I know this headline generates traffic by being about the iPhone, but this is a minor point. The big message from Jacob's talk and the original articles in Der Spiegel is that the NSA can intercept anything. Period. Full stop. People have suspected such far reaching capabilities for some time. This talk and the articles demonstrate that it exists. I'm personally a little uncomfortable with this kind of disclosure. On one hand, the NSA exists for the express purpose of spying. That is their job. You can not like that the NSA is a spy organization and we can debate whether we should conduct spy operations as a society, but I'm not sure what exposing their methods in this level of detail does for advancing that debate. Did people expect them to be a spy organization that was incompetent? A group that makes crappy and obvious listening devices stamped with "Designed by the NSA in Maryland"? On the other hand, the cases of potential abuses and dragnet surveillance capturing everything indiscriminately are extremely worrying. I don't know how a free society can do all this spying in support of legitimate foreign policy goals and at the same time not grow into an out of control, unaccountable organization ripe for abuse.
"one question has been paramount for privacy advocates: How do we, as a society, balance the need for security against the rights to privacy and freedom? "
I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.
Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.
I don't even think you need to go that far, with extreme examples of totalitarianism.
I'm not American, so obviously I'm less emotionally involved. My view on it is that the US is not under any meaningful threat of terrorism. 9/11 was big, but on the scale of decades it is still far down the likelihood list of violent ways an American may be harmed. Murder, Rape and other assaults are a reality too, a far more likely reality.
The real "solution" is "ignore terrorism, it's not a big threat." That's contrary to human nature, but I think it is the most rational response.
> "I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not."
You seemingly don't understand this abstract trade-off the correct way. Nowhere did anybody state that giving total power to the government would be the way to gain total security. You could just as well create a giant prison run by a private corporation and put every single citizen permanently in a cell. Then you'd have basically no freedom and almost total security without any government involvement.
Stalin is a bad example. By forcing industrialization on the ussr, he has increased average life span of the population by something like 15 years ( measures in 1958) and enabled the ussr to defend itself against the Germany which saved countless lives, and increased living standards, education, female equality greatly.
In his case, and the case of Chinese communism, it somewhat debatable whether a strong government is preferable.
> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." [2007]
OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.
> "A remote installation capability will be pursued for a future release"
Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.
Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?
I'm sure NSA/Google does the same with Google Play Services.
> "Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely."
This is a pretty limited view of remote exploits. It could easily be a browser-based exploit for example, with the payload as part of an image served by an ad, thus not requiring any open ports.
I cannot imagine the NSA waited for iCloud to get access to iPhones.
Enterprise profiles offer complete control over an iPhone in iOS7, including bypassing password, installing apps and so on. In theory one needs to install a profile by hand, but I don't see why it wouldn't be possible to do it remotely with the right vulnerabilities. Some devices can come from the factory with an ID that auto-enrolls them with an EDM profile, including after OS reinstalls. I don't remember if Apple can push profiles, but I think it can.
More info on Zdziarski's blog.
Anyway, all devices with centralized managment like Android, iPhone, Blackberry can't be secured IMHO against such a capable adversary. When an actor can push stuff to the device it's hopeless.
>> "A remote installation capability will be pursued for a future release"
> Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it.
Well, you also put that sort of statement in a document because a manager you're presenting to asked you about it and you need to acknowledge it, but you don't have any plans to actually do it. Any questions about it can be answered with relatively vague platitudes and "conceptual architectures", and then the feature is left to quietly fade away in subsequent iterations of the backlog.
Not only is the slide from 2008, but it also says it requires "close access methods" and "remote installation will be pursued for a future release." In other words, they need physical access to your device. If we think that the NSA can't compromise a device after gaining physical access, well then I think we should be scared about the competence of the NSA.
I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.
Now the talk he gave was interesting, laying out some known and some new facts about the surveillance and automated attack capabilities of the NSA, particularity interesting is the targeting of infrastructure and their traffic injection systems. And he is right to make the point, that its particularly despicable that they actively sabotage infrastructure security, something everyone on this planet has to suffer from.
But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).
The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their “targets” but also against any infrastructure they are interested in.
They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.
So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?
I really see this working remotely, as long as you have control over a cell phone tower or you use a phony portable base station, both of which are within the NSA's reach.
The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.
This is from a very old version of iOS (2007). We don't know if this is still true.
Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.
Even if the NSA doesn't have these on hand, they can certainly purchase them.
Honestly, I don't really care. The NSA can read whatever they want of mine. I've heard the arguments about how you should care, even if you don't have anything to hide. And I find them persuasive on one level and simultaneously unengaging on another. By contrast, the parallels to fascist Italy and Nazi Germany and living in a turnkey fascist state are most unpersuasive.
The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.
Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.
The protection from snooping government for law abiders isn't for humdrum people like you. It's for people working to make the world better who come under fire through no illegal activity of their own.
Did you know the FBI put MLK under surveillance at the orders of Bobby Kennedy (then-Attorney General)? They didn't find evidence of crimes, so they threatened to publicize his extramarital affair if he didn't give up his civil rights work.
It's about preventing unchecked government power over those who aren't criminals who are working against the status quo.
OF COURSE you don't care if the NSA reads your email. You don't change anything, and consequently don't matter.
We as a society care if the NSA reads the private emails of the next important up-and-coming political party leader who will break us out of the corporate-owned two-party system. THAT'S the person we're trying to protect, not boring uninspired people who "have nothing to hide".
> By contrast, the parallels to fascist Italy and Nazi Germany and living in a turnkey fascist state are most unpersuasive.
Why? The possibility of a turnkey fascist state is very real. You need only look to history to see how many leaders, once elected, completely ignored all laws and constitutions and legislating bodies to declare martial law and institute a tyranny. How can you say that you aren't worried about that, and the power of a surveillance apparatus in the hands of such a leader?
Imagine the abuses of J. Edgar Hoover or Richard Nixon, except amplified with today's tech.
"It always seemed like President Nixon's campaign was one step ahead of us, almost as if they were reading our email...but nobody ever broke into our hotel suite or anything so it's all just speculation."
I've lived in both the United States and Germany for long periods of time. In general, these are two modern, democratic countries, not typical oppressive regimes, an 99% of the people have nothing to worry about 99% of the time.
The problem are the 1% who express the wrong ideas at the wrong time. I know people who have been put under surveillance or charged in court for things that are perfectly legal, or just minor infractions. Some examples from Germany:
One guy I knew made a poster protesting against nuclear power, and put it up near his university. About a year later he got a letter saying that the "proceedings against him have been terminated". He found out that the police suspected him of planning a terrorist attack against a nuclear waste transport. They bugged his cell phone, his apartment, and followed him and his friends for about a year, until they realized they have the wrong guy.
A friend of mine made a mistake of visiting a squatted house an being seen there. Later he went to a demonstration, got filmed by the police, and charged with something you could translate as "ring leadership" or "inciting a riot".
There also was a famous case last year where a pacifist pastor who visited a anti-nazi demonstration was charged with something similar [1]. (And of course there are numerous examples from the US.)
The thing is, the threshold invading people's privacy is getting lower and lower. Police or intelligence agencies will put you under surveilance if they just have a hunch. At the same time, persecutors are under really high pressure to "make a case". More and more they will rather convict an innocent on dubious grounds than admit a mistake. Actual quotes from judges (paraphrased): "we need to make an example", and "I don't know if the accusations are technically true, but if you were there [at the demonstration], you have to be guilty of something".
A situation like this is unworthy of a democratic society. As I said, stuff like this doesn't happen to 99% of the people. But you never know when you are in the 1%. I have to be afraid to say anything controverisal - I have firecrackers and vinegar at home, what if some overeager investigator decides I want to make a bomb out of it? And this kind of fear is what they call a "chilling effect" - people will stop using their democratic rights, their right to free speach and freedom of assembly and so on.
So you're not concerned about the government themselves having a bad security record and leaking all the data they gather on you, either? (government leaks data all the time)
Or someone in government deciding to stalk you? (this has happened, within the NSA I believe, but certainly in other places)
Or someone deciding they dislike you and using your information to pursue frivolous legal action? (You never broke any law? Any law at all? How would you even know, there are so many and they're so vague!)
Beyond that, well I guess you just don't care about privacy. Me, I do. It's not somehow the right of a bunch of other people I don't know, with minimal to zero democratic oversight, to poke into my life just because they feel like it.
Question is what if the data is misused ? At this rate, it's very easy to get who supports which politician etc. Democracy may become a sham. I don't know, everything mentioned in the movie "Enemy of the State" can come true.
