Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Your entire argument amounts to: Trust Apple and nobody else. What makes you think that's a good idea?

> We're not talking about a dumb mower that is not storing any of your personal information.

Exactly. That's why it's even more important that we be able to repair it ourselves.

> Apple has the absolute right to protect it in order to protect your data, even in the ways that prevents you from repairing your yourself.

There are no absolute rights. There are laws. I trust myself more than Apple and I don't think there's much you can say to convince me otherwise.

> If you want to repair, take it to Apple or if there's no store, mail it in.

Nope. I'd rather not, thanks! That's why we're going to get this law passed.



> Your entire argument amounts to: Trust Apple and nobody else. What makes you think that's a good idea?

I don't trust anyone, but I only want Apple to hold the keys, not all random repair stores. It is a FAR worse idea to force Apple to provide security bypasses.

If security bypasses can be provided securely as LONG as you authorize it on the spot, then heck yes, force Apple to do this. But if they cannot, then nope, they shouldn't be forced.

> Exactly. That's why it's even more important that we be able to repair it ourselves.

I don't think we're disagreeing here, I'm totally on your side that we should be able to repair everything ourselves but I cannot agree with forcing companies to provide security bypasses in a manner that may be done without your knowledge.

> There are no absolute rights. There are laws. I trust myself more than Apple and I don't think there's much you can say to convince me otherwise.

You are correct, I phrased it wrong since there is a clear technical definition of what absolute right means.

I didn't say you shouldn't have the right to repair everything yourself. I'm totally on this but I disagree again on the security components, you should be able to replace it as long as it can be securely does and with information that only you know. Forcing Apple to provide this to repair shops without explicit controls over it, is a bad idea.

> Nope. I'd rather not, thanks! That's why we're going to get this law passed.

I've edited my post after that.


> I don't trust anyone, but I only want Apple to hold the keys, not all random repair stores. It is a FAR worse idea to force Apple to provide security bypasses.

Each customer should hold a personalized key to his own hardware. Then the customer can decide whom he trusts, and give the key to whomever he wants (Apple, some other repair store, do it himself, ...)

The problem is that as long as somebody else holds the key to something you bought, you didn't buy it, you leased it. Or borrowed it. Somebody else can still control it to a greater degree than you yourself. And that somebody now has a monopoly he can use to force thing onto you. Like set prices for repair.

That shouldn't happen.


That's okay as well, the problem is, how do you do this correctly? You cannot store it in the cloud because that's a bad idea. Where else?

If you give someone a key to the device, how does the device itself enforce a time-limited key, especially if the crypto-based components are about to be replaced?


> Trust Apple and nobody else.

That's a straw man, you've already trusted Apple. The argument is 'trust no one else' which seems like a good idea.


This. If you dont want apple device, compile aosp from head, or use cyanogenmod or something.


Just because I bought one of their devices doesn't mean that I trust them to be the sole owner of the keys to it.

I want to own those keys. I actually don't want to trust anybody but myself if I can help it.


Among other things, you are missing a point. There are mainstream users, and there are tech savy users. You can repair your device, but a regular user who doesn't know about how electronics work is likely to send their device to a repair center with lowest cost.

Which means hackers could advertise cheap repairs, in exchange for placing malware hardware/software on user device.

I like to see the hardware opensource, as it is immensely valuable, but apple does have a point.


I tend to trust the people that have the most financial incentive to protect my data.


This. Why is it so difficult to understand? We shouldn't trust Apple, Google, Microsoft (...) because they're inherently good. We should trust them because screwing up for them is much more financially risky than keeping up with their security promises. That of course can not include Government interventions, which the companies cannot always reject. Regarding this, I trust Apple more than its competitors, based on recent history. What's the incentive for mom&pop iPhone repair store to keep your phone safe? If your phone is in their control and someone from the FBI shows up commandeering them to modify something on it - they got the tools, so they're legally obliged to do it - what's their weight in opposing such an order?


Trusting apple or other big guys are already hard. The reason is all these companies are bound by law. They get subpoenad all the time.

A more secure etc way could be if they made it impossible for themselves to read your data.


Apple at least has done as much as possible: https://www.youtube.com/watch?v=BLGFriOKz6U

tl;dw the process includes a blender.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: