While it is pretty clear that Apple is mostly concerned with privacy and security when it benefits themselves, I do think there is a point with regards to overall security for the average user. I...
While it is pretty clear that Apple is mostly concerned with privacy and security when it benefits themselves, I do think there is a point with regards to overall security for the average user. I know many of us who have used computers for several decades like and appreciate to have full control over our devices, which include making them insecure. The reality is, that a good deal of average users in practice need someone else to control their device for them to minimize the risk of being compromised. Forced security update does benefit the ecosystem as a whole. However, from my understanding with regards to allowing external app stores onto iOS devices, it will require the end user to do something active themselves and likely won't be affecting those that use the default setup of their devices in the first place.
I appreciate your perspective on the balance between user autonomy and security. It's true that for those of us with a long history of computer use, the ability to tweak and control our devices is...
I appreciate your perspective on the balance between user autonomy and security. It's true that for those of us with a long history of computer use, the ability to tweak and control our devices is a valued aspect of technology ownership. However, I also recognize the importance of protecting less tech-savvy users from potential security threats. The approach of implementing mandatory security updates can indeed be seen as a way to safeguard the digital ecosystem.
Regarding the introduction of external app stores on iOS, I agree that it seems designed to be an opt-in feature, which should preserve the integrity of the default system for most users. This could be a positive step towards offering more choice for those who desire it, without compromising the security of those who prefer the simplicity and safety of the existing setup.
My concern here is users who opt in but aren’t savvy. I lack the language to describe it without superstition, but I suspect part of the security of icloud (and imessages) as to do with integrity...
My concern here is users who opt in but aren’t savvy. I lack the language to describe it without superstition, but I suspect part of the security of icloud (and imessages) as to do with integrity of all entry points. If there is a systematic degradation, the whole thing becomes degraded, amd I become more at risk from within the system.
Yeah if the juice is worth the squeeze scammers can train users to let them in. Like a lot of these tech support scams require the end user to circumvent a lot of controls to let the scammer in,...
My concern here is users who opt in but aren’t savvy
Yeah if the juice is worth the squeeze scammers can train users to let them in. Like a lot of these tech support scams require the end user to circumvent a lot of controls to let the scammer in, but since they’ve got you on the phone and assume an air of authority they can walk people through the action of installing remote access software, keyloggers, etc.
One of the weird parts about how this discussion often goes is that it’s usually very all or nothing. Like you either have the gate closed and it’s a scam free paradise or you open the gate and it’s scampocalypse. But as with most things, it’s increases and decreases on the margins.
Some non-zero number of additional people will get scammed when you open each gate. We decide whether that’s worth the other tradeoffs we want.
The thing is....there's already tons of phishing phone call and notification spam that scammers are doing to get this kinda stuff. Like the MFA Bomblings. Will this increase the attack surface a...
The thing is....there's already tons of phishing phone call and notification spam that scammers are doing to get this kinda stuff. Like the MFA Bomblings.
Will this increase the attack surface a bit? Yea probably. But the Venn Diagram between "Will fall for a scammer that would exploit a current iPhone" and "Will fall for a scammer that would exploit a fully unwalled iPhone" is almost certainly much closer to a circle than a figure 8.
We don't see regular news articles about mass Android user scams, despite that being the status quo (and majority outside the USA).
It does seem to be the case that third party stores on Android contain more malware than the Google Play store. While the majority of malware does come from the Play store itself, the ratio of...
It does seem to be the case that third party stores on Android contain more malware than the Google Play store. While the majority of malware does come from the Play store itself, the ratio of legitimate apps to malware is quite a bit lower on the official store.
To be fair, Apple users would also generally be much safer if third-party dialers and SMS apps were available that could better screen out spams and phishing. I think opening the door to allow...
To be fair, Apple users would also generally be much safer if third-party dialers and SMS apps were available that could better screen out spams and phishing. I think opening the door to allow that will likely be a net-positive tradeoff.
There are some options available now, but they’re not that great because Apple has made a concerted effort to deny them the same privileges as those offered by their own first-party dialer + iMessage.
Honestly the scam phone call thing is a regulatory failure more than anything. The DOJ should be spending its time on that instead of their inane anti-trust case.
Honestly the scam phone call thing is a regulatory failure more than anything. The DOJ should be spending its time on that instead of their inane anti-trust case.
I’ve actually gotta give the feds credit for the STIR/SHAKEN mandate - I don’t see a regulatory failure on that front. Apple not allowing users to implement better customized controls (e.g....
I’ve actually gotta give the feds credit for the STIR/SHAKEN mandate - I don’t see a regulatory failure on that front.
Apple not allowing users to implement better customized controls (e.g. automatically send international calls or certain area codes to voicemail) is the bigger barrier to suppressing the problem in my book, but I get where you’re coming from.
So there’s interestingly a hidden level of control that you can take here- I’m not certain on the details, but carriers have apps that allow you to more dynamically block spam calls. ATT’s is...
So there’s interestingly a hidden level of control that you can take here- I’m not certain on the details, but carriers have apps that allow you to more dynamically block spam calls. ATT’s is called ActiveArmor, and it’s definitely better than nothing (and is free on all postpaid rate plans, not sure about prepaid).
It’s imperfect, and doesn’t allow a super fine-grained level of control, but it’s certainly better than nothing. I believe there are also 3rd party apps that can use this same API, but have not specifically sought any out.
Great to know - thank you! I just checked and unfortunately my carrier doesn't offer any features like that, but I'll hunt for a good third-party app later and try it out.
Great to know - thank you!
I just checked and unfortunately my carrier doesn't offer any features like that, but I'll hunt for a good third-party app later and try it out.
I generally like how MacOS deals with it currently, with a big warning and some extra hoops you need to go through if you install an app from a developer that Apple hasn't approved. But you can...
I generally like how MacOS deals with it currently, with a big warning and some extra hoops you need to go through if you install an app from a developer that Apple hasn't approved. But you can still do it. Wouldn't mind a similar approach to iOS devices.
That's basically exactly what Android and Windows do as well. It's almost as if we already have a gigantic suite of tools available across a wide range of computing platforms to achieve this sort...
That's basically exactly what Android and Windows do as well.
It's almost as if we already have a gigantic suite of tools available across a wide range of computing platforms to achieve this sort of balance between user empowerment and protection.
I can't decide if it's the best or even a good implementation. Those pop-ups are annoying but they do inform the user but I also can't help but feel like they're just coaxing me towards their own...
I can't decide if it's the best or even a good implementation. Those pop-ups are annoying but they do inform the user but I also can't help but feel like they're just coaxing me towards their own app stores.
There is the inherent paradox. If you want users to be aware of the risks, and gain consent to grant risky permissions....you have to kind of nag them. So eventually, users will be conditioned to...
There is the inherent paradox. If you want users to be aware of the risks, and gain consent to grant risky permissions....you have to kind of nag them.
So eventually, users will be conditioned to just 'click the button to make it work'.
There needs to be some sort of middle ground, and really I think that middle ground is 'teaching people to develop the skills that they don't need a giant warning button every 3 clicks'.
If you never teach a child to use a knife, chopping vegetables will seem a difficult and dangerous task that only professionals dare attempt.
My kid could use a kitchen knife (like a proper 10" one) from the ripe old age of 6. It's not difficult, it just requires treating the task with the proper attention and respect it deserves.
The problem is that people have decided that computers are more like sponges than knives. And a lot of security tooling seems to be a lot less "how do we help people use knives better" and a lot more "how can we make this knife be more like a sponge."
Honestly, they should coax. For 95% of users, there's no reason they can't just use an official app store app. Alternative app stores and side loading should be reserved for power users who know...
Honestly, they should coax. For 95% of users, there's no reason they can't just use an official app store app. Alternative app stores and side loading should be reserved for power users who know what they're doing and can deal with a bit of nagging.
I disagree. Most of the software I preload onto my work computers before sending them out in the field isn't on the Microsoft store and I wouldn't want anything to be beholden to that platform...
I disagree. Most of the software I preload onto my work computers before sending them out in the field isn't on the Microsoft store and I wouldn't want anything to be beholden to that platform after just trying to play Forza Horizon 5 on it. I like my programs installed locally and on their own. I'm sure the MacOS store is more robust but I like less middlemen between my software and me.
I think computers and mobile devices are two entirely different conversations. There are a lot of really complex legacy, technological, and cultural reasons why most mobile app stores have the...
I think computers and mobile devices are two entirely different conversations. There are a lot of really complex legacy, technological, and cultural reasons why most mobile app stores have the vast majority of the apps people would want to use on their devices, but computer app stores don't.
I'm honestly most curious about the cultural reasons but if you wouldn't mind expanding on all of these I'm a captive audience. Even on my personal mobile device (thank god I don't have to set up...
