undefined | Better HN

0 pointsUdik10y ago0 comments

General, unbreakable crypto security applied to all contents is a feature that very few people ever needed or even tried to achieve.

Until a few years ago you were perfectly content with keeping an agenda in your pocket and pictures in your living room's drawer. A minimum of privacy is of course needed and welcome; however, unless you're planning a major terror attack, or strategic war plans, or you have incredibly valuable industrial secrets (all cases in which you'll probably be using specialized SW to keep your information) you don't really need incredibly advanced security simply because nobody is going to spend vast amounts of time and resources to uncover your little secrets. The GP is talking about switching phone (spending money) to obtain a level of security that he won't need in a million years.

0 comments

songshu10y ago

Your agenda in your pocket wasn't subject to unconditional dragnet surveillance. Copies of it weren't going to find their way on to security contractors' systems. Such copies wouldn't have then been stolen and distributed by whoever, and made available for search as you type. The intimacies of daily life are very precious.

vlunkr10y ago

For me it's not really about my personal security because, you're right, there's nothing interesting on my phone. My issue is with one entity having access to ALL of our phones. Have you read 1984? Because that's what that sounds like. It's too much power for the government to have.

UdikOP10y ago

I think I missed the part where anybody asked Apple to build a backdoor into every phone that could be accessed without appropriate control from the authorities and without passing through Apple each time. Of course I'm not saying that your data should be uploaded daily to a government's server for anybody with a badge and free time to spare to look through.

15charlimit10y ago

Yes, you did miss it. The FBI/etc are very clearly and deliberately looking to set a precedent for use in any and all future instances. Just because you don't seem to value personal privacy and security doesn't mean the rest of us are willing to throw it away for no good reason.

http://www.nasdaq.com/article/apple-standoff-escalates-local...

http://www.leadertelegram.com/News/Front-Page/2016/02/20/Off...

http://www.argusleader.com/story/news/2016/02/18/sf-police-c...

nickik10y ago

The FBI here only represents the 'legal' government and not the world of secret courts and the NSA.

The NSA did infact try to build backdoors into important hardware and software standards. They did push companies into using worse crypto. The do massiv port scanning and build themself botnets from where thet attack other nation states. And thats just a tiny fraction of what they do.

So yes, I absolutly do need computer hardware and software that even the manufacturer cant break. Low level security for boot and authentification is only the first in many, many steps that we have to take all the way up to imroving usability in end user applications to make it hard to do the wrong thing.

The FBI are not the o ly player, all governments want such control, all governments have things like the NSA. Even private actors are getting better and better.

We do need better security to protect the integrety of all our data, this includes all our communication and even, if possible metadata that we produce.

mkhalil10y ago

Sorry but "unbreakable crypto" is the only right crypto.

UdikOP10y ago

Of course. And 11000 meters waterproof is the only waterproof acceptable for a watch. And operating room clean air is the only clean air. And obsidian blades are the only ones that deserve to be used in your kitchen. And triple malt, 60 years aged whiskey is the only whiskey. Etc.

parenthephobia10y ago

The reason not everyone has the best watches, air conditioning, knives, or whiskey is that, for physical products, quality tends to cost more.

There is no reasonable argument to be made that people shouldn't have higher quality products when they _don't_ cost more^.

Apple only have to develop "unbreakable" encryption once and then it costs them no more to make it available in every iPhone than to only make it available in some of them. Indeed, it'd be cheaper than maintaining both breakable and "unbreakable" variants.

There are arguments to be made about the secure enclave hardware, since it presumably costs more to make it more tamperproof.

However, securing iPhones against this particular "attack" appears to be a software issue: iOS should never apply updates without an authenticated user approving them first.

^ For the avoidance of doubt, this includes externalized costs.

mkhalil10y ago

That argument doesn't hold water.

If you're using a breakable crypto , you're not protected at any given time.

If you're using a watch that's waterproof up to 100m, you're safe up to 100 meters.

paublyrne10y ago

If you're using a watch that's waterproof up to 100m, you're safe up to 100 meters.

To be pedantic, that's not exactly what is meant by 100m Water Resistant, but your point is valid.

https://en.wikipedia.org/wiki/Water_Resistant_mark

UdikOP10y ago

I'm sorry, I might be wrong here, but I thought that any cryptographic system is breakable, given enough time and resources. If this is true, then, according to your statement, you're never protected. Therefore you can just transmit and store plain data without any cryptography, isn't it the same?

