I May Just Have to Buy an iPhone Now

denverpilot said:
A whole week! ;)
Click to expand...

Go figger. I thought sure it wouldn't make it through the day.

Maybe yesterday evening's announcements by the IRS will add some fuel to the fire, as well as help illustrate why some of us are less-than-enthusiastic about the idea of creating back doors through security for the government.

http://www.theatlantic.com/technolo...s-hack-was-twice-as-bad-as-we-thought/471255/

http://www.freep.com/story/money/pe...nscript-trouble-builds-irs-scammers/80995582/

I don't know if I got caught up in this one, but if I did, then it will make a total of 10 times that my PII has been mishandled and/or breached, and three of those times will have been from the U.S. government's custody.

Rich
 
Also, let's not forget that identity theft itself is only possible because the government requires banking institutions to collect our SSNs and other positive identification for any sort of account we open, also for "national security" purposes. Do away with that requirement and ban financial institutions from collecting the SSN during an account application process, and limit its collection in any case to accounts that require it (IRAs and the like, or accounts in which more than a certain threshold of interest or dividends have been paid), and the SSN becomes useless for identity theft purposes.

Financial institutions don't actually need the SSN to do a credit check. I've had a few online experiences lately that didn't require my SSN, but still used credit reporting agencies to verify my identity by presenting me with a handful of questions to which an identity thief would be unlikely to know the answers. Obviously these agencies have their own identifiers that are independent of SSN.

Seeing as how the IRS can't even keep its own data secure, forcing newborns to get SSNs before their first diaper changes makes even infants vulnerable to ID theft. I had savings accounts long before I had an SSN. I didn't get my SSN until I was 12, but I had a savings account when I was five. My school had a program with Greater New York Savings Bank. We would bring some pocket change to school on Mondays (a quarter was the suggested deposit), and the school would deposit the money in our accounts.

When I was in third grade, the program was terminated, and the bank sent us all passbooks. The passbook was in my own name, not my parents'. I could trot my little 8-year-old ass to Ninth Street and make deposits and withdrawals all by myself, and the bank never even asked about an SSN. Back then the SSN was only required if a depositor earned or was expected to earn more than $600.00 in interest in a given year. (That was also the threshold at which it became taxable back then.)

It's only been since the government required financial institutions to collect the SSN for all accounts that identity theft has become a major problem. Do away with that requirement for most accounts, and much of the problem goes away.

Rich
 
Take away the SSN and the banks will just want a fingerprint, eye scan, and a Baggie with your last bowel movement in it to match to your known flora. LOL

I made a stink one time that I didn't want to give my SSN to AT&T for a background check when I worked for one of their equipment vendors supporting stuff we sold them. I was told it was required or I couldn't log into their network. I said I was fine with that, hook up a modem. Haha.

The boss wasn't particularly pleased and I lost the argument.

Recently my employer decided that since I once in a while drive my personal vehicle past Microcenter on the way home, and I've volunteered off the clock to stop and pick up stuff, that they needed to have an official copy of my driving record in order to put me on their liability insurance.

I declined and said I simply wouldn't be stopping at Microcenter for them anymore and they could just suck it up and pay shipping or order the stuff for more money at Amazon.

I won that argument. If they notify me that I can't drive for company business, even better.
 
I'm confident that Apple is smirking at the news from a couple of days ago exposing the gov't's latest illegal wiretapping operation. This time the DEA in SoCal, IIRC

How many tIme's since 2001 have illegal wiretapping operations been exposed? And how many times have they been ordered to cease and desist? I've lost count.
 
timwinters said:
I'm confident that Apple is smirking at the news from a couple of days ago exposing the gov't's latest illegal wiretapping operation. This time the DEA in SoCal, IIRC

How many tIme's since 2001 have illegal wiretapping operations been exposed? And how many times have they been ordered to cease and desist? I've lost count.
Click to expand...

The original biggie went back into the 90s I believe. The one where the AT&T engineer asked why there was a special locked room in the Central Office/POP in San Fran with crap-tons of fiber conduit running through the wall into it that was spilt off of the main fiber trunks.

The other one well known inside the industry is similar garbage at Global Crossing. They have to comply because they're a "foreign company" (HQ in the Caribbean as a tax dodge), and they handle the lion's share of undersea fiber on the planet... tapping them is a gold mine. They're often the first place even the other carriers come onshore.

I don't even think anyone working their COs even notices anymore when odd cross connect orders come through. They just know it's to meet that "foreign carrier" trumped up thing and if they don't want a third bankruptcy, they do as they're told.

There haven't been a LOT of leaks of how the FISA Courts have been used to take away the carrier's liability, but that's what it was for in the end. Carrier's don't have time to fight all of this stuff. They just play along.

So the assumption two decades after the first blow up over fiber tapping, and known/forced compliance at places like GC, would be that everything is set up to be tapped at the carrier level, in the long haul networks and automated so anything that arrives from the FISA court is simply sent immediately. But I suspect that's just paperwork and the pipe is active at all times.

I also suspect that mostly what's collected is metadata, but collection of the actual voice traffic is computerized to get the FISA approved and easy to turn on at will.

Listen carefully to the news after even a local crime report to what metadata they say they already have less than 24 hours after the incident. They'll talk about knowing what neighborhoods the perpetrator's cell phone went to and what time and what numbers they called.

Digging that stuff out of Call Detail records and cellular base station logs used to take days if not weeks. Nowadays you'll have all those details in the next local newscast a few hours later.
 
timwinters said:
I'm confident that Apple is smirking at the news from a couple of days ago exposing the gov't's latest illegal wiretapping operation. This time the DEA in SoCal, IIRC

How many tIme's since 2001 have illegal wiretapping operations been exposed? And how many times have they been ordered to cease and desist? I've lost count.
Click to expand...

Well, there's no need for illegal wiretapping and surveillance anymore. Apparently the Fourth Amendment has been repealed.

https://www.washingtonpost.com/news...licing-that-has-nothing-to-do-with-terrorism/

Rich
 
Well, and some of the tech news sites indicate that the FBI may try to compel Apple to give them both the source code for iOS AND the signing key......
 
EppyGA said:
Getting quite interesting now.
Click to expand...
I wouldn't call disclosing source code and signing key to be "interesting". Scary is more like it.

Question is whether it's covered by the First Amendment or other the Fourth Amendment. Although courts have held that the Fifth Amendment may not apply, to the best of my knowledge a case has not gone to the USSC on this.
 
wsuffa said:
I wouldn't call disclosing source code and signing key to be "interesting". Scary is more like it.

Question is whether it's covered by the First Amendment or other the Fourth Amendment. Although courts have held that the Fifth Amendment may not apply, to the best of my knowledge a case has not gone to the USSC on this.
Click to expand...

I agree with scary Bill. Really meant it is getting interesting to watch this unfold. Cannot imagine them buckling under to that. It would akin to telling Coca-Cola to give you their recipe so you can tell them how you want it changed.
 
EppyGA said:
I agree with scary Bill. Really meant it is getting interesting to watch this unfold. Cannot imagine them buckling under to that. It would akin to telling Coca-Cola to give you their recipe so you can tell them how you want it changed.
Click to expand...

I think they'd probably up and move the company to The Netherlands before they did that.

Rich
 
wsuffa said:
I wouldn't call disclosing source code and signing key to be "interesting". Scary is more like it.

Question is whether it's covered by the First Amendment or other the Fourth Amendment. Although courts have held that the Fifth Amendment may not apply, to the best of my knowledge a case has not gone to the USSC on this.
Click to expand...

I'll cast a vote for 13th amendment. Involuntary servitude. You can't force people to invent or create against their will. First amendment applies too: the freedom FROM compulsory speech.
 
Latest is that a former Cyber Czar told the press flat out that NSA could crack the phone, and FBI doesn't want them to, they want precedent.
 
denverpilot said:
Latest is that a former Cyber Czar told the press flat out that NSA could crack the phone, and FBI doesn't want them to, they want precedent.
Click to expand...

which is the point all along. Couldn't get what you wanted from Congress? Then legislate through the courts.
 
Looks like the FBI was able to hack the phone without Apple's help.
 
It's not like people haven't been able to reverse engineer Apple's code. Isn't jailbreaking still possible with the current IOS?
 
What if Apple actually DID help* and doesn't want anyone to know about it? That avoids court decisions and whatever precedent might have been set.

* - Probably not.
 
Bloomberg said it was an Israeli company that helped out the FBI.
 
Matthew said:
What if Apple actually DID help* and doesn't want anyone to know about it? That avoids court decisions and whatever precedent might have been set.

