The only authentication system I have seen that didn't rely on a separate hardware device for authentication that was worth a damn were those that, rather than requiring a selection or inputing what you see on screen, asked a question that only someone family with the topic would know. For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical.
Nonsense. Those are weaker than the general-purpose ones. They draw on knowledge from a relatively obscure area, but it's very unlikely that they have a wide selection of questions/answers. All you need is a knowledgeable human to work his or her way through the question database providing answers for the bot to use, and it's broken.
While I agree it certainly can be broken, and once an answer is identified it is a very weak system, but then again a bot would have to look for clues in questions and understand context because the even if you have the same words in a question they could have different answers depending on context. A second layer of validation is easier for smaller sites but then they aren't really targets as you point out.
Of course, the value of creating large numbers of fake accounts on such systems is so small that it doesn't matter. Honestly, their goal probably isn't to keep out bots at all, but to make the forum hard for people outside of their target audience to access.
Certainly, most are so obscure they aren't worth the trouble, so making it labor intensive operation for a small return is counter productive; though I would guess bots are outside their target audience as well.
For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical.
Works mostly due to obscurity and there being millions of tiny boards out there, a single human intervention and it's completely broken.
I concur, which is why the decent ones add in a another layer to try to frustrate the drive by's.
trying to enter them as a real human being. Seriously, the captcha system is broken because as long as there is a monetary value to breaking it someone will, even if it is simply paying a few cents per capture to break them to a human in some low wage country. The only authentication system I have seen that didn't rely on a separate hardware device for authentication that was worth a damn were those that, rather than requiring a selection or inputing what you see on screen, asked a question that only someone family with the topic would know. For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical. Of course, one you know the answer you can easily create multiple accounts, but these boards also limited posting ability for a set period of time and or required a secondary confirmation before gaining full access to limit the drive by spamming of EXCELLENT QUALITY!!! YOU BUY CHEAP!!! DESIGNER!!! posts.
I would imagine (hope?) that at the very least the "lifetime" period is specified in the fine print somewhere.
From their FAQ:
The Revolv Lifetime Subscription, which is included in the $299 you pay for the solution, enables GeoSense automation and remote updates that allows your Revolv to work together seamlessly (and continually update) with the products you already own; for the lifetime of the product.
It would appear they have decided to euthanize the product an thus it has reached date end of its lifetime.
The question, as I see it, is given the vague definition of lifetime in the FAQ, and absent any clearer one in the TOS that everyone reads in great detail too be sure they understand what they really are getting and not just click "Accept" does Google's EOL'ing of the Revolv constitute a breach of the promise of lifetime service? The products are still serviceable except for the lack of a server, so should there be a remedy for the people whose live once revolved around home automation but are now at a standstill due to Google's actions?
"Lifetime" in a commercial sense is shorthand for "as long as we care to support the product" rather than "as long as the product works." The FTC, for example, lists 3 different interpretations of the term.
You've already given them an email and # number, so they know who you said you were; of course you've created a throwaway email account and phone number that is not tied to any real information so they really don't know you. At that point, you want to appear to be a real person to minimize the chances of them deciding you merely are a bot collecting cash. Running a bot in a VM or on a completely separate machine, connected via a VPN, minimizes the chances of a cookie hanging around to detect the real you, while following a semi-regular pattern of web sites, clicking on ads, etc. helps defeat attempts to id bots. If this ad model is successful and impressions yield sales, you simply become noise in the signal and can continue to generate payments without actually doing anything. Privacy in this case is giving out information to satisfy them without revealing who you are. It's a lot like the discount cards a supermarket offers. As long as they have my name, Attila T. Hun, any address and phone number with an area code followed by 555 7867 they are happy even though none of it is real. My purchases just become noise in the data beyond knowing someone bought X at store Y on Z. You are in essence kidding in plain sight.
1. Create a bot to randomly crawl pages.
2. Profit?
Why randomly? Create a bot to click to site you like, click on links to articles on the site, scroll down page, return to main page and repeat. You would mimic real browsing habits and with a VM could run it independent of your main machine. Shut it down at about the same time and start up after you "sleep" to avoid being deemed a bot.
Indeed, that's why the calculation of paying subscribers per tower.
But I can tell you in Sweden they'll have the more densely populated areas subsidise the sparsely populated areas, very similar to the law the US had re. fixed line telephony.
