This article seems more than a little silly. They blew up a single tweet into an article about Apple's corporate strategy in relation to the FBI.
What next? Are they going to dig through Apple employees' trash, looking for variations in the number of credit card offers?
"Apple Employees Load up on Credit"
"Investigators have uncovered a 10% uptick in the number of accepted credit card offers from key Apple employees. Speculation about Apple's poor recent performance seems validated by their own employees obtaining as much cheap credit as they can get before the inevitable catastrophe approaches. Leading VCs interviewed had this to say: 'We always recommend to our partners that they obtain credit during times of prosperity, so that they don't need to unnecessarily dilute their shares by raising money in a downturn. If you're profitable but don't need the money, it's a great time to at least seek a line of credit from your bank.'
Apple representatives declined to comment on this article, possibly wishing to delay the bad news until the next shareholder meeting.
Next up: Microsoft reallocates its purchases of employee free soda to 20% Coke / 80% Pepsi. But what are the impacts on its cloud computing business?"
I know you joke about looking at credit card info, but it reminded me of this story[1] where fraud researchers at a credit card company (ab)used their access to credit card transactions of their customers in order to mine the data and perform fundamental research about various companies' retail performance.
They then used this information to trade on the companies just before earning release, and made a lot of money. They were eventually caught by the SEC because their trading was deemed suspicious, i.e. their options bets always seemed to work out.
They blew up a single tweet into an article about Apple's corporate strategy in relation to the FBI.
This sort of thing happens all the time from "news" blogs. You're just particularly keen to this one. The writer takes a smattering of fact, fits in into the existing narratives the news media is already telling themselves and bloviates until they have something to staple advertisement to.
What next? Are they going to dig through Apple employees' trash
Yes. News organizations that should know better pad their pages with exactly that. Constantly and forever. The trashcan is typically metaphorical, and the rank and file employees are boring.
>>> "Investigators have uncovered a 10% uptick in the number of accepted credit card offers from key Apple employees. Speculation about Apple's poor recent performance seems validated by their own employees obtaining as much cheap credit as they can get before the inevitable catastrophe approaches.
That is exactly the sort of thing that investors might look for. The personal behavior of executive is very telling. It is more so for privately-held corps, but can be applied to apple. Seeing an exec liquidating assets or taking on apparently unnecessary dept can speak to that execs future plans, which are tied to corporate moves. Some investors watch family members. A wife/mistress/girlfriend/husband shopping for a new house out of town may be the sign that the exec is about to leave one firm for another. How they plan to finance the purchase also counts.
One big tell, especially with startups, is communications with particular immigration lawyers. Execs facing a windfall often want to abandon their US citizenship in favor of somewhere with better tax treatment. See Saverin at facebook. So any communication with lawyers specializing in this process is a good sign of a buyout in the works. Either that, or they plan on winning the lottery in the coming months. You have to finish the process before you win the money.
Oh, they hired a developer behind Signal. No offense to Mr. Jacobs, I'm sure he is an excellent developer. But I saw the headline and assumed they had grabbed Moxie.
Everyone who has ever known, or known of Moxie, thought the same :D I think we'd all love to see him be CCO (Chief Cryptography Officer) or something similar for Apple. Not to diminish his work at Whisper Systems, but talent like his should be reaching the 100 of millions of customers that Apple has reach to. Moxie, I know you hop on hacker news every so often - if you read this - would you go work for Apple? Or are they too closed source for your tastes?
I think this move shows that Apple is serious about security. They previously assessed the risk of a government ordered backdoor low and the potential for bugs in the Secure Enclave higher, and hence made the trade off the allow signed updates.
The CoreOS (https://coreos.com/) security team, or just the core OS security team? If the former, I'm curious what Apple's involvement with that project is.
Does anybody see through these PR plays? They've unlocked many phones in the past for the government, they're protecting their technology and using the moral issue to look good at a time when they're still majorly losing their way. To me this looks like governmental appeasement. Shutting down Snowden and other's methods of private communications is a fantastic gift to the government who doesn't want more of that type of scrutiny and people talking about the NSA badly, there's already enough thinking they're a major problem. What perfect a guise to get it done under another companies name that also happens to be having a great PR week on the back of data they gave up or are going to give up anyway, they always knew that. I wish more people would think for themselves or at least consider why the script might not be reality. They hired him! What happened is a formerly non corporate secure, private form of communication is now... who knows what. Maybe the government just figured out how to deal with the next Lavabit and not deal with more backlash. Nobody trusts them right now, everybody seems to love this Apple letter PR play.
>They've unlocked many phones in the past for the government
I do not really see why this is always brought up. Ofcourse they unlocked phones in the past, they had a master password, they could not legally refuse to do it. There was no legal way for them to resist such actions by the government
Do you understand the difference between the security model today, and previous versions of the iPhone?
Further I do believe there is a Fundamental Difference between Apple run by Steve Jobs, and Apple run by Tim Cook in how they view government. This is why your seeing Apple shift its technology to resist government agents as well as more "traditional" threats
//For the Record, I hate apples business model, and their Walled Garden Ecosystem. I will never own a iPhone because of that, however this on going theme of "well they unlocked it in the past" is just technological ignorance that need to be put down.
How can you possibly be so cynical that you think this? Be an Apple hater all you want, but your comment is just silly. If Apple has "unlocked many phones for the government" before, why does the government have so many they want unlocked? A warrant canary can't "look to you" like it died. It did or it did not, and it most definitely did not. You're blowing this almost as far out of proportion as the article. Where is your proof for all these prior phones they unlocked??
Yes, this could be all smoke and mirrors and Apple is already in bed with the USG and they just playing us and taking us for suckers but setting all these legitimate concerns aside and assuming that this whole controversy is legit, I think Apple's position is vulnerable given their tax policies and hoarding cash reserves in offshore subsidiaries and holding the repatriation of these funds to the US.
I think that the USG could really twist Apple's arm and take them to courts over trumped up tax evasion charges and force Apple to cooperate with them on that FBI issue.
Let's just wait to see how this interesting story evolves and concludes before passing judgements very early.
While I agree that closed-source privacy protection isn't trustable, and therefore isn't sufficient, that doesn't mean that Apple doesn't intend to protect APple customers.
There's a big difference between not going far enough and deliberate deception on this topic. There are also multiple stages to the battle for privacy, and most technology products and services are relatively far behind Apple in that progression.
Not sure if I believe that Apple acqui-hiring this developer was a concession for the bad press they've been giving the government lately. It was his choice to work for Apple; I'm going to guess that they didn't coerce him into taking this deal.
Conjecture: Isn't Apple's private signing key already a "master key to turn 100 million locks"?
I.e. the key they use to sign software updates. With that key, someone could create malware and sign it... Apple creating the malware just saves them a step. Ergo the "target on that piece" is already pretty high value, yet Apple is able to keep it secret / prepared for contingencies (like rotating the key..)
Well, this is true for any form of authentication. If you have information you need to update, you need to have a form of authentication, and authentication data can get lost. You just need to have good routines limiting the access to this data.
This is a problem for signing software, but also things like updating their webpage and content on the App Store. All these systems need to have authentication data exist, and if lost to people with malicious intent it could be lost.
Yes, Apple has never denied that it is possible for Apple to create a signed build of iOS with some of the security stripped out. They just point out, rightly that it is not a good idea.
It follows that this is a pretty thin layer of security.
And it seems that Apple's signing keys are well-protected high value targets. Has Apple been "able to keep it secret" ? As far as we know, yes. But we don't know everything.
Frederic Jacobs announced he was looking elsewhere some time ago. I don't have any insight into Open Whisper System's internals, but considering they've still been committing code and they're still posting new job openings, I doubt this has anything to do with Open Whisper Systems and more to do with Jacobs wanting a change of scenery.
Good for Apple. Maybe he can help critique Apple's security methodology. It will be interesting to hear what he works on and how he finds Apple's security systems.
It's arguably a poor, baity article, but please don't rant like this on HN. It lowers the quality of the discussion and usually sets off a degrading spiral (as below).
Is it idiotic to assume a company embroiled in a debate about privacy and security for a communication device-- the biggest driver of revenue for the company, hired someone in the secure communications space to work on communications products?
Also, Apple has a PR problem and can't operate without secure systems. Article title notwithstanding, it is a pretty big deal that while an intelligence agency is coming at them hard they hired a developer, in a very public manner, that's application is used by the very person who made the evidence of surveillance known.
This could be a signal to the market that they not only passively oppose this, but they are actively locking down their systems and they won't cooperate. Seems like a very sharp developer and as a bonus he did secure system messaging so it is not idiotic.
edit: I ammended post to reflect that he is likely not working on iPhone directly.
I disagree and think this is potentially big news. You push us to relax security...we push back by trying to make a play in the secure chat (for everyone not just iPhone users) market which would make your life a lot harder.
The market is tough but it would be interesting if Apple would actually enter it. They have enough power to seed the network effect needed with a large enough user base.
I think this entire saga has actually opened up a nice spot to push really hard for the positioning slot of "secure by default". It's been done by a lot of people including Apple before but I think we're at a point in time where the media echo might be good enough for a big company to make a true positioning play.
It's also a great differentiation against Google/Facebook. Apple has voiced the "essentially our competitors are in the we make money off privacy violations business" (in other words) but they might want to hit that harder soon. A bit fickle since you need FB/Google in the "security now" alliance but still interesting.
I'm still skeptical about closed source software for secure X but I guess it's better than nothing.
It's not idiotic, it's interesting news given the climate. They didn't say what his role or project will be. What's wrong with reporting on Apple hiring a developer of one of the most popular secure messaging tools?
It does make sense to hire a guy who has had great success in Security. The chat app is just one of the use cases which he handled, and a good experience in designing secure software always helps.
There are probably not many tech companies who would turn down an internship applicant with this guy's résumé. So, yes, no puzzle to be pieced together here.
I would say that this has been Tim Cook's narrative for a while, and along this path we've seen iOS integrate things like WiFi MAC randomization and website ad blocking.
A "secure" chat app that depends on Google Play Services (spyware) and is only available through the Play Store (rather than F-Droid, an open source software repository for Android) and maintained by an author who refuses to integrate fixes to either of these problems upstream.
For those wondering if Google Play Services really is spyware: one of the purposes is to backdoor your phone for Google so they can _silently_ update any of their apps on your phone. It has access to _every_ Android permission and can (and does) grant any permission to any app silently. It also monitors your location and reports it to Google, along with brief voice snippets for "OK Google", as well as a list of all apps installed on your phone, and more. It's definitely an awful thing to have on your phone if you're privacy conscious.
[+] [-] MichaelBurge|10 years ago|reply
What next? Are they going to dig through Apple employees' trash, looking for variations in the number of credit card offers?
"Apple Employees Load up on Credit"
"Investigators have uncovered a 10% uptick in the number of accepted credit card offers from key Apple employees. Speculation about Apple's poor recent performance seems validated by their own employees obtaining as much cheap credit as they can get before the inevitable catastrophe approaches. Leading VCs interviewed had this to say: 'We always recommend to our partners that they obtain credit during times of prosperity, so that they don't need to unnecessarily dilute their shares by raising money in a downturn. If you're profitable but don't need the money, it's a great time to at least seek a line of credit from your bank.'
Apple representatives declined to comment on this article, possibly wishing to delay the bad news until the next shareholder meeting.
Next up: Microsoft reallocates its purchases of employee free soda to 20% Coke / 80% Pepsi. But what are the impacts on its cloud computing business?"
