Think journalists, politicians, public figures
What "risk" is there? I'm not aware of illegal spying by intelligence or law enforcement agencies having ever had any adverse consequences for them, in any country, at any point in history.
I mean for the intelligence agencies – not for Edward Snowden. I'm of course aware his life has been destroyed. But what consequences were there for the people and institutions responsible?
I'd mention there are two big but abstract consequences.
1) The leaks significantly harmed international relationships and the result of this game much more ammunition to political adversaries like China and Russia. People argue that this is a consequence of Snowden's leak but that's like arguing that a mass shooting was only problematic because the news informed everyone. In a way yes, but it's not like those people would be alive if the news didn't report... It's not the real problem even if you wanted to argue over-sensationalism.
2) It seriously galvanized the battle for encryption and laid the pathway for the subsequent rapid rise in usage of tools like Signal and more funding and energy for building tools like Matrix and many others. Google's Project Zero certainly was influenced by this event.
While I get that these are more abstract, they are certainly consequences and certainly nothing to be scoffed at. This is another problem with the perception of consequences, is that often they are more subtle or abstract. But subtle or abstract doesn't mean any less impactful, just more difficult to trace. More opaque. We don't have a counterfactual to prove that these things wouldn't have happened without the leaks, but I'm certain the timing and degree would have been different. Do you think the world would be different had he not released them? I don't think this is an easy question to answer because it requires being exceptionally detailed and paying very close attention to a lot of events.
In most of the world everyone knows that journalists and lawyers are being monitored.
So as with a lot of matters in intelligence work it's subject to cost benefit calcs. If using it against a given target means they are incredibly unlikely to notice and it can then be used again and again, it doesn't take much target value for a government to deploy it which pushes towards more mass use. On the opposite end if using it means it will immediately become useless ever again, then the expected target value has to at least exceed the market cost (which itself will rise more quickly if 0-days are being consumed more quickly vs production), every time. In between is a spectrum of less or more use. Apple wants it as far towards "use it and lose it" as possible, but Trevor Perrin's argument makes sense here: even a relatively small increase in percentage of "use it and lose it" amongst the population could significantly change the mean weighted cost for threat actors.
If they could know for sure whether a given counter measure was deployed that'd reduce the cost again, but if they can't there is indeed a population benefit. It's like a mine field, there don't have to be that many mines scattered around to really hurt people's willingness to cross it!
Not even close. The vast majority of journalists, lawyers, activists, even public figures, don't have the knowledge to secure their digital lives, don't have access to an expert to do it for them, and in many cases aren't even fully aware of the nature of the threat (beyond some vague idea along the lines of "I'm probably being monitored").
On top of that, it has been my experience that people who don't understand threat mechanics on a deeper level (such as active MITM attacks) quickly stop following whatever best practices they have been trained to adhere to (in this case, peer key verification), because those practices have no observable effect to them and without actually understanding what's going on, it's hard for them to see what the point is.
Citation needed. Because everything I have ever seen is that iOS users almost all leave on autoupdate and the move to the latest version is the overwhelming majority, very rapidly. Seriously, look at adoption each time over the last 5 years on a site like statista [0] or wherever, or various ones aimed at developers. If you want to claim that people at higher risk aren't part of the 60-85% I'd honestly be curious to see your numbers. Note I said "decent" not "best" practices. Whatever its flaws, mixed incentives, and issues (which are real), Apple has expended significant effort in making the normal default paths provide an ok baseline security for regular people and discouraging leaving them. Which isn't even something a lot of HNers like! If anything, I'd be unsurprised if HN types to lag in some respects because we want more control and to do things outside the well trod path. I've jailbroken a lot, is that something most people do? No.
In this specific case, the minimum needed to avoid a zero-day exploit is (by definition) merely to always have the OS updated and all security patches applied while staying firmly within the walled garden. Which it's objectively clear the super majority of regular people do. If you just go with the default and let Apple update your device whenever Apple wants, then it's a truism that anything you get hit by is something Apple hasn't yet patched. And in turn anything that raises the population probability that the 0-day actually gets noticed and potentially reported raises the risk of using the 0-day. The whole point of this feature is that it'd let a normal person who doesn't necessarily understand threat mechanics go "huh, that's funny" and then maybe say so on their social media/blog/wherever, at which point if even one person who follows them (and we're talking journalists or other types with enough influence to get targeted by major threat actors right?) recognizes what's going on and says "quick call Apple/security researcher/tell HN" now it's out there.
>because those practices have no observable effect to them
Literally the entire point of this new feature is to create an observable effect of tampering. Kind of a weird statement in context.
----
0: https://www.statista.com/statistics/565270/apple-devices-ios...
All these three letter agencies operate in the darkness and away from the public eye. That's where they belong, because what they do to their own citizens is supposed to be unconstitutional. If they've really gotten so brazen as to operate openly instead of clandestinely and are still enjoying complete impunity then there really is no hope left.
