I'm sick of people, so I'm not going to read the inevitable comments that are going to come. Look, face it, some people like taking nude photos of themselves and they like sharing them with their partners. There is absolutely nothing wrong with this. It's not their fault if something like this happens. People should be able to feel secure in the tech that they use, in the companies that they entrust their information with. It's a fuckload of bullshit victim blaming and I see it every time the topic comes up. I'm sick of it.
Amazing how most of the replies of your comment and the other comments too are still victim blaming, not for taking or sharing the nudes but for being so naive to send a phone unwiped. There's no excuse for violating and exposing someone's private life like this, being tech unsavvy (or you know, not being able to wipe a dead phone) is absolutely not an excuse to shift the blame to the victim. We get it you're good, you're smart, you wouldn't have done such a stupid mistake... congrats, but honestly, who cares.
What's really amazing is how the reddit post says very clearly that they were unable to wipe it bc it was broken. The post was deleted but someone posted the text in a comment here.
I had an old phone that failed, I couldn't wipe it, so I pried it open, yanked the battery, and went after it with a hammer.
I have done the same with old or failed hard drives for decades.
The difference being, I didn't want these devices back. I never intended to use them again. This person obviously wanted an unbootable phone fixed, and the repair drones 'had fun with it'. Someone (Google) is going to have to pay damages, and also chase down and take down copies of those photos forever. What a mess.
I had a friend that worked at an independent film/photo processor back in the early 1970s. The walls in the process area were papered with printed nudes. Floor to ceiling. Of course, in the pre-digital era, those elicit copies never saw wide distribution, but they were there.
This feels like a limitation of our ability to have constructive conversations online.
Someone can be less than perfect and that can cause them to be victimized.
We should be able to talk about both aspects of this story, perhaps independently.
Some people want to discuss how the offender should be punished, and other people want to discuss how we can behave to prevent being victimized ourselves.
I don't think it's valid to argue that people discussing how to prevent victimization, are somehow "victim blaming".
There's nothing tonedeaf about exploring how the situation can be avoided in the future.
Obviously, the phone being borked is relevant, but in that case we need to ask what preemptive measures can be taken on a phone that isn't yet borked. It may be that the only answer right now is "don't keep nudes on your phone" then that's unfortunate and should be addressed.
There's a subset of people who get angry at any implication that people have agency they can use to make decisions to make their life less risky in these sorts of contexts. Fine, whatever, they're entitled to their world view.
What boggles the mind is the overlap this group appears to more or less be a subset of people who are up in arms anytime someone doesn't take steps to de-risk their life in any other context (like using an older car seat for your kid or not putting GFCI breakers into everything under the sun).
I am not. For you to interpret helpful advice as blame is some serious mental gymnastics. "If you need to send in your phone, you can do X and Y to protect yourself" does not assign blame to anyone.
> Someday you might be hacked. Is it your fault for using technology at all knowing you can be hacked?
Why are you so obsessed about assigning blame? Do you think everyone should ignore security best practices, since its not their fault if they get hacked?
Go ahead and set your HN password to "password", please. It wouldn't be your fault if you got hacked, so why would you care if I knew your password?
To actually answer your question, no. It would not be my fault if I got hacked. But I don't want to get hacked, so I take reasonable steps to avoid being hacked anyway. I am an adult with the responsibility and agency to take care of myself.
> I don't think it's valid to argue that people discussing how to prevent victimization, are somehow "victim blaming".
Weird also, that talking about preventative measures is only considered "victim blaming" when it comes to certain specific topics. If you say it's a good idea to wear a seat belt or helmet in your car or motorcycle, it's not victim blaming. If you say people ought to lock their doors at night, it's not victim blaming. We tell our kids not to get into strangers' cars--not victim blaming. What is it about this topic that always seems to set off the alarms?
I used to really over-share online, and reading stories like these over the years has helped a great deal to educate me about good online OpSec and privacy best practices. I have data sharing/storage habits to this very day that stem from good advice received from others.
> If you say it's a good idea to wear a seat belt or helmet in your car or motorcycle, it's not victim blaming.
(1) the purpose helmet is to protect you from accidents, not malicious actors. When you get hurt in a car accident, it is rarely because a criminal set out to deliberately hurt you.
(2) if you responded to an article about someone specific getting hurt in a car accident with "well they should have been wearing their seat belt", you probably wouldn’t be called out for victim blaming, but you probably would be called an asshole.
