I think that already with the first iPhone Apple spokesmen said "we built the feature in because we thought we would regret not doing it".
It is not just «remov[ing]», it is also planting. (You should remember the case of remotely installing free music albums - which woke up a number of people about "they can plant files on my phone?!".)
Isn't that all Android phones with the Google Services or Play Store installed?
You can remotely wipe them, install or uninstall applications from a browser logged into your Google Account and Google has already deleted apps from users phone since at least over a decade ago [1].
All major mobile operating systems (Android, iOS) and some desktop operating systems (macOS) have the ability to remotely kill a binary through communication with the mothership. Most other desktop computers run antivirus (Windows Defender, McAfee, etc.) which very much allow the same thing.
This feature was built to kill malware and viruses. Not even all malware in case of mobile devices, only the particularly bad malware that a "this app is infected with a virus" popup isn't enough for to get rid of.
It's not exactly a novel technique either. Most game cracks for Windows are part of one malware database or another, which is why every crack comes with instructions to disable your antivirus software for that particular binary. At some point only the actually infected cracks were being flagged, and in some cases the cracks employ malware-like mechanisms to redirect control flow, but many of these programs will be flagged by AV databases simply for being cracks.
Most of the topics where people complain about these types of remote uninstalls are based on pirated games from sketchy sources. It's hard to say if there's actually a virus at play in those situations, but based on the symptoms described ("all APKs I install are marked as viruses") I would think there is some kind of malicious APK modification process going on in a few of these cases.
> You do not own your phone, or your PC if others can control
You are forgetting the car. With internal microphones cameras, locators and wireless connections to distribute collected data, a "spying system" is installed in your own property (which some do not really consider "property" anymore), and it is more difficult to remove it compared to mobile computers.
They can also come with an embedded kill-switch (planned apparently so that rented vehicles can be disabled if the service is unpaid): so you may be driving a vehicle with a subsystem intended to remotely stop it from working, planned to be outside the control of the driver.
Software, features and data - which could change outside the control of the owner - are a further step.
This is not "ownership". (Further to the privacy and security issues.)
If you rent a vehicle, then by definition, you are not the owner though?
EDIT: I also note that there was another topic on HN not too long ago about car manufacturers being accused of not doing enough about theft (apparently "smart" locks are easy enough to bypass). So a "locate my car/laptop if stolen" feature is a trade-off against privacy and other risks. Personally I think the choice should be with the device owner in the end, but obviously, a remote tracking feature that a thief can easily disable is not much use for end-users who do want the feature.
> If you rent a vehicle, then by definition, you are not the owner though?
No, you misunderstood the point: the "kill-switch" feature was implemented in case the car is for rental, but the result is that bought cars also contain it. So you would be driving something with an embedded kill-switch - because the manufacturer saw it would be useful under some cases, so it just installed it as part of the bundle.
For that matter - as you also point out -, it can also come useful in case the car is stolen. Unfortunately, it also represents a security issue, pretty clearly: it is there, accessible by those who can gain access to it... So,
> the choice should be with the device owner in the end
And apparently it is not. How would you remove that module, if you want to?
I am personally very much in the "owner has the right to disable all remote/telemetry features" camp, even to the extent that I wouldn't mind the EU imposing regulations on this (which I can almost guarantee will produce another HN discussion on how the EU is anti-tech and anti-innovation).
Are there any documented cases of kill-switch misuse though? If it's actually happening, then that's a stronger argument to me than a hypothetical one.
I'm pretty sure most laptops have something like this too, though on some models you may be able to disable this in the BIOS?
EU in general advocates for monitoring, not against it. If you think GDPR is an example of anti-monitoring regulation, read it carefully - there are exceptions for monitoring, practically every clause says "unless required to track by law" and "doesn't apply to the state".
> Your eCall system is only activated if your vehicle is involved in a serious accident. The rest of the time the system remains inactive. This means that when you are simply driving your vehicle, no tracking (registering your car's position or monitoring your driving) or transmission of data takes place
the problem is, implementation is left to manufacturers, so it has to be verified whether each eCall card actually, really «remains inactive».
Indeed. And there is no option to disable the behavior - so the user has lost control over their own vehicle.
It's similar to how PSD2 demanded specific payment flows and thus Google Pay was born - yeah they could have implemented it in a more privacy-friendly way (like Apple did), but they didn't - and EU demands the flows, so card-like payments without an online backend are no longer possible with your phone. Thanks EU!
