The fact that I don't have to submit to those intrusions is part of my freedom. I appreciate my freedom and am willing to forgo or more efficient justice system in order to maintain my freedom - especially given the fact that once freedom is sufficiently curtailed those doing the curtailing tend to lose their concern for justice.
That's already happened.
What the real concern is, once freedom is sufficiently curtailed, there is no such thing as innocence.
We need to curtail the government's intrusion, not make it bigger. 9/11 started a dangerous trend of fighting terrorism by shackling law-abiding citizens, bit by bit.
Because that was the real reason behind 9/11. The gummint tried to sell their bill-of-goods with the Oklahoma City "Terrorist Attack"; but Congress didn't bite. But they sure bit, and bit hard on 9/11.
Don't get me started... 2000+ pages of the USAPATRIOTACT supposedly written, proofread, and voted-on in less than two weeks?!? Yeahrightsure. I couldn't mash on the keyboard and get 2,000 pages of asdfjkl; typed in that much time!
They didn't have that all ready-to-go before those planes ever left the ground. No. Of course not...
And even if we made the HUGE assumption that all law enforcement individuals would only ever use the back doors for legitimate investigative purposes
An assumption that has been proven incorrect pretty much 100% of the time it has been tested. There has been study after study on the subject, and the result is always the same. If people have the power to surveil, they will, regardless of the validity of the surveillance activity.
Maybe we just don't want all that data "out there"? Maybe I'm just uncomfortable with people knowing the stuff in my head. Maybe I don't trust the police. Maybe I'm already a criminal and I just don't know it yet. For a country that stands on liberty we're doing a damn fine job of restricting it or removing it for the flimsiest of reasons these days. So, no. Call this civil disobedience if you like but it's become necessary now because I have no trust in the system anymore.
There is no reason evidence on your phone should be any different than evidence you leave in your house.
And so, when the Police show up at your door with a Search Warrant, what part of the Constitution (or any caselaw in any U.S. jurisdiction) REQUIRES you to show the Police where the evidence is?
Safes can be opened... with a warrant. Mail can be opened... with a warrant. Vehicles can be searched... with a warrant. There's no reason to make smartphones that can't be searched... with a warrant. I'm starting to get on board that Cortana should be accessible to law enforcement if needed to solve crimes. This is getting ridiculous, when there is evidence that could solve multiple murders and they have it so locked down that even LEO cannot get at it. That type of encryption is for the government, not for joe six-pack.
Some people even now state that bottling them up is better.
Sounds like one of my favorite Marge Simpson quotes, from the Episode "Moaning Lisa":
"It doesn't matter how you feel inside, you know. It's what shows up on the outside that counts. Take all your bad feelings and push them down, all the way down past your knees, until you're almost walking on them. And then you'll fit in, and you'll be invited to parties, and boys will like you. And happiness will follow."
An old trick is to write the email and not send it, or send it to yourself. That way you get some catharsis, and can send a more civil email later (or no email at all, handle it politely in person).
After sending some Career-Limiting-Emails in my time, I have had to learn this trick, too. It really does help. And help you to keep your job!
The only thing "disproven" is any claim you might ever have made about understanding what "security through obscurity" means.
Protip: it's got fuckall to do with market share.
Really? I've been around these parts since 2004, and that's what most, if not all, Slashdotters seem to claim again and again as to why OS X has no (or virtually no) Malware.
I understand that, technically, "security through obscurity" actually refers to intentionally (or unintentionally) obsfucated code allegedly being harder to reverse-engineer an exploit for; but you have to admit, the de facto meaning on Slashdot does often (if not always) refer to marketshare (or lack thereof) making a "smaller" (or at least "less desirable") target.
AOSP may lack the proprietary Google applications and open-source versions of some device drivers, but it otherwise comprises a complete operating system.
So, other than being incomplete, it's complete, right?
Where can I download the iOS source code? Oh wait you can't. But you can download the Android source code [android.com]
So, can you really expect to compile that and end up with something that you can load into your phone (and have it work?). No. No more than you can download Darwin and expect it to be a fully-functional iOS build.
