Apple has a very low tolerance for reputional liabilities. They aren't going to roll out something that %0.01 of the time does something bad, because with 100M devices that's something that'll affect 10,000 people, and have huge potential to cause bad PR, damaging the brand and trust.
But also sudo has A LOT of features that 95% of people don't use. Just checkout `man sudo` to get a sense for this. And it includes plugins like the popular visudo plugin. You can see from the release cadence that real improvements continue to be made. Though it is a bit more work to secure a moving target.
you're probably backing up things that change very often you don't care about? Figure out what's taking up space in each backup and use `tmutil excludepath -p <dir>`.
Damn... my only guess: time machine backups are VERY write heavy. Is it a reputable brand of SSD? Is time machine frequently erasing old backups? Many external portable SSDs that work fine for regular consumer uses, might struggle to handle the write volume of time machine backups. I've used 2 external SSDs with time machine and never had them fail. (T7 Samsung SSDs)
Also you'd want the SSDs to be much larger than what you need to backup. If they're small, then time machine will have to erase the older backups to make new backups, which just leads to more rewrites, stressing the SSD more. The ones I used were 4TB, but a clean first backup of my system was only like 250GB (because many things excluded). And then daily incremental backups are like 1-3GB.
If this was happening en-masse, wouldn't this be discovered by the many people reverse engineering WhatsApp? Reverse engineering is hard sophisticated work, but given how popular WhatsApp is plenty of independent security researchers are doing it. I'm quite skeptical Meta could hide some malicious code in WhatsApp that's breaking the E2EE without it being discovered.
I'm technical and work in security. Since it is trivial, please explain. Ideally not using a strawman like "well just run strings and look for uploadPlaintextChatsToServer()".
This was happening en masse, perhaps still does - the cloud backup was unencrypted. Originally it was encrypted. Then, one day, Google stopped counting it towards your storage quota, but it became unencrypted. But even before that, Meta had the encryption keys (and probably still does).
When you get a new phone, all you need is your phone number to retrieve the past chats from backup; nothing else. That proves, regardless of specifics, that Meta can read your chats - they can send it to any new phone.
So it doesn’t really matter that it is E2EE in transit - they just have to wait for the daily backup, and they can read it then.
Well they wouldn't be breaking e2ee, they'd be breaking the implicit promise of e2ee. The chats are still inaccessible to intermediaries, they'd just be stored elsewhere. Like Apple and Microsoft do.
I am not familiar with the state of app RE. But between code obfuscators and the difficulty of distinguishing between 'normal' phone home data and user chats when doing static analysis... I'd say it's not out of the question.
Seems like it wasn't actually spoofed radio signals, but spoofed data collection uploaded to adsbexchange. Still seems unlikely to make the FAA happy, but not as bad. I assume air traffic controllers aren't relying on adsbexchange?
There are non-radar towers that don't have scopes. They may have a traffic display, or maybe not. They might choose to use a public ADS-B aggregator site because it gives them situational awareness, but they don't use it to provide radar services to aircraft. That's my understanding from listening to a lot podcast episodes with air traffic controllers, anyway. I think it's an unofficial, non-FAA approved kind of thing that can make their jobs easier.
> They might choose to use a public ADS-B aggregator site because it gives them situational awareness
I do not understand what the upside is, aside from saving a tiny amount of effort and cost -- they could get the same data with more reliability by just running their own ADS-B receiver, without having a dependency on a third-party.
> they could get the same data with more reliability by just running their own ADS-B receiver, without having a dependency on a third-party.
Setting up an ADS-B receiver is indeed very cheap. Less than 100$. That's what many people, both aviation enthusiasts and ham radio operators, do for fun.
The problem is, do that on an airport? You'll now need permits to install the antenna (needs to be covered in the lightning protection system and even if it's just a passive receiver probably someone needs to sign off on an antenna being added). Fire code means you'll need approval and specialized people to run the cable (you need to drill holes in fire walls). Maybe there's some law or regulation requiring approval or causing a paper trail (e.g. in Germany, all electrical appliances have to be isolation-tested and visually inspected every two years by an electrician). Doing that the proper way is an awful lot of work. And by that point, someone will notice "hey, a Raspberry Pi? An RTL-SDR stick from eBay? No way that is certified to be used in a safety critical environment", killing off the project or requiring a certified device costing orders of magnitude more money.
In contrast, a privately owned laptop, tablet or phone with the Flightaware app? No one will give a shit about it unless someone relies on FA too much, causes an incident and that is found out.
> I'd set it up very near the airport but not on it
The problem is, you need to have a good height for the antenna - "height is might" in radio, particularly above VHF bands. I actually can see this with my own ADS-B receiver - I'm in a valley and precisely can see that effect when plotting received packets.
I get good distance from my ground level antenna, but while I'm in a valley, it's very wide and long. My assumption is that most airports are going to be in fairly flat areas.
The original point was that you become reliant on a public service, probably run by volunteers, for something halfway critical to your operation. Doing it yourself is easy and then you control the reliability, not someone else.
You're just saying things that don't have basis in reality.
