| HN Mirror

>Would you really be more comfortable knowing that your hardware vendor had the capability to produce machines with a low-level, unremoveable backdoor?

What? They do. Apple absolutely has the capability to build any or all machines with low-level unremoveable backdoors, like, in the freaking processor if they wanted. I'm not clear on what your issue is here. The current state of affairs is that for devices like the iPhone, the manufacturer can setup a secure software tree where the root of trust contains only their keys. And for many (if not most) of their customers that's a good thing, because in their threat model running their own arbitrary code is of lower utility and much higher risk then getting social engineered into bypassing key protections or the like. There is important power in grouping together buying decisions in an unbypassable way, it's why the likes of Facebook for example cannot insist on bypassing iOS privacy protections. They can't pick people off, because people literally do not have the choice. Facebook must deal with Apple for the ~97% (or whatever it is who don't/can't jailbreak) majority of users.

However there are real issues with that too for a sizable number of owners. So all I want is that there be an option at purchase time which allows owners to load their own root keys. The whole chain of trust infrastructure is still there, but technical users or those with specific needs can then run their own (and still be better off). Making it buy-time means that users who want to ensure they cannot be compelled later can still do that too. Nobody loses.

A feature like that can be used against users more easily than it can be used by those users.

How? Most people will stick with defaults, and I'd be ok with Apple or whomever qualifying an open device with reduced software support or some small charge for example too. And once it's been sold, it's the same as currently. I think that's a reasonable tradeoff.