I remain unconvinced that phone manufacturers are unable to read the screen. Username obscurity is neat for p2p privacy, but does nothing against "the cops" if you're doing something they don't want you to.
Yeah. If you've come to the attention of the wrong sort of "the cops", you're fucked.
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." -- https://www.usenix.org/system/files/1401_08-12_mickens.pdf
There's a lot of humour in that article, but some cold hard truth as well.
After an intelligence agency has knocked on your door to tell you just how interesting your online comments are and serve you legal paperwork, arguments like this suddenly become hollow.
While this advice suggests I should just give up, that's not a practical option.
Nothing, practically speaking, can keep you safe from your phone.
If your adversary has access to your phone, directly, then encryption will not help (practically speaking - got to keep saying that because heroic efforts can be expended). If that adversary is the phone manufacturer (a) you are screwed and (b) the manufacturer is taking a huge business risk
Point is using Signal your messages and secrets cannot be found on a server over which you have no control. You do have control over your phone. You can switch to a more reputable manufacturer, you can keep it away from your adversary
> If your adversary has access to your phone, directly, then encryption will not help
One way to express it: The phone isn't much use unless you have access to the data. If you can access it, so can adversaries with access to your phone.
Convinced is a strong word, but phones are typically running code that is not user controlled in an environment where they are always expected to be connected to the internet.
Given the amount of spying that has been revealed (a lot of it seeming to be superficially illegal) it seems reasonable to assume that phones are compromised in all manner of ways unless proven otherwise. I'd prefer to be pleasantly surprised.
Anything that makes it more expensive for the government to read someone's communications is a bonus. Ideally panopticon states will remain uneconomic.
* Mobile-phone baseband chipsets are proprietary and secret a.f. and part of that is down to the carrier's insistence.
* Baseband chipsets run software that the carrier ships OTA to the phone.
* While baseband chipsets are ostensibly part of the wireless modem and meant to simply provide a service to the rest of the phone it looks like they generally have some form of access to the phone's main memory bus (just like any other PCIe device in a PC) and so could read the framebuffer (assuming it's backed in RAM at all) - or at least the back-buffers of the screens of running applications.
* Even 6-7 years ago, there existed definite causes for concern in (at least) the 32-bit version of iOS - but I can't find any hard evidence that the baseband chip in Apple Silicon-era phones wouldn't have at least some access. See https://github.com/userlandkernel/baseband-research
I can highlight text on the application switching screen (swipe up on android, press and hold over text on any of the applications in that view, you can highlight text that's otherwise not highlightable)
Someone should write a Wikipedia article on a glibly labeled law to the effect of, "any opportunity for forensic information to be exploited, will be done so."
OS level and apps can record the screen. With root access the State or someone who knows the triggers could issue a capture and store to a remote site without user knowledge.
A GPS transponder with microphone and camera under the control of billionaires seems like a mistake
It's not this binary. Remote compromise of phones with 0 days is expensive and risky. Phones aren't commonly believed to have purpouse built stable backdoors allowing screen recording for cops.
bigiain|2 years ago
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." -- https://www.usenix.org/system/files/1401_08-12_mickens.pdf
There's a lot of humour in that article, but some cold hard truth as well.
kuschku|2 years ago
While this advice suggests I should just give up, that's not a practical option.
Folcon|2 years ago
PS: Are there any other articles that he's written that are similarly entertaining?
derbOac|2 years ago
worik|2 years ago
If your adversary has access to your phone, directly, then encryption will not help (practically speaking - got to keep saying that because heroic efforts can be expended). If that adversary is the phone manufacturer (a) you are screwed and (b) the manufacturer is taking a huge business risk
Point is using Signal your messages and secrets cannot be found on a server over which you have no control. You do have control over your phone. You can switch to a more reputable manufacturer, you can keep it away from your adversary
wolverine876|2 years ago
One way to express it: The phone isn't much use unless you have access to the data. If you can access it, so can adversaries with access to your phone.
dotty-|2 years ago
roenxi|2 years ago
Given the amount of spying that has been revealed (a lot of it seeming to be superficially illegal) it seems reasonable to assume that phones are compromised in all manner of ways unless proven otherwise. I'd prefer to be pleasantly surprised.
Anything that makes it more expensive for the government to read someone's communications is a bonus. Ideally panopticon states will remain uneconomic.
DaiPlusPlus|2 years ago
* For example, see https://news.ycombinator.com/item?id=10905937
* Mobile-phone baseband chipsets are proprietary and secret a.f. and part of that is down to the carrier's insistence.
* Baseband chipsets run software that the carrier ships OTA to the phone.
* While baseband chipsets are ostensibly part of the wireless modem and meant to simply provide a service to the rest of the phone it looks like they generally have some form of access to the phone's main memory bus (just like any other PCIe device in a PC) and so could read the framebuffer (assuming it's backed in RAM at all) - or at least the back-buffers of the screens of running applications.
* Even 6-7 years ago, there existed definite causes for concern in (at least) the 32-bit version of iOS - but I can't find any hard evidence that the baseband chip in Apple Silicon-era phones wouldn't have at least some access. See https://github.com/userlandkernel/baseband-research
unknown|2 years ago
[deleted]
mr_spothawk|2 years ago
Likewise, you can highlight text on screenshots.
bordercases|2 years ago
pizzafeelsright|2 years ago
A GPS transponder with microphone and camera under the control of billionaires seems like a mistake
zoobab|2 years ago
https://hackaday.com/2020/09/29/bunnies-betrusted-makes-firs...
fulafel|2 years ago