[jhlgkhkhil]

Why would someone who's threat model includes the US government possibly want to trust a totally closed OS made by a US company?? Do you still not see the US government as a threat to journalists? If not how do you justify this position?

[tptacek]

There are clueful people who disagree about Android vs. iOS for security (they're a minority, to be sure). But at this point: people who express shock, surprise, or outrage that security people are recommending iOS are demonstrating cluelessness.

The clueful people who argue in favor of Android start not by saying "you can't trust anything that isn't open source" (that would be especially silly if you're arguing for Google's Android phones, which are the only trustworthy phones), but by acknowledging the consensus that iOS is more secure and then challenging it.

On this thread alone, you've:

* Suggested that reverse engineering is a kind of arms race between the NSA and the "good guys", which it is not.

* Suggested that Tor is inextricable from Tor Browser.

* Complained about the suggestion that you might learn how reverse engineering works, because you're just a software developer.

I'm sorry, but comments the one upthread I'm replying to are indistinguishable from trolling to me. I know that's a bit of an aggro thing to say. But: do you honestly believe that the people who write advice like Matt Green in the story we're commenting on, or in the brief we're commenting on here, don't understand what open source is?

[jhlgkhkhil]

Please keep the personal attacks away from this forum. There is no place for them here.

EDIT > "I'm sorry, but comments the one upthread I'm replying to are indistinguishable from trolling to me. I know that's a bit of an aggro thing to say."

If that not a personal attack I don't know what it is.

Oh and would you have time to address any of my questions? (In terms other than ios vs. android?)

[jhlgkhkhil]

Wow just wow.

[zabuni]

1) Apple has shown substantial backbone in fighting against the US government when pressed to exploit a phone.

2) The other choice is a device made by a Chinese or Korean company with a semi-open operating system made by a US company.

3) Either device will have a totally closed baseband chip.

4) Deploying and maintaining secure Linux environment on a Laptop is a full time job that requires expertise journalists don't have.

5) Open versus closed source is a red herring. Everyone is using pre-compiled binaries.

[alasdair_]

>2) The other choice is a device made by a Chinese or Korean company with a semi-open operating system made by a US company.

All iPhones are made in China by a Chinese company.

[md_]

What are the options for someone who wants a fully trusted supply chain? Is there a modern smartphone made with provably secure hardware (and which I can verify is actually running that hardware and not some behave-alike SOC)?

From my somewhat-naive perspective, it seems like the alternative is an Android phone made in China by a Chinese company, which seems not obviously superior.

[zer0tonin]

They are made by Foxconn, which is a Taiwanese company.

[na85]

Does that make it meaningfully better?

[marcosdumay]

Hum...

> 1) Apple has shown substantial backbone in fighting against the US government when pressed to exploit a phone.

And the phone was exploited anyway. The only thing that was established is that Apple must not be forced to help.

> 2) The other choice is a device made by a Chinese or Korean company with a semi-open operating system made by a US company.

That makes both alike.

> 3) Either device will have a totally closed baseband chip.

This is the one the iPhone got right. On the iPhones, it is insulated by a closed interface.

> 4) Deploying and maintaining secure Linux environment on a Laptop is a full time job that requires expertise journalists don't have.

Ditto for Android, iOS, Windows, OS/2, AIX, GNU/Hurd... And anything else you may think about.

> 5) Open versus closed source is a red herring. Everyone is using pre-compiled binaries.

Open source is a necessary condition for securing against any targeted attack. It's just far from sufficient. Also, pre-compiled binaries can help you.

Anyway, both platforms are pretty much closed.

[tptacek]

No, open source is not a necessary condition for security. But we agree that it's insufficient, which is progress.

[schoen]

> 5) Open versus closed source is a red herring. Everyone is using pre-compiled binaries.

With a very salutary trend toward reproducible builds, which will help prove a connection between the source and binaries. (Though it's taking years to get there.)

