Comment by bArray
1 day ago
Too right, it was far more problematic than they ever made out.
> The UK government's demand came through a "technical capability notice" under the Investigatory Powers Act (IPA), requiring Apple to create a backdoor that would allow British security officials to access encrypted user data globally. The order would have compromised Apple's Advanced Data Protection feature, which provides end-to-end encryption for iCloud data including Photos, Notes, Messages backups, and device backups.
One scenario would be somebody in an airport and security officials are searching your device under the Counter Terrorism Act (where you don't even have the right to legal advice, or the right to remain silent). You maybe a British person, but you could also be a foreign person moving through the airport. There's no time limit on when you may be searched, so all people who ever travelled through British territory could be searched by officials.
Let that sink in for a moment. We're talking about the largest back door I've ever heard of.
What concerns me more is that Apple is the only company audibly making a stand. I have an Android device beside me that regularly asks me to back my device up to the cloud (and make it difficult to opt out), you think Google didn't already sign up to this? You think Microsoft didn't?
Then think for a moment that most 2FA directly goes via a large tech company or to your mobile. We're just outright handing over the keys to all of our accounts. Your accounts have never been less protected. The battle is being lost for privacy and security.
> you think Google didn't already sign up to this?
My understanding is that Android's Google Drive backup has had an E2E encryption option for many years (they blogged about it at https://security.googleblog.com/2018/10/google-and-android-h...), and that the key is only stored locally in the Titan Security Module.
If they are complying with the IPA, wouldn't that mean that they must build a mechanism into Android to exfiltrate the key? And wouldn't this breach be discoverable by security research, which tends to be much simpler on Android than it is on iOS?
My assumption is that Google has keys to everything in its kingdom [1].
[1] https://qz.com/1145669/googles-true-origin-partly-lies-in-ci...
> My assumption is that Google has keys to everything in its kingdom
If that were true, then their claims to support E2E encrypted backups are simply false, and they would have been subject to warrants to unlock backups, just like Apple had been until they implemented their "Advanced Data Protection" in 2022.
Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?
60 replies →
I doubt it. Much to my annoyance they moved Google Maps Timeline from their database to an encrypted copy on my phone specifically so if law enforcement asks for the records of where you were at a given time and place they can say dunno, can't tell. If they had the keys it would wreck their legal strategy not to get hassled every time law enforcement are trying to track someone.
The linked article makes a lot of assumptions about the "Massive Digital Data Systems Program". It seems this program existed. For example, here is a 1996 paper [1] about research funded by the "Massive Digital Data Systems (MDDS) Program, through the Department of Defense."
But it's not clear that funding for early research into data warehousing (back when a terabyte was a lot of data) has anything to do with whether or not Google uses end-to-end encryption? Lots of research got funded through the Department of Defense.
Without having relevant evidence, this is just "let's assume X is true, therefore X is true."
[1] https://papers.rgrossman.com/proc-047.htm
Google didn't announce that they could no longer process geofence warrants because they no longer stored a copy of user location data on their servers until last October.
How much good does an encrypted device backup do when harvesting user data and storing it on your servers (to make ad sales more profitable) is your entire business model?
My assumption is that the NSA does too.
This would mean no independent security researcher has ever taken a look at Google Drive's E2EE on Android. Or those that did missed the part where the key is uploaded.
It's possible to decrypt this network traffic and see if the key is sent. It may be obfuscated though.
That's a bit silly seeing as e.g., https://www.npr.org/sections/thetwo-way/2014/03/20/291959446...
Apple's ADP is not E2E for only its backups, it's E2E for _everything_ in iCloud Drive and a few other iCloud services.
Could that be true and at the same time a 'vulnerability' exists that megacorp is party to?
> What concerns me more is that Apple is the only company audibly making a stand.
But still Apple operates in China and Google does not. This is weird to me. Google left China when the government wanted all keys to the citizens data. Apple is making a stand when it's visible and does not threaten their business too much.
Apple is not really in the business of protecting your data, they are just good at marketing and keeping their image.
> Google left China when the government wanted all keys to the citizens data.
Google left China after China started hacking into Google's servers.
> In January, Google said it would no longer cooperate with government censors after hackers based in China stole some of the company’s source code and even broke into the Gmail accounts of Chinese human rights advocates.
https://www.nytimes.com/2010/03/23/technology/23google.html
They were working to reenter the China market on China's terms many years later, when Google employees leaked the effort to the press. Google eventually backed down.
I'd imagine there were multiple factors that went into that business decision. Even if this was portrayed as the final straw.
China feels like an important difference here though. Google leaving China doesn't protect Chinese citizen's data any more than Apple turning off ADP in the UK does. As far as I know, Apple isn't pretending that the data of Chinese users is encrypted from their government, and the way they're complying with the Chinese laws shouldn't impact the security of users outside of China.
Apple pulling ADP from UK users is similar - the UK has passed an ill-considered law that Apple doesn't think it can win a court case over, so they're complying in a way that minimally effects the security of people outside the UK. If, as someone outside the UK, I travel to the UK with ADP turned on, my understanding is it won't disable itself.
Would you have been more satisfied if Apple just pulled out of the UK entirely? Bricked every iPhone ever purchased there? Google doesn't seem to have made any stand for security ever - them pulling out of China feels more to do with it meaning they wouldn't have had access to Chinese users' data, which is what they really want.
> Would you have been more satisfied if Apple just pulled out of the UK entirely? Bricked every iPhone ever purchased there?
The request/law would be rolled back in minutes in that case. They wouldn't dare though. (wouldn't even have to be bricking - just disable services like icloud)
1 reply →
iCloud in China is operated by a local subsidiary. There is a dedicated screen explaining this when you set up an iCloud account in this region.
They adapt to the local rules of each region, much like they’re doing here in the UK.
It’s different. Apple follows Chinese law to operate their services in China, just like Microsoft.
With Google, their services are way broader. Operating a hunk of their search business with a third party Chinese firm just isn’t viable for their services, which are way more complex.
Perhaps Apple has a greater leverage in China due to its outsized manufacturing presence. And it's likely they already dont offer ADP to Chinese citizens.
> Perhaps Apple has a greater leverage in China due to its outsized manufacturing presence.
Perhaps china has greater leverage over apple in this case...
China had been an important area of growth for many companies during the 2010s. Apple bent over backwards to cater to that market. It was discussed in every financial release, and they obviously made tons of concessions for iCloud.
The UK just comparatively isn't that much revenue, and not worth the fallout.
2 replies →
> And it's likely they already dont offer ADP to Chinese citizens.
AFAIK before UK only region with ADP was China.
lol you think Apple has more leverage than China? What world are you living in?
1 reply →
Eh Google had pretty good reasons to not operate in China (not seeing them in this thread, don't recall the details precisely enough to relate here)
Apple is deeply embedded in China (manufacturing) and benefits from a decent (but shrinking) userbase in the country. China isn't asking for the keys to all iphone user data, just data stored in China.
> What concerns me more is that Apple is the only company audibly making a stand.
Dropping the functionality for a particular market hardly equals to making a stand. Sure they haven't added a backdoor that would give all user's data access to UK icloud user's data so in the end UK residents didn't win anything.
And who knows if they simply have an agreement with US gov to have a backdoor only available to them and not the other govs.
For photos, it's probably best to use an open-source (also self-hostable) service like Ente. For files it's best to self-host Nextcloud or similar. And rely on other people's computers as little as possible. Sadly, operating systems are very complex and mostly composed of proprietary blobs nowadays so there is still a risk of it leaking data but people can still do at least something.
> have an Android device beside me that regularly asks me to back my device up to the cloud
But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.
This is about having access to backups that are theoretically encrypted with a key Apple doesn't have?
> We're talking about the largest back door I've ever heard of.
Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on non-US nationals.
Also, remember that WhatsApp is the go-to app for communication in most of the world outside the US. And although it's end-to-end encrypted, it's always nudging you to back up your data to Google or Apple storage. I can't think of a better target for US intelligence to get a glimpse of conversations about their targets in real time, without needing to hack each individual phone. If WhatsApp were a Chinese app, this conversation about E2E and backup restrictions would have happened a long time ago. It's the same on how TikTok algorithm suddenly had a strong influence on steering public opinion and instead of fixing the game we banned the player.