But actually, you can download some parts of iOS, just like you can download some parts of Android.
the ONLY way to be even semi-secure with Android is to only download "curated" Apps
True, but Android lets the user choose more than one curator. Other established curators include Amazon and F-Droid.
So, you really trust Amazon, let-alone F-Droid, to properly "vet" Apps?
Heck, even Google has let several (and I mean SEVERAL) malware-infested Apps exist on the Play Store. There have been a COUPLE (and I mean a COUPLE) of (now deleted) infected iOS Apps; but nothing compared to Android, even on the "Curated" sites.
Ummm, no? You have to actively turn off known app vulnerability scans when you sideload. Even if Joe Shmoe user finds out how to sideload, most will just tap on the big OK let google scan this app for vulnerabilities.
So, as I said, the ONLY way to be even semi-secure with Android is to only download "curated" Apps. Anything else relies on the User to not be too anxious to see the new Hello Kitty wallpaper.
Plus this is about unrooted phones. Hows that sideloading going for non jail-broken iOS devices?
Fortunately, most SANE iOS Users don't jailbreak. So, my question to you is "How's that sideloading going for Android Devices?"
Nope, since everything on iOS _has_ to go through the app store, and can't be sideloaded ( unless you jailbreak... meaning there was ALREADY a security vulnerability ) it wouldn't be downplayed since the app was ALREADY said to be safe from a security scan / audit. If iOS allowed sideloading, AND Apple scanned sideloaded apps like Google, then it would be no different.
LOL! That logic is SO circular that you made me dizzy! What the HELL are you trying to doublespeak?!?
it is oss as far as the os goes, but many of google's apps and their underlying service frameworks are closed source. so what you do is compile the os for your device and obtain an archive of the google apps/services exactly like cyanogenmod, et. al. do.
So, it is Open Source in the same way that OS X and iOS are. Darwin is Open Source. Many Frameworks are Open Source; but then...
So, in that regard Android and iOS/OS X are equivalent. But only one of them seems to be designed with security in mind. Guess which one...
ios is now getting the same security through obscurity pass that osx has gotten.
LOLOL! That meme has been disproven time and again; and in case you haven't noticed, iOS is no Windows Phone. It still has quite enough marketshare to be a target.
I almost wonder whether Google are encouraging people to publicize Android vulnerabilities so they can say 'look, this isn't working, we need to be able to push updates to phones ourselves'. They have to do that if Android has any future.
Google doesn't have to resort to tactics like that. They can simply "update" their OEM agreements and pretty much everyone would just have to take it. I SUPPOSE they could Fork Android; but the truth is, not one of them (except maybe Slamdung) has the wherewithal to keep up with Android development internally.
The article is a little bit ambiguous; it says Google's already patched OpenSSL, so I'm guessing if your device still receives updates from your carrier, then you're safe
Even harder, in iOS, the fingerprint reader traffic is encrypted, and the reader and secure enclave do a public-private key thing to keep the fingerprint secure.
So not only is the information in the secure enclave, but it's traffic is secured by the hardware. Two reasons - one, to prevent sniffing, and the other, to prevent malware from commandeering the fingerprint reader.
Slashdot Mirror
The fact that I don't have to submit to those intrusions is part of my freedom. I appreciate my freedom and am willing to forgo or more efficient justice system in order to maintain my freedom - especially given the fact that once freedom is sufficiently curtailed those doing the curtailing tend to lose their concern for justice.
That's already happened.
What the real concern is, once freedom is sufficiently curtailed, there is no such thing as innocence.
Hear, hear. Let his and his family's anuses be aggressively searched. "With a warrant", of course.
You mean "with Enhanced Interrogation Techniques" (which aren't Torture, of course).
They do have one, and they generally use it fairly reaonsably. There are exceptions, and those make the news.
Yeah, when the target is lucky enough to even find out that a warrantless search was conducted.
Imagine how much swifter and more efficient Justice would be if law enforcement had a key that gave them access to every home in their country.
They do. It's called a National Security Letter. It is literally a pass-key into any home. No steenking warrant required.
