any plans to actually do it. Any questions about it can be answered with relatively vague platitudes and "conceptual architectures", and then the feature is left to quietly fade away in subsequent iterations of the backlog.
I dont understand this? so far as I am aware, apple has always been able to install and run code directly on your device remotely.
what am I missing?
So while it would have been theoretically possible for the NSA to do it before iCloud, iCloud makes it actually practical to do it without subverting the whole iOS team.
Apple has had remote access to the file system forever - an early use of it was to remove apps that had certain kinds of legal issues from the phones of those who had purchased it.
iCloud is simply remote file storage, and not all applications use it anyway - if the NSA wants access to my phone, achieving access to my iCloud account is a pretty poor second best.
I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.
The fact that you cherry picked a obvious example, and even downplayed its singificance -- plus fact that you were quick to call him an "activist" (nay, "another activist", how their pesky multitudes annoy you), tells more about you than about him or the talk.
On another note, if you are aware of Jacob misleading on any matter, it would be nice pointing that out directly. He is an activist that has done everything from helping with on-the-ground infrastructure deployments in war-torn areas, working on and advocating for Tor, speaking in front of the EU council… Casting doubt on his integrity without highlighting relevant facts is a way of distracting from the actual issues under discussion.
Hope you didn't have that phone shipped to you, because apparently the NSA is cool with slicing open your new package before conveniently reshipping it.
But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).
The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their “targets” but also against any infrastructure they are interested in.
They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.
So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?
> they are legally bound to publicly lie about it
I don't think there's any evidence that someone has used an NSA backdoor, but, given how widespread exploits are, I wouldn't be surprised.
So yeah they force backdoors.
If you still think you need to defend the NSA, you are not stupid or naive. You are evil.
The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.
An interesting presentation on the topic: http://www.youtube.com/watch?v=fQqv0v14KKY
Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.
Even if the NSA doesn't have these on hand, they can certainly purchase them.
Wake the fuck up! This isn't about Apple. It's about an out of control military that's spying on all of us and threatening our way of life and our livelihoods.
Because more often than not, the answer is "Because it draws clicks". Since that isn't the case here, the next step is typically "Is this unique or specific to Apple, and does the issue at hand pertain to other devices or OSes?" In OPs opinion, it isn't. His evidence is the high cost of zero day exploits relative to other platforms.
He's not "defending Apple by saying their competitors are worse", he's providing context to an article that provides none itself. If negative articles about Apple weren't such rabid click bait, this wouldn't be needed as it would be part of the reporting process. Unfortunately, that isn't the case.
"Wake the fuck up!" is an extremely patronizing sentiment. I can be both aware of the overall NSA situation while simultaneously defending Apple from knee-jerk reactionaries. They aren't mutually exclusive activities.
2. This is a linkbaity article that needs to be corrected. This correction may be an important factor in determining which devices are more secure.
3. Yes, the NSA spying fiasco is the bigger topic here. No, it's not a competition.
It has been Apple's strategy all along to get you to buy literally everything from them. Their USP was to have it all integrated.
Problem is: Once you understand that at least 1 peace of your integrated platform is foul, your whole equipment "looses value" for you, because it's now less integrated.
It's a similar strategy to how banks have been protecting themselves: Be/remain "too big to fail", meaning: Become so big that, when your bottom line is under attack (by whatever market forces), the whole society suffers. Thus, society will protect you, no matter how you behave.
Without revealing the actual site/method/whatever; can you please explain how the 0day exploit market works?
I can make basic assumptions that it is deep-web-forums/TOR/Whatever... but can you enlighten me as to how one might go about selling/buying such an exploit?
There are lone ranger types and small groups that churn out a few exploits. These guys (the small groups) go through trusted middlemen (usually via encrypted email), who buy the exploits at a discount. Now the middleman has a collection of 0days that he can sell to established customers, which might be government or criminal organizations. Sometimes the organizations want exclusive rights to an 0day (to prevent it getting leaked and patched), sometimes they don't.