Th eUS created rural telephone and electric services, some of which exit today in areas that are no longer rural; it's a shame they didn't look to do cell phone and broadband similarly.
Population density of the USA (including Alaska!!) is almost twice that of Sweden: 35 vs 21 people per km2. It should be easier (more economical) to cover the USA - especially if you would exclude Alaska which is mostly completely uninhabited anyway - than it is to cover Sweden.Finland is even worse, just 18 people per km2. Yet even there you have nationwide coverage.
The typical subscriber base of a US based carrier is a lot greater than that of a Swedish carrier, compensating for the larger area to cover. After all it's subscribers that bring in the money. The US has more potential subscribers per area, less carriers (less competition) and far higher fees for mobile phones - yet they can not even build out a nationwide coverage??
You can't just look at density, you must also look at how the population is distributed. While the overall density is greater, there are far larger tracts of sparsely populated areas, so many more towers would be needed than in say Sweden to provide similar coverage. That makes it much more expensive since you need many more towers to reach a very small slice of the US population. If you look at Sweden's cell of coverage map, it appears the very sparse regions in the north west have poor coverage, a situation that mirror the US in that low population density areas are not a priority when building out networks. Considering the US probably has good coverage for over 95% of the population the nationwide network is good enough of for most users and building it out to cover the small percent left its simply not cost effective.
It has everything to do with population density!
The calculation is simple, how many users (=paying subscribers) per tower.
For a comparable population density that's the same calculation for small and large countries.
Btw, Sweden is slightly larger than California and nearly 2/3 of Texas, Sweden's population is nearly 10 million.
The problem is that population is not evenly distributed across the US; so you have some vey dense areas and large swatches of sparsely populated ones; so if you look at average population density you get a distorted view. That is why I said it isn't a function of density per se but rather population distribution. In Sweden, for example, population distribution is somewhat split 50/50 between the south and east, which is dense, an north and west which is much more sparse. If you look at a coverage map, it pretty much aligns with the population density, as does California's. However, the US has a much larger, in absolute size, of sparsely populated areas than does say, Sweden or even Europe; which results in less coverage in some areas simply due to the cost of providing coverage exceeds the return.
Can someone please explain this for us dumb foreigners? I never could make any sense of the US telephone system.
Its crazy with being charged for *incoming* calls, and roaming charges when you have not even left the country.
While neither make sense, the reality is most people never exceed they minute allocations nor get charged roaming fees. Given the proliferation of plans that make cell to cell calls not count against minutes so your existing monthly allotment is often not used. Roaming charges were more common when carriers were regional, but since now the major ones are nationwide and have exchange agreements those are pretty much history as well.
Why would the network care if you change handsets? Can't you just buy a new phone from the local tech-shop and swap the SIM over?
Money, although you can often negotiate a credit for the charge.
Heck, even sparsely-populated countries like Sweden and Finland have nationwide coverage for decades already and always had better prices.
The issue isn't population density as much as size. Sweden may not be as densely populated but it is a small country, so it doesn't take as many towers, and resultant costs, to provide coverage. Increase that by a 10 or 20 or so times an date cost doesn't justify the added subscriber base.
I had a friend who's parent died and they needed to cancel service. After explaining the situations to the rep, who was very sympathetic, the rep said "No problem canceling, please put your dad on the line so I can verify he wants to cancel." It took multiple calls to finally cancel. Personally, I'd have stopped paying after the first call, filled a Better Business Bureau complaint, and let them sort it out. Or, see if the local TV station is interested in a "Cable company refuses to cancel dead father's account because he can't talk to them..."
As an Australian citizen living in the US, you know what's super annoying?
- I can use the automated entry in Australia.
- US citizens with GE can use automated entry in the US and in Australia too, as you rightly pointed out.
- But Australian citizens cannot use automated entry in the US.
Or put another way, Australia is nice enough to let you use your GE in Australia, but the US never reciprocated. Not only that, they don't even allow Australian citizens to manually apply for the American GE program either - it's only open to Americans and a random handful of other people: South Koreans, Germans and the UK I think. Grrrrrrr...
Lawful permanent residents are allowed to apply as well, so if you fall into that category you could apply to GE.
