[HN Gopher] Your Phone Is Your Castle
___________________________________________________________________
Your Phone Is Your Castle
Author : 0DHm2CxO7Lb3
Score : 124 points
Date : 2020-09-13 19:40 UTC (3 hours ago)
(HTM) web link (puri.sm)
(TXT) w3m dump (puri.sm)
| underdeserver wrote:
| Obligatory CGP Grey video: https://youtu.be/e-ZpsxnmmbE
| phoe-krk wrote:
| Missing "your" in the beginning of the title.
| saagarjha wrote:
| I suspect that Hacker News editorialized that title
| automatically.
| [deleted]
| OJFord wrote:
| In case anyone reading's unaware, when that happens (if it
| seems silly/obviously not an improvement) you _can_ edit and
| resubmit exactly the same title as originally submitted, and
| it will then be accepted as-is.
| dang wrote:
| Fixed. Thanks!
| saagarjha wrote:
| > Because iOS software, backed by iPhone hardware, actively
| prevents a customer from installing any software on an iPhone
| outside of the App Store, it does also prevent attackers from
| installing malicious software. Because the App Store has rules
| about how applications (outside of their own) can access customer
| data, if Apple discovers a competitor like Google or Facebook is
| violating its privacy rules it can remotely remove their software
| from iPhones, even internal corporate versions of software owned
| by Google or Facebook employees.
|
| This is a bit inaccurate; first because the App Store has a
| spotty record of stopping malware from reaching your phone and
| also because the apps pulled there did not go through the App
| Store, they were actually sideloaded using enterprise deployment.
| Apple does have the ability to remotely disable applications
| downloaded from the App Store, but to my knowledge it has never
| used this ability.
|
| > These companies have built very sophisticated and secure
| defenses all in the name of protecting you from the world outside
| their walls, yet in reality the walls are designed to keep you
| inside much more than they are designed to keep attackers out.
| The security community often gets so excited about the
| sophistication of these defenses backed by secure enclaves and
| strong cryptography that their singular focus on what those
| defenses mean for attackers blinds them from thinking about what
| they mean for everyone else.
|
| I mean, all you have to do is look at the things that are
| implemented to see that Apple's goal in many cases is to protect
| their software, not you. There is custom silicon in every recent
| iPhone that does nothing but stop modification of kernel code,
| even in the face of code execution and arbitrary read/write in
| EL1: interesting from an academic standpoint, but if you stop and
| think about it for more than a second it's entirely useless for
| actually protecting users.
| 1vuio0pswjnm7 wrote:
| "Apple's goal in many cases is to protect their software, not
| you."
|
| Seems like it is easy to trick the public into confusing one
| goal for another.
|
| There seems to be an implicit rule in the Apple software
| scheme: Apple itself is "pre-certified" as trustworthy. Not
| only at the time point of hardware purchase, but endlessly into
| the future.
|
| The user of course cannot revoke that "certification". The way
| these systems are structured today, the user effectively cannot
| decide after purchase "Thanks Apple, I got this. I'll take it
| from here." This is sort of implicit trustworthiness of
| hardware vendor as software vendor also underlies the
| contemporary concept of "updates". There is no genuine (viable)
| option for the user to say "no, thank you". Saying no would be
| deemed as ill-advised for a variety of reasons.
|
| The one-time hardware purchase is transformed into an ongoing
| dependent relationship that can be, and in fact is, exploitive.
| Its primary reason for existence is as you suggest not to
| "protect" or otherwise benefit the user.
| saagarjha wrote:
| Yes, this is exactly how Apple's security model operates; at
| least for their embedded devices. On Macs it seems like you
| at least get the choice between "I trust Apple" and "I don't
| check anything", which is still annoying because clearly the
| option people want is "I trust me" but Apple is not willing
| to provide this.
| kgabbott wrote:
| Why is it useless for actually protecting users? Is it easily
| circumventable or is it just that there are simpler attack
| vectors that don't require modifying kernel code?
| saagarjha wrote:
| Most iPhone attacks that users care about are those where
| attackers target sensitive user information and exfiltrate
| it-other ones don't really make sense on the platform. For
| this, typical attack vectors are a messaging app exploit
| (which is entirely outside of the control of Apple, FWIW), a
| web browser exploit coupled with a sandbox escape, or perhaps
| a bug in a Wi-Fi or Bluetooth driver; none of which typically
| require modifying kernel code in order to implement. The
| group of people that wants to patch the kernel, or extend it,
| is essentially nobody but security researchers and
| jailbreakers for whom the rationale to do something like this
| is often "because I should be able to do this". Thus, the
| feature is ineffective at addressing or preventing actual
| attacks that users care about and very effective at
| preventing people from tinkering with iPhones.
| thatfrenchguy wrote:
| > There is custom silicon in every recent iPhone that does
| nothing but stop modification of kernel code, even in the face
| of code execution and arbitrary read/write in EL1: interesting
| from an academic standpoint, but if you stop and think about it
| for more than a second it's entirely useless for actually
| protecting users.
|
| Every single malware (or jailbreak) wants to modify EL1 code,
| it's not just interesting from an academic standpoint.
| saagarjha wrote:
| Malware has no need to modify EL1 code if it can grab your
| iMessages without doing so; exploit chains found in the wild
| grab the kernel task port (or equivalent) instead. Jailbreaks
| do want to modify EL1 code, but this comes back to the point
| I was making about this protecting Apple's software and not
| their users.
| syshum wrote:
| Apple's goal is to protect their share price.. Nothing else.
|
| Everything Apple does is in service of that goal.
|
| This is why they are hardline on AppStore policies, and why
| they are hardline against Independent repair.
|
| Any PR they have about protecting the user is just marketing
| logical_proof wrote:
| I've been seeing this idea on the Internet a lot more for
| months now and I've been trying to put my finger on what I
| think is wrong with it I think I finally figured it out.
|
| I work for a corporation, it's not a massive corporation,
| when I first started it was a midsize family owned company
| and we never did work in service to the bottom line at least
| not solely. First and foremost we were interested in
| customers and providing value to them. I think that any major
| corporation or business small large whatever also has that
| same responsibility and probably also the same drive. Any
| organization is made up of multiple people and there's
| definitely going to be some actors that are completely bottom
| line driven but you're going to also have individuals whose
| purpose is meeting customer needs and providing customer
| value. I'm not saying Apple is an altruistic corporation or
| doesn't have concern for the bottom line, but making such a
| broad generalization to say that Apple only serves their
| bottom line perhaps sets you and others up with a pessimistic
| attitude where the people doing good work are missed.
|
| This is mostly a bit of introspection on the thought that
| I've been trying to flesh out for the last few months and
| it's not meant as a criticism of your comment in anyway I
| understand the sentiment of where you're coming from because
| I've also been in that same place. I think my views are just
| changing a little bit and I thought I'd take this opportunity
| to write them down hope you have a great day.
| hevelvarik wrote:
| It will be great to have more players in the smart phone OS
| domain so I hope this makes it big. On the other hand, the
| downside of taking the security and privacy of your phone into
| your own hands, is that ... you've taken the security and privacy
| of the phone into your own hands.
|
| I'm happy to pay Apple to do it for me because my phone is
| nowhere near my main or most important computing device and I
| also quite like that they poke google and Facebook in the eye
| from time to time. Sure, Apple is just a profit driven enterprise
| like the rest but their business model is directly related to
| keeping users happy at least for some value of users and happy.
|
| The only downside for me is that I can't write an app for my
| device because I haven't bought into the Apple computer
| ecosystem.
| 29083011397778 wrote:
| > I'm happy to pay Apple to do it for me because my phone is
| nowhere near my main or most important computing device
|
| But for millions, their mobile device is their main or most
| important device, whether it runs iOS, iPadOS, or Android.
|
| It can be their main device, with one example being Apple's
| divisive "What's a computer" ad. Another example is those that
| rely on mobile, due either to cost or lack of physical space
| for a desktop or laptop.
|
| For others, their mobile is the most important, likely because
| that's where all their messages, contacts, location history,
| and more, resides.
| nodamage wrote:
| > For others, their mobile is the most important, likely
| because that's where all their messages, contacts, location
| history, and more, resides.
|
| Indeed. And some of those people value the security and
| privacy of that data and want to reduce the risk of having it
| stolen by malware and rogue apps, so they intentionally buy
| into an ecosystem that enforces strict controls on what apps
| can run on their devices.
| ohgreatwtf wrote:
| >your phone is your castle, you decide what is on it >systemd
| einpoklum wrote:
| Where I read this, I laughed; then it occurred to me that maybe
| systemd actually gets installed on some phones; then I cried a
| little.
| nodamage wrote:
| > _Your security and privacy aren't really protected inside these
| walls because the main point of these security measures is to
| enforce control, security against attackers and protecting your
| privacy is mostly marketing spin._
|
| The author presents this as fact but does nothing to actually
| justify the claim. I'm not sure why we should assume it is true
| when two decades of history of malware on Windows (and to a
| lesser extent, Android) clearly demonstrate the problems with
| having no walls at all.
|
| The irony of course being that this article _itself_ is a
| marketing piece for this company 's product.
| rbecker wrote:
| > The author presents this as fact but does nothing to actually
| justify the claim.
|
| Let me fill in the justification then:
|
| https://www.androidpolice.com/2016/03/01/google-explicitly-b...
|
| https://www.macrumors.com/2019/10/03/apple-bans-app-used-by-...
|
| https://time.com/5497200/samsung-facebook-app-delete/
|
| Edit as reply:
|
| They justify the claim that phone vendors enforce control
| unrelated to security.
|
| And the various linuxes and FOSS Android ROMs can serve as
| examples of reasonably secure systems without walled gardens.
| (Or more accurately, walled gardens, but where the user has the
| key to the garden gates, and can install alternative
| repositories/app stores).
|
| With all that, it takes a downright reckless degree of trust in
| corporations that have already betrayed that trust many times,
| to believe their motives in locking down ever more computing
| platforms are to benefit the user, and that this continual
| retreat of user freedoms won't end badly.
| nodamage wrote:
| I'm not exactly sure how you think these examples justify the
| author's claim, can you elaborate?
|
| Cause it seems like what you're doing is the equivalent of
| pointing to an example of someone killing another person and
| then saying "gotcha! see how the existence of police and
| murder laws don't completely prevent murder?"
|
| The underlying question is does the walled garden approach
| improve the security and privacy of the overall ecosystem
| compared to the non-walled alternative, not whether it leads
| to 100% perfect security and privacy (which is an
| unobtainable ideal).
| matheusmoreira wrote:
| It's not entirely wrong. Secure boot is great technology, the
| issue is who controls the keys to the machine. If the user
| controls the keys, it is empowering technology. If the
| manufacturer controls the keys, the technology becomes merely a
| tool they use to maintain control over ther user's computer.
| nodamage wrote:
| Fair enough, but the claim is that "security and privacy
| aren't really protected", which I strongly disagree with and
| don't believe the author has presented anything justify such
| a strong claim.
| yongjik wrote:
| Also, the flip side of "your X is your castle" is that "You are
| the lord, you take full responsibility for whom you invite into
| your castle, and if you invited someone who claimed she was
| your grandma and she took all your belongings, shat on the
| carpet, and flew out the window, it's your fault."
|
| We all know how that plays out in real life.
| benologist wrote:
| In real life on the iPhone we have had apps secretly
| uploading your address book, copying your clipboard and
| listening for tones embedded in television ads. And "The
| Fappening" where many people's private photos were leaked.