There are a lot of really complex legacy, technological, and cultural reasons
I'm honestly most curious about the cultural reasons but if you wouldn't mind expanding on all of these I'm a captive audience.
Even on my personal mobile device (thank god I don't have to set up any work phones) I try to limit 'app store' apps. Usually games which I don't mind auto updating in the background. If my phone is going to be forced to use apps instead of my browser, which I can use for everything on my desktop, I want as much control as I can. Big businesses have too much power to say "You're on your phone, you have to use our app and agree to our EULA" to make me comfortable using the app store for everything.
The incentives to require everyone to "opt in" are likely going to be very very high given the reasons this whole case started. I would not be surprised if you get the usual "this app wants you to...
Regarding the introduction of external app stores on iOS, I agree that it seems designed to be an opt-in feature, which should preserve the integrity of the default system for most users.
The incentives to require everyone to "opt in" are likely going to be very very high given the reasons this whole case started. I would not be surprised if you get the usual "this app wants you to opt into infernal contract here" and just hitting the check box and ok becomes the norm.
I've had similar conversations with folks around changes in Windows. As much as I don't care for many of the changes, or at least the strong railroading towards things like Microsoft accounts for...
I've had similar conversations with folks around changes in Windows. As much as I don't care for many of the changes, or at least the strong railroading towards things like Microsoft accounts for local login, these are positive changes for many users. The majority of computer users don't have backups, password managers, recovery mechanisms, etc. Things like Microsoft accounts, automatic OneDrive integration, and Windows Hello give people recovery options. Having helped many elderly family members, they really need someone to setup and lock down their systems and phones, or they will either click things they shouldn't or fall prey to scammers and predatory ads.
As much as I view Apple's position as self serving, there is merit in their requirements for third party stores to meet certain standards. Most users need structural safeguards in place to prevent being compromised or scammed.
I'm a big fan of giving users full control of their device, but making it painful enough that only hobbyists really engage with it. I don't want it to be easy enough that a company like Facebook...
I'm a big fan of giving users full control of their device, but making it painful enough that only hobbyists really engage with it. I don't want it to be easy enough that a company like Facebook can just ignore official distribution channels and tell people to sideload Messenger or Instagram so they can get around App Store privacy rules.
“Do something active themselves” - like reach into a honeypot that otherwise wouldn’t have been able to exist on the platform they chose for its security? That rationale means Apple doesn’t have...
“Do something active themselves” - like reach into a honeypot that otherwise wouldn’t have been able to exist on the platform they chose for its security?
That rationale means Apple doesn’t have any right to protect their users or their products from malicious actors.
There are statements in this thread that Apple’s claims of being more secure are only for their benefit, when that’s just not the case. Even half of Android users think iOS is more secure.
US law and regulators have a long and blatant history of bending to the will of moneyed interests and against user privacy/security/rights and this just stinks to high heaven of more of that.
If you want a fully open phone, buy one. They exist. There are even more options than just Android and iOS.
There are actual real monopolies (and even more common and worse- cartels in the form of price and market collusion) that prosecution would do actual real good. This doesn’t make any sense… and when powerful entities do stuff that doesn’t make sense it’s (I believe) because it’s disingenuous and there is some ulterior motive. It’s the WMD playbook all over again.
Really? I'd love to hear some options. The only ones that I've heard of are more hobby projects than functional smartphones...especially if they don't have an Android compatibility layer.
If you want a fully open phone, buy one. They exist. There are even more options than just Android and iOS.
Really? I'd love to hear some options. The only ones that I've heard of are more hobby projects than functional smartphones...especially if they don't have an Android compatibility layer.
I make no claims on said options- only that they exist, but at this point are we really suggesting that the requirement is a fully functional, fully GPL, secure, smart phone that’s not android or...
I make no claims on said options- only that they exist, but at this point are we really suggesting that the requirement is a fully functional, fully GPL, secure, smart phone that’s not android or Apple, and has sufficient market share to be considered viable… or the government has a duty to dismember Apple? Because that seems kinda silly.
One quick Google search pointed me to Graphene, but I know nothing about it. It could very well be an Android fork. I believe there are one or two others, but they’re probably more in line with hobby projects.
My point is, having roughly slightly less than 1/2 the market share (last I looked) and a superior product because of some strict rules about what’s allowed to go on it (with provable, valid claims as to why) does not a monopoly make by any sane definition. So just why is this really being put forward and entertained?
I'll direct you to the post I made in the last relevant thread. Namely, this quote from the FTC anti-trust guidance. And my relevant commentary: No other computer on the market has that degree of...
Courts do not require a literal monopoly before applying rules for single firm conduct; that term is used as shorthand for a firm with significant and durable market power — that is, the long term ability to raise price or exclude competitors.
And my relevant commentary:
Apple could, tomorrow, ban all third-party apps from the app store which compete with their offerings, and raise their cut on the app store to 95%. It doesn't matter whether they will do these things, merely that they could. Spotify only exists on the iPhone with Apple's blessing, and Apple has a competing product.
No other computer on the market has that degree of single-vendor control.
Phones are not computers, first. There are all manner of handheld devices where the hardware and software are inseparable and a black box of proprietary lockdown. The fact that computers developed...
Phones are not computers, first. There are all manner of handheld devices where the hardware and software are inseparable and a black box of proprietary lockdown. The fact that computers developed as open as they did - as has been mentioned - was kind of an anomaly - a confluence of IBM's product getting cloned, affordable hardware, and then a network built with military and academic intentions all coming together to make hacker heaven on the new frontier... and away we went. It was in this combo of pretty anti-capitalist opportunities that are responsible, and we are all the better for it.
Look - I'm an Open Source guy. My income and career wouldn't exist without the GPL. I lived on LAMP stacks for a long time and have contributed to OSS. Open standards and community commons and good public policy would go an unbelievably long way toward solving tons of problems here in the US. I've drunk that KoolAid and fought the SOPA and busted the DRM back in the day.
But, IMO Apple is on solid legal ground for why they set the rules they do and I don't see predation. The EA Arts case was an Apple win, although that court never even bothered to discern between the revenue and costs of developing an app and the ability to have in-app purchases (another 'monopoly'), but I digress...
I suspect though that the EA case is also why we've not seen more lawsuits brought by anyone else- because, in the words of someone, "there's no there there." - Apple is on safe legal ground. (total supposition, not a lawyer)
The closest to a legit issue I can spot might be the wallet part of the lawsuit. If Apple is withholding some copyright on interface or code or something that successfully hamstrings Android developers from being able to make a similar product, there might be some reason to pursue it legally - but isn't that more a matter of overly broad copyright - not monopoly? (genuine question)
But so far, everything I've mentioned are issues brought by vested third parties. That's not what this lawsuit is. This is having THE DOJ go after the iPhone. If we were talking about the EA case on appeal, or some known parties that lobby/fight/advocate for good fair standards, (the EFF or the Mozilla foundation, etc.) or some other invested aggrieved party, I'd be much more open to the idea of good coming from this, but it's not.
No, at the bottom of it all, this is the federal government attacking the most secure phone on the market, period. That should set off some alarms.
My parting thought here on this - if Apple has to commit to some adjustment to Apple store rules or regulation, or allow competing wallets, or something I'll shrug and to me, that's s not a big deal.
But... if this goes as far as opening up the iPhone to running software not reviewed by Apple - I absolutely firmly believe the only winners there are bad actors. Adware, malware, and spyware oh my. I don't see much if any tangible benefit to users. IMO this lawsuit is a disingenuous a fight over money and control, and I wear just enough of a tinfoil hat to believe that yes, the DOJ is capable of prosecuting on the behalf of people in one or all of those three bad actor camps.
Agree to disagree. It is a turing complete device, it is therefore a computer. Just because it's been designed to be a proprietary blob does not mean it isn't a computer. The only reason that most...
Phones are not computers, first.
Agree to disagree. It is a turing complete device, it is therefore a computer.
Just because it's been designed to be a proprietary blob does not mean it isn't a computer. The only reason that most of these things are locked down is because we give them legal protection to be so.
Honestly whenever I hear "a phone is not a computer", it's hard for me to take the rest of the argument in good faith. It just gives the impression that the person saying that has a fundamental...
Honestly whenever I hear "a phone is not a computer", it's hard for me to take the rest of the argument in good faith.
It just gives the impression that the person saying that has a fundamental misunderstanding of how technology works, and I'm much less inclined to believe anything they say.
I don't mean it in a bad way, but I don't know how to express it otherwise.
That's why I'm keen to teach my children. It's not a phone. It's a computer with an integrated screen running Android. Its not an iPad. It's a computer with a larger integrated screen running...
That's why I'm keen to teach my children.
It's not a phone. It's a computer with an integrated screen running Android.
Its not an iPad. It's a computer with a larger integrated screen running Android (damn everybody calling all tablets iPads).
It's not a Nintendo. It's a computer with an integrated screen that can only play games Nintendo allows. It could totally run Android and all the Android games, but Nintendo says 'No.'
It's not a SmartTV. It's a shitty computer built into a TV.
It's not a Chromebook. It's a mediocre computer your school locks down to all hell.
The computer hooked to the TV can do anything any of those other devices can do, if there were not encryption standing in the way.
Yeah, that was kind of a dumb statement. My point was intended to compare how the PC’s openness re: OS, chips, and software is really more of a historic anomaly in terms of product development as...
Yeah, that was kind of a dumb statement. My point was intended to compare how the PC’s openness re: OS, chips, and software is really more of a historic anomaly in terms of product development as opposed to like more closed/traditional products. Compared to like home stereo receivers, or cars, or household appliances. Every company attempts to make a mote around their product’s market share. That’s the norm. It’s only because the PC started as a fragmented combination of softwares and hardwares that were all competing and innovating that we have what we have with the modern computer.
If you’re old enough to remember just how open our phones were prior to the iPhone (not at all) - that’s a more normal product trajectory. In that way, the smartphone and the PC have really different contexts around how they have developed. That’s a more accurate way of saying it.
That's completely fair, and it's undeniable that the market around tech has always gravitated towards closed, tightly integrated products. However the PC is a good example of how openness and...
That's completely fair, and it's undeniable that the market around tech has always gravitated towards closed, tightly integrated products.
However the PC is a good example of how openness and standardization can create a lot of opportunity for competition and can create a market - and maybe we should strive to push all technology towards that, instead of away from it. Just because it was an anomaly, doesn't mean it wasn't amazing.
I did latch on to your plithy quote yes. But I expanded to point out that letting things be black boxes is a choice that we give companies the power to do. Not something that happens 'by default.'...
I did latch on to your plithy quote yes. But I expanded to point out that letting things be black boxes is a choice that we give companies the power to do. Not something that happens 'by default.'
IBM's BIOS was able to be cloned because IBM didn't have the legal power to slap down anybody who reverse engineered it. If Apple didn't have legal protection to prevent bypassing their BIOS locks, there'd have been alternative operating systems for the iPhone a decade ago.
It was in this combo of pretty anti-capitalist opportunities that are responsible, and we are all the better for it.
I wouldn't say it's anti-capitalist to reverse-engineer a BIOS and then use it to manufacture compatible third-party products. But ultimately this is what the anti-trust is all about: Squashing the firms engaging in and developing the power to engage in anti-competitive behavior. So that we're all better for it.
"That rationale means Apple doesn’t have any right to protect their users or their products from malicious actors" This is an exaggeration. Windows explicitly has built in anti virus just to kill...
"That rationale means Apple doesn’t have any right to protect their users or their products from malicious actors"
This is an exaggeration. Windows explicitly has built in anti virus just to kill malicious code. OSes have huge guardrails put up to prevent malicious code. Apple has plenty of right and ways to stop malicious actors without requiring every penny to go through their coffers.
Not in my opinion. The windows ecosystem created the entire parasitic industry that invented terms like malware, adware, spyware and antivirus software. Those things very existence is a testament...
Not in my opinion. The windows ecosystem created the entire parasitic industry that invented terms like malware, adware, spyware and antivirus software. Those things very existence is a testament to how badly Windows has failed at being secure. This whole argument is about wanting to recreate that same failed scenario on your phone.
Yet the various *nixes didn't foster that ecosystem to the same degree, despite many of them pre-dating Windows. It's almost as if Windows (particularily the pre-NT Windows) was not designed to be...
Yet the various *nixes didn't foster that ecosystem to the same degree, despite many of them pre-dating Windows.
It's almost as if Windows (particularily the pre-NT Windows) was not designed to be a network-connected multi-user system, and then they tried to treat it as such.
Systems which were designed to be multi-user from the beginning never had the same degree of problems simply because they had much better permissions management baked into their fundamental design.
And it's hardly a failed scenario....Microsoft's inability to deliver a secure OS aside, it's that freedom in the broader computing market (including MacOS) to self-develop and run unauthorized software that has created the vast ecosystem of innovation that exists today.
To answer the clickbait title: Is your phone's security affected?
No. Unless you decide to do something to explicitly reduce the security, like disabling the sand-boxing and permissions management.
Re: *nixes security - we are getting above my pay grade on system security- but I challenge the assertion that the architecture of nix platforms has assured its security. Maybe. But it’s also...
Re: *nixes security - we are getting above my pay grade on system security- but I challenge the assertion that the architecture of nix platforms has assured its security. Maybe. But it’s also never been targeted for attack like the body of consumer pcs. There wasn’t a market sizable enough to make it worth it. My guess is that even MacOS would have probably gotten more malware had 80% of the world been running it back in the heyday of bot nets.
I’d also challenge that last assertion. Once the can of worms is opened- yes, my phone’s security is affected. It might be via a worm that travels via cell peers, or it might be via social engineering, or it might be just through normalization of use of one particularly popular unvetted app. It opens the door- then it becomes just a matter of sliding that Overton window over a bit.
The way you describe the situation gives off the impression that the iPhone somehow has this impenetrable security and this is somehow introducing a crack in an otherwise pristine wall of...
I’d also challenge that last assertion. Once the can of worms is opened- yes, my phone’s security is affected. It might be via a worm that travels via cell peers, or it might be via social engineering, or it might be just through normalization of use of one particularly popular unvetted app. It opens the door- then it becomes just a matter of sliding that Overton window over a bit.
The way you describe the situation gives off the impression that the iPhone somehow has this impenetrable security and this is somehow introducing a crack in an otherwise pristine wall of security. Of course that isn't true and I'm sure that's not what you were intending to say, but that is the impression I get from reading your comment. There's numerous cracks already there for various reasons, though surely not as many cracks as in Windows but that's also a system with a lot of baggage due to a long history.
All security is a compromise of other factors, typically cost and convenience. Not just security in electronics, but physical security. Safety of a person is basically also a form of security, so in that way we can also recognize that we make compromises on safety all the time as well. Masks were useful when covid was spreading rapidly, but now that it isn't, masks aren't seen as necessary or commonplace in public. However that's seemingly just a compromise, clearly if a mask was useful before, it'd still be useful now, just not as often and thus not seen as worth it for the trade-offs. But if you were prioritizing purely on safety, then clearly a mask at the minimum was beneficial.
My point is that security of our devices is no different, there's always a trade-off. I'm not going to wear a full hazmat suit every time I walk outside. So why should I accept someone else forcing my device to have the equivalent of such an inconvenient thing in the name of protecting me at all costs? Now I know what you'd respond with here, that no one has to buy an Apple phone. Yeah, I don't have one. I also got boxed out at prior workplace for not having an iPhone, as I later found out the owner hated green bubbles and didn't want anyone with an Android in any group chats that he was in. And I know that's not exactly uncommon in much of the US where 3rd party messaging apps never usurped carrier messaging, SMS/RCS. If you're arguing that Apple tightly controls everything for the user, then Apple is responsible for why a user would behave that way because Apple meticulously designed their platform to create that type of behavior. So Apple hurt my progression in that business as well as creating more social friction because they chose to close off their system in such a way that kept developers from making a better default messaging app because they could leverage it into more sales, and prevented users from having the ability to change it themselves. The messaging issue was not motivation for improving security, it was motivation for sales. Now I'm vastly oversimplifying that to make a point, ultimately what Apple did was not for the sake of security and they harmed people in the process. This to me is where the whole idea of Apple trying to provide the most secure environment for their users falls apart. They compromised security and privacy of their own users for sales and harmed people in the process.
The overton window has shifted so far that it's somehow questionable if it's justifiable for Apple to use anti-competitive practices that harm the market and consumers. That's the overton window shift that I'm concerned about.
In short, the various *nix systems are what have powered almost all of the server infrastructure, basically forever. Windows on servers has largely been a rounding error. Attackers have been...
In short, the various *nix systems are what have powered almost all of the server infrastructure, basically forever. Windows on servers has largely been a rounding error. Attackers have been trying to crack these since their inception, because while compromising your computer comprimises 1 person's accounts, compromising a database server for a large corporation can compromise hundreds of thousands of accounts.
The permissions management of multiuser OSes procided one thing that Windows especially lacked: A clear seperation between unpriviliged user permissions and administrative permissions.
Back before 2004 or so, it was basically required to run a good bit of Windows software as the administrator to get it to work. Running things as administrator basically gives every running app full access to the entire system, and one malicious program can do anything.