On the other, less sketchy, side of things, there are companies that do more or less the same thing. They do the same kind of vulnerability research, but a lot of the time it's on behalf of the company whose product they're trying to hack, or possibly a government organization. They don't usually go through middlemen; they just work directly with the government or company. They can't and don't do anything obviously illegal, which limits the amount of stuff they can make, but obviously sticking to legal activities has its benefits. Sometimes legality is a little fuzzy, but these groups try to tread lightly.
You'll get introduced to someone who has a small security firm and from their LinkedIn page you can see they have a pretty vague but interesting past. Ask for a shit ton of money.
Did the guy spend 8 years at a british aerospace company before going into consulting? GCHQ. 5 years at the "Department of Defense"? NSA. High school drop out? Chinese or Russians.
Idea: 0day markets are legalised . Regulators require companies keep the average price of their 0days above a threshold or attach a warning to their product and marketing materials. This aligns the security interests of consumers with companies while incentivising companies and researchers to build secure products.
 A license to the 0day (but not the 0day itself) would be freely traded for a duration after which the company would have the option to (a) buy it at some price or (b) release it to the public, retaining full liability for any consequences (last holder of the license gets a percentage cut of any fines or legal awards).
Unfortunately, no matter how much you sure up your phone's OS, there is still a massive, gaping hole in the form of the baseband processor. Until we have phones where the baseband is a tightly regulated slave processor, accessible only through a low-privelege mechanism (like a USB port), we can't really hope to have truly secure phones anyway.
The people cranking out high volumes of exploits for the customer are sitting on huge multi-year contracts worth tens if not hundreds of millions of dollars. They don't want to go play in some utopian regulated marketplace, they just want to make money and protect America.
I'm quite interested to see what, if anything, Tim Cook will do or say to reassure the faithful.
"Apple is erasing discussions on this topic at their support forum, right now the whole forum is shut down for a complete cleanup."
According to this the NSA itself claims that it has access to all iOS devices:
https://www.youtube.com/watch?v=b0w36GAyZIA&t=44m32s (Jacob Applebaum @ 30c3, "To Protect And Infect, Part 2")
Harder to find than for Windows Phone?
Given the 100% success they get with the iPhone, my guess is that they hijacked one of Apple's remote control mechanisms, e.g. we do know that Apple has the ability to uninstall apps from any iPhone, perhaps there's a way to install too.
The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.
Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.
Did you know the FBI put MLK under surveillance at the orders of Bobby Kennedy (then-Attorney General)? They didn't find evidence of crimes, so they threatened to publicize his extramarital affair if he didn't give up his civil rights work.
It's about preventing unchecked government power over those who aren't criminals who are working against the status quo.
OF COURSE you don't care if the NSA reads your email. You don't change anything, and consequently don't matter.
We as a society care if the NSA reads the private emails of the next important up-and-coming political party leader who will break us out of the corporate-owned two-party system. THAT'S the person we're trying to protect, not boring uninspired people who "have nothing to hide".
So yea, it's not to protect people like us. It's to protect the MLKs, the politicians, the accountants, the journalist, the news anchor, etc... Everyone either has a skeleton in their closet or cares about someone who does. If one is so inclined, having this information can be extremely valuable when trying to prevent a "free society" from becoming a little too free.
Why? The possibility of a turnkey fascist state is very real. You need only look to history to see how many leaders, once elected, completely ignored all laws and constitutions and legislating bodies to declare martial law and institute a tyranny. How can you say that you aren't worried about that, and the power of a surveillance apparatus in the hands of such a leader?
Some non-empty subset of the population needs privacy. Maybe you're not in that subset, but you should still be fighting on their behalf.