| marcinzm wrote:
| If that's what happens when you've got hundreds of experts
| working to prevent it then why do you think it'll be a less
| of a problem when it's random non-experts?
|
| edit: The imperfection of the current system does not prove
| that another option is better.
| nodamage wrote:
| In real life we also have murders and kidnappings, that
| just means no system is perfect. It certainly doesn't mean
| there's no point in having law enforcement.
| keenmaster wrote:
| I just want a phone with full Windows 10 that is as customizable
| as desktop computers are. Phones are very powerful nowadays.
| There's no reason for them to have the same limitations as 10 or
| even 5 years ago.
| zozbot234 wrote:
| Windows 10? I don't even want that on my _computer_ , let alone
| my phone. Of course a mainstream Linux OS (with real
| desktop+mobile convergence) would be quite nice, and both
| Purism and the pmOS community are working towards making that
| possible.
| dannyw wrote:
| There is a good reason: battery life.
| keenmaster wrote:
| It's my device. I should have the choice to override the
| standard use case to unlock the phone's full functionality at
| the expense of battery life. I almost always have a charging
| cable with me, and a 20,000 mAh powerbank. Furthermore, there
| is a lot of room to increase charging speeds, but most phone
| manufacturers have dragged their feet because extremely fast
| charging speeds aren't necessary for the standard use case.
| However, that "standard use case" is outdated and needs to be
| reevaluated.
| gambiting wrote:
| >> Furthermore, there is a lot of room to increase charging
| speeds, but most phone manufacturers have dragged their
| feet because extremely fast charging speeds aren't
| necessary for the standard use case.
|
| And you know, the very small matter of rapid charging
| destroying phone batteries quickly. There are phones out
| there which will charge at 30 or every 40(!!!) watts of
| power, but it tends to kill the battery rather quickly.
| Vast majority of people charge their phones at night, and
| then the phone gets a good 6-10 hours of uninterrupted
| charging. If anything, phones charge too quickly by
| default, at the expense of battery life.
|
| >>It's my device. I should have the choice to override the
| standard use case to unlock the phone's full functionality
| at the expense of battery life.
|
| You're free to do with your device as you please, but I
| don't see why anyone else should be obliged to cater to
| your wants and needs.
| marcinzm wrote:
| Is it just mean or does this feel to be written in a FUD
| marketing style? Very strong focus on fear in the writing and
| what seems like cherry picked examples.
|
| Then again I have learned to have a defensive and negative
| reaction to anything that even smells like marketing so it's hard
| for me to tell anymore.
| dmurray wrote:
| The target market for a Librem phone is people who are hardcore
| about privacy and/or computing freedoms, who are probably
| motivated at least partially by fear.
| alfiedotwtf wrote:
| Instead of attacking the writing style, how about you attack
| the questions raised.
|
| It's bang on. You don't own your iOS or Android phone, you're
| renting a platform, which you be deplatformed without recourse.
| caymanjim wrote:
| I don't need much from a phone, and just about any Android-
| capable phone would work for me, as far as OS and hardware
| capabilities go. The thing that's going to keep me tied to a
| Google-controlled phone for the indefinite future is Google Fi.
| I'm not aware of any other cell service plan that does what Fi
| does: $20/mo base, $10/gig after that (with everything from
| 6G-15G at no additional cost, after which you either get
| unlimited throttled data, or can start paying $10/gig for again).
| And the most important part of that (for me) is that it's the
| same price no matter where you are in the world. I haven't been
| traveling this year, but normally I would, and there's no other
| way I know of to use my phone internationally for so little (at
| least not without constantly swapping SIMs and changing the phone
| number).
| commoner wrote:
| While Google Fi is understandable for your situation, for the
| majority of Americans who don't need international roaming,
| Google Fi is not the most cost-effective solution.