[+] [-] stygiansonic|10 years ago|reply
They then used this information to trade on the companies just before earning release, and made a lot of money. They were eventually caught by the SEC because their trading was deemed suspicious, i.e. their options bets always seemed to work out.
1. http://www.bloombergview.com/articles/2015-01-23/capital-one...
[+] [-] vostok|10 years ago|reply
You joke, but I bet you could get a leading indicator if you looked at companies reallocating from European fizzy drinks to Coke/Pepsi.
[+] [-] forgottenpass|10 years ago|reply
This sort of thing happens all the time from "news" blogs. You're just particularly keen to this one. The writer takes a smattering of fact, fits in into the existing narratives the news media is already telling themselves and bloviates until they have something to staple advertisement to.
What next? Are they going to dig through Apple employees' trash
Yes. News organizations that should know better pad their pages with exactly that. Constantly and forever. The trashcan is typically metaphorical, and the rank and file employees are boring.
[+] [-] sandworm101|10 years ago|reply
That is exactly the sort of thing that investors might look for. The personal behavior of executive is very telling. It is more so for privately-held corps, but can be applied to apple. Seeing an exec liquidating assets or taking on apparently unnecessary dept can speak to that execs future plans, which are tied to corporate moves. Some investors watch family members. A wife/mistress/girlfriend/husband shopping for a new house out of town may be the sign that the exec is about to leave one firm for another. How they plan to finance the purchase also counts.
One big tell, especially with startups, is communications with particular immigration lawyers. Execs facing a windfall often want to abandon their US citizenship in favor of somewhere with better tax treatment. See Saverin at facebook. So any communication with lawyers specializing in this process is a good sign of a buyout in the works. Either that, or they plan on winning the lottery in the coming months. You have to finish the process before you win the money.
[+] [-] trymas|10 years ago|reply
the deal was on it's way probably way before FBI scandal started.
[+] [-] AdmiralAsshat|10 years ago|reply
[+] [-] jpstory|10 years ago|reply
[+] [-] qntty|10 years ago|reply
[+] [-] izacus|10 years ago|reply
[+] [-] uxp|10 years ago|reply
[+] [-] HappyTypist|10 years ago|reply
[+] [-] duskwuff|10 years ago|reply
[+] [-] dotch|10 years ago|reply
[+] [-] jayarcanum|10 years ago|reply
[+] [-] the_ancient|10 years ago|reply
I do not really see why this is always brought up. Ofcourse they unlocked phones in the past, they had a master password, they could not legally refuse to do it. There was no legal way for them to resist such actions by the government
Do you understand the difference between the security model today, and previous versions of the iPhone?
Further I do believe there is a Fundamental Difference between Apple run by Steve Jobs, and Apple run by Tim Cook in how they view government. This is why your seeing Apple shift its technology to resist government agents as well as more "traditional" threats
//For the Record, I hate apples business model, and their Walled Garden Ecosystem. I will never own a iPhone because of that, however this on going theme of "well they unlocked it in the past" is just technological ignorance that need to be put down.
[+] [-] hellbanner|10 years ago|reply
Replaced with text like
"We care about your privacy." "We protect you with all legal means available."
And then there's PR like
http://www.dailytech.com/Feds+Cant+Crack+Apples+iMessage+Enc...
Maybe it's true. But are you really that trusting?
[+] [-] givinguflac|10 years ago|reply
[+] [-] gotchange|10 years ago|reply
I think that the USG could really twist Apple's arm and take them to courts over trumped up tax evasion charges and force Apple to cooperate with them on that FBI issue.
Let's just wait to see how this interesting story evolves and concludes before passing judgements very early.
[+] [-] Zigurd|10 years ago|reply
There's a big difference between not going far enough and deliberate deception on this topic. There are also multiple stages to the battle for privacy, and most technology products and services are relatively far behind Apple in that progression.
[+] [-] carlosnunez|10 years ago|reply
[+] [-] abalone|10 years ago|reply
I.e. the key they use to sign software updates. With that key, someone could create malware and sign it... Apple creating the malware just saves them a step. Ergo the "target on that piece" is already pretty high value, yet Apple is able to keep it secret / prepared for contingencies (like rotating the key..)