On a related note, do you believe in freedom of press? "a survey of American writers revealed that nearly one in four has self-censored" http://www.cnn.com/2013/12/04/opinion/snowden-chilling-effec...
b.) what you personally do not worry about is not relevant, your arguments why nobody else should worry either are. You are not a journalist or activist, so you don't care. It's like saying it's okay that certain food contents are not labelled for the benefit of those having allergies against them, or that kids should be used as bio fuel, because you don't have an allergy or kids.
Who would you be more worried about having access to your email account and why?
b. a random criminal (unaffiliated with government)
"It always seemed like President Nixon's campaign was one step ahead of us, almost as if they were reading our email...but nobody ever broke into our hotel suite or anything so it's all just speculation."
Edit: brainfart as pointed out by jeremyswank.
The problem are the 1% who express the wrong ideas at the wrong time. I know people who have been put under surveillance or charged in court for things that are perfectly legal, or just minor infractions. Some examples from Germany:
One guy I knew made a poster protesting against nuclear power, and put it up near his university. About a year later he got a letter saying that the "proceedings against him have been terminated". He found out that the police suspected him of planning a terrorist attack against a nuclear waste transport. They bugged his cell phone, his apartment, and followed him and his friends for about a year, until they realized they have the wrong guy.
A friend of mine made a mistake of visiting a squatted house an being seen there. Later he went to a demonstration, got filmed by the police, and charged with something you could translate as "ring leadership" or "inciting a riot".
There also was a famous case last year where a pacifist pastor who visited a anti-nazi demonstration was charged with something similar . (And of course there are numerous examples from the US.)
The thing is, the threshold invading people's privacy is getting lower and lower. Police or intelligence agencies will put you under surveilance if they just have a hunch. At the same time, persecutors are under really high pressure to "make a case". More and more they will rather convict an innocent on dubious grounds than admit a mistake. Actual quotes from judges (paraphrased): "we need to make an example", and "I don't know if the accusations are technically true, but if you were there [at the demonstration], you have to be guilty of something".
A situation like this is unworthy of a democratic society. As I said, stuff like this doesn't happen to 99% of the people. But you never know when you are in the 1%. I have to be afraid to say anything controverisal - I have firecrackers and vinegar at home, what if some overeager investigator decides I want to make a bomb out of it? And this kind of fear is what they call a "chilling effect" - people will stop using their democratic rights, their right to free speach and freedom of assembly and so on.
Which, as it turns out, I don't think is you or me.
Or someone in government deciding to stalk you? (this has happened, within the NSA I believe, but certainly in other places)
Or someone deciding they dislike you and using your information to pursue frivolous legal action? (You never broke any law? Any law at all? How would you even know, there are so many and they're so vague!)
Beyond that, well I guess you just don't care about privacy. Me, I do. It's not somehow the right of a bunch of other people I don't know, with minimal to zero democratic oversight, to poke into my life just because they feel like it.
My position isn't that I don't care about privacy. It's that in the modern age, with so much information kept about people in corporate and government databases, we're necessarily talking about mitigation rather than a pure ideal of full privacy. I assume the NSA can access my records with the IRS or my bank anytime they wish, even if they were prevented by law from tapping my iPhone. This has been the case for decades no doubt. At this point in time, beyond that, they can break into an advertising agency database if they wish and find out about all of my click behavior and location information. In the battles I choose to take on, rolling back an NSA iPhone compromise is an interesting idea, but it is less a priority than other battles, such as protecting dissidents in oppressive countries (which is also a relevant contrast to the point I first made, as has been mentioned elsewhere), and, yes, preventing terrorist attacks.
I think anyone is allowed the prerogative to prioritize their battles. I also do not think the world would be a safer or better place without intelligence gathering. If I permit that much, now we're talking about degrees rather than absolutes, and we're arguing about where to draw the line.
We're always talking about where to draw the line, in basically everything worth debating about, ever. There are very few absolutes in life and I think that opting out of the discussion by saying "Well, we're just deciding where to put the line" is a total cop-out.