I completely disagree, but I have voted you up. You represent normal people. Those of us who care are the weirdos.
I've given up. Whats the point? Frankly, if I knew I needed actual privacy, I'd not use anything electronic, and go olde skool. That's all I need to know now. I've told everyone I know and / or care about. Its now up to them.
Get used to it, Big Brother has been here for a while, is staying, and will get stronger.
Just, I wont be listening in the future when it gets really out of hand. I dont expect anyone to come bleating to me if something goes wrong.
> Honestly, I don't really care. The NSA can read whatever they want of mine.
Hmm. You know what? I care. I don't want the NSA reading your stuff, because they're doing it in my name. I believe they're violating our 4th and 1st Amendment rights, and I want it to stop, for me and for you.
If the government is violating our rights, the damage goes beyond anything resulting from the actual violations. The real damage is that we have a government that does that.
Disagree completely but upvoted because it's an opinion that I think should be seen. Your comments effectively represent the 99.999% of the population that doesn't pay attention to any of this, except to what small amount they're fed via "paranoid" tech friends (and they all wear tinfoil hats, so whatever), nightly news and 60 minutes.
I'm inclined to agree with you. It's a first world problem filled with hyperbole and misinformation by the individuals leading this fight. Frankly, I wouldn't trust anyone.
I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.
I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....
However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)
Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.
So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"
Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.
Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.
Yes. The screenshot is old/known, and it does that in order to make the transitions appear smooth. It's also been cited as a privacy risk before, for the reasons you mention.
Dunno if you are right or wrong. Its just sad that people now think like this. That little device of joy, which has now become almost essential, is now a source of stress, worry, and suspicion.
Complete bogus - but lets play: If you were the NSA; why would you even hint to the user that you were taking screenshots? Its not like the blink animation is tucked away from software control.
The slide is dated in 2007 - i.e. either iOS 1.0 or some pre-release beta. Who knows what it does now with iOS 7? Also, its unclear what's needed - does one of those other ridiculous govt alphabet soup programs act as a trojan, or does Tom Cruise has to dangle from my ceiling with laser beams to plug in some wingding to do this?
And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.
Turns out, landline phones combined with email is more than one needs.
If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.
Couldn't this be accomplished simply by creating apps that deal with contacts, photos, camera, etc. and then having users download and accept the permissions themselves.
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.
Not quite: for example, iOS doesn't allow apps to access the SMS database.
In light of recent leaks, it's still pretty obvious: think a repackaging of OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.
You could make jailbreakme not display a dialog or install Cydia, and the user wouldn't notice anything except their phone got warm for awhile and has a newly opened port for SSH.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
One thing is true: whatever your phone is, the more complex, the more features, the more risks there are.
I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.
Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.
Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.
For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.
You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?
You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.
You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.
Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.
Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.
Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.
Ha, I wonder what this will do to acceptance of Apple products inside DoD's (well govt in general). Many agencies and military branches love them some new cool toys and have been pushing for their inclusion. Now revealing that Apple security can so seemingly easily be compromised, will they still allow or advise use of Apple products on government's own networks?
I thought the largest take away from all these leaks was that various branches of government, even within the military and intelligence communities, routinely deploy solutions that are known to be insecure?
[+] [-] JunkDNA|12 years ago|reply
[+] [-] forgottenpaswrd|12 years ago|reply
I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.
Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.
[+] [-] netcan|12 years ago|reply
I'm not American, so obviously I'm less emotionally involved. My view on it is that the US is not under any meaningful threat of terrorism. 9/11 was big, but on the scale of decades it is still far down the likelihood list of violent ways an American may be harmed. Murder, Rape and other assaults are a reality too, a far more likely reality.
The real "solution" is "ignore terrorism, it's not a big threat." That's contrary to human nature, but I think it is the most rational response.
[+] [-] this_user|12 years ago|reply
You seemingly don't understand this abstract trade-off the correct way. Nowhere did anybody state that giving total power to the government would be the way to gain total security. You could just as well create a giant prison run by a private corporation and put every single citizen permanently in a cell. Then you'd have basically no freedom and almost total security without any government involvement.
[+] [-] hershel|12 years ago|reply
In his case, and the case of Chinese communism, it somewhat debatable whether a strong government is preferable.
[+] [-] RyanZAG|12 years ago|reply
> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." [2007]
OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.
