Hacker News new | past | comments | ask | show | jobs | submit login

This argument seems like a fairly extreme example of the perfect being the enemy of the good. Sure, it would require a more advanced system for VW to prevent themselves from silently compromising their own system to learn everyone’s location. But the design I outlined will prevent a passive compromise of VW, and even possibly a court order, from learned everyone’s location, and it prevents even an active and highly malicious compromise from learning past locations.



"Shipping the private key" does not meet the bar for "good". You still need a way to establish trust in your key distribution and also implement the system correctly. The proper way to secure access to a physical thing you own is to only communicate directly with that thing.


This is ridiculous. It would take heroic effort for VW to prevent themselves from silently uploading malicious firmware to VW cars. There are ways to do this, but it’s also a separate problem from the problem that should actually be solved here.


Uh, if the only communication with the car is direct and physical then how does VW upload anything?


If the only communication is direct and physical, then this entire discussion is moot.


Exactly.


I was triggered by the argument “Apple knows how to allow one to find one’s devices without Apple knowing where they are. It’s not that hard.” People misunderstand this as Apple having no possibility to learn the location if they wanted to. And that’s just not the case.


Of course Apple could do this. But Apple is the one major company that actually goes out of its way not to.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: