I'd love to know the specifics. if there's an installable, reproducible local build w/ regular model/updates/maintenance that I could subscribe to, I'd be an interested party to a tool like that.
Wickard v. Filburn
United States Supreme Court case
Wickard v. Filburn, 317 U.S. 111, is a United States Supreme Court decision that dramatically increased the regulatory power of the federal government. It remains as one of the most important and far-reaching cases concerning the New Deal, and it set a precedent for an expansive reading of the U.S. Constitution's Commerce Clause for decades to come. The goal of the legal challenge was to end the entire federal crop support program by declaring it unconstitutional. An Ohio farmer, Roscoe Filburn, was growing wheat to feed animals on his own farm. The U.S. government had established limits on wheat production, based on the acreage owned by a farmer, to stabilize wheat prices and supplies. Filburn grew more than was permitted and so was ordered to pay a penalty. In response, he said that because his wheat was not sold, it could not be regulated as commerce, let alone "interstate" commerce. [Wikipedia](https://en.wikipedia.org/wiki/Wickard_v._Filburn)
>There is official confirmation for 134 of these vaccinations.
I admit that I sometimes also come to the comments first, and then check out the link. But I've never understood why so many people on here ask questions that are answered in the linked article...
I remain unconvinced that phone manufacturers are unable to read the screen. Username obscurity is neat for p2p privacy, but does nothing against "the cops" if you're doing something they don't want you to.
Yeah. If you've come to the attention of the wrong sort of "the cops", you're fucked.
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." -- https://www.usenix.org/system/files/1401_08-12_mickens.pdf
There's a lot of humour in that article, but some cold hard truth as well.
After an intelligence agency has knocked on your door to tell you just how interesting your online comments are and serve you legal paperwork, arguments like this suddenly become hollow.
While this advice suggests I should just give up, that's not a practical option.
I'm fortunate enough to have never had that knock on my door, but I'm certain I'm on several lists.
You don't need to "give up", you need to work out what stuff you do or talk about that "Mossad" isn't really interested in, and be much more circumspect about where and who you talk with about anything that they might be interested in.
Sadly, for anybody without my kind of middle aged white dude privilege, that's almost certainly a "chilling effect".
>I'm fortunate enough to have never had that knock on my door
What's the most subversive thing you've ever posted, repeatedly, with a large number of people seeing it? Chances are that it's not being "fortunate" that keeps you save but you simply aren't of interest to them.
In Communist China, you're perfectly safe as long as you aren't the "wrong" ethnicity and never prominently criticize the Party. In democratic country X, despite people getting to vote, it's not fundamentally different.
Nothing, practically speaking, can keep you safe from your phone.
If your adversary has access to your phone, directly, then encryption will not help (practically speaking - got to keep saying that because heroic efforts can be expended). If that adversary is the phone manufacturer (a) you are screwed and (b) the manufacturer is taking a huge business risk
Point is using Signal your messages and secrets cannot be found on a server over which you have no control. You do have control over your phone. You can switch to a more reputable manufacturer, you can keep it away from your adversary
> If your adversary has access to your phone, directly, then encryption will not help
One way to express it: The phone isn't much use unless you have access to the data. If you can access it, so can adversaries with access to your phone.
Convinced is a strong word, but phones are typically running code that is not user controlled in an environment where they are always expected to be connected to the internet.
Given the amount of spying that has been revealed (a lot of it seeming to be superficially illegal) it seems reasonable to assume that phones are compromised in all manner of ways unless proven otherwise. I'd prefer to be pleasantly surprised.
Anything that makes it more expensive for the government to read someone's communications is a bonus. Ideally panopticon states will remain uneconomic.
* Mobile-phone baseband chipsets are proprietary and secret a.f. and part of that is down to the carrier's insistence.
* Baseband chipsets run software that the carrier ships OTA to the phone.
* While baseband chipsets are ostensibly part of the wireless modem and meant to simply provide a service to the rest of the phone it looks like they generally have some form of access to the phone's main memory bus (just like any other PCIe device in a PC) and so could read the framebuffer (assuming it's backed in RAM at all) - or at least the back-buffers of the screens of running applications.