Thank you. There's a big difference between "it's your fault you were murdered because you were unarmed" and "carrying a gun would be one potential mitigation for the future", which I think is too often lost in discussions on social media.
I agree, but I also view it as the failure of Silicon Valley or even Tech industry to cater for majority of its users. The Tech unsavvy as you say. Both in terms of features and policy ( As in what is happening here ).
Thanks for posting this. I get why people do the victim-blaming thing; it lets them feel smart and superior, two feelings I have been known to enjoy.
But it's a fundamentally bad way to approach analyzing safety issues. For those who really want to dig in on the topic, I strongly recommend Dekker's "A Field Guide to Understanding 'Human Error'": https://www.amazon.com/gp/product/B00Q8XCSFI/ref=dbs_a_def_r...
It's nominally about examining airplane crashes. But he breaks down into great detail why the default analytical model is entirely inappropriate in ways that makes real safety improvement impossible. And it's the same set of analytical mistakes you see in a lot of blame-related behavior.
This has entered programming language design. It's not longer "educate the programmer so he doesn't make stupid mistakes", but "design the language so that stupid mistakes are detected by the compiler". Mechanical verification is far more reliable than hoping people don't make mistakes.
Yeah, the "you should wipe your phone!" and "you should never keep sensitive data on your device!" chorus seem to be missing the point entirely:
We can design devices and operating systems to be safe by default in the same way we are now designing programming languages to be safe by default. There's no reason why the data should have been recoverable from a bricked phone without the user's authentication.
We really can have our cake and eat it too - we can have devices that you can freely store nudes on without risking that some rando with a USB cord and physical access can just make off with the data, bricked device or otherwise!
The goal in the D programming language is to allow the programmer to do unsafe things (no way to implement malloc() in safe code!), but it is not by default and isn't going to happen by accident. The programmer will have to positively do something.
It's also done in a way that a programming manager can mechanically verify the absence of such code. Exceptions can be flagged for special review. Often there are safe ways of doing the equivalent.
Yep, and I think we should apply the same principles to consumer technology. You should be free to do unsafe things - but it should not be possible to accidentally do unsafe things.
It should be harder to have your photos be unencrypted on device, accessible via any USB connection, than it is to have them to be entirely inaccessible at rest.
I finally made a HN account, after many years of lurking, to show appreciation for wpietri's comment. Sidney Dekker transformed the way I think about techno-human systems and cybersecurity, and so much more than that. I don't know when I was introduced to his work on safety, but it may have been through this site, and it has changed my life and career for the better. I'm incredibly happy every day to see not only thoughtful comments on HN, but also learn about entirely new viewpoints through which I can grasp the day's events.
It's not just about feeling smart and superior, it also helps them feel invulnerable. People victim-blame smokers who get lung cancer because they don't want to think about the chance they might get it too.
You're not wrong, but you're missing how people become smokers. "Approximately 90 percent of all smokers start before age 18; the average age for a new smoker is 13." [1] A momentary error in childhood judgment (to the extent that isn't an oxymoron) quickly becomes an addition. "Inhaled smoke delivers nicotine to the brain within 20 seconds, which makes it very addictive—comparable to opioids, alcohol and cocaine." [2] Once they're hooked, it's very hard to quit [3], so it's often a life-long addiction. And that's before we even get into all tobacco companies have done to hook people.
So even as a life-long nonsmoker who absolutely hates smoking I think there's a lot of unnecessary victim-blaming for smokers.
Yeah this is yet another reason to want phones to have removable storage (micro sd card). So private photos can go onto the card instead of built-in storage, and you can remove the card if you have to send in the phone.
I don't take nudes but I tend to use my phone as an impromptu photocopier for stuff like bills and receipts, so the photos are full of private info such as account numbers. I worry about that sometimes. For photos that have to be treated with real security (typically the screen of recovery codes when enrolling a 2FA token), I use my old dedicated digital camera which has an SD card, no network connection, and never leaves my bedroom.
I feel like removable SD card is a tech person solution but ... kinda doesn't solve it for a lot of folks.
Most folks are just going to take nudes and not strategize much and expect them to remain private as part of the typical photo taking and sharing workflow.
> I feel like removable SD card is a tech person solution but...
As an older person, I find this observation very interesting.
Today, I would consider people in general to be much more technically knowledgeable compared to people 20+ years ago. And yet, 20 years ago, removable storage was quite common, and probably expected of most devices.
Do not confuse the ability to use a phone or laptop with technical knowledge. People know how to use apps, but all the technical stuff is abstracted away.
I'm pretty technical (As is nearly everyone on HN), and I have no idea where my photos are stored on my Android's file system. I have no idea where the APKs are for all my installed apps, or where their saved data sits.
I was surprised the other day that my photos weren't being stored locally on my iphone, but in the cloud. I finally found a setting that turned that "feature" off. Obviously, it had defaulted to "on".
But if _everything_ is always saved on the card, then you don't need the technical knowledge. Removing the card would leave the phone in a "factory clean" condition.
If everything is on the SD card (as in: it won't work w/o the card inserted), then it will have to come with a card pre-installed. In that case, the average user won't even realize there's a removable card. It's turtles all the way down.
The card could come separately from the phone in the same box. Phone boots up off the OS on internal storage, and the intro wizard says "Now insert your SD card, which is where your personal data will be stored." Done.
But if the phone doesn't come with a card pre-installed, people are going to complain that it doesn't work, or that they didn't know they had to purchase a card.
Unless it comes with a card, but the card is not inserted, so the user has to do it before booting up the phone
> Today, I would consider people in general to be much more technically knowledgeable compared to people 20+ years ago
Very few people know how apps actually store files on a mobile device and as people increasingly use phones / tablets instead of PCs their knowledge of PC file systems reduces. So for many people, copying photos from a phone (or cloud backup) to a computer could be quite a challenge.
Sounds like a design issue, no? If Apple implemented it, they'd call the feature "Secure Liferaft" or something equally silly, but I have no doubt in my mind that they could engineer a proper solution for it. Today's users go out of their way to hide files and folders, so why not give them a chance to do so the right way? The technology is there, all you need is a little marketing pizzazz and a 30 second ad spot with Billie Eilish in the background.
The majority of young people I know (in Brazil) doesn't know the concept of "file". So adding/keeping files in SD Cards is a task that requires some explanation.
I'm young-ish, but my general observation has been that my peers forget it was our grandparents and great grandparents that invented computers in the first place.
Admittedly, the technological world is nearly impossible to avoid exposure to these days, where it was entirely optional (or downright prohibitive) to be involved with in the past.
So in general, thank you older people for creating them, I have a lot of fun with them.
> I feel like removable SD card is a tech person solution but ... kinda doesn't solve it for a lot of folks.
What's so tech about removing a physical piece that has data? It's an action pretty much everyone can understand intuitively - "this is where your pictures are, if you remove it they stay yours".
But even I struggled at times to get those pictures then onto a given pc.
I know what a filesystem and a driver is, so I can make it work, if something is missing. A layperson usually cannot.
Partly on purpose, one might say. They are supposed to stay in their walled gardens, where you transfer everything over the approved cloud way and can be thankful, if their data is accepted in another garden.
The technical problem is that you would need files to be encrypted in case the phone gets stolen. Security mechanism like a pin obviously don't help if someone can just pull the card with the interesting data. Still, even the "worst" users are able to understand the concept.
No. We do NOT need fucking removable storage to fix this.
What we need, to fix this, is to enforce felony charges against the kind of fuckers who do this, and put them in prison for 20 years, and stop victim-blaming, and stop the insane medieval attitudes about nudity, and slap every single fucking person who espouses this kind of bullshit upside the head, daily, every single day, until society is finally purged of their bullshit, and we don't need anything. fucking. else.
This isn't a product design issue. It's a punish evil people issue.
In some places, people lose their lives if they do something bad. Yet, people still do bad things. I guess taking someone's life isn't enough of a punishment?
Laws discourage certain behaviours. It doesn't stop them.
Regarding victim blaming, obviously this person isn't to blame, but it seems that even suggestions to be cautious are seen as "victim blaming".
When you tell a kid to look to both sides when crossing the road even if it's green, you're not blaming them for a possible accident. It's just that sometimes people ignore traffic lights. And when you tell someone not to give their pin or send a device with sensitive content for repair, you're not blaming them. You're just telling them to be careful because sometimes stuff like this happens.
I get your anger here, but pure punitive measures won't solve this. This is easy to prove in that it hasn't solved any other sort of crime.
One, the correlation between "do a crime" and "do the time" is quite low. Look at the stats for sexual assault (0.25%), robbery (0.2%), and assault and battery (0.3%): https://www.rainn.org/statistics/criminal-justice-system
Even for murder, the US's clearance rate is only about half.
But even if the correlation were somehow perfect, it still wouldn't eliminate it. People just have a hard time believing in the consequences of actions until they experience them. I couldn't count the number of times I've gone through the "ooh fire pretty" -> " ow fire hot" loop in various ways.
So this is thing where we need defense in depth. We need solutions in criminal law and civil law and provider regulation and product design and user education and culture shifting. Each one of those will be fallible, but each one will bring the rate down. With enough work we can at least make the bad outcomes rare.
We don't punish out of some fantasy that it will "solve" crime. At least I hope we don't. I'm under no such delusions, I promise.
We punish in order to hopefully deter, in at least some cases, though. And sometimes, we punish because it's simply the right thing to do, because people deserve it. This is such a case. They busted into these phones; that was bad enough. Then they searched for the most personal and compromising stuff they could; that's crime #2. Then they posted it! That's three crimes. This sort of brazenness needs to be punished, at least occasionally, to show people and future offenders that we still have at least some semblance of a functioning justice system. That they can't just do whatever the heck they want and laugh about how it might affect people.
You were the one who said, "We do NOT need fucking removable storage to fix this," before going on to glory in punishment. If you now admit that punishment isn't enough, then presumably you now agree that we should do things beyond punishment to fix this.
Nobody said that. I certainly didn't mean or say that.
We do need the right Americans in prison, though. I can easily find tens of thousands of folks who need to be released. These fuckers, though, need to be incarcerated. Otherwise, why do we even have prisons?
How about make it so that the "hidden" photos on a phone require a security code/biometric to access? I've always been shocked that this isn't the case with iOS (don't know Android), it seems so obvious and simple.
It's proprietary but that's exactly what Samsung's "Secure Folder" is. Apps, contacts, files, photos ... That can't be listed or accessed without a secondary auth, protected by knox. I don't know about non samsung android phones.
It's fairly simple to use, and if you sometime give your phone to other people / kids / etc ... It quickly becomes absolutely necessary.
Need to remember to use the "secure folder" camera though, if you merely take the pic THEN move to secure folder, while it's super quick and easy it's usually too late as google photos, dropbox, whatever else will already have duped it.
> How about make it so that the "hidden" photos on a phone require a security code/biometric to access?
Pixel with the latest Android should have that ("Move to Locked Folder" [1]), though as with all security things it is annoying to use in a lot of ways. Doesn't work for SMS images or Whatsapp (Signal is much nicer on this front, but images on Signal get lost if a phone is bricked - the account backup/transfer method sucks a bit).
I have a bunch of old USB sticks, HDDs, phones, tablets, etc in my garage because I can't wipe them, but I can't possibly remember what data was stored on them over the years. Micro SD cards are great because they're teeny tiny.
Nothing nefarious. I'm just not very trusting with my data, and not going to just hand it over like that.
Modern Android versions are encrypted by default. Though given weak/no passwords by default I believe it only helps if you remember to factory reset first.
And if it's damaged a reset or wipe may be impossible for the end user.
I hear you, and agree wholeheartedly that there is "absolutely nothing wrong with this", but maybe if the topic keeps coming up, people should have less trust in the companies (and their respective flawed human supply chains) that keep our information.... and act accordingly. Unfortunately that's easier said than done these days.
Sure, but you probably wouldn’t ever hear someone say “maybe you should have had less trust” if Google employees snooped on your Drive account to steal financial records or something like that to use against you. Why do we tend to treat people like they’re asking for it when their nudes get compromised?
But you would. People here preach that every single day.
If you had highly sensitive info of a non-sexual nature on Google Drive that was going to have a massive negative impact on your life if it got leaked, half of this site would still be saying "that's awful, but you can't trust Google" if that happened.
> you probably wouldn’t ever hear someone say “maybe you should have had less trust”
No you would hear the exact same thing. My sensitive data on the cloud is all encrypted. Have you ever seen anyone suggesting to do backup on any cloud platform in any other way than encrypted? That's because the data is sensitive and you can't trust whoever store it for you.
> Why do we tend to treat people like they’re asking for it when their nudes get compromised?
We do that over anything that is sensitive. It's just that nowadays, people no longer consider much of their things sensitive... except nudity.
I agree entirely that we should be able to trust companies and I agree completely that the biggest issue is on them, but the thing is, we will never be able to trust them fully, there's just too much to handle. I'm not saying not to push the responsibility on them, for sure we need to do that or it's gonna be even worse, but we also need to remind people to consider their data security and how they handle it. Both are essentials if we want to lower the number of instance of theses happenings.
I'm curious, if I upload nude picture on my Google Drive and with the password "potato", and then my picture were published by someone that guessed my password. Wouldn't you suggest a stronger password? Still a victim, but still good to suggest ways to avoid it in the future.
Why do we tend to treat people like they’re asking for it when their nudes get compromised?
Because nudity is akin to sex and sexual ways, which are taboo in many societies. Upstanding citizens do not have nudes, in general. Especially women or nudes hinting at same-sex romance.
It isn't right, but it is.
Edit: I'm not saying I agree with this. But it doesn't take much to see folks putting others down for nudity. YMMV depending on where you live in the US. There is a reason most politicians (in the US) wouldn't get caught with nudes and I'm guessing that in some areas of the world, it would be even more detrimental to your life. It is the same line of thinking that punishes women for being "sluts" but are OK with men having a series of one night stands.
What's great about this is you don't need evidence. People just need to believe it. People at large have a large number of vices they do in private, but the moment our private lives are made public it is very common for others to point the finger and say how dare they do that, even when said person does the same thing.
I remember hearing a court case where a small video rental shop was accused of renting vulgar content by someone claiming that the community standards didn’t allow pornography. This was in an area that is predominantly religious. So it hinged on whether it was true or not that people viewed such material in private. The defense was able to find both rental and internet traffic data for the region demonstrating viewing porn was basically the norm for a large percentage of the community. The court found for the video store, but IIRC the legal costs still destroyed the business.
I don't think the parent was asserting that this is true, just that this is the general public sentiment in many societies (which I'd agree with, unfortunately).
Neither your very strict, seemingly religious-based and ethically dubious idea of an "upstanding citizen", nor anyone else's, should ever justify someone's reputation being irreparably compromised by a professional phone repair person / google employee on the job.
Anyway, your comment doesn't seem to have much purpose but to weirdly say "this isn't right, but it actually is right."
I'm not saying I agree with it, but it is an observation. I'm pro nudity, and think it should be normalized. And I'm atheist. And live in Norway, where nudity isn't as big of a deal. I lived the first 30 years of my life in the midwest US, though, in small to medium towns.
But come on, I'm sure you can find examples of folks putting down others for it. It isn't common for politicians to have nudes, at least not in the states. Melania trump had her nudes used against her (put as degrading her character): Janet Jackson had people outraged over a nipple. Facebook doesn't allow nipples. Heck, even further back, I remember folks in high school shaming a singing group (TLC?) for having nudes printed in another country (the cover wasn't even showing breasts as hands covered them).
I don't trust Apple to not snoop on my iPhone and macbook, share the data with law-enforcement, and maybe use it to sell ads. I do trust them to not log in to my bank and transfer all my money to Tim Cook.
How do you "act accordingly" when you want to partake in sharing digital private documents with your wife? In order to follow that advice, you'd have to stop using smart phones entirely, and that's not really feasible today.
Sure, it's lurid in this case because it was nudes, but this could have just as easily been identity theft or something more mundane but equally wrong for Google to access.
No, this is what we have laws for. What Google did is wrong and if the person responsible cannot be criminally prosecuted, we should seek legislative changes to enable prosecution in cases like this in the future. This is not merely a matter of individuals trusting Google too much. The individuals don't have much choice; that's where the law can step in.
Say I have a bedside table that needs repairs. I send it to a carpenter. If I am fool enough to leave my nude photos in the drawer then I should fully expect the carpenter to have seen them. I'm the fool, he's innocent.
If, however, he takes those photos and sends them to a tabloid, now he's the asshole.
Maybe stay with the carpenter and observe him so you can make sure the pictures are secure?
Might seem weird, but if you explain to the person doing the work that you have sensitive data on the device they'd probably understand the precautions.
Of course it's not necessarily easy. But you might as well make the request. If you are in that situation and you're concerned about sensitive data being leaked, then it is an option.
Some people no doubt engage in victim blaming, but I don't think that's what's generally going on here. For instance, I don't think anyone would disagree that the individuals that made those photos public should be prosecuted to the fullest extent of the law.
