Comment by tempworkac
Comment by tempworkac 4 days ago
It doesn't really matter if they ask you or not, ultimately you have to trust them, and if you don't trust Apple, why would you even use an iPhone?
Comment by tempworkac 4 days ago
It doesn't really matter if they ask you or not, ultimately you have to trust them, and if you don't trust Apple, why would you even use an iPhone?
> If someone demands that you trust them blindly and unconditionally, that's actually a sign you shouldn't trust them.
That's certainly a take, which you're clearly entitled to take. I don't disagree with the point that you make; this ought to have been opt in.
What you should do now is acknowledge this in your original post and then explain why they should have been more careful about how they released this feature. Homomorphic encryption of the data reframes what you wrote somewhat. Even though data is being sent back, Apple never knows what the data is.
> What you should do now is acknowledge this in your original post and then explain why they should have been more careful about how they released this feature. Homomorphic encryption of the data reframes what you wrote somewhat.
Do you mean my original blog post? The one that not only mentions homomorphic encryption but also links to Apple's own blog post about it? I don't know how that can "reframe" what I wrote when it already framed it.
I apologise, I didn't fully read your original article as I find that your writing is prone to exaggeration. I've reread it a few times now and I stand by what I said. You mention homomorphic encryption only in a quoted piece of text and a link. You utterly fail to explain what it is. You didn't frame it at all. You hand-waived at it. I don't disagree with you on the point about this being opt in, but your blog post is a massive overreaction, heavy on prose and opinion, but light on any tangible facts.
How can you trust any mainstream "working" iPhone or Android device? You already mentioned open source android distros. You mean those where no banking or streaming device app works because you have to use a replacement for gapps and the root / open bootloader prevents any form of DRM? That is not really an option for most people. I would love to have a Linux phone even with terrible user experience as long as I do not lose touch with society. That however seems to be an impossible task.
You don't trust Apple's and Google's mobile phones. And some bank doesn't trust open source android distros on mobile phones. Those are both fine positions. You are free to move to another bank, just like the bank is free to not accept you as a customer.
I'm curious what functions other than maybe depositing a check requires a banking app?
When I'm in Canada I often transfer money (interac e-transfers). I always use the website, even on mobile, but the website has some arbitrary limits than the app does not. For example I can only transfer $1,000 at a time, the app allows $10,000. There's also a limit of recipients per day.
My charitable interpretation is that the app allows a greater verification process so the bank trusts it more and it's "to protect me, the user". But then, the website lets me transfer $100,000 using a multitude of other methods if I want (wire, e-check, create carrier check), so... yeah.
Depends where you live. In the US, probably not much, but in other countries where transfers are ubiquitous, being unable to use a banking app could be a real problem.
are there really countries where the bank doesn't have a website you can use to do a transfer, but you could do it through an app?
Bank transfers, online purchases (most banks reqire 3DS now and usually won't let you buy things online without the app on a phone), some don't have a web interface, and others if they do require you to approve the login to that from the app
why use a device by someone you don't trust? honestly don't get it. I'd use an open source android distro
It doesn't have to be binary. I have some trust for apple. They've earned it in various ways by caring for privacy.
When they start opting me into photo scanning I lose a bit of trust. The homomorphic encryption makes it less bad. The relative quiet around the rollout of the feature makes it worse. Apple's past attempt to start client side scanning makes it worse. Etc...
The net result is I trust them a bit less. Perhaps not enough to set my apple devices on fire yet, but a bit.
Here is my simplified take on it which will likely get me flamed.
Trust has many meanings but for this discussion we’ll consider privacy and security. As in, I trust my phone to not do something malicious as a result of outside influence, and I trust it to not leak data that I don’t want other people to know.
Open source software is not inherently more secure nor more private. However it can sometimes be more secure (because more people are helping find bugs, because that specific project prioritizes security, etc.) and is usually more private. Why? Because it (usually) isn’t controlled by a single central entity, which means there is (usually) no incentive to collect user data.
In reality it’s all kind of a mess and means nothing. There’s tons of bugs in open source software, and projects like Audacity prove they sometimes violate user privacy. HN-type people consider open source software more secure and private because you can view the source code yourself, but I guarantee you they have not personally reviewed the source of all the software they use.
If you want to use an open-source Android distro I think you would learn a lot. You don’t need to have a CS degree. However unless you made massive lifestyle changes in addition to changing your phone, I’m not confident it would meaningfully make you more secure or private.
To your point, you can’t even trust the software if the hardware is untrusted
Trust is never all or nothing. I trust Apple to an extent, but trust needs to be earned and maintained. I trust my mom, but if she suggested installing video cameras in my home for my "safety", or worse, she secretly installed video cameras in my home, then she would lose my trust.
Likewise, you need to trust your spouse or significant other, but if there are obvious signs of cheating, then you need to be suspicious.
An essential part of trust is not overstepping boundaries. In this case, I believe that Apple did overstep. If someone demands that you trust them blindly and unconditionally, that's actually a sign you shouldn't trust them.