* - Probably not.
Click to expand...

I agree: That's highly unlikely. I don't think the company would want the black eye.

Frankly, I wouldn't be surprised if the FBI didn't recover anything at all, and that the cooperating "third party" is complete fiction. The mere fact that Farook didn't destroy the phone suggests that there was nothing important on it anyway, and I suspect it just wasn't worth risking a court showdown that the FBI might lose.

Also, even if the feds won, tossing Tim Cook in jail for contempt because he refused to cooperate in deliberately making his company's devices insecure might have backfired against the government politically; so it wouldn't surprise me at all if the feds devised a story that would allow them to back down gracefully while still giving Apple a black eye in the process. It's not as if our government were a complete stranger to misinformation.

For my purposes, what's most important about this whole case is something that is only peripherally connected to the case, and that is the question of how much data Apple retains about its users. Any data on the company's servers could be obtained with a subpoena (or a warrant if Apple wanted to be obstinate); so the fact that the FBI wanted what was on the phone, rather than whatever Apple had saved on its servers, suggests that Apple doesn't save very much information without their users' consent.

The reason this is important to me is that I would like (and would be willing to pay for) a phone that does only what I want it to do, reports to no one, and doesn't mine or save any information at all about me, my contacts, or my use of the device on the company's servers other than when I ask it to do so (for example, by choosing to use a backup or sync service). I don't want my travels tracked, my Web use analyzed, my email read, my contact list stored, or any of my information or activities used for marketing purposes.

I used to trust RIM / BlackBerry to do this, and I still believe that they probably mine and sell less of my life than the rest of the players do (and most certainly less than Google does). The problems are, firstly, that BBRY seems to have abandoned BB10 in favor of the Chendroid. I mean, even the BB10 browser hasn't been updated in ages, and more and more sites either don't render correctly or crash the whole browser. Chen keeps paying lip service to the company's commitment to BB10, but how believable is that if they're not even willing to keep the browser usable?

Secondly, the "app gap" is getting ridiculous. More and more apps are being withdrawn, and I'm really getting tired of sideloading, patching, and repackaging .apk files so maybe they'll run on the ART. I'm not a big app user, but being able to deposit a check without driving 54 miles would be nice. I'd also like to at least try USAA's, my credit union's, and Fidelity's apps just to see if they offer me anything useful. But repackaging apps that access financial or other sensitive data gives me the jitters. I may be creating more problems than I'm avoiding.

BBRY's answer to the "app gap" was to push Amazon onto BB10, which does widen the selection a bit by allowing Amazon apps to run on the BB10 ART; but it also trades Google's snooping for Amazon's. Given only those choices, I prefer Amazon. Amazon sells stuff. Google sells me. But I'd rather have neither of them. And if I turn off or sign out of Amazon services, any app acquired through Amazon -- including free ones -- stops working.

Also, Amazon sold all of one phone model and it was a commercial flop. How long does anyone really expect Amazon or third party app publishers to keep on supporting it? Fire Phone has an even smaller market share than BBRY does.

So how does one gain the ability to use very ordinary, mundane apps without having to sell their soul to someone or other so it can be resold for profit? Certainly not by using any phone running Google Play Services, including the Chendroid. Windows is also out: Their privacy practices aren't much better than Google's (and besides, almost no one is developing for Windows Phone).

That leaves Apple; and irrespective of whether or not the FBI was able to hack Farook's phone, the fact that they wanted to hack Farook's phone suggests to me that Apple as a company probably didn't know anything interesting about Farook, else the feds would have simply subpoenaed it. Or maybe they did in fact subpoena it, but found nothing interesting there.

Either way, it suggests that Apple saves very little data about users, which is a big plus in my book. Other than as a matter of principle, I'm really not that concerned about the NSA or the FBI snooping on me. I have very strong philosophical objections to it, but in a practical sense, I really don't give a crap. I do, however, object to Google (or anyone else) mining my personal data so they can sell my life to the highest bidder.

The time will come when BBRY completely stops supporting their handsets, or the time may come when they go out of business completely, or the time may come when I just get so tired of not being able to find anything other than flashlight and fart apps on the BlackBerry App Store that I get in my car and set out to find another phone. It's really a matter of "when" more than "whether" that will happen.

When it does happen, however, the question of how little of my life the company who sold me the phone collects, stores, and sells will be a very big factor in my decision; and as of right now, it's looking to me like Apple is the winner.