The world contains bad actors, and we should be having conversations about what are the reasonable steps people should take to protect themselves. The fact that this happened, and that it could easily happen again, suggests that we should take additional care with sensitive data on our phones. Maybe an app for encrypting sensitive photos and that requires a password to access?
Yes, people should feel safe in their tech. People should also feel safe in their homes, but most everyone still have locks, and many people additional layers of security.
There's a difference between victim blaming and protecting oneself against the world. The sad reality is that systems in society don't always work the way they're supposed to, whether that be companies being egregiously unprofessional when working on user's devices, or police showing up to an armed burglary long after the events have transpired and lives were harmed/lost.
People should be able to feel secure in the tech that they use, in the companies that they entrust their information with.
I can never tell whether I'm paranoid, or worried for good reasons, but cases like these + mass leaks which happen occasionally are basically the reason why I don't have this secure feeling at all for anything which isn't on an offline device which is in my hands or device-side encypted then put online (but to a lesser extent). And I'm afraid nothing is ever going to be able to fix that feeling anymore, it just seems to late for that, and I feel like people who do feel secure lost touch with reality somewhat.
I still get that feeling for the most part with open source self-hosted stuff and devices running as open as possible software. Could someone hack my up-to-date linux server behind my VPN? Yeah. But it feels a lot less likely than any other device. If it's not an open source OS with a good track record, I feel like every key stroke, swipe, or picture is spied on.
On devices I trust less, like my android phone, I feel better than default (but not perfectly comfortable) about open source encryption software and the stuff stored there.
Well said, A basic consumer shouldn't be expected to be aware of OPSEC for repairing a broken phone(which in this case seems to be the reason for not wiping data as well).
This also brings an important aspect of repairability, I've been paying for extended warranty and discount on battery replacement for years to an android manufacturer and when the time arrived(during lockdown) they wanted my device sent to the repair-center as there was no policy to send the parts to the consumer's place.
Although I don't believe for a moment that Apple is pro-repair now, I hope them sending parts directly to the consumer would be followed by android manufacturers as well.
Comments like that ruin threads for me too, but pre-empting them as you have just draws attention to the sewage, so I don't think it helps.
Unless I missed something, I believe that you currently have the only top-level comment to mention victim blaming. There's one other, but it's dead, which means the HN "immune system" (as dang calls it) worked.
That's not always an option -- my last android phone died with a reboot loop. It was several years old so I opted to discard and replace it (after opening it up and snapping the main circuit board in half), but if it was newer and I wanted warranty service, I'd have no choice but to send it in for repair, unwiped. In theory, device encryption would protect my data unless the service center has some way around it.
> That's not always an option -- my last android phone died with a reboot loop.
You're not wrong, but for future reference, there is a way to stop such a reboot loop; I did it just yesterday with my wife's phone. (Of course, it was a Pixel, so it might not be on every phone.) You do it by holding power and down volume until it says "Command not found", then you hold power and volume up until you get a menu. One of the items should be "Power off". Another one is "Factory reset" or something like it.
Once my wife's phone was off, I left it off for a couple of hours to let it cool. Then I booted it again, and all was well.
I spent days going through every blog post I could find for tips on how to fix it, including booting to recovery mode -- it would reboot as I scrolled through the recovery menu and even when I got as far as trying to do the factory reset, it would reboot before it even started the reset. I let it reboot itself until it ran out of battery and waited a day after that to let it completely drain. Even tried putting it in the freezer.
Don't take digital photos that you don't want the world to see.
I don't like seeing "don't victim blame" taken as gospel. Blame isn't a simple binary thing. Every time a company is hacked we don't line up to defend their shoddy security practices even though they are a victim.
This is a dangerous argument. There’s been a lot of public statements from the big tech firms about how data on phones is encrypted and that the devices are safe.
Resorting to “do not do X if you don’t want Y to happen” is a cop out and demonstrates a fundamental failure of technology doing what it says on the box.
I've said in another comment that I am extremely interested to know the outcome of this since I am a Pixel owner. It is concerning but right now it's unverified.
This is a really bleak way to look at digital devices and their role in the world. Should you only write things you want the world to read on a computer, and for everything else, just use pen and paper?
Hackernews is full of people with the skill and position to actually influence what decisions the tech world makes.