By contrast, a malicious program running on a Unix system as a non-admin user was somewhat limited in the damage it could do, unless it could find an attack chain to gain admin privileges. These do come about periodically, but it drastically reduces the footprint that n attacker has to work with.
Half of OSX's security can be attributed from them starting with a Unix base.
Windows NT was designed as a multi-user operating system, and while it was still much worse than the *nixes, it was an exponential improvement over their DOS-based originals.
All true but the seperation of user levels isn't that important on a personal desktop I would argue. Malware I get as the user of my computer will have the same access as me, which in practice...
All true but the seperation of user levels isn't that important on a personal desktop I would argue. Malware I get as the user of my computer will have the same access as me, which in practice will be all my personal data. Whatever requires admin access on my personal computer is mostly worthless. So I don't see having the *nix level of user seperation doing much better when it comes to protecting personal devices with one user.
Yep. Once every few years when I was running a home server or VPS I’d have to wade through the man pages and painstakingly assemble the right assortment of chmod flags to do one thing or another....
Yep. Once every few years when I was running a home server or VPS I’d have to wade through the man pages and painstakingly assemble the right assortment of chmod flags to do one thing or another. I’m sure I made shit writable that a real sysadmin would cringe hard at.
I’m about ready to toss in the towel on this thread - and I’ve really enjoyed it. It’s made me take a look at my politics and ideology around open source and the blind spot that is being a fan of Apple’s phone and (don’t mess with my) MacBook Pro.
Just to clarify - sure - give everybody blue bubbles, I don’t care. Also, let’s make a standard for a wallet using whatever best practices keeps everyone safest. Allow in-app purchases. None of this I take issue with.
I should disclose that I may have some baggage re: Android that makes me full stop hate the idea of some third party App Store getting on iPhone, or any crap ware that Apple might be holding off for that matter.
My last android phone was in 2012-13 and it was the worst POS HTC thing that infuriated me constantly. There was so much garbage in the App Store I couldn’t tell what was what and I had crap crashing constantly. It was a nightmare. I wiped it, I fought with the carrier, it was the worst.
That’s my experience. I’m also a fan of good UI and apps and sites that run well without bloatware. I treasure the reliability of my aging iPhone and the idea of polluting it with some of the shit I saw over a decade ago in that Play store seems kinda criminal.
Sorry if that offends. I don’t let go of things very well sometimes. And I’m cynical. I fear opening a Pandora’s box of unintended issues and as mentioned I do not trust the DOJ.
With that, thanks all for participating and apologies if I didn’t respond to anyone.
All of these discussions remind me of a thought that has been lurking around in my head for awhile. And this sort of plays out across industries in multiple ways. There needs to be a full divorce...
All of these discussions remind me of a thought that has been lurking around in my head for awhile. And this sort of plays out across industries in multiple ways.
There needs to be a full divorce between "Hardware maker" and "software maker" for there to be proper competition.
Part of the reason that early computers were expensive was that was your option. You wanted IBM compatibility? You bought an IBM. It is no coincidence that the plummeting costs of PC hardware coincided with the hacking of the IBM BIOS and the infinite explosion of IBM-compatible device availability.
ISPs are more competitive and lower priced when the owner of the infrastructure is separated from who provides the service. Rinse/repeat for mobile providers.
Hardware makers should have an obligation to provide the hardware, detailed specifications of said hardware, and open source firmware/drivers.
Software makers can then use the above to write user-facing software on said hardware.
And hardware makers and software makers must remain at least somewhat independent of each other. At a bare minimum, companies that do both must not be permitted to restrict others from selling alternative software on their hardware.
Does this eliminate giant swaths of business models where hardware is sold below-cost in order to recoup costs via software sales? Yes.
Is this a good thing? I contend that it is, because it brings transparency to the hardware production process.
If we go this way, I want us to start from somewhere else than phones. Let's do TVs first, shitty TV software is more of an issue than anything in phones. I want a bare-bones software in mine that...
Hardware makers should have an obligation to provide the hardware, detailed specifications of said hardware, and open source firmware/drivers.
If we go this way, I want us to start from somewhere else than phones.
Let's do TVs first, shitty TV software is more of an issue than anything in phones. I want a bare-bones software in mine that does nothing else than change HDMI sources and turn off/on via CEC.
It's ridiculous how nowadays, buying a high-quality dumb TV is a more involved and expensive process than buying a smart TV. You're either looking at wildly expensive gaming monitors, or even more...
It's ridiculous how nowadays, buying a high-quality dumb TV is a more involved and expensive process than buying a smart TV.
You're either looking at wildly expensive gaming monitors, or even more wildly expensive digital signage for businesses.
The problem is that ads and brand deals subsidize the cost of making a TV so much, that it's a blatant business mistake not to do it, thus forcing you to make all your TVs "smart". Even if you don't include ads, you still want the money Netflix is willing to pay in order for you to preinstall the app and add a Netflix button to the remote.
Hell, even Google did it with their Chromecast. It runs stock Google TV, with Netflix preinstalled and a dedicated Netflix button on the remote.
LG WebOS TV with no internet connection (or a regulated one) and Apple TV is the best combination I've found. Maybe NVidia Shield when they come up with a new version might be even better (the old...
LG WebOS TV with no internet connection (or a regulated one) and Apple TV is the best combination I've found.
Maybe NVidia Shield when they come up with a new version might be even better (the old one has pretty good upscaling).
I love my Apple TV, but I've been eyeing an Nvidia Shield because it supports bitstreamed audio. It's also the only set top box that supports Dolby Vision profile 7, meaning I can watch my UHD...
I love my Apple TV, but I've been eyeing an Nvidia Shield because it supports bitstreamed audio. It's also the only set top box that supports Dolby Vision profile 7, meaning I can watch my UHD rips with Dolby Vision.
This certainly helped, however it took a solid decade after CDP reverse-engineered the PC BIOS for prices to really come down. IBMs prices were inflated, but computers were just really expensive...
Part of the reason that early computers were expensive was that was your option. You wanted IBM compatibility? You bought an IBM. It is no coincidence that the plummeting costs of PC hardware coincided with the hacking of the IBM BIOS and the infinite explosion of IBM-compatible device availability.
This certainly helped, however it took a solid decade after CDP reverse-engineered the PC BIOS for prices to really come down. IBMs prices were inflated, but computers were just really expensive in the '80s and early '90s because the underlying components were not cheap to manufacture.
It also didn't really stop monopolies from forming, and lead to other problems. The Wintel monopoly basically dominated personal computing for nearly 20 years. The fact that every PC maker was working with the same components and software meant that they could really only compete on price. This race to the bottom led to PCs being loaded with bloatware at the factory to subsidize costs.
There are tangible benefits to computer systems that are built by more vertically integrated manufacturers. Apple Silicon-powered Macbooks are a good modern example, but this was true in the '80s and '90s as well. Computers like the Amiga 1000 could handily outperform any PC-compatible in both sound and graphics in 1986 at a substantially lower cost, thanks to its custom chips.
Suffice to say, I think both approaches have their pros and cons, and I don't think banning either one would be good for the industry.
Interesting idea. I kinda like it, but I don’t know if it would be wise from a security and/or even an innovation standpoint. Specifically I’m thinking about the Apple chips. Does being that fast...
Interesting idea. I kinda like it, but I don’t know if it would be wise from a security and/or even an innovation standpoint. Specifically I’m thinking about the Apple chips. Does being that fast and power efficient require a black-box unification of software and hardware to perform like that? I have no idea, but it seems plausible.
Is it worth holding back innovation and security by say 10 years if further innovation will happen more transparently with more competition? I'd say it's worth it, because the advances from a more...
Is it worth holding back innovation and security by say 10 years if further innovation will happen more transparently with more competition?
I'd say it's worth it, because the advances from a more competitive ecosystem across the board will surmount that lag once the initial growing pains subside.
Apple has a veil over their eyes so they cannot see clearly. They want to act like an authoritarian regime whilst hiding behind either privacy or security concerns for their users(aka their...
Apple has a veil over their eyes so they cannot see clearly. They want to act like an authoritarian regime whilst hiding behind either privacy or security concerns for their users(aka their profits).
In reality 90%(if not more) of their users are tech illiterate, same with Android. So they could have opened the gates years ago and even made it a standout feature, how inclusive and open they are, just like the security they claim.
People would still use the standard baked in features because they either don't know, don't care or don't have time to learn about it. The few percentage of people that would use the new stores and features, you can throw them in a rounding error. Heck even people from Android might switch because of the open attitude. There would be no EU investigation, no antitrust case and they would get a ton of positive coverage.
But that's what happens when you don't really know your audience and you want to rule with an iron fist.
It's probably more, and even the literate often don't care enough to escape the walled garden. I know so many highly technical people who watch Youtube with Ads on their phone (or worse, let their...