2 more replies

Dylan1680710y ago

>11000 meters waterproof is the only waterproof acceptable for a watch

It depends, how many meters does it have to claim before I can make sudden movements and god forbid press the buttons underwater?

hnbroseph10y ago

> Until a few years ago you were perfectly content with keeping an agenda in your pocket and pictures in your living room's drawer.

only because they weren't (thought to be) subject to casual perusal by unknown entities. this is a silly thing to even mention.

> unless you're planning a major terror attack

ah, the "if you don't have anything to hide" rhetoric. do you really buy that?

> a level of security that he won't need

unless there is some nontrivial cost or burden associated, it's a red herring to belabor whether it's "too strong" or "more than needed".

asr10y ago

I am not sure why this comment (and all Udik's comments) is being downvoted into oblivion. This is the view of the US government and quite likely a vast majority of citizens here (and, I would guess, in many countries).

This morning I was having a conversation with my fiancee, who said "if the US government gets a warrant they can open your mail, they can tap your phone calls, they can come into your house and search -- why should your phone be some sort of zone they cannot search even with a warrant?"

I happen not to agree but this is not some wacko view.

parenthephobia10y ago

It might not be the most constructive way of doing things, but people tend to downvote comments they disagree with.

As to why they disagree: HN's audience is not representative of the general citizenry. We're better informed about technical security matters (or we like to think we are, at least). I suspect that correlates with being less willing to trust security to the goodwill of third parties.

new_hackers10y ago

you forgot about freedom of the press. Typical FUD:

"If you aren't doing anything wrong, what do you have to fear."

"If you do want something private then you must be doing something wrong, ARE YOU A TERRORIST!?!?!?!"

j / k navigate · click thread line to collapse

0 comments

songshu10y ago

vlunkr10y ago

UdikOP10y ago

15charlimit10y ago

http://www.nasdaq.com/article/apple-standoff-escalates-local...

http://www.leadertelegram.com/News/Front-Page/2016/02/20/Off...

http://www.argusleader.com/story/news/2016/02/18/sf-police-c...

nickik10y ago

The FBI here only represents the 'legal' government and not the world of secret courts and the NSA.

The FBI are not the o ly player, all governments want such control, all governments have things like the NSA. Even private actors are getting better and better.

We do need better security to protect the integrety of all our data, this includes all our communication and even, if possible metadata that we produce.

mkhalil10y ago

Sorry but "unbreakable crypto" is the only right crypto.

UdikOP10y ago

parenthephobia10y ago

The reason not everyone has the best watches, air conditioning, knives, or whiskey is that, for physical products, quality tends to cost more.

There is no reasonable argument to be made that people shouldn't have higher quality products when they _don't_ cost more^.

There are arguments to be made about the secure enclave hardware, since it presumably costs more to make it more tamperproof.

However, securing iPhones against this particular "attack" appears to be a software issue: iOS should never apply updates without an authenticated user approving them first.

^ For the avoidance of doubt, this includes externalized costs.

mkhalil10y ago

That argument doesn't hold water.

If you're using a breakable crypto , you're not protected at any given time.

If you're using a watch that's waterproof up to 100m, you're safe up to 100 meters.

paublyrne10y ago

If you're using a watch that's waterproof up to 100m, you're safe up to 100 meters.

To be pedantic, that's not exactly what is meant by 100m Water Resistant, but your point is valid.

https://en.wikipedia.org/wiki/Water_Resistant_mark

UdikOP10y ago

2 more replies

Dylan1680710y ago

>11000 meters waterproof is the only waterproof acceptable for a watch

It depends, how many meters does it have to claim before I can make sudden movements and god forbid press the buttons underwater?

hnbroseph10y ago

> Until a few years ago you were perfectly content with keeping an agenda in your pocket and pictures in your living room's drawer.

only because they weren't (thought to be) subject to casual perusal by unknown entities. this is a silly thing to even mention.

> unless you're planning a major terror attack

ah, the "if you don't have anything to hide" rhetoric. do you really buy that?

> a level of security that he won't need

unless there is some nontrivial cost or burden associated, it's a red herring to belabor whether it's "too strong" or "more than needed".

asr10y ago

I happen not to agree but this is not some wacko view.

parenthephobia10y ago

It might not be the most constructive way of doing things, but people tend to downvote comments they disagree with.

new_hackers10y ago

you forgot about freedom of the press. Typical FUD:

"If you aren't doing anything wrong, what do you have to fear."

"If you do want something private then you must be doing something wrong, ARE YOU A TERRORIST!?!?!?!"

j / k navigate · click thread line to collapse