Rich
 
Last edited:
RJM62 said:
[snip post about how Apple keeps less user data than Google]
Click to expand...

Apple does sell products other than us and so has less reason to keep data. But I think it's largely dependent on how you set your iPhone up. My phone no longer backs up to iCloud simply because I won't pay for more iCloud space. So Apple has less of my stuff. (I do back up via iTunes on my local laptop.) But if you're using iMessages (the default in any Apple to Apple text) those messages are all on Apple servers and can be obtained via warrant.

Android on the other hand makes it very painful to keep Google out of your data. My son found that weather and other apps just stop working when you turn off location services in Android. Not report only where you tell them you are, stop working.

So the answer is: it depends.

John
 
Isn't the real question now, that if someone actually hacked the phone does that mean the iPhone is not as robust as previously thought? Or as Rich suggests if the FBI is just pulling out leg and the phone was never hacked, could it be this the FBI's way of getting back at Apple by sewing doubts about their product?
 
EppyGA said:
Isn't the real question now, that if someone actually hacked the phone does that mean the iPhone is not as robust as previously thought? Or as Rich suggests if the FBI is just pulling out leg and the phone was never hacked, could it be this the FBI's way of getting back at Apple by sewing doubts about their product?
Click to expand...

I suppose that could be the question, and I suppose we'll never know the answer.

I don't think anything is "un-hackable." I'm not suggesting that it's impossible that the FBI managed to hack the phone. I just have my doubts. This is an election year. If the FBI had won the case and Cook still refused to comply, then what? A sizable percentage of voters would have frowned upon the current administration's having Tim Cook's ass tossed into jail because he refused to compromise his users' security. Making up a story would avoid that whole sticky mess while still giving Apple a black eye.

For my purposes, however, I'm more annoyed with private companies that want to sell me to the highest bidder (along with my contacts were I silly enough to use Google Mail) than I am concerned about what any government agency might find on my phone. I'd fight it tooth and nail just out of principle, but in the end, there's nothing scandalous there. As far as my phone knows, I live a very dull life.

Rich
 
jsstevens said:
Apple does sell products other than us and so has less reason to keep data. But I think it's largely dependent on how you set your iPhone up. My phone no longer backs up to iCloud simply because I won't pay for more iCloud space. So Apple has less of my stuff. (I do back up via iTunes on my local laptop.) But if you're using iMessages (the default in any Apple to Apple text) those messages are all on Apple servers and can be obtained via warrant.

Android on the other hand makes it very painful to keep Google out of your data. My son found that weather and other apps just stop working when you turn off location services in Android. Not report only where you tell them you are, stop working.

So the answer is: it depends.

John
Click to expand...

Would you concur with this page?

http://www.macworld.co.uk/feature/iphone/how-set-up-your-privacy-settings-in-ios-8-3575474/

Rich
 
RJM62 said:
Would you concur with this page?

http://www.macworld.co.uk/feature/iphone/how-set-up-your-privacy-settings-in-ios-8-3575474/

Rich
Click to expand...

I don't have any data to contradict the article other than I did hear a news report (um, maybe not a good source of technical data.) that iMessage texts can be obtained with a warrant. I agree with the privacy settings advocated.

I pay (pretty dearly in some cases) for Apple products so they don't have to sell user data. If their profits start to drop, all bets are off. They clearly have the technology to change user agreements (who actually reads all the way through those) and change the encryption approach to sell data. They just don't have the need right now. Profit pressure could change that.

John
 
jsstevens said:
I don't have any data to contradict the article other than I did hear a news report (um, maybe not a good source of technical data.) that iMessage texts can be obtained with a warrant. I agree with the privacy settings advocated.

I pay (pretty dearly in some cases) for Apple products so they don't have to sell user data. If their profits start to drop, all bets are off. They clearly have the technology to change user agreements (who actually reads all the way through those) and change the encryption approach to sell data. They just don't have the need right now. Profit pressure could change that.

John
Click to expand...

Thanks.

iMessage is another thing (along with iCloud) that I think I'd turn off if an iPhone were the only Apple device I used.

Rich
 
RJM62 said:
Thanks.

iMessage is another thing (along with iCloud) that I think I'd turn off if an iPhone were the only Apple device I used.

Rich
Click to expand...

