Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't need to verify everything yourself. You can verify any small part and rely on the community to verify the rest. Or pay someone to verify. However, for all that you need verifiability, which Apple lacks.


> You can verify any small part and rely on the community to verify the rest. Or pay someone to verify.

The only difference in this is who you trust. Be it Apple, the community or someone you pay, you're still trusting that someone else's interests align with yours and they did things correctly.

In other words, this is not a technical problem. It's a problem that needs to be solved through regulation, because 99% of the people can't verify by themselves that their devices are actually private and secure.


> The only difference in this is who you trust.

Not really. There is a huge difference between trusting a single for-profit entity (who provides backdoor to iCloud in China) or huge number of independent people (each would like to get famous/rich for finding bugs).


Yes, because the "huge number of independent people" have never missed any serious bugs or backdoor, and they also verify every piece of equipment you use.


Nothing is ever perfectly secure. It's a question of whom you should trust for a lesser damage.


Apple spends a hell of a lot more time and money verifying that my iPhone is secure than say… the developers of any number of the mobile Linux ports.

Plus the hardware is nice and actually works.

I agree with what you say in principle but here I am using an iPhone to type this while it’s been nearly 2 years since I ordered my Librem 5.

Making decent mobile devices that are more secure than an iPhone is not an easy thing.


> Apple spends a hell of a lot more time and money verifying that my iPhone is secure than say… the developers of any number of the mobile Linux ports.

Secure against entities they don't like. But intentionally insecure against entities they do like.


I wondered whether this was sarcasm at first. Yes, making iCloud backups encrypted is not an easy thing I guess.


My comment was directed at the people who would say “don’t use apple” as if Android or any number of FOSS phone alternatives with 5 people maintaining them are more secure than IOS.


Yes - and for most people trusting Apple is still a better option, because the ‘community’ option is literally just wishful thinking at this point.


Linux kernel AFAIK has less security issues than Apple. Qubes even less. Not sure what the reason for your insult is.


No insult. You actually don’t know that the Linux kernel has less security issues than Apple’s kernel.

But the kernel is only a tiny fraction of the system. There simply is no Linux system that even attempts to solve the problems Apple solves. There could be, but there isn’t - this is what we mean by the term ‘wishful thinking’.


> You actually don’t know that the Linux kernel has less security issues than Apple’s kernel.

You are speaking as if you know the opposite. Any links?


That just shifts who controls the monopoly on verification. Not trusting anyone isn't a reasonable goal. Open verifiability allows you to choose which entities to put trust in and how much trust you can afford to eliminate by doing things yourself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: