[balnaphone]

I really like the philosophical approach here, even if it's too finicky to put in practice today. I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing. Phones, laptops, physical security systems, cars, the list goes on.

There was a post here yesterday (https://news.ycombinator.com/item?id=23149771) about the (in)security of Linux, but the primary purpose of an OS is utility, not merely security. The leadership of the Linux project made very smart analyses of what priorities come first. Despite there being billions of insecure old devices scattered about, running old kernels, I think the kernel authors made the right call.

The problem rests with the manufacturers who abandoned support for those devices and left no escape route for users to update the kernels themselves. Most disgusting are these phone and car manufacturers, and apps, which have enabled wholesale spying on users for many years now. These devices are literal bugs, reporting realtime locations, conversations, and who knows what else to Big Brother.

Its a pleasure to see that some people still care enough to make the world a better place, in a way I can understand.

[x3blah]

"I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing."

There must have been some groundswell movement amongst users all demanding that the boot process be made more "secure". There must have been well-publicised cases where "bad guys" were hijacking the boot process.

Perhaps different people have different definitions of "secure". If some third party, including the seller, has control over access to the computer or what I can run or disable on it after I purchase it, then I do not consider that computer to be more "secure". I just consider it to be less useful and less trustworthy to use with any personal data.

[matheusmoreira]

> There must have been some groundswell movement amongst users all demanding that the boot process be made more "secure".

There wasn't. Users want security in general but most people would not even realize it if a boot process was insecure nor would they understand the implications.

> There must have been well-publicised cases where "bad guys" were hijacking the boot process.

Yes. The "bad" guys are the people running "unauthorized" software on computer hardware. Governments and corporations would very much like to restrict what users can and can't do. Widespread cryptography is viewed as an existential threat to law enforcement and intelligence gathering. Companies enjoy owning their users and being in a monopoly position with regards to the software market for their devices. So we get systems which control the user instead of systems controlled by the user.

[balnaphone]

This is a great analysis.

When I was a kid, I used to wonder what the difference was between soldiers and police. I was told that soldiers were meant to protect the State from its enemies, whereas police were meant to enforce the rule of law. I was also told that when soldiers were used for policing, everyone tends to turn into an enemy of the State.

It turns out, this view is correct, but omits that police tend to become soldiers for the State anyway. The ones that actively serve the citizenry's best interests seem to be far and few between.

[matheusmoreira]

There isn't that much difference when it comes down to it.

https://en.wikipedia.org/wiki/Military_police

[balnaphone]

Yes.

In theory, "military police" enforce military law and are responsible for policing the army, navy, and so on. They're usually limited in their ability to enforce civilian law. In the USA, it's prohibited under the Posse Comitatus Act and the Insurrection Act, but this isn't universal by any means.

[CharlesW]

> I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing.

It's less binary than that for me. Yes, the same technologies that keep my data secure also act as a buttress against jailbreaking. But people who want to jailbreak can simply choose less-secure devices, while I would personally not trade that security for greater hackability. There are other, lower-risk devices than phones and cars that I can use for that.

[alias_neo]

I don't see the need for a trade; SIP for example is an Android feature (I'm surmounting your "less-secure" to "Android"); why can they not support replacing the manufacturer keys, just like my UEFI laptop, so that I can modify my OS, build a custom kernel, sign everything and relock the bootloader?

I think we know the answer, and that is; the attitude towards things like mobile phones being different to that of a laptop; we don't really "own" or phones in the same sense and if shouldn't be that way.

[ryukafalz]

IMO the industry has made this into a false dichotomy. I want both security and hackability, and I don’t believe for a second that wanting better security means we should have to give up control of our devices.

[balnaphone]

Apparently your threat model doesn't include governments and large corporations, who have done more enumerable harm (e.g. through the military-industrial-information complex) to people than small-time crooks ever have. Sometimes it seems more people want to live in prison (or a gilded cage), than in regular civilian life with all its attendant dangerous freedoms.

The point of the OP is that users can and deserve to have the reliability that cryptographically-secure boot systems provide, without the Big Brother backdoor.

[CharlesW]

I appreciate the conversation.

> Apparently your threat model doesn't include governments and large corporations…

It's a consideration for sure, and it's why I use Apple devices instead of Google-powered ones, don't use Facebook, use DuckDuckGo as my primary search engine, etc.

I'm not worried about Apple selling my information (for now, given their current business model) but my network provider is absolutely doing this regardless of device. Given that, what actionable recommendation is even possible?

[balnaphone]

It's a tough one, for sure.

Personally, I'm looking forward to a pinephone. I'm moving towards asynchronous communications, and leaving my phone at home, or in a "faraday pouch" (made of [0]) on airplane mode.

Networking is done through an elastic ip vpn that forwards to a known host, so web sites that I want to use, but I don't want to trigger the captchas and 3FA stuff, see the same user-agent and IP address. I also have many "disposable" phones, that I use on projects that require Google Hangouts or WeChat. Recently I had to upgrade my daily driver phone, and I haven't installed Lineage yet. It's a slog, so I can totally understand why people would simply accept what's readily on offer.

At a basic level, my thinking is that "is this better for me?". That is, how are these capabilities[1] going to be used, in my favour, or against me? Since I have previously been dragged into a large investigation (regarding someone else operating under a false identity), and have had to get various clearances from various governments to work on projects (which is more common than I would naively think), the approach that I take is to appear unremarkable.

In the past, when leaving countries that require exit visas (like China, Israel), I was shocked at how much information they had on me, and revealed in the course of the exit interview. But I have to assume that Anglo countries, if anything, have more advanced technical means at their disposal, but decline to use them unless the target is juicy enough. So the reasonable approach is to do my best to make my pattern "normal" and "unappealing" -- maximizing my benefit from these tools, and minimizing the risks of false associations and accusations.

[0] https://www.sparkfun.com/products/retired/10056

[1] https://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-a...

[mr_spothawk]

VPN?