Where we put the line is important, and where we place our priorities. "Preventing terrorist attacks" sounds very noble, until you add up all the harm that's been done in pursuit of that goal. And remember - there's no compelling evidence that the NSA mass data-gathering activities have actually prevented any attacks.
>> In the battles I choose to take on, rolling back an NSA iPhone compromise is an interesting idea, but it is less a priority than other battles, such as protecting dissidents in oppressive countries (which is also a relevant contrast to the point I first made, as has been mentioned elsewhere)
I don't know how you can't see that these are the same thing. The iPhone compromise, if such exists, further endangers dissidents in oppressive countries, not to mention dissidents in countries we don't consider overtly oppressive, like our own.
I've implicitly acknowledged this point.
I've given up. Whats the point? Frankly, if I knew I needed actual privacy, I'd not use anything electronic, and go olde skool. That's all I need to know now. I've told everyone I know and / or care about. Its now up to them.
Get used to it, Big Brother has been here for a while, is staying, and will get stronger.
Just, I wont be listening in the future when it gets really out of hand. I dont expect anyone to come bleating to me if something goes wrong.
But if this is really what you think, then you should not put any children on this planet - they don't deserve the mess you/we're about to accept/create for future generations.
On a brighter note: think about people like Applebaum, Snowden, Assange, Manning, etc. They fight and keep fighting. Each of them accepts that we have to sacrifice something personal/important to get back a life that is worth living. If they can, why can't you?
PS, if you feel depressed (many people do, especially with these horrible recent news), it might be a good idea to get a professional opinion on that, maybe there's more to it.
Hmm. You know what? I care. I don't want the NSA reading your stuff, because they're doing it in my name. I believe they're violating our 4th and 1st Amendment rights, and I want it to stop, for me and for you.
If the government is violating our rights, the damage goes beyond anything resulting from the actual violations. The real damage is that we have a government that does that.
I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.
I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....
However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)
Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.
So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"
Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.
Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.
As I understood it - there were certain apps that were captured in the past. This was so that when the app loaded it had the previous state shown as quickly as possible, and it would then refresh.
My point was I am noticing this flashing screen cap anim on literally EVERY screen change... this does not make sense to me and I am wondering why the device does this.
Finally, I surmise that if it actually IS doing these caps, that if one COULD get access to them one could then build a pretty clear session history.
Again, I said it was a simple suspicion. I have no idea if this is actually happening; but the device seems to be revealing the caps happening... but I am not so sure.
The iPhone 4 runs iOS 7 terribly and more likely you are seeing some graphics stuttering from the (albeit limited on that device) new iOS 7 fade/transition animations.
Not to mention that the screen flash while a screenshot is being taken is a usability feature and is there to help us know when a screenshot has been successfully taken. I know there are tweaks on Cydia that allow screen recordings, so why are the NSA messing about taking screenshots of some unimportant (no offense, i mean it in a national security sense) guy?
tl;dr your iPhone 4 is struggling with iOS 7 and probably has some redraw problems, most likely no one is taking screenshots of you while you're switching apps.
My question is: Does the iOS device, in fact, take a screenshot of every single transition?
everyone seems to miss my question, thus I must be posing it poorly.
What I said again, simply, was that:
I knew that some transitions had a screen capped to allow for a faster, subjective, transition to the user... a UX cheat.
However, I noticed that my iOS7 device APPEARS to be doing this on EVERY transition... Is it really capping, or, as you smartly suggest; the iPhone 4 is a POS that struggles in the anims for each transition.
Finally, I was just surmising that should the device, indeed, take a screen for every transition; this could be a sweet exploit in rebuilding session actions for any user of the device.
Apologies, your initial comment sounded like you thought you were being targeted by the NSA or something.
> One person said that her boyfriend saw a picture of himself at work displayed in FaceTime, even though he has never used the service in the office.
