They've got it all wrong. Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
This is backed by hard data on malicious attacks from the Dept. of Homeland Security and the FBI. 79% occurred on Android, and just 0.7% on iPhone.
I'm also 100% positive this will have no effect on the reasoning of the FSF.
> Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
You have got to be kidding.
For an ecosystem where its been the 'norm' to slurp users entire address books[1], NOTHING about Apple's 'curated, controlled' approach protects users.
Yes, and what else we don't know about, thanks to their closed software?
Yes, Apple just told us your fingerprint will be stored locally. So? Does that mean Apple si telling the truth, or couldn't leave a backdoor for NSA to get the data? No it doesn't, and we wouldn't know if they did do that. That's the problem with closed software.
I'm not going to say that your fingerprints won't fall into the wrong hands, but it's incredibly simple to monitor network traffic from the device, and it's a guarantee someone will do this just to see.
It's also a guarantee that Apple knows this, so why bother lying?
For all practical concerns, downloading FOSS in binary form is not that worst compared to source code, unless you are willing to audit thousands of lines of code before compiling (and is competent enough). The exploit can even be hidden into the compiler itself, not in the source.
I don't have a solution for this problem, I'm just commenting the fact that it is more complex than "compile from source" and that you have to draw a line somewhere unless you assemble your hardware from raw materials and write your own software.
This is really stretching the point, because it's implying that not only is a single breach proof of complete insecurity, but also that even a temporary breach is proof of complete insecurity.
If one is going to reason in black and white, then the only answer is that everything, absolutely everything, is susceptible to being compromised. In such a black and white world, there's no security benefit for open source software, because it is also possible that you could be tricked into running something that compromises your security, as it is also possible to have a design flaw in the architecture of open source code, as it is with closed source code.
It is only when one allows the concept of risk that a coherent security picture can emerge. Leave absolutes to mathematical proofs, and trust and risk assessments to the real world, at least until we can prove code correctness for an entire computer system.
> This is really stretching the point, because it's implying that not only is a single breach proof of complete insecurity, but also that even a temporary breach is proof of complete insecurity.
Not stretching the point at all, because this isn't the only case of a security or trust breach, and once that is broken, you have no reason to trust them again.
OP's post made the ridiculous claim that somehow Apple's 'controlled' approach protects users. I provided evidence which proved that false.
Totally stretching the point. Apple had to make stands as to where to trust developers and where not to trust them. Certain developers broke that trust with Apple, and Apple had to regain the trust with users.
Blame Path &c., not Apple, for abusing a feature that was originally provided for the convenience of developers and users together.
> Not stretching the point at all, because this isn't the only case of a security or trust breach, and once that is broken, you have no reason to trust them again.
This is foolish. Every non-trivial piece of software will eventually succumb to a security flaw. This does not mean the software is untrustworthy in toto.
Everywhere people talk is a battleground, called "civil, reasoned debate." One of the rules of that battleground is that when someone pokes a hole in the evidence you've used to draw your audience toward a conclusion, you can't put new evidence in its place to support the same argument; you have to make an entirely new argument, because the new evidence might lead you somewhere entirely else when looked at on its own.
The goal post here isn't about the address book API issue.
It's about the fact that having a curated experience doesn't automatically imply better privacy.
And when did Android fix it?
Oh wait, they didn't did they?
Open source software freedom means the freedom to write software that slurps up whole address books.
And it's the user's responsibility to read the source code to ensure it's not doing that. Because obviously most people are capable to do that and also have the time to do that for every piece of software they install, right?
At the end of the day, I'd rather Apple and the NSA have my data than some random hacker in russia.
Sorry, but since 2.3 i can install cyanogen mod, which allows me to deny any permission an App asks for.
I'm running swype (a keyboard) without access to the network (it crashes if it tries to update) and it works just fine for its intended purpose.
And 2.3 is OLD!
oh, and no, google android and operator/major brand abused android sucks and should be left out of this discussion. Buying locked phones (and by locked i mean the boot loader being blocked) is the same as buying an iphone. sadly.
You don't understand what free software means. It means freedom respecting software; something that you control. Apple could still have audited free software into its appstore as it does for nonfree software currently.
I know what "Free Software" means. Your definition has no connection to what you assert here: "Apple could still have audited free software into its appstore as it does for nonfree software currently."
So, unless you're suggesting that apps be distributed as source code, and compiled locally on your phone, there's no way to determine if the binary the App store distributes is an accurate uncompromised representation of the original source. Furthermore, expecting normal users to examine source code for security holes is an unreasonable burden. The security of iPhone apps is based on how much we trust Apple to maintain that security, and to review the apps. Not in our personal freedom to examine the source code, which we can do already, for many apps.
You confuse developer control/freedom with user control/freedom. They are very different things. A user doesn't have programming skills, and their personal interests are in freedom from malware- freedom from developers that have the ability to do whatever they feel like with the user's data. They have no interest in being able to compile their own apps and run them on their own hardware.
On the other hand, developers are interested in having the freedom of not being in a sandbox. not having to go through an app review/approval process. The freedom from security restrictions. The freedom to slurp address books. The freedom to override any hardware button, use any API, without limit.
