Apple/iPhones not secure anymore
-
If you're like me and got an iPhone thinking it was secure, well it's not anymore. Time to jump ship. In short, they're scanning your local device and adding a backdoor to encrypted messages.
-
@humptydumpty I've read the article and also a few of the notes that are coming out from Apple - I think it's a tad misleading and conjecture on EFF's part till the "features" actually ship. From what I understand (which is also conjecture) is they are gonna use their AI models locally on the iDevice to detect bad things and then notify someone - perhaps that's not accurate.
-
@doodlemania2 Corporations don't talk about things unless it's already underway. Waiting for features to ship out isn't the right way for us to make decisions. Apple mislead a lot of people (like myself) by saying their phones/OS is secure and private. It feels like a bait and switch tactic and it sure smells like one.
I don't have kids but others made a good point. If a parent took photos of their kids having their first bath, running naked in the house, wtv.. (kids being kids) and then your iphone sees a bare ass cheek and flags you for the authorities to swoop in. Can you imagine how a person's life/reputation would get destroyed? Even if proven innocent later on, the damage is irreparable.
Anything can be used for doing evil but you don't see regulation on other things like kitchen knives, pens (jason bourne), pencil (john wick lol), etc.. It's just crazy that we have to give up 100% of our privacy when there is a plethora of other ways to catch the bad ones.
-
@doodlemania2 said in Apple/iPhones not secure anymore:
use their AI models locally on the iDevice
Which would make a lot of sense. Modern devices have more than enough power. But the end result is the same, you cannot trust the encryption anymore. when the ai detects something, this needs to be reported somewhere and verified, hence any potential match is sent somewhere out of your control.
Think of all the doomsday scenarios you can derive from a private company playing police.
-
It it's as accurate as Siri then we are all fukd
-
@humptydumpty perfectly valid points - if I read the white paper correctly, this is looking at known hashes from the CSAM database which would not include your baby's bottoms (at least we hope). I do agree though - this is ripe for disaster.
One thing I WOULD say - there are some folks chiming in on press articles that have backgrounds in this sort of thing and their vibe is, yeah, this is gonna blow up in their faces, BUT, they also comment that, cryptographically/implementation wise, it appear to be as close to perfect from a privacy standpoint as one could get while still meeting their objectives of tagging from the CSAM DB.
Definitely two different types of voices in my message, but that's just me thinking out loud to further a cool dialogue.
-
@doodlemania2 I hear you. It's an interesting topic from a technical standpoint, that's for sure.
They never came after our polaroid cameras (instant cameras) and journals/diary but they're after our smartphones because they can serve as a 24/7 spy tool.
Personally, it's not about how secure the method is as much as it is the fact that my device is being monitored at all times and this is coming from a person who uses their phone mostly for 2FA & email when on the road.
As much as I want to put some faith into open source tech, even those will get compromised sooner or later. The only real solution is to lessen the use of tech for every tiny thing (IoT, IP cameras, NAS, notes, etc.) and move things to old school, more reliable methods. I doubt they'll be putting in the same effort to come after those
-
See also
-
Thereβs a lot to consider, this thread by the former Facebook security chief is worth reading: https://twitter.com/alexstamos/status/1424054544556646407
βIn my opinion, there are no easy answers here. I find myself constantly torn between wanting everybody to have access to cryptographic privacy and the reality of the scale and depth of harm that has been enabled by modern comms technologies.
Nuanced opinions are ok on this.
[β¦]
First off, a lot of security/privacy people are verbally rolling their eyes at the invocation of child safety as a reason for these changes. Don't do that.
The scale of abuse that happens to kids online and the impact on those families is unfathomable.β
-
@humptydumpty If you use siri I don't think anything really changes here. Since Siri already scans all your content anyway. Though honestly I think this is a bit far for Apple. They are not a governing body and should not be acting as such.
that said - Android always has room for you!
-
Not a fan of this change at all, but there's been a ton of FUD around this. The thread from Alex Stamos is a good read and it's critical to keep in mind governments, particularly the EU, might require something like this soon, and apple's scanning is a lot less evil than many other ways to do this.
-
@murgero This is my first iPhone. I've been using android since the first HTC came out. Moving to Apple was my way of boycotting google. I don't use Siri though. The only thing stopping me from using a feature phone as my daily driver is 2FA
Edit: As I wrote that, I remembered about Yubico. If I'm not mistaken, I could use that instead of Authy and I wouldn't need a smartphone! Ooooo things are getting exciting.
@ianhyzy THINK OF THE CHILDREN.... Meanwhile, no one addresses human trafficking going through airports with fake papers right under the nose of all the governments wanting to invade our privacy.
-
@humptydumpty KaiOS has an MFA app compatible with TOTP protocol. Use it on my Go Flip 3 when I detox from the internet
Oh to elaborate, KaiOS is a Smart-Feature phone OS. Includes an app store, the ability to use LTE, use "modern" enough web for stuff like YT, online video (not Netflix/hulu/etc tho) and wifi/bt5. A good detox from the internet and you can get it without the google stuff (though some phones include stuff like google maps, voice, etc.)
-
@humptydumpty Bitwarden can work as a 2FA code generator too. Same for Enpass.io.
-
@marcusquinn I'm against storing it all in one place. The idea is that if my master pass is compromised, I won't lose the keys to the kingdom. It's also why I add memorized pass phrases to the end of the bitwarden generated passwords for select sensitive logins. Now they have to go through me to get them.
@murgero I have the Nokia 6300 4G and tried to remove the Google apps but couldn't. I found a hacking video but it seems that method got patched and was a dead end. It's what drove me to find the phones I posted about in another thread. Nokia is a PITA when it comes to letting you have root access on your phone and I should have learned from my experience after owning the Nokia 6 & 7.1 but I was too lazy to research the phone before buying it.