Thoughts?
[+] [-] runholm|10 years ago|reply
This is a problem for signing software, but also things like updating their webpage and content on the App Store. All these systems need to have authentication data exist, and if lost to people with malicious intent it could be lost.
[+] [-] SideburnsOfDoom|10 years ago|reply
It follows that this is a pretty thin layer of security.
And it seems that Apple's signing keys are well-protected high value targets. Has Apple been "able to keep it secret" ? As far as we know, yes. But we don't know everything.
[+] [-] aluhut|10 years ago|reply
[+] [-] thecryof|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] Aissen|10 years ago|reply
[+] [-] uxp|10 years ago|reply
[+] [-] jakobegger|10 years ago|reply
[+] [-] studentrob|10 years ago|reply
[+] [-] ianamartin|10 years ago|reply
Whatever remaining security holes there are with secure enclave, they have nothing to do with a software chat app.
This is entirely coincidental and has nothing to do with anything.
TechCrunch should be ashamed of itself (again) for being such a douchebag.
Edit: I'm not saying Apple hiring the guy is stupid. I'm responding to the hattery from the article itself.
As a hire, it makes sense. But trying to decide that it means "Apple is now serious about security" is just a bunch of horseshit on both ends.
[+] [-] dang|10 years ago|reply
[+] [-] vonklaus|10 years ago|reply
Also, Apple has a PR problem and can't operate without secure systems. Article title notwithstanding, it is a pretty big deal that while an intelligence agency is coming at them hard they hired a developer, in a very public manner, that's application is used by the very person who made the evidence of surveillance known.
This could be a signal to the market that they not only passively oppose this, but they are actively locking down their systems and they won't cooperate. Seems like a very sharp developer and as a bonus he did secure system messaging so it is not idiotic.
edit: I ammended post to reflect that he is likely not working on iPhone directly.
[+] [-] kriro|10 years ago|reply
The market is tough but it would be interesting if Apple would actually enter it. They have enough power to seed the network effect needed with a large enough user base. I think this entire saga has actually opened up a nice spot to push really hard for the positioning slot of "secure by default". It's been done by a lot of people including Apple before but I think we're at a point in time where the media echo might be good enough for a big company to make a true positioning play. It's also a great differentiation against Google/Facebook. Apple has voiced the "essentially our competitors are in the we make money off privacy violations business" (in other words) but they might want to hit that harder soon. A bit fickle since you need FB/Google in the "security now" alliance but still interesting.
I'm still skeptical about closed source software for secure X but I guess it's better than nothing.
[+] [-] studentrob|10 years ago|reply
[+] [-] sbose78|10 years ago|reply
[+] [-] imron|10 years ago|reply
[+] [-] dotch|10 years ago|reply
[+] [-] ascorbic|10 years ago|reply
[+] [-] a_lifters_life|10 years ago|reply
[+] [-] Vivtek|10 years ago|reply
[+] [-] saurik|10 years ago|reply
[+] [-] gear54rus|10 years ago|reply
With this move, they will also waste very valuable developer's (crypto experience ain't cheap) skills.
[+] [-] Sir_Cmpwn|10 years ago|reply
A "secure" chat app that depends on Google Play Services (spyware) and is only available through the Play Store (rather than F-Droid, an open source software repository for Android) and maintained by an author who refuses to integrate fixes to either of these problems upstream.
For those wondering if Google Play Services really is spyware: one of the purposes is to backdoor your phone for Google so they can _silently_ update any of their apps on your phone. It has access to _every_ Android permission and can (and does) grant any permission to any app silently. It also monitors your location and reports it to Google, along with brief voice snippets for "OK Google", as well as a list of all apps installed on your phone, and more. It's definitely an awful thing to have on your phone if you're privacy conscious.
[+] [-] r0muald|10 years ago|reply