It's $100 still - I just applied two weeks ago. And you can use your existing GE coverage for free in Australia. For South Korea, you have to sign up with their entry program, which is $100, and be an approved GE member, another $100. Other countries charge fees as well. I think there are 6 countries that participate.
Yea, I was wrong. I paid for two at once and forgot it was $100 each.
If you travel overseas, go for Global Entry. It costs the same ($100), and it includes PreCheck as a perk. As an added bonus, you get to use kiosks for passport control (never a wait) and the crew line for customs.
I routinely take 8-10 minutes total from deplaning at LAX (Bradley Terminal) to the terminal exit. A bit longer if I have to wait for checked luggage. Worth every cent.
Global Entry is definitely the way to go if you travel internationally. Flying into ATL or JFK is no longer a hassle at customs and immigration. At YVR when a cruise ship is dumping their passengers in the line is no big deal as well. GE is now $200, but many credit cards will refund the fee; even so I'd gladly pay the $200 to avoid a hour or more wait to get back in after a 10 plus hour flight. Pre-check is an added bonus, and I'm glad they are limiting the non - Preorder GE folks from using Pre. Nothing is more annoying to be in line behind someone who doesn't understand they don't need to disrobe and empty their luggage and hold up the line because they are clueless.; and then look all pissed because you toss your bag on the belt ahead of theirs and go through the metal detector.
GE also is expanding to some overseas airports as well for an extra fee. The U.K. Is one destination that would be worth the fee.
It could have started tweeting how iPhones and iPads are the greatest and recommending Macs to everyone; with the occasional anti-MS rant to spice things up.
So if Apple pays the hackers $10,000 then the hackers won't go to the FBI when the FBI offers them $100,000?
What if Spectre pays the hackers one millyun dollars? Would you then write an article about how it's Apple's fault they wrote those bugs in the first place allowing crime and not paying enough a bounty so that good and noble heroic autobot white hat hackers could get paid for their awesome work?
You're onto part of the real point here...but only part of it. Cellebrite already makes their living doing this kind of thing; they're the primary producer of forensic tools for mobile devices. They used to do iPhones, back before it got so hard to hack them that it wasn't worth their time any longer. When troops in the field capture cellular devices and they want to know what is in them? They plug them into a Cellebrite device.
So, 1, Cellebrite isn't 'hackers,' it's a company with a business model that focuses on pulling data out of devices when you don't have the PIN to unlock them. And 2, a bug bounty program isn't meant to deter companies from producing forensic tools.
Exactly. Forensic companies are unlikely to let vendors know what exploits they find because that eliminates one of their entry points once the bug is fixed; the NYT article points that out as well. A bounty program could make it financially unviable to keep trying to find holes in iOS but as it becomes more difficult to find exploits it also becomes more lucrative to sell them to others, white or black hat. Why collect 100K from Apple when you can sell the same exploit multiple times and make a lot more than that? The best outcome Apple could achieve is to make it so difficult and time consuming to find exploits that those with the technical skills to do so turn to easier targets. Sure, a dedicates lone hacker or two may find an exploit and so so simply of rtes challenge; but you only need one of them to turn it it to kill the bug. Recognition and some cash may be enough to convince one person to reveal the bug to Apple; and you only need one person for bounties to be effective. In the end, those who use exploits for financial gain will continue to search and keep their findings to themselves; those that do it for other reasons such as research or for recognition of their skills may be more willing to share what they find.
How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?
If the Israeli company recovers data that gives them leads to other suspected terrorists, does the FBI have legal authority to pursue those leads when the information was "extracted" by a foreign company and it may or may not be fabricated? The only proof that they have that the information was really on the phone is because this company said so.
There is no need for maintaining a chain of custody unless it will be used as evidence. Since anything from this phone would most likely be used to identify potential suspects or persons of interest what they get is no different than any other tip.
Oddly enough, as a former Comcast subscriber who ditched them a few months back it tells me their service is not available in my area. Must be Amazon's way of keeping customer's happy - prevent them from buy a crappy product.
Slashdot Mirror
The only authentication system I have seen that didn't rely on a separate hardware device for authentication that was worth a damn were those that, rather than requiring a selection or inputing what you see on screen, asked a question that only someone family with the topic would know. For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical.
Nonsense. Those are weaker than the general-purpose ones. They draw on knowledge from a relatively obscure area, but it's very unlikely that they have a wide selection of questions/answers. All you need is a knowledgeable human to work his or her way through the question database providing answers for the bot to use, and it's broken.
While I agree it certainly can be broken, and once an answer is identified it is a very weak system, but then again a bot would have to look for clues in questions and understand context because the even if you have the same words in a question they could have different answers depending on context. A second layer of validation is easier for smaller sites but then they aren't really targets as you point out.
Of course, the value of creating large numbers of fake accounts on such systems is so small that it doesn't matter. Honestly, their goal probably isn't to keep out bots at all, but to make the forum hard for people outside of their target audience to access.
Certainly, most are so obscure they aren't worth the trouble, so making it labor intensive operation for a small return is counter productive; though I would guess bots are outside their target audience as well.
For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical.
Works mostly due to obscurity and there being millions of tiny boards out there, a single human intervention and it's completely broken.
I concur, which is why the decent ones add in a another layer to try to frustrate the drive by's.
trying to enter them as a real human being. Seriously, the captcha system is broken because as long as there is a monetary value to breaking it someone will, even if it is simply paying a few cents per capture to break them to a human in some low wage country. The only authentication system I have seen that didn't rely on a separate hardware device for authentication that was worth a damn were those that, rather than requiring a selection or inputing what you see on screen, asked a question that only someone family with the topic would know. For example, I've seen engineering bulletin boards ask for the name of a specific type of beam, automotive ones that ask something unique to the marque, etc. so automating a process to gain entry is not practical. Of course, one you know the answer you can easily create multiple accounts, but these boards also limited posting ability for a set period of time and or required a secondary confirmation before gaining full access to limit the drive by spamming of EXCELLENT QUALITY!!! YOU BUY CHEAP!!! DESIGNER!!! posts.
I would imagine (hope?) that at the very least the "lifetime" period is specified in the fine print somewhere.
From their FAQ:
The Revolv Lifetime Subscription, which is included in the $299 you pay for the solution, enables GeoSense automation and remote updates that allows your Revolv to work together seamlessly (and continually update) with the products you already own; for the lifetime of the product.
It would appear they have decided to euthanize the product an thus it has reached date end of its lifetime.
The question, as I see it, is given the vague definition of lifetime in the FAQ, and absent any clearer one in the TOS that everyone reads in great detail too be sure they understand what they really are getting and not just click "Accept" does Google's EOL'ing of the Revolv constitute a breach of the promise of lifetime service? The products are still serviceable except for the lack of a server, so should there be a remedy for the people whose live once revolved around home automation but are now at a standstill due to Google's actions?
"Lifetime" in a commercial sense is shorthand for "as long as we care to support the product" rather than "as long as the product works." The FTC, for example, lists 3 different interpretations of the term.
Probably a PIV card for two-factor authentication.
https://en.wikipedia.org/wiki/FIPS_201
Probably given that is pretty much the government standard for most machines, at least on the non-classified network.
Randomize to protect your privacy
You've already given them an email and # number, so they know who you said you were; of course you've created a throwaway email account and phone number that is not tied to any real information so they really don't know you. At that point, you want to appear to be a real person to minimize the chances of them deciding you merely are a bot collecting cash. Running a bot in a VM or on a completely separate machine, connected via a VPN, minimizes the chances of a cookie hanging around to detect the real you, while following a semi-regular pattern of web sites, clicking on ads, etc. helps defeat attempts to id bots. If this ad model is successful and impressions yield sales, you simply become noise in the signal and can continue to generate payments without actually doing anything. Privacy in this case is giving out information to satisfy them without revealing who you are. It's a lot like the discount cards a supermarket offers. As long as they have my name, Attila T. Hun, any address and phone number with an area code followed by 555 7867 they are happy even though none of it is real. My purchases just become noise in the data beyond knowing someone bought X at store Y on Z. You are in essence kidding in plain sight.
New Jersey has 90% of the population of Sweden in 5% of the area. Why can't New Jersey have as good coverage as Sweden?
Toxic waste dumps.
1. Create a bot to randomly crawl pages. 2. Profit?
Why randomly? Create a bot to click to site you like, click on links to articles on the site, scroll down page, return to main page and repeat. You would mimic real browsing habits and with a VM could run it independent of your main machine. Shut it down at about the same time and start up after you "sleep" to avoid being deemed a bot.
Indeed, that's why the calculation of paying subscribers per tower. But I can tell you in Sweden they'll have the more densely populated areas subsidise the sparsely populated areas, very similar to the law the US had re. fixed line telephony.
Th eUS created rural telephone and electric services, some of which exit today in areas that are no longer rural; it's a shame they didn't look to do cell phone and broadband similarly.
Population density of the USA (including Alaska!!) is almost twice that of Sweden: 35 vs 21 people per km2. It should be easier (more economical) to cover the USA - especially if you would exclude Alaska which is mostly completely uninhabited anyway - than it is to cover Sweden.Finland is even worse, just 18 people per km2. Yet even there you have nationwide coverage.
The typical subscriber base of a US based carrier is a lot greater than that of a Swedish carrier, compensating for the larger area to cover. After all it's subscribers that bring in the money. The US has more potential subscribers per area, less carriers (less competition) and far higher fees for mobile phones - yet they can not even build out a nationwide coverage??
You can't just look at density, you must also look at how the population is distributed. While the overall density is greater, there are far larger tracts of sparsely populated areas, so many more towers would be needed than in say Sweden to provide similar coverage. That makes it much more expensive since you need many more towers to reach a very small slice of the US population. If you look at Sweden's cell of coverage map, it appears the very sparse regions in the north west have poor coverage, a situation that mirror the US in that low population density areas are not a priority when building out networks. Considering the US probably has good coverage for over 95% of the population the nationwide network is good enough of for most users and building it out to cover the small percent left its simply not cost effective.
It has everything to do with population density! The calculation is simple, how many users (=paying subscribers) per tower. For a comparable population density that's the same calculation for small and large countries. Btw, Sweden is slightly larger than California and nearly 2/3 of Texas, Sweden's population is nearly 10 million.
The problem is that population is not evenly distributed across the US; so you have some vey dense areas and large swatches of sparsely populated ones; so if you look at average population density you get a distorted view. That is why I said it isn't a function of density per se but rather population distribution. In Sweden, for example, population distribution is somewhat split 50/50 between the south and east, which is dense, an north and west which is much more sparse. If you look at a coverage map, it pretty much aligns with the population density, as does California's. However, the US has a much larger, in absolute size, of sparsely populated areas than does say, Sweden or even Europe; which results in less coverage in some areas simply due to the cost of providing coverage exceeds the return.
Can someone please explain this for us dumb foreigners? I never could make any sense of the US telephone system. Its crazy with being charged for *incoming* calls, and roaming charges when you have not even left the country.
While neither make sense, the reality is most people never exceed they minute allocations nor get charged roaming fees. Given the proliferation of plans that make cell to cell calls not count against minutes so your existing monthly allotment is often not used. Roaming charges were more common when carriers were regional, but since now the major ones are nationwide and have exchange agreements those are pretty much history as well.
Why would the network care if you change handsets? Can't you just buy a new phone from the local tech-shop and swap the SIM over?
Money, although you can often negotiate a credit for the charge.
Heck, even sparsely-populated countries like Sweden and Finland have nationwide coverage for decades already and always had better prices.
The issue isn't population density as much as size. Sweden may not be as densely populated but it is a small country, so it doesn't take as many towers, and resultant costs, to provide coverage. Increase that by a 10 or 20 or so times an date cost doesn't justify the added subscriber base.
I had a friend who's parent died and they needed to cancel service. After explaining the situations to the rep, who was very sympathetic, the rep said "No problem canceling, please put your dad on the line so I can verify he wants to cancel." It took multiple calls to finally cancel. Personally, I'd have stopped paying after the first call, filled a Better Business Bureau complaint, and let them sort it out. Or, see if the local TV station is interested in a "Cable company refuses to cancel dead father's account because he can't talk to them..."
As an Australian citizen living in the US, you know what's super annoying?
- I can use the automated entry in Australia. - US citizens with GE can use automated entry in the US and in Australia too, as you rightly pointed out. - But Australian citizens cannot use automated entry in the US.
Or put another way, Australia is nice enough to let you use your GE in Australia, but the US never reciprocated. Not only that, they don't even allow Australian citizens to manually apply for the American GE program either - it's only open to Americans and a random handful of other people: South Koreans, Germans and the UK I think. Grrrrrrr...
Lawful permanent residents are allowed to apply as well, so if you fall into that category you could apply to GE.