[bsder]

> Why would someone who's threat model includes the US government possibly want to trust a totally closed OS made by a US company?? Do you still not see the US government as a threat to journalists? If not how do you justify this position?

Let's be honest, if your adversary is the US government, I suspect that there is no electronic equipment you can use.

Most journalists, however, are more in fear of their lives or communications when outside the US. For that, an iPhone is provably a much better choice.

[jacquesm]

> Most journalists, however, are more in fear of their lives or communications when outside the US.

I've upvoted you because of the first sentence but the second one leaves me a bit puzzled. There are plenty of places where the threat level against journalists is equivalent to the US and quite a few where it is actually less.

In fact, the current 'head-of-state' of the United States is on the record for saying the press is the enemy of his administration.

[bsder]

> There are plenty of places where the threat level against journalists is equivalent to the US and quite a few where it is actually less.

While your point is well taken, I haven't seen any US administration execute a journalist for quite a while.

Russia and China don't have quite so much restraint. And most of the petty dictatorships and theocracies make Russia and China look perfectly reasonable.

The fact that the US is not a bastion of moral rectitude does not automatically grant moral equivalence to bad or worse actors.

I am perfectly capable of condemning the actions of the US government and working to make it better even while acknowledging that it is better than most and worse than some.

"But he does it, too!" is not a valid argument for justification. But neither is it a valid reason to refrain from reasoned comparison.

[JupiterMoon]

> For that, an iPhone is provably a much better choice.

Where can I get some citations for this?

[pjc50]

The FBI / iPhone controversy shows that US government access to those devices is clearly limited to certain agencies.

This is increasingly important as it's now really obvious that the different agencies have different politics and may end up investigating each other to see who's been compromised to the Russians.

(also, you have to pick something: telling a journalist not to use a phone is a total non-starter)

[solotronics]

I wonder if the FBI/iPhone event was a psychological operation to make everyone think the Fed couldn't get into an iPhone.

[pvg]

At the end of the day, the FBI has to win cases in court. What are they going to do with this elaborately orchestrated secret? "Your honour, everyone thought we could not extract evidence from an iPhone but... Psych! We totally can!"

[nickpsecurity]

What you described is Standard Operating Procedure for FBI, DEA, and intelligence services if the method is too good to give up. What they do in those situations is try to come up with alternative methods tgat can justify how they obtained the information. That process is called parallel construction. FBI and local departments have even been intentionally losing cases to avoid light being shed on some of their tools, esp stingrays.

Not saying it's happening here. Just reminding you they do this.

[pvg]

I understand that but my point is that the FBI is not like an intelligence service - fundamentally, their endgame takes place in the public sphere and under public scrutiny. Yes, they have legal means at their disposal to protect their methods and sources. The operative term being 'legal'. They can't lie to a federal judge to try to compel Apple to help them do something they can already do. If they did, and it came out (which it certainly would), it would be at a massive political shitstorm with fired directors and congressional investigations as an absolute minimum. It would make their actual job a zillion times harder to do. It's just not in their interest at all.

[nickpsecurity]

"They can't lie to a federal judge to try to compel Apple to help them do something they can already do. "

You nust have missed the whole Snowden leaks where they were all lying to Congress, courts, and so on. Far as the FBI, here's what they say: "That pertains to highly classified matters of national security. Im afraid I can't discuss that here." (Keep repeating.)

They've also been lying about their counterterrorism cases. That one expose showed they're paying undercovers $100,000 or so to convince harmless people to try something. Even financing, equiping, and training them. They sell it in court as them stopping what was already going on. Despite one informant recording them, nobody leading the FBI is fired or doing time. Deception is business as usual.

[caf]

Well, part of their job is a national police force where the endgame takes place in the public sphere.

The FBI does also have a significant counter-intelligence function where the endgame is often "foreign diplomat declared persona non grata".

[kswahl1]

If I were to bet, it was the other way around. They said they got into it when they actually couldn't.