It's not something halfway critical to the operation–why would the FAA allow that? ADS-B Exchange is not run by volunteers–it's run by employees of JETNET LLC, an aviation intelligence company. Doing it yourself almost certainly gives you less information–you're not part of a global network of receivers. It almost certainly gives you less reliability–receivers in the big networks typically have a fair amount of overlap which gives redundancy your single receiver doesn't have.
Upside may be just that the equivalent first-party system doesn't exist or performs worse? ATC tower isn't a SCIF, they probably get their real-time news from Twitter like everyone else, too.
Imagine your boss doesn’t like you looking at ADS-B sites because it’s not data from an FAA approved system but as long as you’re discreet and not actually breaking a reg they don’t yell at you. Then they come in and see that you installed an antenna, RTL-SDR, and raspberry pi in the tower.
I love this feature. There's this app, "Remote Buddy", that's lets you specify custom behavior for the various Apple Remote buttons. Since by default only a few of the buttons control anything.
I had this experience too. They beep like this if they're not near an updated iDevice logged into your account.
You'll have the same problem if you do something like: set the AirTag up on an iPad, but then carry around with an Android phone on you or just any phone not logged into your Apple Account. The beeping is the anti-stalking feature since it thinks it's separated from its owner.
There's an inherent conflict between use as a theft tracking device, and use as a stalking device. Both situations are pretty indistinguishable. Apple is prioritizing reducing the AirTag's utility to stalkers.
> Apple is prioritizing reducing the AirTag's utility to stalkers.
No, Apple is prioritizing good publicity. A motivated stalker will just be using another product, which is a net financial negative for Apple. They just don’t want the possibility of the news talking about how someone got assaulted thanks to an Apple device.
That seems a little extreme. Another device won't have the advantage of Apple's "Find My Network". Competitors like Tile have a much smaller network. Or devices that rely on cellular are much larger and don't have a battery that lasts for years. Or even if there is an AirTag alternative that's just as functional, it's less well known and would-be stalkers will have a harder time finding it and using it. So by not supporting the stalking use case Apple is genuinely making it a little harder for stalkers.
But also, I agree that this is about reputational liability more than some higher desire to do good. But IMHO it's also doing some actual good.
Again prioritizing low cardinality event (stalking) instead of high cardinality event (theft) because of "security", making the device mostly pointless, good only to quickly locate some thing at home (assuming battery still holds after the thing being forgotten for years in a closet).
"Again prioritizing low cardinality event (stalking) instead of high cardinality event (theft)"
I don't think you can speak to the relative likelihood of these with any confidence. There are lots of people for whom stalking is a much bigger problem than theft.
There are infinitely better ways to protect your car from being stolen than putting a fucking AirTag in it, and as a bonus you can buy all of them without sounding self-centred and flippant about real threats to other people.
Increasing the friction and difficulty to stalk someone definitely results in less actual stalking. I'm sure some would-be stalker can figure out AirTags but can't figure out or afford the alternatives.
Also, wouldn't
this argument apply to the use of AirTags as anti-theft devices? Since AirTag alternatives exist, just use the alternatives devices for anti-theft that also work for stalking. But some people don't do this and just want to use AirTags for anti-theft purposes. Which sort of illustrates my point. Fewer people do a thing when it's harder. No would care that AirTags aren't good for anti-theft if there were alternatives equally as good.
If increasing friction to do something results in zero change in how many people do the thing, then why does anyone care that AirTags don't work for anti-theft purposes? Wouldn't there be no complaints if there were alternatives that were just as easy/cheap/functional?
They are prioritizing safety both personal and litigious. Apple markets it as a way to find lost things, not stolen things. There are trackers you can buy for tracking stolen things. I'm only familiar with ones designed for cars but I'm sure there are others as well.
It's useful to help locate things both at home and when traveling. But, yes, optimizing for potential theft recovery conflicts with disabling stalking and, however uncommon, the latter got a lot of publicity, so it's something Apple etc. wanted to focus on (especially given that, in most places, theft prevention probably wasn't very effective anyway).
That's a personal preference. I have like 12 AirTags and find them quite useful. The precise indoor tracking functionality is great. Losing/misplacing something happens a lot more to me than theft. Though I do have an airtag I've removed the speaker from, so could be useful in a theft situation.
A train is barreling down the tracks while you stand at a switch. Do nothing and the train will destroy dozens of bicycles. If you pull the switch the train will kill one woman you've never met.
How many people's lives in third world countries were ruined making that train?
And I know, I know, the downvoterinos!
I don't actually care about this issue at all. The observation is: that moral grandstanding of "woman's lives to stolen bicycles" is somewhat amusing when the hardware is built on the backs of underpaid people in the global south. All so people can have little toys of convenience.
It's likely that Apple doesn't care about woman's lives either, for what it's worth. Just the negative PR associated with the problem at hand.
There are ways to use AirTags that are true stalking methods and these aren't currently mitigated by Apple. If anything this is a false sense of security. Nerfing their product seems more like corporate CYA than concern for public safety.
Would love a SMS provider that was simple to use. Have used twilio in the past and every time I come back it, it feels like they've added yet another layer of abstraction to the process.
But I suspect that spam and abuse means that becoming an SMS customer is going to have to be complex. Though just the ability to automate SMS msgs to a few pre-defined and verified numbers would be valuable and negate spam risk.
reply