Do you really need such strong security? Or after the FBI forced Apple to apply their best engineering minds to crack your phone, they'd just find a grocery shopping list and pictures of your cats?
Because this sounds a bit like Tesla's "operating room air quality" - something that might be useful 0.001% of the customers, and it's just marketing for the remaining 99.999%
How can you ask a question like this? Define "so strong" in this context? It's similar to asking "do you need so free speech". We're not talking about anything special here beyond a standard expectation of reasonable security. The fact that apple is trying to make it "so secure even they can't hack it" is just a means for them to protect themselves that happens to align with the interests of the user.
General, unbreakable crypto security applied to all contents is a feature that very few people ever needed or even tried to achieve.
Until a few years ago you were perfectly content with keeping an agenda in your pocket and pictures in your living room's drawer. A minimum of privacy is of course needed and welcome; however, unless you're planning a major terror attack, or strategic war plans, or you have incredibly valuable industrial secrets (all cases in which you'll probably be using specialized SW to keep your information) you don't really need incredibly advanced security simply because nobody is going to spend vast amounts of time and resources to uncover your little secrets. The GP is talking about switching phone (spending money) to obtain a level of security that he won't need in a million years.
Your agenda in your pocket wasn't subject to unconditional dragnet surveillance. Copies of it weren't going to find their way on to security contractors' systems. Such copies wouldn't have then been stolen and distributed by whoever, and made available for search as you type. The intimacies of daily life are very precious.
For me it's not really about my personal security because, you're right, there's nothing interesting on my phone. My issue is with one entity having access to ALL of our phones. Have you read 1984? Because that's what that sounds like. It's too much power for the government to have.
I think I missed the part where anybody asked Apple to build a backdoor into every phone that could be accessed without appropriate control from the authorities and without passing through Apple each time.
Of course I'm not saying that your data should be uploaded daily to a government's server for anybody with a badge and free time to spare to look through.
Yes, you did miss it. The FBI/etc are very clearly and deliberately looking to set a precedent for use in any and all future instances. Just because you don't seem to value personal privacy and security doesn't mean the rest of us are willing to throw it away for no good reason.
The FBI here only represents the 'legal' government and not the world of secret courts and the NSA.
The NSA did infact try to build backdoors into important hardware and software standards. They did push companies into using worse crypto. The do massiv port scanning and build themself botnets from where thet attack other nation states. And thats just a tiny fraction of what they do.
So yes, I absolutly do need computer hardware and software that even the manufacturer cant break. Low level security for boot and authentification is only the first in many, many steps that we have to take all the way up to imroving usability in end user applications to make it hard to do the wrong thing.
The FBI are not the o ly player, all governments want such control, all governments have things like the NSA. Even private actors are getting better and better.
We do need better security to protect the integrety of all our data, this includes all our communication and even, if possible metadata that we produce.
Of course. And 11000 meters waterproof is the only waterproof acceptable for a watch. And operating room clean air is the only clean air. And obsidian blades are the only ones that deserve to be used in your kitchen. And triple malt, 60 years aged whiskey is the only whiskey. Etc.
The reason not everyone has the best watches, air conditioning, knives, or whiskey is that, for physical products, quality tends to cost more.
There is no reasonable argument to be made that people shouldn't have higher quality products when they _don't_ cost more^.
Apple only have to develop "unbreakable" encryption once and then it costs them no more to make it available in every iPhone than to only make it available in some of them. Indeed, it'd be cheaper than maintaining both breakable and "unbreakable" variants.
There are arguments to be made about the secure enclave hardware, since it presumably costs more to make it more tamperproof.
However, securing iPhones against this particular "attack" appears to be a software issue: iOS should never apply updates without an authenticated user approving them first.
^ For the avoidance of doubt, this includes externalized costs.
I'm sorry, I might be wrong here, but I thought that any cryptographic system is breakable, given enough time and resources. If this is true, then, according to your statement, you're never protected. Therefore you can just transmit and store plain data without any cryptography, isn't it the same?
Any watch can be breached by water, given enough time and pressure. Most watches would not survive very long at the bottom of the Marianas Trench. Similarly, most watches would not survive a few centuries in a shallow pool, even if rated for much deeper immersion.
Although no watch can be absolutely waterproof, not even at a given depth, there are levels of risk one can accept. A watch you can use at 100m for several hours a day is effectively waterproof if that's the harshest treatment the watch will receive.
Similarly, although no cryptographic system is absolutely unbreakable^, there are levels of risk one can accept. And, unlike with watches, we can design cryptographic systems which, except in the face of unforeseen mathematical breakthroughs, or bugs (or backdoors) in their implementation, cannot be broken in the next few hundred years even by a nation state-level attacker.
