Do you mean the worst that could happen to you personally or the worst for everyone?
When your device is compromised by hostile actors I guess it depends on what your nightmares are, but getting framed for child pornography and/or blackmailed for it is a popular one. Or getting your cloud accounts hijacked and all your stuff compromised. Or getting the bad guys access to your employer's network. Etc.
Collectively a widespread Android device botnet could take down a lot of infrastructure, or start a war, or ruin everyone's days with ransomware. I'm sure more imaginative people have thought about it.
Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!
I'm all for trusting computing devices to act as one's agents, but attempting to do so with anything resembling a modern mobile phone is barking up the wrong tree.
Even though just having one means taking the location-tracking hit from negligently designed cellular protocols, further exposure can be mitigated by using these little snitches for as little personal activity as possible.
At some point, reckless behavior affects people beyond the individual. I am irritated that people allow their systems, networks, devices etc to become compromised, thus becoming the assets of malicious actors. Most of the people in this category have are not particularly savvy, which doesn’t give them an out so much as it explains the predicament. However, you are demonstrating that you choose to be in this category, despite understanding the problem. You are letting your personal convictions get in the way of good judgement. You now shoulder responsibility for knowingly making the world a little less safe for the population at large.
It's very fucking weird that by pointing out the larger non-corporate context of digital security, it's being inferred that I deliberately do not secure my devices. I guess by not toeing the AppGoogAzon "Security (TM)" marketing lines, I just end up in that "other - outsider" category, and must be wrong.
I already explained a mechanic of causality whereby assorted end nodes being owned up actually increases our security, as it helps keep at bay the simplistic/totalitarian philosophy of tracking/controlling communication. But don't let that get in the way of the malunderstanding that is ultimately driving this nebulous desire for promised "security".
Do you have an actual number for "probably" - assuming normal browsing habits (i.e. not to the sort of porn site with a higher likelihood of installing malware), and an outdated version of iOS or Android?
How is that number changed by not using public wifi?
>i.e. not to the sort of porn site with a higher likelihood of installing malware
Porn sites are not where most malware comes from. Ad networks are. I've had more attempts at virus and malware installs from 'legitimate' sites that have had poor control of their banner ads.
I'm not assuming anything: I asked a question, rather than stating a fact.
"Not significantly" would be a valid answer to the second question. However, you seem to be answering "are home routers entirely secure?", which wasn't my question: my question was about real-world risk levels (i.e. "_are_ public wifi points significantly more likely to deliver threatening payloads", not "_could_ they be").
I'd still be interested in an answer to the main question.
Oh no, not a month's allocation of mobile data down the drain!
An impersonal passive botnet would likely do less damage than status quo "apps" that are built to siphon as much personal data as possible.
Never mind these few Mifi devices that I have - default configs that listen on wan telnet with static passwords! Well known domestic manufacturer, not worth attempting to report - the manufacturer obviously did not care, has long moved on, and there's countless other models with the same problem.
The panacea of every node being secure with an identifiable owner fell apart long ago. You can either cling to that belief in a fundamentalist manner (and prop up the totalitarians who wish to track communication ever more). Or you can work on understanding how non-technical people actually attempt to moderate their own exposure to these insecure-by-design surveillance devices.
Sure, and I didn't advocate doing otherwise. My point is the larger context - there is no "secure" on mobile.
Likewise, my point about losing a datacap was that it was preferable to having more personal info backhauled into commercial surveillance databases. It's not an either-or and I'm not desiring either one - just calling attention to the larger context of user-security versus the myopia of marketing/corporate security.
> Most phones already come with two persistent implants - the user-antagonistic OS, and the baseband processor!
I don't trust Apple or Google to have my best interests at heart at all, but I am quite confident that neither of them will literally try to extort me with ransomware or kiddie porn. It's weird that you're equating the two.
Most people are willing to accept the risk that the NSA is listening in on them. Most people are not willing to accept the risk of an arbitrary person being able to steal their identity.
I am a USian. The nonsensical concept of "identity theft" has been promulgated by the surveillance industry to avoid responsibility for their own negligence. A person cannot become a "victim of fraud" in the way you describe. The banks are the only parties that stand to be defrauded, and they could avoid this by stopping to pretend that a few bits of semi-public information is enough to identify a person. So far it has been more profitable to keep the gravy train of easy credit rolling, which is fine. But that doesn't mean we should bear the burden for them!
When someone earnest talks about their "identity being stolen", I prefer to think of them as complaining that one of their friends bought the same pair of red Nikes or whatever.
This all might be true, but as a reason to not install patches, it still makes no sense. If you don’t trust the baseband or the OS, why did you buy the phone to begin with? You trust iOS n, but not iOS n+1?
One is forced to buy a phone, as an expectation/requirement of modern society. This does not imply they wish to spend even more money in support of the broken ecosystem every year/six months/etc.
When your device is compromised by hostile actors I guess it depends on what your nightmares are, but getting framed for child pornography and/or blackmailed for it is a popular one. Or getting your cloud accounts hijacked and all your stuff compromised. Or getting the bad guys access to your employer's network. Etc.
Collectively a widespread Android device botnet could take down a lot of infrastructure, or start a war, or ruin everyone's days with ransomware. I'm sure more imaginative people have thought about it.