Apple/iPhones not secure anymore
-
@humptydumpty perfectly valid points - if I read the white paper correctly, this is looking at known hashes from the CSAM database which would not include your baby's bottoms (at least we hope). I do agree though - this is ripe for disaster.
One thing I WOULD say - there are some folks chiming in on press articles that have backgrounds in this sort of thing and their vibe is, yeah, this is gonna blow up in their faces, BUT, they also comment that, cryptographically/implementation wise, it appear to be as close to perfect from a privacy standpoint as one could get while still meeting their objectives of tagging from the CSAM DB.
Definitely two different types of voices in my message, but that's just me thinking out loud to further a cool dialogue.
-
@doodlemania2 I hear you. It's an interesting topic from a technical standpoint, that's for sure.
They never came after our polaroid cameras (instant cameras) and journals/diary but they're after our smartphones because they can serve as a 24/7 spy tool.
Personally, it's not about how secure the method is as much as it is the fact that my device is being monitored at all times and this is coming from a person who uses their phone mostly for 2FA & email when on the road.
As much as I want to put some faith into open source tech, even those will get compromised sooner or later. The only real solution is to lessen the use of tech for every tiny thing (IoT, IP cameras, NAS, notes, etc.) and move things to old school, more reliable methods. I doubt they'll be putting in the same effort to come after those
-
See also
-
Thereโs a lot to consider, this thread by the former Facebook security chief is worth reading: https://twitter.com/alexstamos/status/1424054544556646407
โIn my opinion, there are no easy answers here. I find myself constantly torn between wanting everybody to have access to cryptographic privacy and the reality of the scale and depth of harm that has been enabled by modern comms technologies.
Nuanced opinions are ok on this.
[โฆ]
First off, a lot of security/privacy people are verbally rolling their eyes at the invocation of child safety as a reason for these changes. Don't do that.
The scale of abuse that happens to kids online and the impact on those families is unfathomable.โ
-
@humptydumpty If you use siri I don't think anything really changes here. Since Siri already scans all your content anyway. Though honestly I think this is a bit far for Apple. They are not a governing body and should not be acting as such.
that said - Android always has room for you!
-
Not a fan of this change at all, but there's been a ton of FUD around this. The thread from Alex Stamos is a good read and it's critical to keep in mind governments, particularly the EU, might require something like this soon, and apple's scanning is a lot less evil than many other ways to do this.
-
@murgero This is my first iPhone. I've been using android since the first HTC came out. Moving to Apple was my way of boycotting google. I don't use Siri though. The only thing stopping me from using a feature phone as my daily driver is 2FA
Edit: As I wrote that, I remembered about Yubico. If I'm not mistaken, I could use that instead of Authy and I wouldn't need a smartphone! Ooooo things are getting exciting.
@ianhyzy THINK OF THE CHILDREN.... Meanwhile, no one addresses human trafficking going through airports with fake papers right under the nose of all the governments wanting to invade our privacy.
-
@humptydumpty KaiOS has an MFA app compatible with TOTP protocol. Use it on my Go Flip 3 when I detox from the internet
Oh to elaborate, KaiOS is a Smart-Feature phone OS. Includes an app store, the ability to use LTE, use "modern" enough web for stuff like YT, online video (not Netflix/hulu/etc tho) and wifi/bt5. A good detox from the internet and you can get it without the google stuff (though some phones include stuff like google maps, voice, etc.)
-
@humptydumpty Bitwarden can work as a 2FA code generator too. Same for Enpass.io.
-
@marcusquinn I'm against storing it all in one place. The idea is that if my master pass is compromised, I won't lose the keys to the kingdom. It's also why I add memorized pass phrases to the end of the bitwarden generated passwords for select sensitive logins. Now they have to go through me to get them.
@murgero I have the Nokia 6300 4G and tried to remove the Google apps but couldn't. I found a hacking video but it seems that method got patched and was a dead end. It's what drove me to find the phones I posted about in another thread. Nokia is a PITA when it comes to letting you have root access on your phone and I should have learned from my experience after owning the Nokia 6 & 7.1 but I was too lazy to research the phone before buying it.