I think is it reasonable to describe a cryptographic system that can't be broken within the lifetime of anyone alive today as "unbreakable".
^ Except maybe one-time-pads, depending upon how "unbreakable" is defined.
Your comment (and its sibling) substantially agree with what I wrote - there isn't absolutely unbreakable cryptography, only reasonably secure. Therefore the parent doesn't make sense.
Now, is a cryptography that can't be broken by anyone except maybe (that hasn't even happened yet) through a specific court order signed by a judge, reasonably secure? I think it qualifies as such. If you need even more security, I'm sure you can use specialized software to achieve it - I'm not saying you shouldn't be allowed to.
Strictly, it is not the cryptography being broken in this case. The FBI want to guess a (possibly) six-digit pin. The iPhone might have been configured to erase its data on 10 failed PIN attempts, so the current odds are not good. To this end, the FBI want Apple to produce a version of iOS that bypasses this restriction, and install it on the phone.
Assuming I agree that a security system that can be turned off remotely by its vendor is reasonably secure, it is only a specific court order now. If Apple are successfully compelled to produce a version of iOS that bypasses PIN security, it will be much easier for the FBI to request that it be deployed on phones in the future - after all, that version of iOS will already exist then.
If Apple do make it, I am certain there will quickly be a slew of court orders regarding other iDevices that the authorities have in their possession, all of which are likely to be harder to defeat than the court order they would just have failed to defeat.
However, I don't agree that a security system that can be turned off remotely by its vendor is reasonably secure, anyway. There is nothing technically requiring Apple to wait for a court order: the phone will accept their new software whether or not it comes with a court order. Apple could decide to make PIN cracking available to anyone who can prove they own a given iPhone. Given their attitude, they probably won't, but the actual security mechanism is reliant on their goodwill for it to remain unbroken. I don't consider that reasonable.
There's an idea used in crypto commonly called "reasonable security". Anything is possible given an computationally unbounded adversary, but the point of strong crypto is to make it such that cracking the crypto takes an "unfeasible amount" of time. Crypto isn't some spectrum like waterproofing is, it's binary: either broken or it's "will be broken".
I am not sure why this comment (and all Udik's comments) is being downvoted into oblivion. This is the view of the US government and quite likely a vast majority of citizens here (and, I would guess, in many countries).
This morning I was having a conversation with my fiancee, who said "if the US government gets a warrant they can open your mail, they can tap your phone calls, they can come into your house and search -- why should your phone be some sort of zone they cannot search even with a warrant?"
I happen not to agree but this is not some wacko view.
It might not be the most constructive way of doing things, but people tend to downvote comments they disagree with.
As to why they disagree: HN's audience is not representative of the general citizenry. We're better informed about technical security matters (or we like to think we are, at least). I suspect that correlates with being less willing to trust security to the goodwill of third parties.
Maybe you don't need it, but you'll have fun every day with it. While you'll never be able to enjoy the difference between "almost unbreakable" and "unbreakable".
and whats the cost differential to me as an end user?
And whats the difference to me between 452 ppi or 532 ppi? I'll never be able to enjoy the difference between the two, yet i would still go for the higher ppi all else being equal.
It's never the case of "all other things being equal". The GP was saying that he switched from Apple to Android - presumably because there was a relevant difference between the two - but he's considering switching back to have a feature that he'll never use.
Of course there is always an appeal in the numbers. I'd go for a 40MP camera instead of a 20MP one - who cares if the quality of the lens is such that there is no difference beyond 10MP. It's marketing. It's curious how people so wary of being observed or exploited make themselves so prone to basic manipulation by entities who want to get their money.
ah, i'm thinking more of something like WEP vs WPA2 - like, why the heck would i want to downgrade my crypto?
I agree there may be other reasons the user switched, but maybe they switched to android because they believed it to be more secure? Or maybe the user wants to vote with their wallet for the company they see as most in support of security/privacy.
I do agree though, switching for a feature you are unlikely to use is silly, but i think there are definitely reasons enough to make a switch like that from a 'voting with your wallet' type standpoint
Do you drive around in a 1 litre CC car? Or do you buy a car with a bigger engine?
In both cases, when was the last time you drove it at its maximum speed all the time? Or ensured that you were using maximum torque at all times and always sitting in the maximum power band for the engine?
If you find that you haven't done these things, you probably should ask yourself why you have a car, right? After all, you're never going to drive the full speed of the car, so why have the car in the first place?
