top | item 8390534

(no title)

conformal | 11 years ago

i think it's great to see ppl being skeptical of security claims from phone manufacturers. trying to secure a normal cellphone is pretty much impossible and if you're storing sensitive information on one, you are just waiting to get fucked.

i think all this "sound and fury" is likely a ruse to entice ios and android users into a false sense of safety post snowden disclosure. being able to encrypt your drive doesn't matter if your OS and its applications are exploitable. last time i checked, there is almost zero open source firmware out there, so your application processor can encrypt stuff hitting disk and the baseband processor can be used to get dma.

time to roll out the hypothetical child molester straw man...

discuss

bad_user|11 years ago

> being able to encrypt your drive doesn't matter if your OS and its applications are exploitable

Because, you know, security measures that aren't 100% perfect are on equal footing as no security at all. Seriously? That's a huge fallacy.

In the end, it's all about the cost. When speaking of the NSA, we are primarily concerned with mass surveillance, because lets be honest, if you're targeted directly then you don't stand a chance, since they can always infiltrate your home then watch your fingers typing your password. And if these companies are raising the cost of doing mass surveillance, with encryption doing just that, then that's a good thing. It is in their interest to do so because the bad press they are getting is hurting their bottom line - you may not see it, but post Snowden at least governments and big corporations are starting to think of software/hardware stacks provided by non-US companies and now they have the ultimate argument for the balkanization of the Internet, which can't be a good thing.

But lets also think about things closer to home. I'm not from the US, I couldn't care less about the NSA. But I do care about my personal data ending up in the wrong hands - personal emails and photos, details on my accounts, projects, written down feelings and so on.

There are always organized crime syndicates looking for generating a quick buck. There are always incompetent clerks in your government institutions that out of an oversized sense of responsibility are doing stupid things. For example my personal identification details ended up in a local newspaper by mistake, because of a non-public contract leaked out of a public institution. Now how can I trust these people to handle my data? How could I let any cop inspect my laptop or phone on the spot as part of routine checks, which from what I hear, are becoming more common?

Yeah, encryption is not a good solution in the face of insecure apps, binary blobs and a potent global adversary. Thing is, for most people that global adversary is not the immediate threat they are facing and even for that global adversary, encryption makes surveillance more expensive.

mentat|11 years ago

GP is actually making a factual statement not just waving his hands around. Data at rest encryption doesn't matter if one can gain execution control with supervisor level privileges (or control another processor or part of the process which does.) This is why security is hard. These aren't NSA level attacks, they're what are used for the jailbreaks that come out for every version. It's a good idea to ask questions before getting fired up if it isn't your area of expertise.

probably_wrong|11 years ago

It's already there, in the third paragraph of the article:

“This is a very bad idea,” said Cathy Lanier, chief of the Washington Metropolitan Police Department, in an interview. Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities.”