[alasdair_]

Unlikely. First, we know what they paid for the hack, and secondly, the iphone involved was an old model without a secure enclave - multiple researchers suggested different attacks.

[nickpsecurity]

Smartphones shouldnt be trusted in such a scenario. Many journalists will use them anyway. In that scenario, Apple is probably better since they're not a surveillance company and it's harder to load malware.

[clubm8]

So a journalist should use a dumbphone, where every text and call is transmitted in the clear, and the contents of the address book is stored unencrypted, rather than buy an iPhone and leave it at home when attending sensitive meetings?

[nickpsecurity]

The policy of most domestic TLA's is to watch for encrypted calls. Those targeting journalists will likely have the journalist's main number in their system. Disposable, dumb phones on both sides are safer. Although the NSA can detect that, I havent heard that many others do or easily.

Typical advice applies, too. Keep batteries out. Drive away from normal location to somewhere with plenty of people in cell radius but off camera. Batteries in, make call. Prearranged times or periods.

[Canada]

Who could possibly do their job like that?

[nickpsecurity]

Lots of executives and lay people that value privacy. I've met many. In this scenario, the journalist really just needs to be able to receive the call. The need for the OPSEC is mostly on the person leaking stories. They can do less if they don't mind consequences, though.

[jhlgkhkhil]

The difference is that the dumb phone can be thrown away and replaced - not many people can afford to use iphones as burners..

[chimeracoder]

If your threat model includes an adversarial nation-state that is known to engage in passive mass surveillance, using burner phones while transmitting all communication unencrypted is a terrible idea.

[jhlgkhkhil]

But the OP doesn't go around saying one branch of smart phones are the best of a bad bunch - he goes around saying that they are good. How does he know? Is he better as reverse engineering than everyone as the NSA put together? (And that's not even taking into account all the potential wrench attack targets at a large US company?)

[tptacek]

This doesn't even make sense. "Better reverse engineer than the NSA"? What would that mean here?

[jhlgkhkhil]

It means on what basis can you stand and say to people who's lives may be at risk that you trust apple's press releases?

Please don't respond with the strawman you keep using of Iphone vs. Android. I am not arguing that Android is more secure. I am saying that taking either to meet an at risk source is bad. Your advice on this forum will contribute to journalists feeling comfortable doing this.

[tptacek]

Non sequitur.

[jhlgkhkhil]

So we should just trust you?

[tedunangst]

Which phone do you use that's too secure for the NSA to hack?

[nickpsecurity]

A strong, domestic TLA should be assumed to hack or intercept all of them if companies are local. Then game changes to the caller hiding their identity. Text-to-speech and burner phones can do that. However, messaging and email over WiFi's on devices bought with cash hides voice, has better clarity, allows file transfers, and can still do voice as an attachment.

[tedunangst]

If uber can figure out which burner phones are used by cops, global adversaries aren't going to have trouble with it.

[nickpsecurity]

Good for people I told to keep their burners off unless transmitting from semi-anonymous locations. That's their best privacy technique if they're non-technical.

[kevinmchugh]

Given that Apple spent a lot of money last year resisting USG efforts to decrypt their smartphones, it would seem they're an especially trustworthy steward.

[boomboomsubban]

Except the part where they immediately agreed to help the US Government, only to find that incompetence had made the problem much harder than it should have been. They then resisted having to do a large amount of unpaid labor to continue to help. Plus, a PRISM member.

[willstrafach]

> a PRISM member

To avoid confusion for any readers, you should clarify what this means: Apple has an automated process for serving data in response to any approved FISA court orders from the FBI.

[snowwrestler]

It's not even clear that PRISM implies an automated process. It appears to just be the NSA's internal name for the process of using the FBI to request stored data from service providers.

And to make this clear: U.S. companies must comply with valid court orders. Being a "PRISM member" is not optional.

[boomboomsubban]

As people seem to think I am wrong, here's a source

http://www.latimes.com/business/la-fi-tn-apple-fbi-call-2016...