"Siri, Scott is running after me with a bat. How should I defend myself?"
Siri: Let me check on that... Here's what I found on the web...
OR...
Siri: I'm afraid I can't understand Scott is rubbing lather me with a cat...
Siri, open this phone, I am a cop.
Siri: I'm sorry, but I'm afraid I can't do that.
We need to curtail the government's intrusion, not make it bigger. 9/11 started a dangerous trend of fighting terrorism by shackling law-abiding citizens, bit by bit.
Because that was the real reason behind 9/11. The gummint tried to sell their bill-of-goods with the Oklahoma City "Terrorist Attack"; but Congress didn't bite. But they sure bit, and bit hard on 9/11.
Don't get me started... 2000+ pages of the USAPATRIOTACT supposedly written, proofread, and voted-on in less than two weeks?!? Yeahrightsure. I couldn't mash on the keyboard and get 2,000 pages of asdfjkl; typed in that much time!
They didn't have that all ready-to-go before those planes ever left the ground. No. Of course not...
If the government *gets a warrant*, they can coerce the owner of the phone to unlock it for use as evidence.
I believe that is only true of Biometric security (for some unfathomable reason). IIRC, you cannot be ordered to divulge a password for your phone.
And even if we made the HUGE assumption that all law enforcement individuals would only ever use the back doors for legitimate investigative purposes
An assumption that has been proven incorrect pretty much 100% of the time it has been tested. There has been study after study on the subject, and the result is always the same. If people have the power to surveil, they will, regardless of the validity of the surveillance activity.
Maybe we just don't want all that data "out there"? Maybe I'm just uncomfortable with people knowing the stuff in my head. Maybe I don't trust the police. Maybe I'm already a criminal and I just don't know it yet. For a country that stands on liberty we're doing a damn fine job of restricting it or removing it for the flimsiest of reasons these days. So, no. Call this civil disobedience if you like but it's become necessary now because I have no trust in the system anymore.
Hear, hear!
There is no reason evidence on your phone should be any different than evidence you leave in your house.
And so, when the Police show up at your door with a Search Warrant, what part of the Constitution (or any caselaw in any U.S. jurisdiction) REQUIRES you to show the Police where the evidence is?
So why should your phone be any less "opaque"?
Safes can be opened ... with a warrant. Mail can be opened ... with a warrant. Vehicles can be searched ... with a warrant. There's no reason to make smartphones that can't be searched ... with a warrant. I'm starting to get on board that Cortana should be accessible to law enforcement if needed to solve crimes. This is getting ridiculous, when there is evidence that could solve multiple murders and they have it so locked down that even LEO cannot get at it. That type of encryption is for the government, not for joe six-pack.
Fuck you. Go live in your Police State.
Some people even now state that bottling them up is better.
Sounds like one of my favorite Marge Simpson quotes, from the Episode "Moaning Lisa":
"It doesn't matter how you feel inside, you know. It's what shows up on the outside that counts. Take all your bad feelings and push them down, all the way down past your knees, until you're almost walking on them. And then you'll fit in, and you'll be invited to parties, and boys will like you. And happiness will follow."
An old trick is to write the email and not send it, or send it to yourself. That way you get some catharsis, and can send a more civil email later (or no email at all, handle it politely in person).
After sending some Career-Limiting-Emails in my time, I have had to learn this trick, too. It really does help. And help you to keep your job!
The only thing "disproven" is any claim you might ever have made about understanding what "security through obscurity" means.
Protip: it's got fuckall to do with market share.
Really? I've been around these parts since 2004, and that's what most, if not all, Slashdotters seem to claim again and again as to why OS X has no (or virtually no) Malware.
I understand that, technically, "security through obscurity" actually refers to intentionally (or unintentionally) obsfucated code allegedly being harder to reverse-engineer an exploit for; but you have to admit, the de facto meaning on Slashdot does often (if not always) refer to marketshare (or lack thereof) making a "smaller" (or at least "less desirable") target.
AOSP may lack the proprietary Google applications and open-source versions of some device drivers, but it otherwise comprises a complete operating system.
So, other than being incomplete, it's complete, right?
Where can I download the iOS source code? Oh wait you can't. But you can download the Android source code [android.com]
So, can you really expect to compile that and end up with something that you can load into your phone (and have it work?). No. No more than you can download Darwin and expect it to be a fully-functional iOS build.
But actually, you can download some parts of iOS, just like you can download some parts of Android.
the ONLY way to be even semi-secure with Android is to only download "curated" Apps
True, but Android lets the user choose more than one curator. Other established curators include Amazon and F-Droid.
So, you really trust Amazon, let-alone F-Droid, to properly "vet" Apps?
Heck, even Google has let several (and I mean SEVERAL) malware-infested Apps exist on the Play Store. There have been a COUPLE (and I mean a COUPLE) of (now deleted) infected iOS Apps; but nothing compared to Android, even on the "Curated" sites.
Ummm, no? You have to actively turn off known app vulnerability scans when you sideload. Even if Joe Shmoe user finds out how to sideload, most will just tap on the big OK let google scan this app for vulnerabilities.
So, as I said, the ONLY way to be even semi-secure with Android is to only download "curated" Apps. Anything else relies on the User to not be too anxious to see the new Hello Kitty wallpaper.
Plus this is about unrooted phones. Hows that sideloading going for non jail-broken iOS devices?
Fortunately, most SANE iOS Users don't jailbreak. So, my question to you is "How's that sideloading going for Android Devices?"
Nope, since everything on iOS _has_ to go through the app store, and can't be sideloaded ( unless you jailbreak... meaning there was ALREADY a security vulnerability ) it wouldn't be downplayed since the app was ALREADY said to be safe from a security scan / audit. If iOS allowed sideloading, AND Apple scanned sideloaded apps like Google, then it would be no different.
LOL! That logic is SO circular that you made me dizzy! What the HELL are you trying to doublespeak?!?
it is oss as far as the os goes, but many of google's apps and their underlying service frameworks are closed source. so what you do is compile the os for your device and obtain an archive of the google apps/services exactly like cyanogenmod, et. al. do.
So, it is Open Source in the same way that OS X and iOS are. Darwin is Open Source. Many Frameworks are Open Source; but then...
So, in that regard Android and iOS/OS X are equivalent. But only one of them seems to be designed with security in mind. Guess which one...
ios is now getting the same security through obscurity pass that osx has gotten.
LOLOL! That meme has been disproven time and again; and in case you haven't noticed, iOS is no Windows Phone. It still has quite enough marketshare to be a target.
Face it. Android is broken by design.
I almost wonder whether Google are encouraging people to publicize Android vulnerabilities so they can say 'look, this isn't working, we need to be able to push updates to phones ourselves'. They have to do that if Android has any future.
Google doesn't have to resort to tactics like that. They can simply "update" their OEM agreements and pretty much everyone would just have to take it. I SUPPOSE they could Fork Android; but the truth is, not one of them (except maybe Slamdung) has the wherewithal to keep up with Android development internally.
So really to fall victim to this you would have to go far out of your way to be dumb. Enable installing apps from other sources
So, IOW, you have to submit to a "Walled Garden", right?
Haaaa Hahahahhahahahahahaha!!!!!
And tell me truthfully, if this Article was about iOS instead of Android, would you REALLY be downplaying the danger here?
Thought so.
The article is a little bit ambiguous; it says Google's already patched OpenSSL, so I'm guessing if your device still receives updates from your carrier, then you're safe
So, IOW, RUN FOR THE HILLS!!!
Google has already patched the SDKs, but I think any apps made with them have to be updated as well.
But Android is Open Sores, right?!? Just Recompile your OS and all the Apps and...
br. Oh, wait...
Even harder, in iOS, the fingerprint reader traffic is encrypted, and the reader and secure enclave do a public-private key thing to keep the fingerprint secure.
So not only is the information in the secure enclave, but it's traffic is secured by the hardware. Two reasons - one, to prevent sniffing, and the other, to prevent malware from commandeering the fingerprint reader.
You're right. I'd forgotten about those details.