Do you not see how developer freedom and user freedom are in conflict?
> So, unless you're suggesting that apps be distributed as source code, and compiled locally on your phone, there's no way to determine if the binary the App store distributes is an accurate uncompromised representation of the original source.
That's simply not true. If Apple opened its distribution process, and everything was cross compiled (which is already the case) none of what I quoted above would be true. This is nothing for or against free software, it is about correctness.
I'm just not sure how that would work, without Apple, or the Developer having the opportunity to introduce malicious code. Signature or not, known process or not, there's no way I can think of to compare a clean compile of source, to the binary that you get on the app store since Apple retains a private key that is used to molest the binary in some way.
You would have to mean something else by "open its distribution process"
Or just blindly trust that Apple knows what they're doing and that it has its customer's interests bound to its own commercial interests.
This is why I mentioned the public keys. You can do the parts of the process short of the signing, then go the other way from the published binary with the public keys.
Sheesh, does everyone on HN need everything spelled out for them?
How does it still stand? Maybe the curated system doesn't protect users, but the only example you provided of it failing to do so has apparently been fixed.
>For an ecosystem where its been the 'norm' to slurp users entire address books[1], NOTHING about Apple's 'curated, controlled' approach protects users.
Well, for one, that doesn't happen anymore without specific user approval.
Second, even with that hole, still SOMETHING protects the users more, hence the huge disparity in attacks and malware between the two platforms.
For example, what you described is your adress book data taken by the company whose app you use without your consent. That's bad, but not as bad as your whole data (and device) being taken by malicious software you never even intended on using.
Actually, 26% of Android apps have permission to slurp your contacts, including many that have no business doing so. Apple's current approach is much better at protecting your address book, because it makes apps ask permission at the moment they want access, not upfront when installing (which most users grant blindly).
This of course has little to do with curation -- except that curation helps too, in that malicious apps can be blocked. Apple's curated approach is why it literally has 1/100th the malicious attacks of Android. It chokes malware at the distribution point.
This is silly. The free-software folks doesn't want phones to be like Android; they want them to be like Debian (or gNewSense or whatever).
That is, where users have a choice of a curated package repository maintained by middlemen who have the users' interests at heart. And where packages and the changes to those packages have an audit trail.
The Google Play store is a disaster from the GNU perspective -- zillions of nearly-identical closed-source programs, most of them pretty lousy, no curation by a trusted third party, no access to source anyway (so not so easy to curate even if you wanted to), no ability to fetch an old version or see what has changed, no way to "take over" an abandoned package and bring it up to date or improve it, no way for a distributor to make programs play nicely together, and no way for a distributor to modify programs to make them less privacy-invasive or battery-intensive or whatever users might want.
They don't even want Debian, since it has optional binary blobs and hosted repositories of commercial software.
FSF isn't complciated - don't give your users anything without including the source. And don't restrict the users ability to modify and run said software however they want.
The FSF refuses to "approve" something just because they point out nonfree software that you can use.
Fedora fails for this reason - it's 100% free software with some firmware blobs kept aside that are, yknow, necessary to make some hardware work.
It's dogmatic to the point of absurdity. A piece of software is free software because of what it is, not because of what its makers suggest/allow you install on it.
> A piece of software is free software because of what it is, not because of what its makers suggest/allow you install on it.
And so, if its a binary with a license that prohibits redistribution, modification, ships without source, or is just a series of hex values in a struct, I don't see how its free software?
Fedora, by providing blobs, promotes the usage of non-free software. If you want those blobs you should have to seek them out yourself, your provider should not saddle you with potential ignorance to you running software no one can audit. If your computer can't run without binary blobs, yet you are a free software proponent, you should not want to use that computer because the manufacturer is taking away your freedom to use the device you purchased how you want.
Though that gets into the mess that is open EE technical documents on firmware, chipsets, mainboards, circuit layouts, etc - pretty much none of which exist, because so few companies offer them, it is nigh impossible to get an open platform.
Which sucks, and is something I'd throw money at to see fixed.
>If you want those blobs you should have to seek them out yourself
Untenable position. A user should not be forced to jump through hoops to make their hardware work just for what is essentially an ideological reason (and indeed, an average user would rightly reject such software.)
>If your computer can't run without binary blobs, yet you are a free software proponent
If the goal of the FSF is to make people care about the free-ness of their operating system, they could certainly go about it a better way.
The problem with the whole "approval" thing is that the very name of the organization combined with that action is misleading. Example, if I ran a group called the Cool Software Foundation and maintain a list of cool software, and I made it a point to single out your $application as not being approved, that carries the connotation that your app is not cool.
s/cool/free or any other objective adjective.
In other words, the distro itself very much is free software, and the FSF by their dogmatism is being misleading. I'm with BSD on this one.
This says nothing of NSA sleeper agents sneaking backdoors into Apple products, which seems pretty likely given the recent disclosures.
The more centralized you build a system, the easier it is to completely own.
Also, there's a massive confound in that Android phones come a lot cheaper than iPhones, making them far more accessible for the typical targets of active government surveillance.