> "A remote installation capability will be pursued for a future release"
Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.
Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?
I'm sure NSA/Google does the same with Google Play Services.
[+] [-] mrich|12 years ago|reply
This is a pretty limited view of remote exploits. It could easily be a browser-based exploit for example, with the payload as part of an image served by an ad, thus not requiring any open ports.
I cannot imagine the NSA waited for iCloud to get access to iPhones.
[+] [-] blub|12 years ago|reply
More info on Zdziarski's blog.
Anyway, all devices with centralized managment like Android, iPhone, Blackberry can't be secured IMHO against such a capable adversary. When an actor can push stuff to the device it's hopeless.
[+] [-] bandushrew|12 years ago|reply
I dont understand this? so far as I am aware, apple has always been able to install and run code directly on your device remotely.
what am I missing?
[+] [-] mattlutze|12 years ago|reply
> Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it.
Well, you also put that sort of statement in a document because a manager you're presenting to asked you about it and you need to acknowledge it, but you don't have any plans to actually do it. Any questions about it can be answered with relatively vague platitudes and "conceptual architectures", and then the feature is left to quietly fade away in subsequent iterations of the backlog.
[+] [-] roin|12 years ago|reply
I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.
[+] [-] rlx0x|12 years ago|reply
But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).
The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their “targets” but also against any infrastructure they are interested in.
They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.
So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?
[+] [-] andreyf|12 years ago|reply
unlikely
> they are legally bound to publicly lie about it
source?
[+] [-] andr|12 years ago|reply
The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.
An interesting presentation on the topic: http://www.youtube.com/watch?v=fQqv0v14KKY
[+] [-] wyager|12 years ago|reply
Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.
Even if the NSA doesn't have these on hand, they can certainly purchase them.
[+] [-] allochthon|12 years ago|reply
The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.
Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.
[+] [-] sneak|12 years ago|reply
Did you know the FBI put MLK under surveillance at the orders of Bobby Kennedy (then-Attorney General)? They didn't find evidence of crimes, so they threatened to publicize his extramarital affair if he didn't give up his civil rights work.
It's about preventing unchecked government power over those who aren't criminals who are working against the status quo.
OF COURSE you don't care if the NSA reads your email. You don't change anything, and consequently don't matter.
We as a society care if the NSA reads the private emails of the next important up-and-coming political party leader who will break us out of the corporate-owned two-party system. THAT'S the person we're trying to protect, not boring uninspired people who "have nothing to hide".
[+] [-] neuralk|12 years ago|reply
Why? The possibility of a turnkey fascist state is very real. You need only look to history to see how many leaders, once elected, completely ignored all laws and constitutions and legislating bodies to declare martial law and institute a tyranny. How can you say that you aren't worried about that, and the power of a surveillance apparatus in the hands of such a leader?
[+] [-] acchow|12 years ago|reply
Some non-empty subset of the population needs privacy. Maybe you're not in that subset, but you should still be fighting on their behalf.
On a related note, do you believe in freedom of press? "a survey of American writers revealed that nearly one in four has self-censored" http://www.cnn.com/2013/12/04/opinion/snowden-chilling-effec...
[+] [-] blake8086|12 years ago|reply
[+] [-] IvyMike|12 years ago|reply
"It always seemed like President Nixon's campaign was one step ahead of us, almost as if they were reading our email...but nobody ever broke into our hotel suite or anything so it's all just speculation."
Edit: brainfart as pointed out by jeremyswank.
[+] [-] captainmuon|12 years ago|reply
The problem are the 1% who express the wrong ideas at the wrong time. I know people who have been put under surveillance or charged in court for things that are perfectly legal, or just minor infractions. Some examples from Germany:
One guy I knew made a poster protesting against nuclear power, and put it up near his university. About a year later he got a letter saying that the "proceedings against him have been terminated". He found out that the police suspected him of planning a terrorist attack against a nuclear waste transport. They bugged his cell phone, his apartment, and followed him and his friends for about a year, until they realized they have the wrong guy.
A friend of mine made a mistake of visiting a squatted house an being seen there. Later he went to a demonstration, got filmed by the police, and charged with something you could translate as "ring leadership" or "inciting a riot".
There also was a famous case last year where a pacifist pastor who visited a anti-nazi demonstration was charged with something similar [1]. (And of course there are numerous examples from the US.)
