• moomoomoo309@programming.dev
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    1
    ·
    edit-2
    1 year ago

    You know what’s funny? It’s not the independent repair shops stealing your data, it’s the “official” ones. https://www.theverge.com/2021/6/7/22522560/apple-repair-multimillion-iphone-nude-photos-privacy-settlement-pegatron

    Those “bootleg” screens often are genuine, but Apple makes features not work unless paired. You can literally swap the screens of two fresh out of the box iPhones and they won’t work. Swap them back, they work fine. Don’t defend their practices, and don’t believe the lies about repair they’ve been feeding you for years.

    • kitonthenet@kbin.social
      link
      fedilink
      arrow-up
      4
      arrow-down
      47
      ·
      edit-2
      1 year ago

      often are genuine, but Apple makes features not work unless paired

      Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc

      don’t believe

      Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used

      Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit

        • kitonthenet@kbin.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          23
          ·
          1 year ago

          No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software

          • greyhathero@lemmy.world
            link
            fedilink
            arrow-up
            15
            ·
            1 year ago

            You cannot and that’s ok. The problem here is people have different levels of risk acceptance and that’s ok. If I was a government or corporate leader I would probably prefer buying direct from apple, but most end consumers, especially those who want to do these repairs should have the choice to accept that risk on a device that they own. The manufacturer shouldn’t decide who I trust. The owner should.

            • kitonthenet@kbin.social
              link
              fedilink
              arrow-up
              1
              arrow-down
              15
              ·
              1 year ago

              people have different levels of risk acceptance and that’s ok

              Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.

              • ink@r.nf
                link
                fedilink
                English
                arrow-up
                8
                ·
                1 year ago

                requires all devices to have the same vulnerability at the interface

                Tell me you don’t know shit about tech without telling me you don’t know shit about tech.

                But, my god, Steve jobs would laugh at how easy his marketing techniques made dumb people feel smart.

              • greyhathero@lemmy.world
                link
                fedilink
                arrow-up
                8
                ·
                1 year ago

                Noone is saying it should be outlawed. What they are saying is that in order for a device to be considered highly repairable to an end user this type of check should be able to be turned off or not included.

              • Zangoose@lemmy.one
                link
                fedilink
                arrow-up
                4
                arrow-down
                1
                ·
                edit-2
                1 year ago

                You can have both though. Just add some random menu in the settings that turns bright red when using a non-certified component so security can be easily verified, but don’t needlessly lock people out and charge $500 to fix a $10-50 module on a $1000 phone

                Edit: Adding on to this, Ifixit isn’t outlawing verification, the above example of whatever red warning is a clear way they could keep it.

      • CalcProgrammer1@lemmy.ml
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        How the hell do you expect a screen to keylog you? This is a stupid argument. Even if the screen did know when the onscreen keyboard was visible how tf do you expect the logged data to go anywhere? Are you seriously worried that aftermarket iphone screens are including hidden LTE modems (and thus paying for illegitimate service) just to potentially log your keys? Do you realize how difficult and ridiculous this would be?

        • NightAuthor@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I bet someone could make that actually happen, but if they could do that they’d probably just find or buy a software vulnerability to attack you with.

      • DarthYoshiBoy@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        As always, there is an XKCD for this.

        https://xkcd.com/538/

        Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn’t going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you’re doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.

      • moomoomoo309@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Do you have any evidence that there’s a pervasive effort from third party repair to mine your privacy for profit? I’d love to see it.

        Also, fine, let’s assume they have no way of knowing it’s genuine. Why don’t they release the tool to pair the OEM screens publicly? It’d only work on the real ones, and they have such a tool, so if it’s actually about security, there’s no reason not to.