Comment by renewiltord

Comment by renewiltord 2 days ago

3 replies

View on Hacker News

These things are more a factor of aggregate risk handling. As an example, if you have tuberculosis it is possible even in the US for the country to mandate that a doctor watch you take the treatment. Totalitarian? Authoritarian? A tool that could be used to force someone to have to show up to where a state-controlled authority could confirm that they are? Yes, all of these things could be words you could assign to that.

But societal combined risk is commonly handled in this way. In the US, if you employ someone you have to report that you paid them to a central federal government. Way to track someone? Surveillance state? All words you could use.

And the government previously restricted gambling and so on. The question isn't "why would a bad government do these things?". The question is "would a benevolent government do these things?" and "if so, why?". And the answer is quite straightforward, I think:

Someone in the government has observed that there is a great deal of cyber crime in India. A fairly uneducated population, with very high smart-phone penetration (85%+ apparently), and a large number of fraudulent actors that their federal government is unable to enforce against. So they're attempting to attack the problem where they can.

This is ultimately India. They don't need insidious "app on your phone" / stingray / any other sophisticated solution. The local politicians can manipulate local authorities to get your cell tower association data and SMS. And if they want your comms devices they will rubber-hose the secrets out of you.

Someone I know worked at a big FAANG. He's Indian so went back to Bangalore to see his ailing mother. One day he took an auto-rickshaw while wearing his FAANG sweatshirt. The driver took him to a makeshift jail where he, police officers, and a magistrate conspired to threaten the guy with prison unless he paid $10k. $10k is nothing to a FAANG engineer, so he paid up, was brought in front of court on some lesser charges and then had to pay a small fine (much less than $10k). And then he flew back to the West Coast and never returned to India. Trying to reason about this kind of place using the perspective of the West is meaningless.

I think it unlikely they're trying to use this as cyber-surveillance. India simply does not have the infrastructure necessary to do that at scale. And they have the infrastructure for the rubber-hose, and Indians wear their identification on their sleeve, so to speak. Names point to ethnic groups and castes. Primarily endogamous marriage means if you want to perform violence against groups you can simply spread out from one member of the family unit being visibly of that group.

Using an app to get access to someone's data there is sort of like using Heartbleed to get root on a machine on which you are in /etc/sudoers with NOPASSWD.

marginalx 2 days ago

All good goals - but this can be done by the government forcing the private companies (Apple/Goog/Samsung) to build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....

This will keep the data out of governments hands, while pushing the cost burden to these companies and they would be better equipped to build around these goals than the government themselves.

We all know the govt doesn't have a great track record with using Pegasus etc... Giving away control to apps that can decide your phone is stolen and lock it opens the door to any possibility including a totalitarian regime. It would be naive to believe that even if this is done with good intentions, such control could be easily mis used by opposition parties, one malicious individual etc...

Reply View 2 replies
  • renewiltord 2 days ago

    I don't think the Indian government realistically has the ability to enforce on Apple/Google/Samsung like that. Regardless, even if they did, India has a diversity of (what we would probably consider) garbage smartphones. For anyone who lives in the West and is used to the kind of state legibility and control here, I think they'd find India quite surprising. The state has limited visibility and control there, simply because they never built a trustable bureaucratic network of data transmission.

    If you read the Internet, you will hear that India has strict controls on KYC for SIM cards and so on. But on my last trip there I acquired one without much fuss. I'm not sure how that happened but I didn't provide any ID! I suspect that in such an environment you can't really do the thing you're suggesting.

    The average mobile phone store there had an absolutely mind-blowing profusion of smartphone brands that all sound like those Amazon drop-shipped Chinese brands: Vivo, Poco, Realme, Oppo. And those are the good ones! There is a Cambrian-like explosion of brands there from various manufacturers. It's an unusual place.

    EDIT: I'm going to have to reply to you here because I'm rate-limited on comments. See below in response.

    Is it contradictory? I imagine saying "install this app on your phones from the factory when selling here" is a lot more achievable than coordinating what you suggested which is:

    > ...build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....

    But perhaps you anticipate these to both require equivalent ability? If so, I think that's the crux of the disagreement. I don't think the Indian state has the power to set up a mechanism to set a standard for tools, reporting, and support services that meet some requirements to detect scammers etc.

    In fact, I think that's a really high bar. I think perhaps only highly developed nations would have any success designing such a program. I think even the smaller EU member nations would fail at it, and I don't think any of the developing nations (barring China).

    Reply View 1 reply
    • marginalx 2 days ago

      I feel like you are making a contradicting point, on one hand you say its all disorganized but "organized enough" to allow the govt to force install their app, but not enough so it can coordinate the same thing with the same people they are going to force to install the app?

      Reply View 0 replies