The thing is, the threshold invading people's privacy is getting lower and lower. Police or intelligence agencies will put you under surveilance if they just have a hunch. At the same time, persecutors are under really high pressure to "make a case". More and more they will rather convict an innocent on dubious grounds than admit a mistake. Actual quotes from judges (paraphrased): "we need to make an example", and "I don't know if the accusations are technically true, but if you were there [at the demonstration], you have to be guilty of something".
A situation like this is unworthy of a democratic society. As I said, stuff like this doesn't happen to 99% of the people. But you never know when you are in the 1%. I have to be afraid to say anything controverisal - I have firecrackers and vinegar at home, what if some overeager investigator decides I want to make a bomb out of it? And this kind of fear is what they call a "chilling effect" - people will stop using their democratic rights, their right to free speach and freedom of assembly and so on.
[1]: http://news.msn.com/world/german-pastor-faces-trial-over-ant...
[+] [-] girvo|12 years ago|reply
[+] [-] Nursie|12 years ago|reply
Or someone in government deciding to stalk you? (this has happened, within the NSA I believe, but certainly in other places)
Or someone deciding they dislike you and using your information to pursue frivolous legal action? (You never broke any law? Any law at all? How would you even know, there are so many and they're so vague!)
Beyond that, well I guess you just don't care about privacy. Me, I do. It's not somehow the right of a bunch of other people I don't know, with minimal to zero democratic oversight, to poke into my life just because they feel like it.
[+] [-] frou_dh|12 years ago|reply
[+] [-] parag_c_mehta|12 years ago|reply
[+] [-] alan_cx|12 years ago|reply
I've given up. Whats the point? Frankly, if I knew I needed actual privacy, I'd not use anything electronic, and go olde skool. That's all I need to know now. I've told everyone I know and / or care about. Its now up to them.
Get used to it, Big Brother has been here for a while, is staying, and will get stronger.
Just, I wont be listening in the future when it gets really out of hand. I dont expect anyone to come bleating to me if something goes wrong.
[+] [-] a3n|12 years ago|reply
Hmm. You know what? I care. I don't want the NSA reading your stuff, because they're doing it in my name. I believe they're violating our 4th and 1st Amendment rights, and I want it to stop, for me and for you.
If the government is violating our rights, the damage goes beyond anything resulting from the actual violations. The real damage is that we have a government that does that.
[+] [-] GrinningFool|12 years ago|reply
[+] [-] jonnybgood|12 years ago|reply
[+] [-] ifix|12 years ago|reply
[deleted]
[+] [-] samstave|12 years ago|reply
I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.
I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....
However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)
Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.
So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"
Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.
Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.
[+] [-] lawnchair_larry|12 years ago|reply
http://www.networkworld.com/community/node/32645
[+] [-] alan_cx|12 years ago|reply
[+] [-] jbergstroem|12 years ago|reply
[+] [-] zebra|12 years ago|reply
[+] [-] caycep|12 years ago|reply
[+] [-] ChrisAntaki|12 years ago|reply
http://news.cnet.com/8301-13506_3-20051758-17.html#!
> One person said that her boyfriend saw a picture of himself at work displayed in FaceTime, even though he has never used the service in the office.
[+] [-] cdooh|12 years ago|reply
[+] [-] f_salmon|12 years ago|reply
And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.
Turns out, landline phones combined with email is more than one needs.
If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.
[+] [-] neilkelty|12 years ago|reply
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.
[+] [-] kevinchen|12 years ago|reply
In light of recent leaks, it's still pretty obvious: think a repackaging of OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.
You could make jailbreakme not display a dialog or install Cydia, and the user wouldn't notice anything except their phone got warm for awhile and has a newly opened port for SSH.
[+] [-] wslh|12 years ago|reply
[+] [-] Create|12 years ago|reply
This should not actually be a complicated inquiry.
http://snowdenandthefuture.info/events.html
http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-t...
[+] [-] jokoon|12 years ago|reply
I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.
Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.
Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.
For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.
You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?
You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.
You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.
Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.
Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.
Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.
[+] [-] rdtsc|12 years ago|reply
[+] [-] Phlarp|12 years ago|reply
[+] [-] skc|12 years ago|reply
The easiest rebuttal is simply that every smartphone is equally at risk.
A last resort will be to simply say "meh, don't care"
That's how good/sticky Apple products are