This is different IMO. When you buy Apple you buy an American product and you know the company is beholden to US law. Snowden has made perfectly clear how much they can be trusted. When you buy it anyway it's an informed choice.
Here a country that has no ties with most of apple's customers is just butting in and claiming access to all of them.
So what's next. Are we also giving access to everyone's data to Russia? Iran?
International users that have Advanced Protection enabled would in theory be safe from all of the 3-letter agencies (like safe from those agencies getting the data from Apple...not safe generally).
Realistically we are talking about FISA here, so in theory if the FBI gets a FISA court order to gather "All of the Apple account data" for a non-us person, Apple would either hand over the encrypted data OR just omit that....
Based on the stance Apple is taking here, its reasonable to assume they would do the same in the US (disable the feature if USG asked for a backdoor or attempted to compel them to decrypt)
7 replies →
Agree in principle, though WhatsApp backups are encrypted with a user provided password, so ostensibly inaccessible to Google or whoever you use as backup
1 reply →
> Totally agree. Having this discussion so US centred just makes us miss the forest for the trees. Apart from data owned by US citizens, my impression is that data stored in the US is fair game for three letter agencies, and I really doubt most companies would spend more than five minutes agreeing with law enforcement if asked for full access to their database on ̶n̶o̶n̶-̶U̶S̶ ̶n̶a̶t̶i̶o̶n̶a̶l̶s̶ anyone.
> non US citizens whose data is stored in the US
They don't even care where it's stored...
See: CLOUD Act [1]
[1] https://en.wikipedia.org/wiki/CLOUD_Act
I honestly doubt they even limit themselves to the data of non-US citizens. They have no respect at all for the fourth amendment.
Android data isn't encrypted at rest (or at least not in a way Google doesn't have the key). If the uk gov has a warrant, they can ask Google to provide your Google Drive content. The whole point of this issue is Apple specifically designed ADP so they couldn't do that.
Android backups are encrypted at rest using the lockscreen PIN or passphrase: https://developer.android.com/privacy-and-security/risks/bac...
So not hugely secure for most people if they use 4-6 decimal digits, but possible to make secure if you set a longer passphrase.
I don't know what Google's going to do about this UK business.
edit: Ah it looks like they have a Titan HSM involved as well. Have to take Google's word for it, but an HSM would let you do rate limits and lockouts. If that's in place, it seems all right to me.
1 reply →
Wrong. Google Android user cloud backups are E2EE by default.There is no option to opt out. Use Google's backup service and your data is encrypted at rest, in transit, and on device. aka end-to-end.
It's not just Google saying it. Google Cloud encryption is independently verified
> But is that backup encrypted? If it's not, all they need is <whatever piece of paper a british security official needs, if any> to access your data.
Based on them mentioning the difficulty of opting out, I presume OOP does not use Google's cloud backup.
> Doesn't the US have access to all the data of non US citizens whose data is stored in the US without any oversight?
Er, no...? I'm not sure where you get that idea. Access requires a warrant, and companies are not compelled to build systems which enable them to decrypt all data covered by the warrant.
See, for example, the Las Vegas shooter case, where Apple refused to create an iOS build that would bypass iCloud security.
I asked if your Android backup is encrypted. Implies I'm talking about unencrypted data.
> See, for example, the Las Vegas shooter case
I am not in Las Vegas or anywhere else in the US. So as far as i know all the data about me that is stored in the US is easily accessible without a warrant unless it's encrypted with a key that's not available with the storage.
> companies are not compelled to build systems which enable them to decrypt all data covered by the warrant
Again, not what I was talking about.
I'm merely pointing out that your data is not necessarily encrypted, and that the "rest of the world" was already unprotected vs at least one state. The UK joining in would just add another.
16 replies →
i think people focus on whether backups are encrypted too much. it really doesn't matter when the government has remote access equivalent to your live phone when it's in an unencrypted state, which they almost certainly do.
Also, I wondered if by complying with British law that they may somehow be breaking laws of another country?
Hypothetically, if Apple just provide a back door to the data they have on US Senators for instance, then providing that information may be considered treason by the US.