|
| Mint Mobile offers unlimited plans with 35GB of unthrottled 5G
| and 4G data for $30/month, 12GB for $25/month, 8GB for
| $20/month, and 3GB for $15/month. All of these options are
| significantly cheaper than the same amount of data on Google
| Fi.
|
| The relevant part is that Mint works just as well on phones not
| optimized for Google Fi as it does on phones optimized for
| Google Fi, eliminating vendor lock-in. Mint works on the Librem
| 5 and the Pinephone (and also on iPhones). Future FOSS phone
| hardware that uses GSM-based cell networks will be Mint-
| compatible.
|
| https://www.mintmobile.com
|
| The catch is that the rate is for annual billing, although Mint
| offers a 3-month trial at the annual rate.
| dannyw wrote:
| That's crazy. Here in Australia I pay A$35 a month for 45GB.
| Tax included.
| [deleted]
| ignoramous wrote:
| > _...constantly swapping SIMs and changing the phone number_
|
| There are a lot of cloud telephony companies that'd vend you a
| number and gladly connect your calls over the Internet so that
| you avoid roaming fees [0].
|
| And data-plans are easy and super cheap to come-by given the
| advent of esims [1].
|
| [0]
| https://play.google.com/store/apps/details?id=com.esim.numer...
|
| [1]
| https://play.google.com/store/apps/details?id=com.mobillium....
| vecinu wrote:
| I'm also on Fi and love it for the reasons you mentioned BUT
| keep in mind that swapping your SIM for a local plan is a lot
| cheaper, on average. In Eastern Europe for USD$10/month you get
| unlimited data and you can have people call you.
|
| The one thing I don't like is I can't have people call my
| number because it's a US number and it costs them extra to call
| it in Europe.
| aaomidi wrote:
| Esim has made swapping sims super easy
| javajosh wrote:
| Don't they have residency requirements? Even Greece has them
| (although, TBH, there are plenty of locals happy to help you
| out).
| ValentineC wrote:
| > _Don 't they have residency requirements?_
|
| Prepaid/pay-as-you-go SIMs shouldn't.
| 8note wrote:
| Given that it's a Google service though, it might be shuttered
| at any moment. I'm happy with my T-Mobile plan even if it's
| expensive and harder to use, for the convenience that I won't
| have to suddenly switch plans and carrier
| Waterfall wrote:
| I Pay $13 a month for 2GB and unlimited talk and text. Most
| phones have 2 Sims and can use esim. Truphone is much better
| internationally. https://www.truphone.com/us/consumer/sim/ It
| has free incoming calls and you only pay for outgoing.
| jtth wrote:
| My phone is not a home. It's a filament in a fabric of
| affordances. I rely on others to support those affordances. I pay
| for some of them with money. I don't want a castle. I want a
| society.
| javajosh wrote:
| Your phone contains records of all the actions you take with
| those affordances. What you are looking at, who you are talking
| to, messages you've sent, inside and outside apps, plus a time
| series of sensor data that position you and can give
| audio/video of you at all times...it is foolish not to treat
| access to this device with great care.
| __d wrote:
| Without commenting on the overall thesis, it's inaccurate to say
| that if Apple removes Fortnite from the AppStore that it is also
| removed from users phones.
|
| Anyone who has already purchased Fortnite via the AppStore can
| still use it on their phone, in whatever version they had
| downloaded prior to the removal.
| einpoklum wrote:
| I'm a bit skeptical about their presumption to be both an app
| store and a phone provider, but ok, I guess.
|
| > $749 USD pre-order
|
| Unfortunately, it seems the "security-focused" phone is only for
| very rich people. I mean, ok, if you can afford a new iPhone you
| can also afford this, but most people in the world can't spend
| half this much on a phone.
| qchris wrote:
| This is somewhat fair, but I think it's also worth pointing out
| that it's not a business model w/o precedence. Not too long
| ago, you could have argued that same thing about the Tesla
| Model S; "electric cars are only for rich people".
