Yeah, apps are bad, but what concerns me (well, scares me to my bones, actually) is the prospect of malware below the app level. The operating system, drivers, and hardware are all ripe for abuse at an unimaginable scale. The "baseband" blob in particular seems like a holy grail of invasive surveillance. And, theoretically, there's a huge opportunity for the manufacturer of the PCB and every chip on it, to add what is logically a blob - a region of the chip that is mostly dormant, but reacts to some signal and come's alive. And we cannot verify that these features don't exist because they are too small!
I mean, if I was China I'd be actively pursuing inserting this kind of trojan horse in everything. Yeah, you'd only get to use it once at scale, but that's all it would take. And you'd probably get away with targeted use for a long time before anyone discovered it.
This, that is, national security, is the best reason to pass "right to repair" laws, and build out replacement hardware and software options that are verifiably open. Heck, if I was with NSA I'd be pushing hard to fund that kind of work with NSA money.
AFAIK very few PCB- or chip-level electronics are made in the USA. And this kind of insertion would best be done at the last possible moment, at the factory. So if you don't have the physical factories, you don't get this opportunity. No doubt the NSA (or any national intelligence agency) would want this, but you can't have it unless you have the physical fabs.
So, being practical engineers, if I was the NSA I'd make deals with telecom's to 'assist' with writing the baseband. But the irony is that the device manufacturer could easily disable this backdoor in favor of their own. Oops! :)
> But the irony is that the device manufacturer could easily disable this backdoor in favor of their own.
I'm not sure it works that way. Perhaps the NSA could force certain US companies to specifically design and install backdoors, and require these backdoors to be always active. (One of my possibly ungrounded/paranoid fears is that they do this with Intel ME).
The balance of likelihood is they do on both Intel and AMD management engines as that's what any competent agency should do in this age. To my mind, there's no other real reason for the explosion of interest in ARM chips on server. ARM design is sufficiently well understood and simple that usable chips can be designed and fabbed away from the control of US companies even if it provides poor performance trade offs.
When I was a little boy, I heard a myth about argument between the US and Japan, The US said, we can remotely bomb any place that has a Television, and Japan replied, we can remotely bomb any place that has a Transistor Radio.
I totally believed that back then.
But is it really bad? Generally countries don't go to war over spying.
If the US or China or anyone really can listen in to mobile networks I'm fine with that. State secrets shouldn't be discussed over an open phone line anyway.
I was sort of hoping someone here would tell me I'm being paranoid, or that there is a way to externally verify a chip with ~10nm features...or that there is some other reason why the nation that is the world's 3D printer won't do this.
So while the location of basically everyone with a smartphone is continuously uploaded to private companies, you say we should worry about what China/NSA might do in the future...
Nothing to see here, move along, oh, look, a shiny enemy there...
Yes, exactly this. Advertising in all forms is explicitly attempting to co-opt your decision making capacity. My company wound it's way to being an ad-tech company (started as saas) before we sold and it just felt totally icky.
I've been advocating for heavy regulation of the advertising industry, not just online but everywhere, for the last few years. Not just industry and entertainment but the entire political system and journalism have been co-opted by advertising and sales practices.
The only rebuttal I ever hear is, well, how are your favorite websites going to stay up if they can't be free? Will you pay for them all?
And the funny thing is, the websites I use fall into three categories:
1. Free, and super cheap to host, unlikely to be affected by loss of advertising revenue at all (e.g., my hobby blog)
2. Free, and I can live without them easily, because the entire commercialization scheme is inherently destructive to a positive experience(youtube; facebook)
3. Free, but have other commercialization schemes underway or provider their owners with some other sort of value, and would very likely remain viable in their current or similar format without advertising (Penny Arcade; SMBC Comics; Stratechery-ish; H-N; RP online)
4. Non-free (Netflix, medical journals; various patreon-based fora/discord channels/etc.)
1 & 4 are the primary sources of value for me. 2 could disappear overnight and I would barely notice. 3 would either adapt to survive, or die, and the total loss of value to me would be non-zero, but small.
So by all means. Kill off the ads. Don't give me any bs about the value of the free internet. It's worth what I paid for it.
I agree with your first part, but the second part isn't true if it were prohibited to do targeted advertising for everyone.
It's an arms race, you only earn less without targeting when your competitors are targeting. When all advertising is equally poorly targeted, everyone's getting their fair share of the available advertising dollars.
The book Dragnet Nation, from ~5 yrs ag, did a great job (then) on this subject. That along with Chaos Monkeys help escalate my fear and paranoia. Anyone I engage on the subject? They're oblivious.
Much of the public's understanding of cell phone tracking has centered around the cell provider, the telephone network, and big players like Facebook and Google. They're missing a big piece. The NYT is shedding light on this missing piece.
This article puts the spotlight on yet another group of companies and another tracking mechanism. These companies are small, virtually unknown to the public, and they're providing SDKs which others are building real and useful mobile apps upon. One example given was an otherwise legitimate weather app which pulls your location to provide local weather data. You grant the app access to your location information because it has a reason to have it, and it does something useful with the data.
The article introduces the public to what you probably already knew. Those SDKs can (and do) ingest that same location data for their own purposes. In the article, they find that the SDK provides your fine location data to a location services company (Cuebiq) for a total of twenty times over the course of an eight minute walk. Most users have no idea this is going on behind the scenes. They just see the weather app.
The article isn't attempting to dismiss other forms of tracking. It is trying to better introduce a new form of tracking that most people poorly understand, if at all.
Since the article title is baity, we changed it in accordance with the HN guidelines (https://news.ycombinator.com/newsguidelines.html). If anyone suggests a better title, we can change it again.
I think the article's original title should stand. While some people might consider it "baity", I would describe "Smartphones Are Spies" as an accurate description of reality and the content of the article.
The article is making an a public accusation: a lot of spying is happening, and they are naming some of the (in their opinion) responsible parties. Changing that to a title that only indicates the general subject of the discussion ("location data marketplace") obscures the article's thesis: "Your smartphone is probably sending your precise location to companies right now." (which is just a more detailed way of saying "smartphones are spies")
[regardless, it's your house, use whatever titles you want]
As I said, I'm happy to change it to something better if anyone suggests it, but "Smartphones are spies" is obviously sensational and this thread is already filling up with low-quality comments.
The definition of a better title on HN, btw, is: more accurate and neutral, and preferably using representative language from the article.
Sensational words like "spies" in titles trigger poorer-quality discussion. Taking those out is routine HN moderation. When we change a title for that reason, we always try to replace it with representative language from the article itself.
"Deflecting blame" doesn't enter into it (what does that even mean in this case?) and the answer to your cheap shot about YC is zero, as far as I know.
HN is a leading place for discussing privacy and surveillance; it has been for years; this article is obviously on topic here. We just want to avoid shitty internet threads. This one is already filling with "fuck you", "data rapers", and other pearls.
At least in this case they mention that explicitly at the end of the article:
"Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections."
This article isn't being flagged. This and related topics are perennially popular on HN. Some comments have been flagged, correctly, because they break the site guidelines.
Would you please stop it with the trollish comments now? You've already posted five to this thread. That's over the top.
I mean, if I was China I'd be actively pursuing inserting this kind of trojan horse in everything. Yeah, you'd only get to use it once at scale, but that's all it would take. And you'd probably get away with targeted use for a long time before anyone discovered it.
This, that is, national security, is the best reason to pass "right to repair" laws, and build out replacement hardware and software options that are verifiably open. Heck, if I was with NSA I'd be pushing hard to fund that kind of work with NSA money.