In reality 90%(if not more) of their users are tech illiterate, same with Android.
It's probably more, and even the literate often don't care enough to escape the walled garden.
I know so many highly technical people who watch Youtube with Ads on their phone (or worse, let their kids watch Youtube with Ads). On Android, it takes 5 minutes tops, to get rid of them forever. Almost nobody does so.
Piracy debate aside - I was shocked to learn how many people refused to install Vanced because it was a hassle. I did an experiment with my family and friends (except those that had Premium). Mind...
Piracy debate aside - I was shocked to learn how many people refused to install Vanced because it was a hassle. I did an experiment with my family and friends (except those that had Premium).
Mind you, this was a one-time process back when Vanced was in its prime and still a thing. You'd just install Vanced Manager, install Vanced and microG from there, and you're good to go.
But they thought having ads forever was easier then spending 10 minutes setting it up once, then forgetting about it (maybe once in a while going to Vanced Manager to update).
I never understood why they were so reluctant. I guess I'm a tinkerer, and they just want convenience, and that is perfectly fine.
I don't think Apple is being altruistic here, but rather opportunistic. They spotted a blue ocean early on and realized they could dominate it while everyone else is trapped in a race to the...
I don't think Apple is being altruistic here, but rather opportunistic. They spotted a blue ocean early on and realized they could dominate it while everyone else is trapped in a race to the bottom of a red ocean.
Apple views privacy as a product differentiator, and it is a powerful one in a world where nearly everyone else is subsidizing the cost of their products and services by gathering and selling user data. This works well for Apple, because they were already positioned as a premium high end alternative to cheap PC brands like HP or Acer.
I don't think people have to be tech savvy to care about their privacy. They don't need to understand the technical details behind why Apple devices generally offer better privacy than most popular alternatives. Simply having that reputation is enough to sway many buyers. However you need a solid technical implementation that does satisfy enough tech nerds in order to earn that reputation in the first place.
The DOJ’s antitrust lawsuit against Apple raises critical questions about the balance between a company’s right to innovate and the need to preserve competitive markets. While Apple argues that...
The DOJ’s antitrust lawsuit against Apple raises critical questions about the balance between a company’s right to innovate and the need to preserve competitive markets. While Apple argues that its integrated ecosystem ensures privacy and security, the DOJ contends that it stifles competition and innovation. This case could set a precedent for how tech giants operate and impact consumer choice in the future. What are your thoughts on the implications of this lawsuit for the tech industry and consumers?
I want to be balanced and reasonable on this, but my personal ethics don't mesh well with that. I'm a strong supporter of the abolition of intellectual property/copyright, and I believe that I...
I want to be balanced and reasonable on this, but my personal ethics don't mesh well with that. I'm a strong supporter of the abolition of intellectual property/copyright, and I believe that I should have full control of the devices I buy/own, with zero exceptions.
Thus, I want Apple's walled garden to crumble. I want an open iPhone where I use whatever software I want, and perform whatever hardware modifications I want, whenever I want to.
If someone else doesn't want that, fine, they can buy the iPhone as-is, and enjoy it like that. They can use stock iOS with the App Store. As long as this is what they want to do with their own device, I am supporting their decision.
But they shouldn't have any say on what I do with my device. In the Verge's comment section on anything regarding Apple and regulation you will see people practically saying "I don't want X feature on my device, so you shouldn't have it either", which infuriates me. This attitude of "fuck you, I got mine" gets me often.
Security gets flung around a lot by both sides of the argument, but I feel we're looking in the wrong place. We wouldn't need to rely on a walled garden for security if we taught people to stay safe online. A vast majority of people in the West has access to the internet - virtually zero receive thorough education on how to use it.
Maybe if we considered educating people on safe usage of technology and the internet, and teaching them how to identify scams, maybe we'd see a notable reduction in malware infections and phishing.
If someone intentionally disregards these safe practices (while knowing about them) and gets infected with malware, or scammed, well, that's unfortunate and I wish it wouldn't happen, but it was something they did at their own risk.
We shouldn't limit everyone's potential just to prevent security issues. Instead we should unlock that potential, and work on making sure everyone has the tools and knowledge to be safe and secure while exploring that potential. If someone doesn't want to use those tools, it's their decision, and they should be well aware of the consequences.
I guess I just want to be able to do whatever I want, as long as I'm not hurting anyone, while you also get to do whatever you want, as long as you're not hurting anyone. But unfortunately, as with any other discourse, there are people who want to do whatever they want while preventing others from doing so. My way or the highway.
While it is pretty clear that Apple is mostly concerned with privacy and security when it benefits themselves, I do think there is a point with regards to overall security for the average user. I know many of us who have used computers for several decades like and appreciate to have full control over our devices, which include making them insecure. The reality is, that a good deal of average users in practice need someone else to control their device for them to minimize the risk of being compromised. Forced security update does benefit the ecosystem as a whole. However, from my understanding with regards to allowing external app stores onto iOS devices, it will require the end user to do something active themselves and likely won't be affecting those that use the default setup of their devices in the first place.
I appreciate your perspective on the balance between user autonomy and security. It's true that for those of us with a long history of computer use, the ability to tweak and control our devices is a valued aspect of technology ownership. However, I also recognize the importance of protecting less tech-savvy users from potential security threats. The approach of implementing mandatory security updates can indeed be seen as a way to safeguard the digital ecosystem.
Regarding the introduction of external app stores on iOS, I agree that it seems designed to be an opt-in feature, which should preserve the integrity of the default system for most users. This could be a positive step towards offering more choice for those who desire it, without compromising the security of those who prefer the simplicity and safety of the existing setup.
My concern here is users who opt in but aren’t savvy. I lack the language to describe it without superstition, but I suspect part of the security of icloud (and imessages) as to do with integrity of all entry points. If there is a systematic degradation, the whole thing becomes degraded, amd I become more at risk from within the system.
Yeah if the juice is worth the squeeze scammers can train users to let them in. Like a lot of these tech support scams require the end user to circumvent a lot of controls to let the scammer in, but since they’ve got you on the phone and assume an air of authority they can walk people through the action of installing remote access software, keyloggers, etc.
One of the weird parts about how this discussion often goes is that it’s usually very all or nothing. Like you either have the gate closed and it’s a scam free paradise or you open the gate and it’s scampocalypse. But as with most things, it’s increases and decreases on the margins.
Some non-zero number of additional people will get scammed when you open each gate. We decide whether that’s worth the other tradeoffs we want.
The thing is....there's already tons of phishing phone call and notification spam that scammers are doing to get this kinda stuff. Like the MFA Bomblings.
Will this increase the attack surface a bit? Yea probably. But the Venn Diagram between "Will fall for a scammer that would exploit a current iPhone" and "Will fall for a scammer that would exploit a fully unwalled iPhone" is almost certainly much closer to a circle than a figure 8.
We don't see regular news articles about mass Android user scams, despite that being the status quo (and majority outside the USA).
There’s a lot of android scams outside the USA. I only know about in India, but I assume it’s the same everywhere.
It does seem to be the case that third party stores on Android contain more malware than the Google Play store. While the majority of malware does come from the Play store itself, the ratio of legitimate apps to malware is quite a bit lower on the official store.
Sources:
https://www.csoonline.com/article/554705/android-root-malware-widespread-in-third-party-app-stores.html
https://www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware/
To be fair, Apple users would also generally be much safer if third-party dialers and SMS apps were available that could better screen out spams and phishing. I think opening the door to allow that will likely be a net-positive tradeoff.
There are some options available now, but they’re not that great because Apple has made a concerted effort to deny them the same privileges as those offered by their own first-party dialer + iMessage.
Honestly the scam phone call thing is a regulatory failure more than anything. The DOJ should be spending its time on that instead of their inane anti-trust case.
I’ve actually gotta give the feds credit for the STIR/SHAKEN mandate - I don’t see a regulatory failure on that front.
Apple not allowing users to implement better customized controls (e.g. automatically send international calls or certain area codes to voicemail) is the bigger barrier to suppressing the problem in my book, but I get where you’re coming from.
So there’s interestingly a hidden level of control that you can take here- I’m not certain on the details, but carriers have apps that allow you to more dynamically block spam calls. ATT’s is called ActiveArmor, and it’s definitely better than nothing (and is free on all postpaid rate plans, not sure about prepaid).
It’s imperfect, and doesn’t allow a super fine-grained level of control, but it’s certainly better than nothing. I believe there are also 3rd party apps that can use this same API, but have not specifically sought any out.
Great to know - thank you!
I just checked and unfortunately my carrier doesn't offer any features like that, but I'll hunt for a good third-party app later and try it out.