That's a totally made up example, and I have no idea, but it seems like it's possibly an issue.
Which is all about the issues around data sovereignty I suppose!
That would not be treason, by a long shot.
Treason is the only crime defined in the constitution, and it is quite a high bar.
The king is a strict constitutionalist, who may disagree with you/ Pray he doesn’t.
> Treason is the only crime defined in the constitution, and it is quite a high bar.
Well, it's defined, or bounded above, in the constitution. It's not exactly a high bar:
> Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.
So, if you happened to know Nicolas Maduro, thought he was looking stressed, and bought him some food, that would qualify as treason. There's no requirement that you act against the interests of the United States. The constitution will stop you from being prosecuted for treason for sleeping with Melania Trump. It won't stop you from being prosecuted for treason for completely spurious reasons.
Treason is a very heavy charge and as far as I know it applies more to individuals. Can a company be prosecuted for treason? I guess it depends on the country and I don't know US law well (never even visited there)
But I'm sure local laws conflict heavily between countries yes. I'm often wondering how multinationals manage to navigate this maze. This is why we have such a big legal department I guess :) And the company I work for is a pretty honest one, I've never seen any skullduggery going on with eg privacy or media manipulation. In fact employees are urged to report such things and I have to do a course on responsible behaviour yearly. Probably a result of being purely B2B. But anyway I digress, just wanted to say that getting away with stuff does not seem to be the reason for us having a big legal dept.
But just look at the laws of e.g. the EU and Iran. Pretty diametrically opposed on many topics. There's no way to satisfy them both.
I think what helps to make this happen is that most countries don't try to push their laws outside of their jurisdiction. Which the UK is trying to do here.
> (where you don't even have the right to legal advice, or the right to remain silent)
A lot is posted about LEO's lying in the US, this seems worse.
> One scenario would be somebody in an airport and security officials are searching your device
No Heathrow connection necessary. “The law has extraterritorial powers, meaning UK law enforcement would have been able to access the encrypted iCloud data of Apple customers anywhere in the world, including in the US” [1].
[1] https://www.ft.com/content/bc20274f-f352-457c-8f86-32c6d4df8...
The US claims the same
https://en.wikipedia.org/wiki/CLOUD_Act
Lots of Americans in this thread seem to be talking down to other countries laws while being completely unaware of their own
Spot on, 727 comments, most probably by Americans, and only 2 (including yours) bringing up the CLOUD Act, the much worse US equivalent. Incredible ignorance.
1 reply →
> What concerns me more is that Apple is the only company audibly making a stand.
Meta also said they would make a stand if a similar request comes for WhatsApp. I'm not going to hold my breath though.
They wouldn't even be able to.
WA is end-to-end encrypted.
WhatsApp is closed source. They could backdoor it if they wanted to (or were forced to).
2 replies →
With almost everyones backups stored in plain-text, making it all a little silly.
Think about it for a second: you can re-establish your WA account on a new device using only the SIM card from your old device. SIM cards don't have a storage area for random applications' encryption keys, and even if they did, a SIM card cannot count as "end-to-end" anymore. Same goes for whatever mobile cloud platform those backups might be stored on. And you'd hope Apple or Google aren't happily sending off your cloud decryption keys to any app that wants them. Though maybe they are?
1 reply →
I don't really understand your comment to be honest. Section 3 of the Regulation of Regulatory Powers Act 2000 allows for compelled key disclosure (disclosure of the information sought instead of the key is also possible). Schedule 7 of the Counter-Terrorism Act allows 9 hour detention, questioning and device search at the border. With these powers it isn't necessary to get access to iCloud backups, as you can get the device and/or the data.
I don't think the e2e icloud backup is problematic under existing legislation / before the TCN. While you can't disclose the key because it lives in the secure enclave, you can disclose the information that is requested because you can log into your apple account and retrieve it. IANAL, but I believe this to be sufficient (and refusing would mean jail).
The Investigatory Powers Act allows for technical capability notices, and the TCN in this case says (as far as we know) "allow us a method to be able to get the contents of any iCloud backup that is protected by E2EE for any user worldwide". This means that there is no need to ask the target to disclose information and if implemented as asked, also means that any user worldwide could be a target of the order, even if they'd never been to the UK.