|
| The capital from selling at a mark-up to wealthy early adopters
| helps to fund cheap(er) versions (i.e. Model 3) that are
| accessible to more people later on.
|
| Not a perfect analogy, and Purism's execution isn't exactly
| comparable to Tesla's, but I think the idea is the same.
| devilduck wrote:
| Most people also do not buy their phone in one lump sum. They
| add payments to their phone bill, so if their carrier doesn't
| offer this phone, it becomes unaffordable.
| [deleted]
| neom wrote:
| I noticed it's powered by an "ethical operating system", however
| they don't really go into any detail about what an ethical
| operating system is.
| valvar wrote:
| An operating system containing only libre software, I assume.
| At least in my book, software must respect the freedoms of its
| users in order to be ethical. And their OS is indeed libre and
| respects its users.
| sam_lynx wrote:
| Always wanted for someone to make a copy of Apple's products but
| without their insane level of control over your device. Looks
| like someone is finally going to do it :)
| visarga wrote:
| Not castle, rental car. You're just a guest on your device, at
| least in real life.
| james412 wrote:
| They've taken so long to deliver Librem 5 that even normies have
| started reverting back to candybar phones in the meantime
| rabidrat wrote:
| Yeah I ordered one 15 months ago and had to start using a flip
| phone. I can't wait any longer though, I am going to have to
| get a different smartphone :(
| aftergibson wrote:
| Shows the strength of the pinephone. Release something cheap,
| quick and hackable rather than try to deliver everything. It's
| been a really impressive project so far!
| d33 wrote:
| Thanks for reminding me about it. I can see it's already sold
| out:
|
| https://store.pine64.org/
|
| Curious if there's going to be another batch.
| blihp wrote:
| They're doing CE batches which run about a month each but
| the underlying hardware is the same for all of them. Just
| follow their blog (https://www.pine64.org/blog/) and wait
| for the announcement for the next batch preorder.
| qchris wrote:
| Not quite the same; they're now selling two slightly
| different versions. One has 2GB of RAM, while the other
| has 3GB RAM and is usually marketed under a "Convergence"
| label. For example, the UBports CE and the pmOS hardware
| has some slight revision that changes your ability to
| connect with the phone over Ethernet. I believe that the
| upcoming Manjaro CE will have the same distinction
| between models.
|
| [1] https://store.pine64.org/product/pinephone-community-
| edition...
| bulka wrote:
| Sigh. Double checking my email: still the same. Order placed:
| January 16, 2019. Shipping ETA: mid-to-late November 2020. Off
| topic, I know, but ghrghghr....
| gcb0 wrote:
| paraphrasing the linked article: A little history lesson (from
| someone who actually bought their products).
|
| I have one personal and 5 company managed librem 13 linux
| laptops. It's been a nightmare of amateur hour problems.
|
| On two, the -/_ key only register 33% of the time it is pressed.
|
| None of the 4 or 5 m2 SSD I tested booted consistently from the
| open bios. Every boot required 3 to 7 reboots until they where
| seen. Needless to say, they are have simple 2.5mm SSDs and no
| developer want them now because of the lack of RAID. To the bean
| counters and HR they went.
|
| They still do not have usb3 support for epci, display, or
| charging. basically stuck in 2016.
|
| The Radio/Video switches are nothing but cutting the power to the
| USB bundled peripherals. there's no special driver or anything
| else. Though still better than the majority, but far from the
| best with truly integrated solutions.
|
| And support have been non-existent. And their forum used to be a
| bunch of people asking basic questions about their rebranded
| gnome, but lately it is a flood of "amateur android specialists"
| (adb script kiddies. thinking of so many puns now) threads on the
| librem5 phone... if you know the kind of content you get on xda
| forums, it's the same level.
___________________________________________________________________
(page generated 2020-09-13 23:00 UTC)