Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Off-topic
  3. Apple/iPhones not secure anymore

Apple/iPhones not secure anymore

Scheduled Pinned Locked Moved Off-topic
17 Posts 9 Posters 3.1k Views 9 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • doodlemania2D doodlemania2

    @humptydumpty I've read the article and also a few of the notes that are coming out from Apple - I think it's a tad misleading and conjecture on EFF's part till the "features" actually ship. From what I understand (which is also conjecture) is they are gonna use their AI models locally on the iDevice to detect bad things and then notify someone - perhaps that's not accurate.

    fbartelsF Offline
    fbartelsF Offline
    fbartels
    App Dev
    wrote on last edited by
    #4

    @doodlemania2 said in Apple/iPhones not secure anymore:

    use their AI models locally on the iDevice

    Which would make a lot of sense. Modern devices have more than enough power. But the end result is the same, you cannot trust the encryption anymore. when the ai detects something, this needs to be reported somewhere and verified, hence any potential match is sent somewhere out of your control.

    Think of all the doomsday scenarios you can derive from a private company playing police.

    1 Reply Last reply
    0
    • robiR Offline
      robiR Offline
      robi
      wrote on last edited by
      #5

      Avoid using iCloud. You don't know what they do with your stuff there.

      You don't have to upgrade iOS until this blows over.

      It would be nice if there was an alternate OS one could flash on iOS devices.

      Just run freedomize.sh πŸ˜‰

      Conscious tech

      1 Reply Last reply
      0
      • marcusquinnM Offline
        marcusquinnM Offline
        marcusquinn
        wrote on last edited by
        #6

        It it's as accurate as Siri then we are all fukd 🀠

        Web Design https://www.evergreen.je
        Development https://brandlight.org
        Life https://marcusquinn.com

        1 Reply Last reply
        0
        • humptydumptyH humptydumpty

          @doodlemania2 Corporations don't talk about things unless it's already underway. Waiting for features to ship out isn't the right way for us to make decisions. Apple mislead a lot of people (like myself) by saying their phones/OS is secure and private. It feels like a bait and switch tactic and it sure smells like one.

          I don't have kids but others made a good point. If a parent took photos of their kids having their first bath, running naked in the house, wtv.. (kids being kids) and then your iphone sees a bare ass cheek and flags you for the authorities to swoop in. Can you imagine how a person's life/reputation would get destroyed? Even if proven innocent later on, the damage is irreparable.

          Anything can be used for doing evil but you don't see regulation on other things like kitchen knives, pens (jason bourne), pencil (john wick lol), etc.. It's just crazy that we have to give up 100% of our privacy when there is a plethora of other ways to catch the bad ones.

          doodlemania2D Offline
          doodlemania2D Offline
          doodlemania2
          App Dev
          wrote on last edited by
          #7

          @humptydumpty perfectly valid points - if I read the white paper correctly, this is looking at known hashes from the CSAM database which would not include your baby's bottoms (at least we hope). I do agree though - this is ripe for disaster.

          One thing I WOULD say - there are some folks chiming in on press articles that have backgrounds in this sort of thing and their vibe is, yeah, this is gonna blow up in their faces, BUT, they also comment that, cryptographically/implementation wise, it appear to be as close to perfect from a privacy standpoint as one could get while still meeting their objectives of tagging from the CSAM DB.

          Definitely two different types of voices in my message, but that's just me thinking out loud to further a cool dialogue.

          humptydumptyH 1 Reply Last reply
          3
          • robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #8

            This is just another way to make inroads to then later wedge in more privacy erroding functionality.

            Conscious tech

            1 Reply Last reply
            1
            • doodlemania2D doodlemania2

              @humptydumpty perfectly valid points - if I read the white paper correctly, this is looking at known hashes from the CSAM database which would not include your baby's bottoms (at least we hope). I do agree though - this is ripe for disaster.

              One thing I WOULD say - there are some folks chiming in on press articles that have backgrounds in this sort of thing and their vibe is, yeah, this is gonna blow up in their faces, BUT, they also comment that, cryptographically/implementation wise, it appear to be as close to perfect from a privacy standpoint as one could get while still meeting their objectives of tagging from the CSAM DB.

              Definitely two different types of voices in my message, but that's just me thinking out loud to further a cool dialogue.

              humptydumptyH Offline
              humptydumptyH Offline
              humptydumpty
              wrote on last edited by
              #9

              @doodlemania2 I hear you. It's an interesting topic from a technical standpoint, that's for sure.

              They never came after our polaroid cameras (instant cameras) and journals/diary but they're after our smartphones because they can serve as a 24/7 spy tool.

              Personally, it's not about how secure the method is as much as it is the fact that my device is being monitored at all times and this is coming from a person who uses their phone mostly for 2FA & email when on the road.

              As much as I want to put some faith into open source tech, even those will get compromised sooner or later. The only real solution is to lessen the use of tech for every tiny thing (IoT, IP cameras, NAS, notes, etc.) and move things to old school, more reliable methods. I doubt they'll be putting in the same effort to come after those 😏

              1 Reply Last reply
              1
              • jdaviescoatesJ Online
                jdaviescoatesJ Online
                jdaviescoates
                wrote on last edited by
                #10

                See also

                https://appleprivacyletter.com/

                I use Cloudron with Gandi & Hetzner

                1 Reply Last reply
                0
                • necrevistonnezrN Offline
                  necrevistonnezrN Offline
                  necrevistonnezr
                  wrote on last edited by necrevistonnezr
                  #11

                  Thereβ€˜s a lot to consider, this thread by the former Facebook security chief is worth reading: https://twitter.com/alexstamos/status/1424054544556646407

                  β€žIn my opinion, there are no easy answers here. I find myself constantly torn between wanting everybody to have access to cryptographic privacy and the reality of the scale and depth of harm that has been enabled by modern comms technologies.

                  Nuanced opinions are ok on this.

                  […]

                  First off, a lot of security/privacy people are verbally rolling their eyes at the invocation of child safety as a reason for these changes. Don't do that.

                  The scale of abuse that happens to kids online and the impact on those families is unfathomable.β€œ

                  1 Reply Last reply
                  3
                  • humptydumptyH humptydumpty

                    https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life

                    If you're like me and got an iPhone thinking it was secure, well it's not anymore. Time to jump ship. In short, they're scanning your local device and adding a backdoor to encrypted messages.

                    murgeroM Offline
                    murgeroM Offline
                    murgero
                    App Dev
                    wrote on last edited by
                    #12

                    @humptydumpty If you use siri I don't think anything really changes here. Since Siri already scans all your content anyway. Though honestly I think this is a bit far for Apple. They are not a governing body and should not be acting as such.

                    that said - Android always has room for you!

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~

                    humptydumptyH 1 Reply Last reply
                    1
                    • ianhyzyI Offline
                      ianhyzyI Offline
                      ianhyzy
                      wrote on last edited by
                      #13

                      Not a fan of this change at all, but there's been a ton of FUD around this. The thread from Alex Stamos is a good read and it's critical to keep in mind governments, particularly the EU, might require something like this soon, and apple's scanning is a lot less evil than many other ways to do this.

                      1 Reply Last reply
                      2
                      • murgeroM murgero

                        @humptydumpty If you use siri I don't think anything really changes here. Since Siri already scans all your content anyway. Though honestly I think this is a bit far for Apple. They are not a governing body and should not be acting as such.

                        that said - Android always has room for you!

                        humptydumptyH Offline
                        humptydumptyH Offline
                        humptydumpty
                        wrote on last edited by humptydumpty
                        #14

                        @murgero This is my first iPhone. I've been using android since the first HTC came out. Moving to Apple was my way of boycotting google. I don't use Siri though. The only thing stopping me from using a feature phone as my daily driver is 2FA πŸ™‚

                        Edit: As I wrote that, I remembered about Yubico. If I'm not mistaken, I could use that instead of Authy and I wouldn't need a smartphone! Ooooo things are getting exciting.

                        @ianhyzy THINK OF THE CHILDREN.... Meanwhile, no one addresses human trafficking going through airports with fake papers right under the nose of all the governments wanting to invade our privacy.

                        murgeroM marcusquinnM 2 Replies Last reply
                        1
                        • humptydumptyH humptydumpty

                          @murgero This is my first iPhone. I've been using android since the first HTC came out. Moving to Apple was my way of boycotting google. I don't use Siri though. The only thing stopping me from using a feature phone as my daily driver is 2FA πŸ™‚

                          Edit: As I wrote that, I remembered about Yubico. If I'm not mistaken, I could use that instead of Authy and I wouldn't need a smartphone! Ooooo things are getting exciting.

                          @ianhyzy THINK OF THE CHILDREN.... Meanwhile, no one addresses human trafficking going through airports with fake papers right under the nose of all the governments wanting to invade our privacy.

                          murgeroM Offline
                          murgeroM Offline
                          murgero
                          App Dev
                          wrote on last edited by murgero
                          #15

                          @humptydumpty KaiOS has an MFA app compatible with TOTP protocol. Use it on my Go Flip 3 when I detox from the internet πŸ™‚

                          Oh to elaborate, KaiOS is a Smart-Feature phone OS. Includes an app store, the ability to use LTE, use "modern" enough web for stuff like YT, online video (not Netflix/hulu/etc tho) and wifi/bt5. A good detox from the internet and you can get it without the google stuff (though some phones include stuff like google maps, voice, etc.)

                          --
                          https://urgero.org
                          ~ Professional Nerd. Freelance Programmer. ~

                          1 Reply Last reply
                          1
                          • humptydumptyH humptydumpty

                            @murgero This is my first iPhone. I've been using android since the first HTC came out. Moving to Apple was my way of boycotting google. I don't use Siri though. The only thing stopping me from using a feature phone as my daily driver is 2FA πŸ™‚

                            Edit: As I wrote that, I remembered about Yubico. If I'm not mistaken, I could use that instead of Authy and I wouldn't need a smartphone! Ooooo things are getting exciting.

                            @ianhyzy THINK OF THE CHILDREN.... Meanwhile, no one addresses human trafficking going through airports with fake papers right under the nose of all the governments wanting to invade our privacy.

                            marcusquinnM Offline
                            marcusquinnM Offline
                            marcusquinn
                            wrote on last edited by
                            #16

                            @humptydumpty Bitwarden can work as a 2FA code generator too. Same for Enpass.io.

                            Web Design https://www.evergreen.je
                            Development https://brandlight.org
                            Life https://marcusquinn.com

                            humptydumptyH 1 Reply Last reply
                            0
                            • marcusquinnM marcusquinn

                              @humptydumpty Bitwarden can work as a 2FA code generator too. Same for Enpass.io.

                              humptydumptyH Offline
                              humptydumptyH Offline
                              humptydumpty
                              wrote on last edited by humptydumpty
                              #17

                              @marcusquinn I'm against storing it all in one place. The idea is that if my master pass is compromised, I won't lose the keys to the kingdom. It's also why I add memorized pass phrases to the end of the bitwarden generated passwords for select sensitive logins. Now they have to go through me to get them.

                              @murgero I have the Nokia 6300 4G and tried to remove the Google apps but couldn't. I found a hacking video but it seems that method got patched and was a dead end. It's what drove me to find the phones I posted about in another thread. Nokia is a PITA when it comes to letting you have root access on your phone and I should have learned from my experience after owning the Nokia 6 & 7.1 but I was too lazy to research the phone before buying it.

                              1 Reply Last reply
                              1
                              Reply
                              • Reply as topic
                              Log in to reply
                              • Oldest to Newest
                              • Newest to Oldest
                              • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search