And will the iPhone you have that choice. I do know that sending a group message to some using iMessage and some using SMS will not work well. The SMS get an MMS message which they may or may not be able to read.

Some of my kids have iDevices and some do not. :-(

John
 
EdFred said:
Looks like the FBI was able to hack the phone without Apple's help.
Click to expand...

Or so they say. Disinformation helps them scare bad guys.

Unless they detail how they did it (how everyone handles cracking who's on the "white hat" side of things, which says something interesting about our government and law enforcement... so the maker can fix the security hole if they choose to...), I'd toss a coin in the air as to whether or not the "we cracked it" is real or BS.

Do I believe there are ways to do it? Absolutely. But when the NSA guy showed up teasing FBI that they could do it, and FBI never asked for help, in the press, the already questionable validity of the entire sob story -- all of a sudden looked even more like everyone was coached on what to say.

To properly analyze it we'd have to know if they were all trying to scare someone into doing something in a panic so they could spring a trap.

I'm sure if nothing else NSA got some really interesting metadata out of the responses to the case.

For all we know they have Cook on something illegal and told him to play along. There is little that's sacred in the spy world, as far as ethics go.
 
I also have my doubts and suspect that there's a lot of misinformation being published.

Rich
 
denverpilot said:
Or so they say. Disinformation helps them scare bad guys.

Unless they detail how they did it (how everyone handles cracking who's on the "white hat" side of things, which says something interesting about our government and law enforcement... so the maker can fix the security hole if they choose to...), I'd toss a coin in the air as to whether or not the "we cracked it" is real or BS.

Do I believe there are ways to do it? Absolutely. But when the NSA guy showed up teasing FBI that they could do it, and FBI never asked for help, in the press, the already questionable validity of the entire sob story -- all of a sudden looked even more like everyone was coached on what to say.

To properly analyze it we'd have to know if they were all trying to scare someone into doing something in a panic so they could spring a trap.

I'm sure if nothing else NSA got some really interesting metadata out of the responses to the case.

For all we know they have Cook on something illegal and told him to play along. There is little that's sacred in the spy world, as far as ethics go.
Click to expand...

I actually think we'll see it soon as the FBI will most likely let state and local jurisdictions use the unlock method (just like they let them use the Stingray). I don't think it'll take long to either leak from there or some local prosecutor will attempt to use the data obtained from a phone in court.
 
wsuffa said:
I actually think we'll see it soon as the FBI will most likely let state and local jurisdictions use the unlock method (just like they let them use the Stingray). I don't think it'll take long to either leak from there or some local prosecutor will attempt to use the data obtained from a phone in court.
Click to expand...

That last part is how we'll know what they can really do...

Unless they get the whole mess transferred to a FISA court or seal the proceedings because "national security" and all that.

They still have lots of reindeer games they can play.
 
Last edited:
Ether way, not a game changer, seems like software exploits have short shelf lives.
 
James331 said:
Ether way, not a game changer, seems like software exploits have short shelf lives.
Click to expand...

I think it's naive to think they attacked the software. They attacked the authentication mechanism or the memory itself in hardware.

It's why the instant messaging encrypted apps give them so much trouble. Nothing is stored longer than it takes to deliver it, and it's encrypted in flight.

Attacking hardware with no set time limit, when you have physical access to the hardware, hasn't ever been nearly as hard as catching something not stored, "in flight" as they say.

The assumption by many right now is that there's a way if you have access to the hardware to pretend you're the authentication firmware at a chip and pin level, and allow multiple attempts at the short or long user auth password, which unlocks the encryption and effectively removes it at run-time for the user. Man-in-the-middle attack on the chipset itself, on the internal communications bus, something Apple has never claimed is secure in any way.

I still think the best part of this whole story is that the idiots both had the password at one time AND had the ability to "recover" the dead guy's password with Apple's online recovery tools because they controlled the deceased's email box, and they managed to screw it up so badly they locked the device. They also had access to a Wifi network that the phone "knew".

Or they didn't, and the whole thing was just a convenient lie to attempt to set a new backdoor precedent.

Nobody really knows.
 
denverpilot said:
....

Or they didn't, and the whole thing was just a convenient lie to attempt to set a new backdoor precedent.

Nobody really knows.
Click to expand...

I think based on the events leading up to today this is quite obvious.
 
You must log in or register to reply here.
Back
Top