Given that the USCIS (and so, presumably, the NSA) already has the fingerprints of every visitor to the USA, and (as I understand it) any US citizen with a drivers license, I'm not sure I understand what harvesting fingerprint signatures from the iPhone would achieve.
It goes the other way around. Because the government has almost everyone's fingerprint on file already, it is important to them that fingerprint scanners become a widespread method of authentication.
Making sure the new locks fit all these old keys we have lying around, basically. Standard government cost saving measure.
Not true about drivers licenses in most ( I really want to say all) state. Even covertly, I doubt they could collect them. You don't, at least in any state I've dealt with, give them documents they could keep and pull fingerprints off.
In the US, the only one gets fingerprinted are by being arrested or for certain back ground checks( e.g ones for teachers, some bank employees, and security clearances).
You could be an NSA sleeper agent, using HN to launch false-flag propaganda operations. Go ahead and prove otherwise, if you can. Until then I'm going to treat everything you say and do as an attempt to spy on me.
You could be an NSA sleeper-sleeper agent, using HN to launch false-false-flag propaganda operations. Go ahead and prove otherwise, if you can. Until then I'm going to treat everything you say and do as an attempt to spy on me.
I suppose so, but the NSA budget would have to be awfully big to fund me. It's high-cost, and low-gain.
In contrast, owning Apple would be a massive win.
But you're free to treat everything I say and do as an attempt to spy on me. How will that change your behavior? Or are you being deliberately obtuse for the sake of disrupting discussion?
I think there is a point at which mindlessly yelling "WHAT ABOUT THE NSA" at, well, basically everything stops being useful, because it offers no insight whatsoever, and provokes no thoughts that hadn't already been provoked. In fact, past a certain point it becomes counterproductive, as it enters "Old Man Yells At Cloud" territory and opens up the commenter, and by connection the content of the comment, as a subject of ridicule.
Also, you've still not proven to me that you don't work for the NSA.
Well, the insight I was going for here is that a walled garden is only as safe as the gardener, and whatever trust we as humans could have in that gardener should be totally shattered in the post-NSA leak world.
If you think that isn't a legitimate insight, or if you're so blazing-fast that you'd already made that inference, I suppose you're entitled to think that, but it's very difficult for most humans to re-compute all of their cached thoughts in the light of new information, and the NSA leaks aren't any different.
Throwing the NSA thing at Apple is ridiculous frankly. It seems that the vast majority of tech companies were involved, including the likes of Google and all seemed to be far more embroiled is the sordid affair than Apple. So why are they more likely to be sharing stuff that anyone else? It's all very disingenuous from where I'm standing.
> Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
>Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
I'm a strong proponent of free software, but I do see your point, that there's safety for non-technical people in a walled garden, as long as you trust the gardener.
I'm wondering if the concept of free-software and a walled garden are really that incompatible.
Let's say the garden has a gate, that a user has to go through a clear process in order to allow to install non-recommended software.
This would give a similar level of protection for non-technical people, but will still be free-software, and allow technical users to install whatever they want.
One effect would be that, if the gardeners decide not to recommend some popular software, then many users would be inclined to disable the safety features, thus reducing overall safety, so there will be a penalty if the gardeners are too strict.
>I'm wondering if the concept of free-software and a walled garden are really that incompatible.
They are defiantly compatible. Consider the way Debian (and many others) approach the problem. Almost all software is installed through the package manager, which gets the software from a set of repositories. These repositories can be as much of a walled garden as the repository owners want them to be.
The main difference is that, it is possible to add third party repositories, and/or remove first party repositories (or sidestep the package manager entirely).
I disagree. FSF's usual complaints are not about who protects whom, but rather about knowing what your device is doing, which is impossible in the case of Apple.
I actually think you have it all wrong. For while malicious applications can do all sorts of nefarious things they are still individual actors. I think at this point while we all detest the extremes of marketing the more pressing concern has to do with state sanctioned surveillance which would be much more feasible with such a centralized service as provided by Apple.
I truly find your comment disingenuous and suspect as you only mention apparent malware and virii while the tone I infered from the article seemed a little more nuanced.
You are so far from the point, the light from the point will take billions of years to reach you. It's the platform and the platform vendor that can't be trusted to keep you safe, that's before you even start talking about attack vectors from third parties a.k.a. Apple Partner Companies. And seriously, you're ready to get in bed with the DHS and FBI? They're the ones after your data!
and the "average" user, not some hyper-educated tech savy never needing support person, has not much of a choice. Standard Android solutions will become just as bad in terms of unfree software.
Sadly, but understandingly, user will value the niceties of iOS and alike more than the potential damage to their privacy.
Thank you for pointing this out. While a "walled garden" approach is less than ideal, it is clearly somewhat more effective from a security standpoint.
Perhaps not your "NSA backdoor" variety of security though...
This is backed by hard data on malicious attacks from the Dept. of Homeland Security and the FBI. 79% occurred on Android, and just 0.7% on iPhone.
I'm also 100% positive this will have no effect on the reasoning of the FSF.
Source: http://www.bbc.co.uk/news/technology-23863495