I generally like how MacOS deals with it currently, with a big warning and some extra hoops you need to go through if you install an app from a developer that Apple hasn't approved. But you can still do it. Wouldn't mind a similar approach to iOS devices.
That's basically exactly what Android and Windows do as well.
It's almost as if we already have a gigantic suite of tools available across a wide range of computing platforms to achieve this sort of balance between user empowerment and protection.
I can't decide if it's the best or even a good implementation. Those pop-ups are annoying but they do inform the user but I also can't help but feel like they're just coaxing me towards their own app stores.
There is the inherent paradox. If you want users to be aware of the risks, and gain consent to grant risky permissions....you have to kind of nag them.
So eventually, users will be conditioned to just 'click the button to make it work'.
There needs to be some sort of middle ground, and really I think that middle ground is 'teaching people to develop the skills that they don't need a giant warning button every 3 clicks'.
If you never teach a child to use a knife, chopping vegetables will seem a difficult and dangerous task that only professionals dare attempt.
My kid could use a kitchen knife (like a proper 10" one) from the ripe old age of 6. It's not difficult, it just requires treating the task with the proper attention and respect it deserves.
The problem is that people have decided that computers are more like sponges than knives. And a lot of security tooling seems to be a lot less "how do we help people use knives better" and a lot more "how can we make this knife be more like a sponge."
Honestly, they should coax. For 95% of users, there's no reason they can't just use an official app store app. Alternative app stores and side loading should be reserved for power users who know what they're doing and can deal with a bit of nagging.
I disagree. Most of the software I preload onto my work computers before sending them out in the field isn't on the Microsoft store and I wouldn't want anything to be beholden to that platform after just trying to play Forza Horizon 5 on it. I like my programs installed locally and on their own. I'm sure the MacOS store is more robust but I like less middlemen between my software and me.
I think computers and mobile devices are two entirely different conversations. There are a lot of really complex legacy, technological, and cultural reasons why most mobile app stores have the vast majority of the apps people would want to use on their devices, but computer app stores don't.
I'm honestly most curious about the cultural reasons but if you wouldn't mind expanding on all of these I'm a captive audience.
Even on my personal mobile device (thank god I don't have to set up any work phones) I try to limit 'app store' apps. Usually games which I don't mind auto updating in the background. If my phone is going to be forced to use apps instead of my browser, which I can use for everything on my desktop, I want as much control as I can. Big businesses have too much power to say "You're on your phone, you have to use our app and agree to our EULA" to make me comfortable using the app store for everything.
The incentives to require everyone to "opt in" are likely going to be very very high given the reasons this whole case started. I would not be surprised if you get the usual "this app wants you to opt into infernal contract here" and just hitting the check box and ok becomes the norm.
I've had similar conversations with folks around changes in Windows. As much as I don't care for many of the changes, or at least the strong railroading towards things like Microsoft accounts for local login, these are positive changes for many users. The majority of computer users don't have backups, password managers, recovery mechanisms, etc. Things like Microsoft accounts, automatic OneDrive integration, and Windows Hello give people recovery options. Having helped many elderly family members, they really need someone to setup and lock down their systems and phones, or they will either click things they shouldn't or fall prey to scammers and predatory ads.
As much as I view Apple's position as self serving, there is merit in their requirements for third party stores to meet certain standards. Most users need structural safeguards in place to prevent being compromised or scammed.
I'm a big fan of giving users full control of their device, but making it painful enough that only hobbyists really engage with it. I don't want it to be easy enough that a company like Facebook can just ignore official distribution channels and tell people to sideload Messenger or Instagram so they can get around App Store privacy rules.
“Do something active themselves” - like reach into a honeypot that otherwise wouldn’t have been able to exist on the platform they chose for its security?
That rationale means Apple doesn’t have any right to protect their users or their products from malicious actors.
There are statements in this thread that Apple’s claims of being more secure are only for their benefit, when that’s just not the case. Even half of Android users think iOS is more secure.
https://9to5mac.com/2022/08/16/android-users-consider-switching-iphone/
US law and regulators have a long and blatant history of bending to the will of moneyed interests and against user privacy/security/rights and this just stinks to high heaven of more of that.
If you want a fully open phone, buy one. They exist. There are even more options than just Android and iOS.
There are actual real monopolies (and even more common and worse- cartels in the form of price and market collusion) that prosecution would do actual real good. This doesn’t make any sense… and when powerful entities do stuff that doesn’t make sense it’s (I believe) because it’s disingenuous and there is some ulterior motive. It’s the WMD playbook all over again.
Really? I'd love to hear some options. The only ones that I've heard of are more hobby projects than functional smartphones...especially if they don't have an Android compatibility layer.
I make no claims on said options- only that they exist, but at this point are we really suggesting that the requirement is a fully functional, fully GPL, secure, smart phone that’s not android or Apple, and has sufficient market share to be considered viable… or the government has a duty to dismember Apple? Because that seems kinda silly.
One quick Google search pointed me to Graphene, but I know nothing about it. It could very well be an Android fork. I believe there are one or two others, but they’re probably more in line with hobby projects.
My point is, having roughly slightly less than 1/2 the market share (last I looked) and a superior product because of some strict rules about what’s allowed to go on it (with provable, valid claims as to why) does not a monopoly make by any sane definition. So just why is this really being put forward and entertained?
I'll direct you to the post I made in the last relevant thread. Namely, this quote from the FTC anti-trust guidance.
And my relevant commentary:
No other computer on the market has that degree of single-vendor control.
Phones are not computers, first. There are all manner of handheld devices where the hardware and software are inseparable and a black box of proprietary lockdown. The fact that computers developed as open as they did - as has been mentioned - was kind of an anomaly - a confluence of IBM's product getting cloned, affordable hardware, and then a network built with military and academic intentions all coming together to make hacker heaven on the new frontier... and away we went. It was in this combo of pretty anti-capitalist opportunities that are responsible, and we are all the better for it.
Look - I'm an Open Source guy. My income and career wouldn't exist without the GPL. I lived on LAMP stacks for a long time and have contributed to OSS. Open standards and community commons and good public policy would go an unbelievably long way toward solving tons of problems here in the US. I've drunk that KoolAid and fought the SOPA and busted the DRM back in the day.
But, IMO Apple is on solid legal ground for why they set the rules they do and I don't see predation. The EA Arts case was an Apple win, although that court never even bothered to discern between the revenue and costs of developing an app and the ability to have in-app purchases (another 'monopoly'), but I digress...
I suspect though that the EA case is also why we've not seen more lawsuits brought by anyone else- because, in the words of someone, "there's no there there." - Apple is on safe legal ground. (total supposition, not a lawyer)
The closest to a legit issue I can spot might be the wallet part of the lawsuit. If Apple is withholding some copyright on interface or code or something that successfully hamstrings Android developers from being able to make a similar product, there might be some reason to pursue it legally - but isn't that more a matter of overly broad copyright - not monopoly? (genuine question)
But so far, everything I've mentioned are issues brought by vested third parties. That's not what this lawsuit is. This is having THE DOJ go after the iPhone. If we were talking about the EA case on appeal, or some known parties that lobby/fight/advocate for good fair standards, (the EFF or the Mozilla foundation, etc.) or some other invested aggrieved party, I'd be much more open to the idea of good coming from this, but it's not.
No, at the bottom of it all, this is the federal government attacking the most secure phone on the market, period. That should set off some alarms.
My parting thought here on this - if Apple has to commit to some adjustment to Apple store rules or regulation, or allow competing wallets, or something I'll shrug and to me, that's s not a big deal.
But... if this goes as far as opening up the iPhone to running software not reviewed by Apple - I absolutely firmly believe the only winners there are bad actors. Adware, malware, and spyware oh my. I don't see much if any tangible benefit to users. IMO this lawsuit is a disingenuous a fight over money and control, and I wear just enough of a tinfoil hat to believe that yes, the DOJ is capable of prosecuting on the behalf of people in one or all of those three bad actor camps.
Agree to disagree. It is a turing complete device, it is therefore a computer.
Just because it's been designed to be a proprietary blob does not mean it isn't a computer. The only reason that most of these things are locked down is because we give them legal protection to be so.
Honestly whenever I hear "a phone is not a computer", it's hard for me to take the rest of the argument in good faith.
It just gives the impression that the person saying that has a fundamental misunderstanding of how technology works, and I'm much less inclined to believe anything they say.
I don't mean it in a bad way, but I don't know how to express it otherwise.
That's why I'm keen to teach my children.
It's not a phone. It's a computer with an integrated screen running Android.
Its not an iPad. It's a computer with a larger integrated screen running Android (damn everybody calling all tablets iPads).
It's not a Nintendo. It's a computer with an integrated screen that can only play games Nintendo allows. It could totally run Android and all the Android games, but Nintendo says 'No.'