Relevant info:
- https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...
I imagine they want the ability to look at someone's iCloud backups without notifying the owner that they are doing so or they want to do it when the owner is unwilling or unable to provide keys.
For the latter, there are a lot of cases where jail isn't much a threat (e.g. the person is dead or not in the country).
Also given automatic iPhone backup it might contain information they want as part of an investigation that they'd otherwise have to demand key disclosure for (if cloud backup didn't exist)... Absolutely.
The jail time for failure to comply with key disclosure is 2 years unless it is national security, then it is 5. But if you're organised crime and facing who knows what for being a snitch it might be better simply to do the time.
I can see why they want it. I just don't understand why the person I'm replying to said the feature (I think) was problematic. Not really a criticism, I'm just struggling to identify the tone and why 'too right' and 'more problematic than they let on'.
You have no laws when traveling through immigration. Thats true in US too. There was an article (trying to look for it could be arstechnica verge I dont remember where) once where a US citizen journalist was detained at the border for hours while traveling into the US and questioned. You can be in the immigration for hours or even decades until you give out what they demand which can involve your unlocked phone and password. There are no laws protecting you.
> Apple is the only company audibly making a stand
Apples stand is false, they take with one hand and give with the other. There have been many times that Apple have been caught giving user data to governments at their request, lied about it, then later on admitted it once it had leaked from another source.
This whole 'we will never make a backdoor' is a complete whitewash marketing stunt, why do they need to make a backdoor when they are providing any and all metadata to any government on request.
https://www.macrumors.com/2023/12/06/apple-governments-surve...
> There have been many times that Apple have been caught giving user data to governments at their request, lied about it, then later on admitted it once it had leaked from another source.
In other words, Apple complies with legal government orders, as they are required to. The government can compel them with a warrant to hand over data that they have, and can prohibit them from talking about it. That's the whole reason for the push towards end-to-end encryption and for not collecting any data Apple doesn't need to operate the products. This also ties into things like photo landmark identification, where Apple designed it such that they don't get any information about the requests and so they don't have any information that they could be compelled to hand to the government.
I think that’s the whole point of their push to E2E encrypt as much as possible. Saying they can’t unencrypted something worked for a while.
"technical capability notice" under the Investigatory Powers Act (IPA)
Sounds a lot like the godawful "assistance and access" laws that were rushed through in Australia a couple of years ago, right down to the name of the secret instrument sent to the entity who gets forced into to building the intercept capability.
Now that Apple has caved once, I expect to see other providers strongarmed in the same way, as well as the same move tried in other countries.
Remember that the last fiasco was related to 2FA stores being stored unencrypted on google's backup cloud, namely google authenticator.
And yes, it's still pwnable this way, and happens regularly.
Everything in the cloud is not yours anymore, and you should always treat it like that.
What is going on in the UK? How do they stand for this?
Irrespective of political leanings, a lot of British people are saying this. They stand for it because they have to. It's a government that was voted in by a large margin only six months ago. Disquiet, if that's the word, is pretty much universal and I am not sure we've been quite in this position before. Keir Starmer's decline in approval ratings 'marks the most substantial post-election fall for any British prime minister in recent history'.
https://politicalpulse.net/uk-polls/keir-starmer-approval-ra...
By a large margin with their seat count doubling off a 1.6% swing in their favour. The decline in approval ratings should have been entirely predictable to them.
Did Starmer run on this big brother type platform?
This is a law enacted by the previous government.
When “misinformation” or “hate speech” are illegal, and the government decides what those are, you cannot risk complaining
Even more shocking that Germany - my country - leads the leaderboard with over ten times as much requests as the second place.
> One scenario would be somebody in an airport and security officials are searching your device under the Counter Terrorism Act
No, it's much broader than that. The UK is asking for a backdoor to your data and backups in the cloud, not on your device. Why bother with searching physical devices when they can just issue a secret subpoena to any account they want?
It's actually pretty amazing that Apple made ADP possible for the general public. This is the culmination of a major breakthrough in privacy architecture about ten years ago.
Traditionally you had to make a choice between end-to-end encryption and data recoverability. If you went with E2EE, it's only useful if you use a strong password, but if you forget it then Apple can't help you recover your account (no password reset possible). So that was totally unsuitable for precious memories like photos for the average user.
Apple's first attempt to make this feasible was a recovery key that you print out and stuff in a drawer somewhere. But you might lose this. The trusted contact feature is also not totally reliable either, because chances are it's your spouse and they might also lose their device at that same time as you (for example in a house fire).
So while recovery keys and trusted contacts help, the solution that really made the breakthrough for ADP was iCloud Keychain Backup. This thing is low-key so cool and kind of rips up the previous assumptions about E2EE.
iCloud Keychain Backup makes it possible to recover your data with a simple, weak 6 digit passcode that you are virtually guaranteed never to forget, yet you are also protected from brute force attacks on the server. It is specifically designed to work on "adversarial clouds" that are being actively attacked. This is... sort of not supposed to be possible in the traditional thinking. But they added something called hardware security modules to limit the number of guesses an attacker can make before it wipes your key.
And crucially it ensures you don't forget this passcode because it's your device passcode which the OS keeps in sync with the backup key. This is part of the reason your iPhone asks you to enter your passcode now and then even though your biometrics work just fine.
It is a true secret that only you know and can keep in your brain even when your house burns down and nobody (hopefully) can derive from something they can research about you. This didn't really exist for the general populace until smartphones came along. And that ultimately was the breakthrough that allowed for changing the conventional wisdom on E2EE.
iCloud Keychain Backup came out about a decade ago and it has taken this long to gradually test the feasibility of going 100% E2EE without significantly risking customer data loss. The UK is kind of panicking but when people see how well ADP protects their most personal data from breaches, I think they will demand it. It just wasn't practical before.
Your Android and Microsoft backup aren't encrypted. They are already fair game for a warrant.
how much distance between
1) tech monopoly strong enough to stand up to G7 nation state demands
2) tech monopoly strong enough to remove itself from G7 nation state jurisdiction?
edit: s/monopoly/empire, apologies
It's amusing to think of Apple as a "monopoly" (if anything they have a monopsony on TSMC production) but let's just replace that with "giant" for purposes of discussion.
Tech giants typically devolve local operations to small companies to avoid liability - think petroleum suppliers not owning gas stations (because those typically end up as superfund sites). Not sure if this analogy this works for Google Android and all the manufacturers that deploy it for their smartphones too.
So corporations have been doing this forever, trying to find legal loopholes where they can have their cake and eat it too.
[flagged]
Apple is not a monopoly.
> There's no time limit on when you may be searched, so all people who ever travelled through British territory could be searched by officials.
> Let that sink in for a moment. We're talking about the largest back door I've ever heard of.
Codename 'Krasnov' is the largest backdoor I have ever heard of. And, we only need to look at his behavior.
These E2EE from USA can be tainted in so many ways, and FAMAG sits on so much data, that codename 'Krasnov' can abuse such to target whoever he wants in West. Because everyone you know is or has been in ecosystem of Apple, Google, or Microsoft.
Whataboutism! Fair. From my PoV, as European, the UK government is (still) one of the good guys who will protect Europe from adversaries such as those who pwn codename 'Krasnov'. Such protection may come with a huge price.
> We're talking about the largest back door I've ever heard of.
Meh, I don't know. I can still decide to not go the UK and be fine. I think the CLOUD Act is much worse because it's independent from where I am.
This is why, while I applaud what Apple is doing here, they need to allow us to supply our own E2E encryption keys.
That’s literally what the feature they’re removing did.
Not exactly. It generates the keys for you and stores them on device in the Secure Enclave. You cannot "bring your own" encryption key, but the primary benefit of doing so--that Apple does not have access to it--is intentionally accomplished anyway by the implementation.
7 replies →
But if you don't trust Apple, how to you get the key into the Secure Enclave to begin with? Doesn't Apple control the software on your device that provides the interface into the Secure Enclave from outside of it?
Feels like marvel was onto something with captain america and winter soldier.