* Even 6-7 years ago, there existed definite causes for concern in (at least) the 32-bit version of iOS - but I can't find any hard evidence that the baseband chip in Apple Silicon-era phones wouldn't have at least some access. See https://github.com/userlandkernel/baseband-research
Having nothing at all to go by except for the platform's documentation and if we're lucky a pinky promise that they'd never backdoor their chips or devices if the state strong armed them into it seems to require a whole lot of faith. It'd be a lot nicer to have verifiable/auditable hardware and software so that we could be reasonably confident what it was capable of and could see exactly what it was doing instead of having to trust the black box.
You've given up the argument at this point. If you don't trust your phone's manufacturer not to backdoor their own chips, the baseband doesn't matter. If you're concerned about the Qualcomm baseband chips in an iPhone, you're talking about what is probably (depending on your phone) just a USB peripheral.
The baseband parts here are not, as message board C.W. would have it, top secret unknowable wizard hardware. You can get the part numbers and look them up.
There's a lot of weird mythology about these modem parts. The thread you linked to included someone claiming that basebands were DMA'ing into host memory --- you couldn't even do DMA over the HSIC USB the parts were using. Like, it wasn't even physically possible.
(I have no idea what a 5G Snapdragon Xwhatever can do today, but I assure you that Apple's security team does).
Having nothing at all to go by except for the platform's documentation and if we're lucky a pinky promise
We have way, way, way more than that. Both the GP and you are arguing about the security deficiencies of modern phones as you've imagined them, rather than as they are but that gap is trivial to close with relatively little reading.
> you are arguing about the security deficiencies of modern phones as you've imagined them, rather than as they are
I appreciate the strength of your conviction - but I'm not an phone industry insider, and have no access to the kinds of reading-material I assume you're pointing to - for example, Qualcomm put their docs behind a verify-your-employer-wall (which is outrageous): https://www.qualcomm.com/products/technology/modems/snapdrag...
...if Qualcomm's attitude towards openness and transparency is representative of the mobile comms industry in general then they have little hope of correcting any misinformation or misconceptions other technology folk like ourselves might have, let alone the general public.
No, this doesn't require access to internal documentation of anything, just googling a little. Like the sibling comment points out, the whole baseband thing is a bit of a messageboard trope and has been for about decade. This is one of these things you can sort of guess from first principles! I.e. how likely is it that this well-known problem (the potential security implications of DMA/memory mapped peripherals) has remained completely unmitigated and unaddressed by smartphone designers for 10+ years?
I can highlight text on the application switching screen (swipe up on android, press and hold over text on any of the applications in that view, you can highlight text that's otherwise not highlightable)
Someone should write a Wikipedia article on a glibly labeled law to the effect of, "any opportunity for forensic information to be exploited, will be done so."
OS level and apps can record the screen. With root access the State or someone who knows the triggers could issue a capture and store to a remote site without user knowledge.
A GPS transponder with microphone and camera under the control of billionaires seems like a mistake
It's not this binary. Remote compromise of phones with 0 days is expensive and risky. Phones aren't commonly believed to have purpouse built stable backdoors allowing screen recording for cops.
I'm slowly migrating a lot of my browsing out of Safari and into LibreWolf, and using the opportunity to document accounts/passwords that i want to keep.
If i were willing to get an iPhone, then i'd be quite happy with Safari (i don't have Chrome installed on my Mac), but I want the ability to have my bookmarks available on multiple phones & computers... so firefox profiles (in LibreWolf) is the mechanism i've decided to use for that (for now)
Here is an example: in Texas, unauthorized use of a vehicle, which would include driving a car that you can't prove is yours, can be punishable by two years in jail. [1] From what I understand getting caught driving without a license the first time is generally a misdemeanor, but for repeated offence in for example CA can land you in jail.
Running a whole operation around driving without a license is what tornado cash is more similar to, not accidentally forgetting your license once, which is what the misdemeanor is for.
You can actually operate and drive a car on private property without a license in Texas. In fact in Texas you can even drive a car drunk if it's on private property not open to the public, like a fenced off private parking lot.
Using your analogy, an instance of TC on private property would not be licensed.
Then using your analogy it should not be sanctioned. There is nothing illegal about a North Korean coming to your property and driving a car without a license. Your logic that _because North Korean, therefore public property_ is nonsensical.
And as an aside:
>Driving a car requires a license and registration of the vehicle.
I'd love to know the specifics. if there's an installable, reproducible local build w/ regular model/updates/maintenance that I could subscribe to, I'd be an interested party to a tool like that.