It's not a SmartTV. It's a shitty computer built into a TV.
It's not a Chromebook. It's a mediocre computer your school locks down to all hell.
The computer hooked to the TV can do anything any of those other devices can do, if there were not encryption standing in the way.
Yeah, that was kind of a dumb statement. My point was intended to compare how the PC’s openness re: OS, chips, and software is really more of a historic anomaly in terms of product development as opposed to like more closed/traditional products. Compared to like home stereo receivers, or cars, or household appliances. Every company attempts to make a mote around their product’s market share. That’s the norm. It’s only because the PC started as a fragmented combination of softwares and hardwares that were all competing and innovating that we have what we have with the modern computer.
If you’re old enough to remember just how open our phones were prior to the iPhone (not at all) - that’s a more normal product trajectory. In that way, the smartphone and the PC have really different contexts around how they have developed. That’s a more accurate way of saying it.
That's completely fair, and it's undeniable that the market around tech has always gravitated towards closed, tightly integrated products.
However the PC is a good example of how openness and standardization can create a lot of opportunity for competition and can create a market - and maybe we should strive to push all technology towards that, instead of away from it. Just because it was an anomaly, doesn't mean it wasn't amazing.
Yeah, that’s kind of a silly semantic argument- I was trying to point out how the way the pc came to be is more of an anomaly than other products.
I did latch on to your plithy quote yes. But I expanded to point out that letting things be black boxes is a choice that we give companies the power to do. Not something that happens 'by default.'
IBM's BIOS was able to be cloned because IBM didn't have the legal power to slap down anybody who reverse engineered it. If Apple didn't have legal protection to prevent bypassing their BIOS locks, there'd have been alternative operating systems for the iPhone a decade ago.
I wouldn't say it's anti-capitalist to reverse-engineer a BIOS and then use it to manufacture compatible third-party products. But ultimately this is what the anti-trust is all about: Squashing the firms engaging in and developing the power to engage in anti-competitive behavior. So that we're all better for it.
Is Apple, the second most valuable company in the world, not a moneyed interest?
"That rationale means Apple doesn’t have any right to protect their users or their products from malicious actors"
This is an exaggeration. Windows explicitly has built in anti virus just to kill malicious code. OSes have huge guardrails put up to prevent malicious code. Apple has plenty of right and ways to stop malicious actors without requiring every penny to go through their coffers.
Not in my opinion. The windows ecosystem created the entire parasitic industry that invented terms like malware, adware, spyware and antivirus software. Those things very existence is a testament to how badly Windows has failed at being secure. This whole argument is about wanting to recreate that same failed scenario on your phone.
Yet the various *nixes didn't foster that ecosystem to the same degree, despite many of them pre-dating Windows.
It's almost as if Windows (particularily the pre-NT Windows) was not designed to be a network-connected multi-user system, and then they tried to treat it as such.
Systems which were designed to be multi-user from the beginning never had the same degree of problems simply because they had much better permissions management baked into their fundamental design.
And it's hardly a failed scenario....Microsoft's inability to deliver a secure OS aside, it's that freedom in the broader computing market (including MacOS) to self-develop and run unauthorized software that has created the vast ecosystem of innovation that exists today.
To answer the clickbait title: Is your phone's security affected?
No. Unless you decide to do something to explicitly reduce the security, like disabling the sand-boxing and permissions management.
Re: *nixes security - we are getting above my pay grade on system security- but I challenge the assertion that the architecture of nix platforms has assured its security. Maybe. But it’s also never been targeted for attack like the body of consumer pcs. There wasn’t a market sizable enough to make it worth it. My guess is that even MacOS would have probably gotten more malware had 80% of the world been running it back in the heyday of bot nets.
I’d also challenge that last assertion. Once the can of worms is opened- yes, my phone’s security is affected. It might be via a worm that travels via cell peers, or it might be via social engineering, or it might be just through normalization of use of one particularly popular unvetted app. It opens the door- then it becomes just a matter of sliding that Overton window over a bit.
The way you describe the situation gives off the impression that the iPhone somehow has this impenetrable security and this is somehow introducing a crack in an otherwise pristine wall of security. Of course that isn't true and I'm sure that's not what you were intending to say, but that is the impression I get from reading your comment. There's numerous cracks already there for various reasons, though surely not as many cracks as in Windows but that's also a system with a lot of baggage due to a long history.
All security is a compromise of other factors, typically cost and convenience. Not just security in electronics, but physical security. Safety of a person is basically also a form of security, so in that way we can also recognize that we make compromises on safety all the time as well. Masks were useful when covid was spreading rapidly, but now that it isn't, masks aren't seen as necessary or commonplace in public. However that's seemingly just a compromise, clearly if a mask was useful before, it'd still be useful now, just not as often and thus not seen as worth it for the trade-offs. But if you were prioritizing purely on safety, then clearly a mask at the minimum was beneficial.
My point is that security of our devices is no different, there's always a trade-off. I'm not going to wear a full hazmat suit every time I walk outside. So why should I accept someone else forcing my device to have the equivalent of such an inconvenient thing in the name of protecting me at all costs? Now I know what you'd respond with here, that no one has to buy an Apple phone. Yeah, I don't have one. I also got boxed out at prior workplace for not having an iPhone, as I later found out the owner hated green bubbles and didn't want anyone with an Android in any group chats that he was in. And I know that's not exactly uncommon in much of the US where 3rd party messaging apps never usurped carrier messaging, SMS/RCS. If you're arguing that Apple tightly controls everything for the user, then Apple is responsible for why a user would behave that way because Apple meticulously designed their platform to create that type of behavior. So Apple hurt my progression in that business as well as creating more social friction because they chose to close off their system in such a way that kept developers from making a better default messaging app because they could leverage it into more sales, and prevented users from having the ability to change it themselves. The messaging issue was not motivation for improving security, it was motivation for sales. Now I'm vastly oversimplifying that to make a point, ultimately what Apple did was not for the sake of security and they harmed people in the process. This to me is where the whole idea of Apple trying to provide the most secure environment for their users falls apart. They compromised security and privacy of their own users for sales and harmed people in the process.
The overton window has shifted so far that it's somehow questionable if it's justifiable for Apple to use anti-competitive practices that harm the market and consumers. That's the overton window shift that I'm concerned about.
In short, the various *nix systems are what have powered almost all of the server infrastructure, basically forever. Windows on servers has largely been a rounding error. Attackers have been trying to crack these since their inception, because while compromising your computer comprimises 1 person's accounts, compromising a database server for a large corporation can compromise hundreds of thousands of accounts.
The permissions management of multiuser OSes procided one thing that Windows especially lacked: A clear seperation between unpriviliged user permissions and administrative permissions.
Back before 2004 or so, it was basically required to run a good bit of Windows software as the administrator to get it to work. Running things as administrator basically gives every running app full access to the entire system, and one malicious program can do anything.
By contrast, a malicious program running on a Unix system as a non-admin user was somewhat limited in the damage it could do, unless it could find an attack chain to gain admin privileges. These do come about periodically, but it drastically reduces the footprint that n attacker has to work with.
Half of OSX's security can be attributed from them starting with a Unix base.
Windows NT was designed as a multi-user operating system, and while it was still much worse than the *nixes, it was an exponential improvement over their DOS-based originals.
You can just sign up for a free Unix shell. Do you think they would have an easy, free signup if it wasn't trivially easy to shut out bad actors?
All true but the seperation of user levels isn't that important on a personal desktop I would argue. Malware I get as the user of my computer will have the same access as me, which in practice will be all my personal data. Whatever requires admin access on my personal computer is mostly worthless. So I don't see having the *nix level of user seperation doing much better when it comes to protecting personal devices with one user.
Yep. Once every few years when I was running a home server or VPS I’d have to wade through the man pages and painstakingly assemble the right assortment of chmod flags to do one thing or another. I’m sure I made shit writable that a real sysadmin would cringe hard at.
I’m about ready to toss in the towel on this thread - and I’ve really enjoyed it. It’s made me take a look at my politics and ideology around open source and the blind spot that is being a fan of Apple’s phone and (don’t mess with my) MacBook Pro.
Just to clarify - sure - give everybody blue bubbles, I don’t care. Also, let’s make a standard for a wallet using whatever best practices keeps everyone safest. Allow in-app purchases. None of this I take issue with.
I should disclose that I may have some baggage re: Android that makes me full stop hate the idea of some third party App Store getting on iPhone, or any crap ware that Apple might be holding off for that matter.
My last android phone was in 2012-13 and it was the worst POS HTC thing that infuriated me constantly. There was so much garbage in the App Store I couldn’t tell what was what and I had crap crashing constantly. It was a nightmare. I wiped it, I fought with the carrier, it was the worst.
That’s my experience. I’m also a fan of good UI and apps and sites that run well without bloatware. I treasure the reliability of my aging iPhone and the idea of polluting it with some of the shit I saw over a decade ago in that Play store seems kinda criminal.
Sorry if that offends. I don’t let go of things very well sometimes. And I’m cynical. I fear opening a Pandora’s box of unintended issues and as mentioned I do not trust the DOJ.
With that, thanks all for participating and apologies if I didn’t respond to anyone.
Rock on friends.
All of these discussions remind me of a thought that has been lurking around in my head for awhile. And this sort of plays out across industries in multiple ways.
There needs to be a full divorce between "Hardware maker" and "software maker" for there to be proper competition.
Part of the reason that early computers were expensive was that was your option. You wanted IBM compatibility? You bought an IBM. It is no coincidence that the plummeting costs of PC hardware coincided with the hacking of the IBM BIOS and the infinite explosion of IBM-compatible device availability.
ISPs are more competitive and lower priced when the owner of the infrastructure is separated from who provides the service. Rinse/repeat for mobile providers.
Hardware makers should have an obligation to provide the hardware, detailed specifications of said hardware, and open source firmware/drivers.
Software makers can then use the above to write user-facing software on said hardware.
And hardware makers and software makers must remain at least somewhat independent of each other. At a bare minimum, companies that do both must not be permitted to restrict others from selling alternative software on their hardware.
Does this eliminate giant swaths of business models where hardware is sold below-cost in order to recoup costs via software sales? Yes.
Is this a good thing? I contend that it is, because it brings transparency to the hardware production process.
If we go this way, I want us to start from somewhere else than phones.
Let's do TVs first, shitty TV software is more of an issue than anything in phones. I want a bare-bones software in mine that does nothing else than change HDMI sources and turn off/on via CEC.
It's ridiculous how nowadays, buying a high-quality dumb TV is a more involved and expensive process than buying a smart TV.
You're either looking at wildly expensive gaming monitors, or even more wildly expensive digital signage for businesses.
The problem is that ads and brand deals subsidize the cost of making a TV so much, that it's a blatant business mistake not to do it, thus forcing you to make all your TVs "smart". Even if you don't include ads, you still want the money Netflix is willing to pay in order for you to preinstall the app and add a Netflix button to the remote.
Hell, even Google did it with their Chromecast. It runs stock Google TV, with Netflix preinstalled and a dedicated Netflix button on the remote.
LG WebOS TV with no internet connection (or a regulated one) and Apple TV is the best combination I've found.
Maybe NVidia Shield when they come up with a new version might be even better (the old one has pretty good upscaling).
I love my Apple TV, but I've been eyeing an Nvidia Shield because it supports bitstreamed audio. It's also the only set top box that supports Dolby Vision profile 7, meaning I can watch my UHD rips with Dolby Vision.
Oof. I just realized- this also mitigates that privacy issue when all your chips come from China.
This certainly helped, however it took a solid decade after CDP reverse-engineered the PC BIOS for prices to really come down. IBMs prices were inflated, but computers were just really expensive in the '80s and early '90s because the underlying components were not cheap to manufacture.
It also didn't really stop monopolies from forming, and lead to other problems. The Wintel monopoly basically dominated personal computing for nearly 20 years. The fact that every PC maker was working with the same components and software meant that they could really only compete on price. This race to the bottom led to PCs being loaded with bloatware at the factory to subsidize costs.
There are tangible benefits to computer systems that are built by more vertically integrated manufacturers. Apple Silicon-powered Macbooks are a good modern example, but this was true in the '80s and '90s as well. Computers like the Amiga 1000 could handily outperform any PC-compatible in both sound and graphics in 1986 at a substantially lower cost, thanks to its custom chips.
Suffice to say, I think both approaches have their pros and cons, and I don't think banning either one would be good for the industry.
Interesting idea. I kinda like it, but I don’t know if it would be wise from a security and/or even an innovation standpoint. Specifically I’m thinking about the Apple chips. Does being that fast and power efficient require a black-box unification of software and hardware to perform like that? I have no idea, but it seems plausible.
Is it worth holding back innovation and security by say 10 years if further innovation will happen more transparently with more competition?
I'd say it's worth it, because the advances from a more competitive ecosystem across the board will surmount that lag once the initial growing pains subside.
Apple has a veil over their eyes so they cannot see clearly. They want to act like an authoritarian regime whilst hiding behind either privacy or security concerns for their users(aka their profits).
In reality 90%(if not more) of their users are tech illiterate, same with Android. So they could have opened the gates years ago and even made it a standout feature, how inclusive and open they are, just like the security they claim.
People would still use the standard baked in features because they either don't know, don't care or don't have time to learn about it. The few percentage of people that would use the new stores and features, you can throw them in a rounding error. Heck even people from Android might switch because of the open attitude. There would be no EU investigation, no antitrust case and they would get a ton of positive coverage.
But that's what happens when you don't really know your audience and you want to rule with an iron fist.
It's probably more, and even the literate often don't care enough to escape the walled garden.
I know so many highly technical people who watch Youtube with Ads on their phone (or worse, let their kids watch Youtube with Ads). On Android, it takes 5 minutes tops, to get rid of them forever. Almost nobody does so.
Piracy debate aside - I was shocked to learn how many people refused to install Vanced because it was a hassle. I did an experiment with my family and friends (except those that had Premium).
Mind you, this was a one-time process back when Vanced was in its prime and still a thing. You'd just install Vanced Manager, install Vanced and microG from there, and you're good to go.
But they thought having ads forever was easier then spending 10 minutes setting it up once, then forgetting about it (maybe once in a while going to Vanced Manager to update).
I never understood why they were so reluctant. I guess I'm a tinkerer, and they just want convenience, and that is perfectly fine.
I don't think Apple is being altruistic here, but rather opportunistic. They spotted a blue ocean early on and realized they could dominate it while everyone else is trapped in a race to the bottom of a red ocean.
Apple views privacy as a product differentiator, and it is a powerful one in a world where nearly everyone else is subsidizing the cost of their products and services by gathering and selling user data. This works well for Apple, because they were already positioned as a premium high end alternative to cheap PC brands like HP or Acer.
I don't think people have to be tech savvy to care about their privacy. They don't need to understand the technical details behind why Apple devices generally offer better privacy than most popular alternatives. Simply having that reputation is enough to sway many buyers. However you need a solid technical implementation that does satisfy enough tech nerds in order to earn that reputation in the first place.
The DOJ’s antitrust lawsuit against Apple raises critical questions about the balance between a company’s right to innovate and the need to preserve competitive markets. While Apple argues that its integrated ecosystem ensures privacy and security, the DOJ contends that it stifles competition and innovation. This case could set a precedent for how tech giants operate and impact consumer choice in the future. What are your thoughts on the implications of this lawsuit for the tech industry and consumers?
I want to be balanced and reasonable on this, but my personal ethics don't mesh well with that. I'm a strong supporter of the abolition of intellectual property/copyright, and I believe that I should have full control of the devices I buy/own, with zero exceptions.
Thus, I want Apple's walled garden to crumble. I want an open iPhone where I use whatever software I want, and perform whatever hardware modifications I want, whenever I want to.
If someone else doesn't want that, fine, they can buy the iPhone as-is, and enjoy it like that. They can use stock iOS with the App Store. As long as this is what they want to do with their own device, I am supporting their decision.
But they shouldn't have any say on what I do with my device. In the Verge's comment section on anything regarding Apple and regulation you will see people practically saying "I don't want X feature on my device, so you shouldn't have it either", which infuriates me. This attitude of "fuck you, I got mine" gets me often.
Security gets flung around a lot by both sides of the argument, but I feel we're looking in the wrong place. We wouldn't need to rely on a walled garden for security if we taught people to stay safe online. A vast majority of people in the West has access to the internet - virtually zero receive thorough education on how to use it.
Maybe if we considered educating people on safe usage of technology and the internet, and teaching them how to identify scams, maybe we'd see a notable reduction in malware infections and phishing.
If someone intentionally disregards these safe practices (while knowing about them) and gets infected with malware, or scammed, well, that's unfortunate and I wish it wouldn't happen, but it was something they did at their own risk.
We shouldn't limit everyone's potential just to prevent security issues. Instead we should unlock that potential, and work on making sure everyone has the tools and knowledge to be safe and secure while exploring that potential. If someone doesn't want to use those tools, it's their decision, and they should be well aware of the consequences.
I guess I just want to be able to do whatever I want, as long as I'm not hurting anyone, while you also get to do whatever you want, as long as you're not hurting anyone. But unfortunately, as with any other discourse, there are people who want to do whatever they want while preventing others from doing so. My way or the highway.