It's $100 still - I just applied two weeks ago. And you can use your existing GE coverage for free in Australia. For South Korea, you have to sign up with their entry program, which is $100, and be an approved GE member, another $100. Other countries charge fees as well. I think there are 6 countries that participate.
Yea, I was wrong. I paid for two at once and forgot it was $100 each.
No, no it's not. Quit spreading FUD and talking out your ass
Yea, I was wrong because I forgot that I paid for 2 at once. So go fuck off, asshole.
With Pre the only time I've had to go through a scanner is if I am randomly selected.
If you travel overseas, go for Global Entry. It costs the same ($100), and it includes PreCheck as a perk. As an added bonus, you get to use kiosks for passport control (never a wait) and the crew line for customs.
I routinely take 8-10 minutes total from deplaning at LAX (Bradley Terminal) to the terminal exit. A bit longer if I have to wait for checked luggage. Worth every cent.
Global Entry is definitely the way to go if you travel internationally. Flying into ATL or JFK is no longer a hassle at customs and immigration. At YVR when a cruise ship is dumping their passengers in the line is no big deal as well. GE is now $200, but many credit cards will refund the fee; even so I'd gladly pay the $200 to avoid a hour or more wait to get back in after a 10 plus hour flight. Pre-check is an added bonus, and I'm glad they are limiting the non - Preorder GE folks from using Pre. Nothing is more annoying to be in line behind someone who doesn't understand they don't need to disrobe and empty their luggage and hold up the line because they are clueless.; and then look all pissed because you toss your bag on the belt ahead of theirs and go through the metal detector.
GE also is expanding to some overseas airports as well for an extra fee. The U.K. Is one destination that would be worth the fee.
It could have started tweeting how iPhones and iPads are the greatest and recommending Macs to everyone; with the occasional anti-MS rant to spice things up.
So if Apple pays the hackers $10,000 then the hackers won't go to the FBI when the FBI offers them $100,000?
What if Spectre pays the hackers one millyun dollars? Would you then write an article about how it's Apple's fault they wrote those bugs in the first place allowing crime and not paying enough a bounty so that good and noble heroic autobot white hat hackers could get paid for their awesome work?
You're onto part of the real point here...but only part of it. Cellebrite already makes their living doing this kind of thing; they're the primary producer of forensic tools for mobile devices. They used to do iPhones, back before it got so hard to hack them that it wasn't worth their time any longer. When troops in the field capture cellular devices and they want to know what is in them? They plug them into a Cellebrite device.
So, 1, Cellebrite isn't 'hackers,' it's a company with a business model that focuses on pulling data out of devices when you don't have the PIN to unlock them. And 2, a bug bounty program isn't meant to deter companies from producing forensic tools.
Exactly. Forensic companies are unlikely to let vendors know what exploits they find because that eliminates one of their entry points once the bug is fixed; the NYT article points that out as well. A bounty program could make it financially unviable to keep trying to find holes in iOS but as it becomes more difficult to find exploits it also becomes more lucrative to sell them to others, white or black hat. Why collect 100K from Apple when you can sell the same exploit multiple times and make a lot more than that? The best outcome Apple could achieve is to make it so difficult and time consuming to find exploits that those with the technical skills to do so turn to easier targets. Sure, a dedicates lone hacker or two may find an exploit and so so simply of rtes challenge; but you only need one of them to turn it it to kill the bug. Recognition and some cash may be enough to convince one person to reveal the bug to Apple; and you only need one person for bounties to be effective. In the end, those who use exploits for financial gain will continue to search and keep their findings to themselves; those that do it for other reasons such as research or for recognition of their skills may be more willing to share what they find.
How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?
If the Israeli company recovers data that gives them leads to other suspected terrorists, does the FBI have legal authority to pursue those leads when the information was "extracted" by a foreign company and it may or may not be fabricated? The only proof that they have that the information was really on the phone is because this company said so.
There is no need for maintaining a chain of custody unless it will be used as evidence. Since anything from this phone would most likely be used to identify potential suspects or persons of interest what they get is no different than any other tip.
Oddly enough, as a former Comcast subscriber who ditched them a few months back it tells me their service is not available in my area. Must be Amazon's way of keeping customer's happy - prevent them from buy a crappy product.
Amazon is changing it's logo from a smile to a scowl...