The real prescient threat in that movie was the predictive AI algorithm that tracked individual behaviors and identified potential threats to the regime. In the movie they had a big airship with guns that would kill them on sight, but a more realistic threat is the AI deciding to feed them individualized propaganda to curtail their behavior. This is the villain's plot in Metal Gear Solid 2, which is another great story.
This got me thinking about MGS2 again and rewatching the colonel's dialogue at the end of the game: https://www.youtube.com/watch?v=eKl6WjfDqYA
> Your persona, experiences, triumphs, and defeats are nothing but byproducts. The real objective was ensuring that we could generate and manipulate them.
It's really brilliant to use a video game to deliver the message of the effectiveness of propaganda. 'Game design' as a concept is just about manipulation and hijacking dopamine responses. I don't think another medium can as effectively demonstrate how systems can manipulate people's behavior.
Life is imitating too many dystopian books, movies, etc these days. I think we need to put an end to all creative works before the timeline becomes irrecoverably destroyed.
I suspect you’re being flippant, but destruction of and restrictions on creative works as an _antidote_ to dystopia is a take I haven’t seen before.
1 reply →
The /s is strong with this one.
Banning art?
What I fund 'amusing' is the swap between Left vs Right.
'Back in the day' it was the "Right" that wanted have total access/total control over everything. So people turned a bit "left". Now the "Left" government is seeking totalitarian-style control ('because paedophiles/drugs/etc.).
As a reminder, both Right and Left extremes went from 'liberal/conservatives' to "we don't need elections ever again - trust me!".
I saw this happening in the US, in Saudi (e.g. Blackberry 'keys'). Now I see it in the UK. So I interpret this in two ways: 1) The "Left is the new Right" (or "Right is the new Left") 2) Left and Right are irrelevant terms when it comes down to "we need to exert control over people/knowledge/data/information/etc. And the 'guise' of Left/Right is just on the fiscal policies. So UK has been playing around with 'snooper charter' but at 'that' time Apple's encryption was not on the table.
Apple (I don't blame them - very much - just a little) does what a company does. Makes money. And they prefer to sell-out the data of their clients and keep their money, than lose that money.
So... yeah.. if your data is in someone else's server, that happens.
>> 'Back in the day' it was the "Right" that wanted have total access/total control over everything.
It was the Clinton administration that pushed for the Clipper chip.
Are you talking about a 'day' before that time?
It's always hilarious to see how far people here are ready to go to twist some bad Apple news into something which might be considered good.
I mean seriously. Apple making a stand? What stand? They are ripping security out of their customers hands. Customers which are already dependent on the company's decision in their locked in environment.
There is absolutely nothing good about it, and you dragging Android into it and making it look like it's even worse is suspicious. You can have full control over your Android device. Something impossible on an Apple phone. You can make your Android device safer than your iPhone.
There is an upside (if you trust them) -- they're pulling a feature rather than adding a back door to it. Supposedly, anyway.
Well, sure it could be worse.
Doesn't make that one good, though.
The government forced them to pull the feature. Would you rather they left a toggle-switch that doesn't actually do anything? Or are you thinking they should just pull out of the EU altogether?
Making a stand would be leaving UK (UK is not in the EU) altogether.
This is almost as bad as building a backdoor. This is leaving your customer in the rain.
Fortunately for Apple, most of them won't even know or realize it.
6 replies →
> What concerns me more is that Apple is the only company audibly making a stand.
They are not making a stand. They roll over without a peep. And this is concerning users' privacy which they say is the core of the company.
Compare it to fighting every government tooth and nail over every single little thing concerning the "we don't know if it's profitable and we don't keep meeting records" AppStore
“ They roll over without a peep.”
What are you talking about? This is literally them doing the opposite, and there are multiple other public instances of them making a stand, not to mention in the design of their systems.
Truly curious how you see this that way.
"Literally doing the opposite" would be keeping encryption on.
Removing encryption for everyone is literally doing the opposite of making a stand
2 replies →
And now imagine for a second that the only thing the UK is doing here is getting the same direct access that the US (NSA) has already had for decades.
> the largest back door I've ever heard of.
Do you know of the clipper chip? https://en.wikipedia.org/wiki/Clipper_chip
From what I recall, we were only spared from it by someone hacking it before it was deployed.