It's much less forgivable for engineers and managers that work at Google, Apple, Facebook, Microsoft, etc to be cynical and say "yeah Tech is evil what can you do" compared to the average person, and this site is full of people who are in those positions.
Yes. Anything you write into your computer has the potential to be shared. The same way anything you write and send in the mail has the potential to be shared.
And yet, if GMail published email exchanges of a protected nature between someone and their lawyer, would you just throw up your hands and say, alas, digital communication is cursed?
Some digital activity should be considered private, and violating that privacy should have legal and social consequences.
I agree completely that you should be able to take nude photos of yourself, but I still wouldn't use a phone to do it -- my phone's pictures get backed up to the cloud automatically, and even if they didn't, the phone provider is probably the least likely risk that I face. I am probably more at risk from some rogue app that I installed on my phone.
When I have done this in the past, we did it the old fashioned way -- took the pics with a non-connected digital camera, printed the ones we liked, then kept the rest on an encrypted USB drive. Even this has the risk of leaking your photos to the cloud if your computer is set up for cloud backup.
Probably got too close to "victim blaming" for the crowd here.
Being able to trust your hardware/software is important, but also knowing why you can't (for now, maybe not ever) trust your hardware is also important - maybe more important.
> Look, face it, some people like taking nude photos of themselves and they like sharing them with their partners. There is absolutely nothing wrong with this.
It doesn't have to be "wrong" for it to be stupid, and trusting your private life to a device you literally do not own is. This isn't victim blaming, this is recognizing the fallacious logic that most people have when approaching this subject. Call it tech illiteracy if you want to be nice, but I'll just call it "dumb".
I imagine a lot of people sharing nude photos don't especially mind if they become public (I personally don't, I've had many partners who don't fear this). So they aren't "dumb" for taking a risk they are comfortable with. Nor are they dumb to expect the criminals to pay if they do become a victim. Both things can be true without anyone needing to be "dumb" as you seem so desperate to assume.
It's definitely the fault of some individual related to the service. BUT, you must be pretty stupid to send a device away that contains sensitive information.
And unfortunately, a lot of people in society don't expect this type of intrusion by a company they trust. But they should. And I don't think you can blame Google for any of this.
It is relevant because there's a massive deficit in basic infosec among the populations of the world. Why keep blaming big corporations when we need to get smarter ourselves?
Once you start throwing around terms like "basic infosec", I think you need to recognize that the vast majority of people in the world won't even know what that term means. And shouldn't have to. It's up to us (the more technically-minded people) to protect them by helping to drive change, both in legislation, and technical measures to make it so people don't need to trust these big corporations. That's our failure, though I certainly recognize that this is a difficult thing to do.
Of course the fault lies with the person who posted the images online. That person also violated state and federal laws. There is no doubt about that.
However, most people wouldn't knowingly leave nude images of their spouse on the car's back seat when getting the car serviced. In many ways this is similar.
Edit: For people who think I'm blaming the victim, I am not. I thought that was clear, since I blamed the thief/poster of the photos! This is in many ways similar to leaving photos in a car. That is not to say that the person with the phone is at fault, but that this also happens in many other cases. If this happened to me (which it has), I'd do something else instead of sending my phone for repair by an unknown person.
I don't know how broken the phone was, but it's possible for a phone to be so damaged that you can't wipe it's contents prior to sending it in for service.
I love car analogies (who doesn't), I think this is more like your car being on fire and asking a firefighter to put it out, while hoping they won't find and share any documents they find in the back seat.
Indeed, when my Pixel 1 abruptly failed it would not turn on at all. Not merely briefly, not a boot loop, it was truly a brick and there was no way to alter what was on it. I thought it was unfortunate that it happened a mere few months past the end of warranty, but at least that way I didn't send it back to Google. Instead, a local school got it for the students to disassemble in a technology course.
Now, I don't store nudes on my phone. That said, it was recently suggested to me, here on HN, to use a scanner app in lieu of a flatbed scanner for all my scanning needs (primarily documents around tax time). Not so sure that's a good idea versus this.
So what do you do when your car is on fire but there's also nude photos in the back seat? Asking genuinely, don't know what would be the best thing to do...
> The post said the phone wouldn't turn on, so how were they supposed to clean it up before sending it out?
I think you are asking the wrong question. It's more useful to ask how to initially safeguard the pictures instead of how to remove them after something broke. If the pictures were encrypted, then it doesn't matter who has possession of the phone.