Actually, the directive specifies that the eCall must be implemented so that it cannot be disabled by the user but can be disabled by the manufacturer.
> specific payment flows ... online backend
Similarly, europe's demand that the feature of internet services are provided for all payment channels seems to be one of the reasons why channels that did not use NFC - simpler ones - have disappeared. Forcing the model "money can be taken from you without your actful, explicit consent", through radio-enabled cards. The european union has destroyed a good amount of civilization.
My physical card doesn't need to be connected to a backend. My bank had an app that was able to work like a card - I could be offline and still use it. They had to cancel that app because of PSD2.
Destruction of a good amount of civilization indeed! Now Google gets my payment data, I have to be online to pay with my phone, and I have to tolerate Google spyware on my phone instead of using a clean AOSP without any Google apps/services like I used to.
Thanks EU, you're keeping my data safely in Google's hands!!!
> car manufacturers being accused of not doing enough about theft (apparently "smart" locks are easy enough to bypass)
That is a different point, and it reinforces the main one.
You must have noticed that car manufacturers have implemented car remotes that broadcast keys continuously. They are everywhere now.
If this is the awareness and focus that manufacturers adopt when planning a product, how concerned should you be with the rest of the involved "sensitive issues"?!
> until they totally control your device and block whatever they want
We don’t know for sure that they would do that.
We know they would like to, i.e.: that there are people that would like to use a precedent of CSAM scanning for their purposes and who count that the general public would not resist much.
Perhaps that lack of resistance is part of the issue.
> Essentially exactly why Apple didn't add CSAM scanning to the iPhone.
They don't need to. iCloud uploads plaintext content hashes of all files even when e2ee is turned on. They know all of the users that have certain files, even if each and every one of those users is using the opt-in e2ee of iCloud.
Normal iCloud allows Apple to scan everything serverside, natch. This is 99%+ of all iCloud users today.
> They don't need to. iCloud uploads plaintext content hashes of all files even when e2ee is turned on.
However, regular hashes (SHA256 et al.) are too strict, and these hashes are mostly useless for this use case. The don't take variance in account what CSAM did. CSAM would have detected the image with different resolutions or slight modifications.
And your Mac sends all the hashes as well, whether they are in iCloud or not.
In Italy, we are pending systemic changes in work, education and health, while the government forgetful of all this is bending over backwards accommodate football clubs in finding a solution for illegal streaming of soccer matches
https://www.dday.it/redazione/46954/esclusivo-come-funzioner...
LaLiga are some of the most egregious group for privacy concerns, it was a few years ago their own app would record your position and the audio around to ensure you were watching at a licensed bar for example [1].
It's rich that they would be so concerned with other apps purposes.
A while back, LaLiga got fined for using their app to listen to microphones and catch bars that were illegally streaming football matches [1]. Apparently they continue on their crusade against freedom on how you use your devices.
Javier Tebas should really look into making the league worth paying for rather than egregiously invading people's privacy. It's been on a downhill for 7 or 8 years now with comical VAR decisions, incompetent refs, incredibly tight FFP rules that ended up crippling the whole league and turning it into a free for all for rich EPL teams.
In my city they tried a bus/taxi service where you could book a ride and the bus will adapt its route based on the demand. Well, it failed and they killed it without telling anybody.
One day I needed a ride and I couldn't find the app on my device. It was quite unsettling to observe that somebody could remove software from a device that I own.
I recently found some empty spots on a home screen that I'm sure used to be full. I have no idea what apps or widgets I had there, so I can probably do without, and I'm happy to have more space now for other stuff on that screen.
I guess this is what blissful ignorance feels like.
I don't know if you are using android, but a common issue with it is when the developer changes some sort of app id. If you had a shortcut to your main screen, it will just disappear.
In the meanwhile, in Spain you ought to change your internet provider to watch LaLiga and pay for other football competitions you might not be interested in. As a result, many people prefer to watch LaLiga illegally.
Which is the article of the código penal which says something like “those who watch an internet streaming without paying money to somebody will be punished with fine or prison”?
In the article he says it's theft, but it's really just a monopoly violation. We should replace the words "theft" and "piracy" in this context with "monopoly violation". That would be a lot more honest.
There’s no such article. Downloading internet files for non commercial use, watching streaming videos is not illegal under any circumstances and implying otherwise is creating a misleading situation
Football became popular because anybody with a TV set could watch the millionaires struggling in stadia funded with public taxes in a streaming funded with public taxes
Now that they have a market of addicted followers, they’ve moved to a closed streaming system and they’re fighting against their former customers
As a casual football fan I find it hard to stream some matches. I don't want to pay for another streaming service that I know I'm not going to use, but more and more of the matches aren't streamed on live tv...
I wouldn't mind if these attempts at total monopolistic control ended up demoting football to the status of a normal sport again, instead of a global religion.
I also feel that it is unfair that each LaLiga footballer does not have his private Boening 747, like Neymar. We need to do something with those pesky pirate apps to make sure footballers earn more money, as their torment of poverty is unacceptable. Maybe United Nations should step out to fight this clear violation of human rights?
65 comments
[ 4.9 ms ] story [ 349 ms ] threadWhen are people going to wake up and stop accepting this totalitarianism?!
That’s unacceptable
when would this feature have started in Android (versions etc.), which are the most important events showing what they can do or not, etc.
It is not just «remov[ing]», it is also planting. (You should remember the case of remotely installing free music albums - which woke up a number of people about "they can plant files on my phone?!".)
You can remotely wipe them, install or uninstall applications from a browser logged into your Google Account and Google has already deleted apps from users phone since at least over a decade ago [1].
[1] https://android-developers.googleblog.com/2010/06/exercising...
This feature was built to kill malware and viruses. Not even all malware in case of mobile devices, only the particularly bad malware that a "this app is infected with a virus" popup isn't enough for to get rid of.
It's not exactly a novel technique either. Most game cracks for Windows are part of one malware database or another, which is why every crack comes with instructions to disable your antivirus software for that particular binary. At some point only the actually infected cracks were being flagged, and in some cases the cracks employ malware-like mechanisms to redirect control flow, but many of these programs will be flagged by AV databases simply for being cracks.
Most of the topics where people complain about these types of remote uninstalls are based on pirated games from sketchy sources. It's hard to say if there's actually a virus at play in those situations, but based on the symptoms described ("all APKs I install are marked as viruses") I would think there is some kind of malicious APK modification process going on in a few of these cases.
https://support.mozilla.org/en-US/kb/add-ons-cause-issues-ar...
There needs to be a law against this.
You are forgetting the car. With internal microphones cameras, locators and wireless connections to distribute collected data, a "spying system" is installed in your own property (which some do not really consider "property" anymore), and it is more difficult to remove it compared to mobile computers.
They can also come with an embedded kill-switch (planned apparently so that rented vehicles can be disabled if the service is unpaid): so you may be driving a vehicle with a subsystem intended to remotely stop it from working, planned to be outside the control of the driver.
Software, features and data - which could change outside the control of the owner - are a further step.
This is not "ownership". (Further to the privacy and security issues.)
EDIT: I also note that there was another topic on HN not too long ago about car manufacturers being accused of not doing enough about theft (apparently "smart" locks are easy enough to bypass). So a "locate my car/laptop if stolen" feature is a trade-off against privacy and other risks. Personally I think the choice should be with the device owner in the end, but obviously, a remote tracking feature that a thief can easily disable is not much use for end-users who do want the feature.
No, you misunderstood the point: the "kill-switch" feature was implemented in case the car is for rental, but the result is that bought cars also contain it. So you would be driving something with an embedded kill-switch - because the manufacturer saw it would be useful under some cases, so it just installed it as part of the bundle.
For that matter - as you also point out -, it can also come useful in case the car is stolen. Unfortunately, it also represents a security issue, pretty clearly: it is there, accessible by those who can gain access to it... So,
> the choice should be with the device owner in the end
And apparently it is not. How would you remove that module, if you want to?
Are there any documented cases of kill-switch misuse though? If it's actually happening, then that's a stronger argument to me than a hypothetical one.
I'm pretty sure most laptops have something like this too, though on some models you may be able to disable this in the BIOS?
EU in general advocates for monitoring, not against it. If you think GDPR is an example of anti-monitoring regulation, read it carefully - there are exceptions for monitoring, practically every clause says "unless required to track by law" and "doesn't apply to the state".
> Your eCall system is only activated if your vehicle is involved in a serious accident. The rest of the time the system remains inactive. This means that when you are simply driving your vehicle, no tracking (registering your car's position or monitoring your driving) or transmission of data takes place
the problem is, implementation is left to manufacturers, so it has to be verified whether each eCall card actually, really «remains inactive».
It's similar to how PSD2 demanded specific payment flows and thus Google Pay was born - yeah they could have implemented it in a more privacy-friendly way (like Apple did), but they didn't - and EU demands the flows, so card-like payments without an online backend are no longer possible with your phone. Thanks EU!
Actually, the directive specifies that the eCall must be implemented so that it cannot be disabled by the user but can be disabled by the manufacturer.
> specific payment flows ... online backend
Similarly, europe's demand that the feature of internet services are provided for all payment channels seems to be one of the reasons why channels that did not use NFC - simpler ones - have disappeared. Forcing the model "money can be taken from you without your actful, explicit consent", through radio-enabled cards. The european union has destroyed a good amount of civilization.
Destruction of a good amount of civilization indeed! Now Google gets my payment data, I have to be online to pay with my phone, and I have to tolerate Google spyware on my phone instead of using a clean AOSP without any Google apps/services like I used to.
Thanks EU, you're keeping my data safely in Google's hands!!!
That is a different point, and it reinforces the main one.
You must have noticed that car manufacturers have implemented car remotes that broadcast keys continuously. They are everywhere now.
If this is the awareness and focus that manufacturers adopt when planning a product, how concerned should you be with the rest of the involved "sensitive issues"?!
- Internet-connected cars fail privacy and security tests conducted by Mozilla https://news.ycombinator.com/item?id=37404413
- ‘Modern cars are a privacy nightmare,’ the worst Mozilla’s seen https://news.ycombinator.com/item?id=37401563
- It’s Official: Cars Are the Worst Category We Have Ever Reviewed for Privacy https://news.ycombinator.com/item?id=37401563
They start with something everyone agrees on like protecting children until they totally control your device and block whatever they want.
We don’t know for sure that they would do that.
We know they would like to, i.e.: that there are people that would like to use a precedent of CSAM scanning for their purposes and who count that the general public would not resist much.
Perhaps that lack of resistance is part of the issue.
No, they very much did that and were caught:
https://www.theguardian.com/football/2019/jun/12/la-liga-fin...
I'm pretty sure everyone would agree this is over the line.
If they get the chance to do it, they'll do it. 100%. Guaranteed.
They don't need to. iCloud uploads plaintext content hashes of all files even when e2ee is turned on. They know all of the users that have certain files, even if each and every one of those users is using the opt-in e2ee of iCloud.
Normal iCloud allows Apple to scan everything serverside, natch. This is 99%+ of all iCloud users today.
Do you have a source for that claim? This is interesting.
However, regular hashes (SHA256 et al.) are too strict, and these hashes are mostly useless for this use case. The don't take variance in account what CSAM did. CSAM would have detected the image with different resolutions or slight modifications.
And your Mac sends all the hashes as well, whether they are in iCloud or not.
Could you elaborate? I didn't know Macs send local file hashes to Apple even if you don't use iCloud.
Gatekeeper sends all hashes of the opened executables/files.
https://lapcatsoftware.com/articles/catalina-executables.htm...
Also, the anti-virus sends, like Windows Defender et. all. They all do it to expand the storage of known files.
> macOS includes built-in antivirus technology called XProtect for the signature-based detection and removal of malware
https://support.apple.com/guide/security/protecting-against-...
Winnie the Pooh memes are shared verbatim.
Make one and share it and Apple knows who received it and when, and then who received it from them later, all with e2ee turned on and no iMessage.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
In Italy, we are pending systemic changes in work, education and health, while the government forgetful of all this is bending over backwards accommodate football clubs in finding a solution for illegal streaming of soccer matches https://www.dday.it/redazione/46954/esclusivo-come-funzioner...
1) https://www.welivesecurity.com/2018/06/12/spains-la-liga-app...
[1]: https://www.theguardian.com/football/2019/jun/12/la-liga-fin...
This! Then it can be done for privacy apps, then it can be done for whatever. It always begins with "child protection".
But you have to work on it. "Think of the footballers's millions" is not as convincing as "Think of the children".
1. We really need this to fight child porn, but we promise it will never be used for anything else.
2. If it can be done for child porn, it can also be done for this other thing.
3. ...?
One day I needed a ride and I couldn't find the app on my device. It was quite unsettling to observe that somebody could remove software from a device that I own.
I guess this is what blissful ignorance feels like.
If it’s not written down as illegal, it’s legal
Now that they have a market of addicted followers, they’ve moved to a closed streaming system and they’re fighting against their former customers
Come on now. Football stadia were already full before the tv was even invented, and not all stadia were built with public money.
Is it now just another exploitative market? Yes. But let's not throw away the working-man's sport with the monopolistic-capitalist bathwater.