Comment by hahahacorn
1 month ago
> Why in the world am I supposed to be an expert on homomorphic encryption? How many people in the world are experts on homomorphic encryption?
No one, at any point, implied you had to be an expert on homomorphic encryption. But if you're going to evaluate the security risk of a feature, and then end up on the front page of HN for said security risk, I think it's fair to criticize your lack of objectivity (or attempt at objectivity) by way of not even trying to understand the technical details of the blog.
I will say I think my word choice was unnecessarily harsh, I'm sorry. I think I meant more indifference/inattention.
> What does that even mean in this context?
Apple's list of Security releases is long and storied. By comparison, the Solana Saga Web3 phone's list of security releases is short and succinct. Therefore, the Solana Saga must be more secure and has better security than an Apple device!
> What is the value of the feature? As the article notes, this new feature is flying so low under the radar that Apple hasn't bothered to advertise it, and the Apple media haven't bothered to mention it either. You have to wonder how many people even wanted it.
The marketability of a feature is not necessarily correlated with its value. Some features are simply expected and would be silly to advertise, i.e. the ability to check email or text friends. Other features are difficult to evaluate efficacy, so you release and collect feedback instead of advertising and setting false expectations.
> Lockdown mode is basically for famous people and nobody else.
Similar to Feature value, that audience of that statement is your average person (read: does not read/post on hacker news). Based off the your pedigree, I feel as though you probably know better, and given your "no tolerance for risk" for such a feature, it's something worth at least considering, and definitely isn't ridiculous.
I think it's great you started this conversation. I disagree with your opinion, and that's okay!! But I don't think it's particularly beneficial to any discourse to 1. Imply that you are evaluating security risk 2. Be given a well written technical article so that you are able to make an informed decision (and then share that informed decision) 3. Ignore relevant information from said article, make an uninformed decision 4. Be surprised when someone says you made an uninformed decision 5. Imply the only way to make an informed decision would be to be an expert in the relevant fields from the technical article
Anyway - thanks for writing and replying. Creating and putting yourself out there is hard (as evidenced by my empty blog that I promised I'd add to for the past 2 years). And my criticism was too harsh.
> if you're going to evaluate the security risk of a feature
I wouldn't characterize that as the point of my blog post. It's primarily about user consent, or lack thereof.
> and then end up on the front page of HN for said security risk
I have no control over that. I didn't even submit the article to HN.
> Apple's list of Security releases is long and storied. By comparison, the Solana Saga Web3 phone's list of security releases is short and succinct. Therefore, the Solana Saga must be more secure and has better security than an Apple device!
This is a red herring. I wasn't comparing Apple security to any other company's security. I was merely pointing out the possibility of bugs and vulnerabilities in Apple's new feature.
> Other features are difficult to evaluate efficacy, so you release and collect feedback instead of advertising and setting false expectations.
Well, I've now given my feedback on the new feature.
> Similar to Feature value, that audience of that statement is your average person (read: does not read/post on hacker news). Based off the your pedigree, I feel as though you probably know better
I'm not sure I understand. Are you claiming that Apple, in its support document, is deliberately mischaracterizing Lockdown Mode?
> But I don't think it's particularly beneficial to any discourse to 1. Imply that you are evaluating security risk
As I've said above, I wasn't.
> 3. Ignore relevant information from said article
I didn't ignore the relevant information from said article. I read the article, but some of the technical details are beyond my current knowledge.
> make an uninformed decision
What uninformed decision are you talking about?
> 4. Be surprised when someone says you made an uninformed decision
I'm surprised because I have no idea what "uninformed decision" you mean.
> 5. Imply the only way to make an informed decision would be to be an expert in the relevant fields from the technical article
I didn't imply that at all. To the contrary, I insisted that the decision to enable the feature should be up to the user, not up to Apple.
I don't think you're trying to understand what I'm saying, e.g. > 3. Ignore relevant information from said article I didn't ignore the relevant information from said article. I read the article, but some of the technical details are beyond my current knowledge. > make an uninformed decision What uninformed decision are you talking about?
I don't think I need to specify that by uninformed decision I mean evaluating the security risk of the feature. I think I criticized too harshly, and you're (understandably) not engaging with me fairly in retaliation. If you actually want to engage with me and discuss this further, feel free to shoot me an email (in my about section). Otherwise, obligatory https://www.paulgraham.com/vb.html.
> I don't think you're trying to understand what I'm saying
I'm trying, but obviously I'm failing.
> I don't think I need to specify that by uninformed decision I mean evaluating the security risk of the feature.
For the third time, that wasn't what I was trying to do with the blog post.
> you're (understandably) not engaging with me fairly in retaliation
I don't think you're understanding me either. I'm not retaliating. I was trying to clarify.