That would be funny. “Oh, we’ll just get Zach from the NSA to help out.”
I love watching NCIS and laughing at all of the interagency cooperation. Additionally, I love how even NCIS hates the CIA.
2 Likes
and what mechanism do you suggest for them to detect that?
1 Like
The IMEI number. To see yourself, punch in your phones IMEI number here:
I’m using a OnePlus One (that I hate) and it successfully identified it there.
When software is open source, you don’t have to trust anyone because you can review the code directly yourself. Of course, it’s impractical for most of us to do that ourselves. But even then you have the power to choose who to trust. More importantly, you can choose to distrust. You can decide not to take the word of the creators of the software, and instead ask the researchers at your favorite university, or a particular hacker who you like, or any number of other people all over the world. Apple does not allow this, though. They require that we trust them and only them.
It’s straightforward how they could make this happen with Apple software. Give Apple, Inc. an order to distribute particular software to their customers. If they refuse, fine them or seize their assets until they either comply or go out of business.
But it’s not clear how they could make this happen with free software, because free software tends to be created in a decentralized and non-capitalist way. You could order a particular developer to distribute backdoored code, but someone else would likely make a non-backdoored version. Since they’re not selling it and may not even live in the US, the FBI has almost no leverage over them.
Of course there’s still room for bugs, oversights and human error. But in general, free/open source software makes it a lot harder for authorities of any kind to put “features” into software that the users don’t want.
Yes, the problem is that many of us have outsourced our privacy to companies which don’t care about us. But the solution isn’t that complicated: there are already tools built by communities of real people who do care about us, and you can tell because they’re not making money. Let’s use those instead!
2 Likes
Definitely I see it.
Some people expect other people to be responsible for their privacy.
Some people take the responsibility on more personally.
iOS (and Android) are actually running on top of a real time operating system that is not open source in any handset I know of. I don’t believe there is any phone that is open source form top to bottom. Even if you were able to write the entire stack of software yourself (including the compilers you use to write your software with), you are still running on hardware that you have to trust. And you also have to trust the people assembling your hardware. Then you have to trust that when it was shipped from the manufacturer to you, nobody intercepted it and modified it.
All of that is absurd, but my point is you have to trust a lot of people and companies that you likely have no idea who they are. So far, this FBI / Apple episode is telling me that I can probably trust Apple. Their interests and mine seem to be aligned (so far).
Open source software is my preference too, but even individuals are not safe from subpoenas. The problem isn’t outsourcing of privacy to companies, it’s that privacy was outsourced at all! Go ahead and use cloud services, just take responsibility for encryption any place you can (e.g. if you use Dropbox, only sync encrypted blobs).
1 Like
Yes, I know what an IMEI number is. Unless your cell network is going to ban IMEI numbers that they don’t sell or don’t recognize, you still haven’t answered my question. 
If I buy an off the shelf Nexus phone and then put my own OS on it, how do they know?
You’re allowed to bring your own device and cell companies don’t ban foreign phones from their networks.
The answer is that they don’t care that much. Making sure that most phones are accessible by law enforcement is good enough. Nobody realistically thinks there’s a workable 100% solution.
Unless your cell network is going to ban IMEI numbers
They all do this for stolen phones. So, yeah. I think they would. Verizon is especially picky about what devices they allow on their network.
As for determining what OS: if they really, really needed to know (and I don’t think they do), they could use network stack fingerprinting.
Sure but that’s a whole other step and set of works or pings.
This topic was automatically closed after 5 days. New replies are no longer allowed.