The Whitehouse Communications Office is responsible for maintaining communications with the rest of the government, business and political contacts, and his family. In the event the president needs to take a call, an aide will direct him to a secure tent they setup nearby that is shielded against eavesdropping and electronic surveillance (see http://www.theage.com.au/world/barack-obamas-portable-secrec...). If it is a conversation where they do not expect sensitive topics to be discussed, they might give him a Sectera Edge that is routed over an encrypted satellite link back to the Whitehouse switchboard where the actual call is connected.
And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.
Turns out, landline phones combined with email is more than one needs.
If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.
In light of recent leaks, it's still pretty obvious: think a repackaging of OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.
You could make jailbreakme not display a dialog or install Cydia, and the user wouldn't notice anything except their phone got warm for awhile and has a newly opened port for SSH.
Vulnerabilities exists anywhere for sure but the community (whatever it means) should create a defense against those threads.
This should not actually be a complicated inquiry.
I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.
Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.
Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.
For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.
You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?
You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.
You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.
Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.
Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.
Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.
I agree with your point that more software = more surface area, but your examples of alternatives aren't very viable for most people, in my opinion.
For an example from my own experience, I used to do a lot of contract IT work, both freelance and as part of a firm, often visiting several clients over the course of a day. Originally I'd keep track of everything in an old-fashioned spiral-bound pocket notebook, but dead trees are hard to grep, especially remotely, and at the rate at which I filled notebooks it got to be a real pain having to copy and distill everything worth keeping track of from the old one to the new one. I had an old-fashioned candybar phone, too, which worked well enough for phone calls and text messages, and if I had to, I could use it to talk a client through power-cycling a server and other similarly simple procedures, which was at least a little better than having to go out and do it myself, or back to the office where I could remote into the client's PDU.
So I bought an iPhone. Thus, with a modicum of effort, I gained a shared, always up-to-date calendar, providing both an agenda of upcoming events and a searchable record of what I'd done and when; an always-connected email client, providing both an easy means of keeping in touch while on the road and, again, a searchable record of past communications; a shared, collated, searchable collection of notes concerning every relevant detail of my various clients' operations; a shared, &c., collection of contact information for all my various clients and industry contacts; and, last but not least, an always-connected administrative terminal with which to remotely solve even relatively subtle and complex problems, as and when necessary, for clients who had urgent needs and for whom I could not fit an in-person emergency visit into my schedule.
No doubt all of this makes it sound as though I was a preposterously busy person, and for several years that's exactly what I was. My smartphone enabled me to streamline my efforts in a fashion which I had hardly imagined possible before I first laid hands on the means of so doing, to the extent that it made me able to get more work done, with less effort, than I had been able to accomplish before. If there is any purpose at all behind our species' longstanding habit of building interesting trinkets and gewgaws, "more work with less effort" is certainly the very soul of that purpose.
I do, though, like your "only frivolous people with frivolous purposes would ever have a smartphone" argument, though. I think that's the most sensible thing anyone has said in this whole thread. Certainly it is in no way redolent of, for example, someone who bravely defies his ignorance in order to declaim at length on a subject of which he has absolutely no relevant experience whatsoever.
Now this involves a lot of red tape security certifications, hardening 'scripts', monitoring, auditing and so on. They legitimately do not want sensitive information leaking. Projects employ air gaps with CDs being burnt and that is how data is transferred some times.
The easiest rebuttal is simply that every smartphone is equally at risk.
A last resort will be to simply say "meh, don't care"
That's how good/sticky Apple products are
Or, have lots of trying to bait the spies. Call it art or something. Look up lots of terror stuff, like you are writing a book. Back, I dunno, 1000 years ago, when I first heard the oh so mad notion of echelon, I added an invisible signature to my email containing every naughty key word I could think of. Idea being to some how annoy the spooks. Yeah, childish and pointless, but it amused me.
Hmmm, maybe half a year of banging my head against a brick wall has had an effect after all.
The sad fact is that it doesn't matter how secure your phone is because there's a weaker link in your security chain. You...
Anyways, it's not of concern to me as I ditched my smartphone for an old school motorolla flip phone.