Comment by fsflover
4 years ago
You don't need to verify everything yourself. You can verify any small part and rely on the community to verify the rest. Or pay someone to verify. However, for all that you need verifiability, which Apple lacks.
4 years ago
You don't need to verify everything yourself. You can verify any small part and rely on the community to verify the rest. Or pay someone to verify. However, for all that you need verifiability, which Apple lacks.
> You can verify any small part and rely on the community to verify the rest. Or pay someone to verify.
The only difference in this is who you trust. Be it Apple, the community or someone you pay, you're still trusting that someone else's interests align with yours and they did things correctly.
In other words, this is not a technical problem. It's a problem that needs to be solved through regulation, because 99% of the people can't verify by themselves that their devices are actually private and secure.
> The only difference in this is who you trust.
Not really. There is a huge difference between trusting a single for-profit entity (who provides backdoor to iCloud in China) or huge number of independent people (each would like to get famous/rich for finding bugs).
Yes, because the "huge number of independent people" have never missed any serious bugs or backdoor, and they also verify every piece of equipment you use.
9 replies →
That just shifts who controls the monopoly on verification. Not trusting anyone isn't a reasonable goal. Open verifiability allows you to choose which entities to put trust in and how much trust you can afford to eliminate by doing things yourself.