Good job ifixit! This should be a cause for outrage. Pretending to support the right to repair while also softwarelocking repairs is not just two faced, but actively harming the consumers.
this post was submitted on 20 Sep 2023
529 points (98.7% liked)
Technology
34806 readers
233 users here now
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
founded 5 years ago
MODERATORS
all 46 comments
sorted by:
hot
top
controversial
new
old
Place Pikachu surprised face meme here for me, please. Apple simps, unite.
EDIT: They always do.
[removed by mod]
While I personally wouldn’t repair my own iPhone. If I need it done I would want to go to an Apple Store anyway. This makes selling on your phone for other people to fix and use and sell on and use again virtually impossible, which would’ve been more sustainable than just binning the phone.
It’s especially shitty since they also announced net zero plans. It’s all smoke and mirrors.
[deleted]
You know, as both an Apple fanboy and a repair advocate I was disgusted by their over affirmation of being carbon neutral like it’s a badge to be proud of when people KNOW they are just not friendly to repairing your shit easily.
I’m heavily locked into their ecosystem but they are starting to push their luck with me trying to push this bullshit.
My partner and I left the apple ecosystem about a year ago. We got new phones and gave our old watches, airtags, and airpods to friends and family that wanted them. It felt like it was going to be too much to give up, but honestly it's been great.
There's so much more freedom in every facet of the phone. Apple likes to give an option, a rich people option, and occasionally a truly professional tier. Leaving Apple behind, I have wireless earbuds I love that have an 8hr lifespan out of the dock. They were fifty dollars and they sound easily better than airpods. It felt like it would be expensive to leave, but the alternatives once you leave the ecosystem tend to be cheaper pound for pound.
Ever wondered why the cable breaks so easily? It’s because they use crappy materials. Oh, and it’s also ecological or something, which obviously has no impact on profit margins, right.
seems to make apple's support of easily removable batteries a bit less rosy.
Mfs out here want to install their bootleg faceid in my phone at their sketchy self repair place so they can sell my data and break its security. Let’s not pretend ifixit isn’t the exact same rent seeking that apple is, they just want to be the middle man
You know what's funny? It's not the independent repair shops stealing your data, it's the "official" ones. https://www.theverge.com/2021/6/7/22522560/apple-repair-multimillion-iphone-nude-photos-privacy-settlement-pegatron
Those "bootleg" screens often are genuine, but Apple makes features not work unless paired. You can literally swap the screens of two fresh out of the box iPhones and they won't work. Swap them back, they work fine. Don't defend their practices, and don't believe the lies about repair they've been feeding you for years.
often are genuine, but Apple makes features not work unless paired
Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc
don’t believe
Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used
Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit
Anything to defend the people who make your favorite magic rectangle amirite
No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software
You cannot and that's ok. The problem here is people have different levels of risk acceptance and that's ok. If I was a government or corporate leader I would probably prefer buying direct from apple, but most end consumers, especially those who want to do these repairs should have the choice to accept that risk on a device that they own. The manufacturer shouldn't decide who I trust. The owner should.
people have different levels of risk acceptance and that’s ok
Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.
Noone is saying it should be outlawed. What they are saying is that in order for a device to be considered highly repairable to an end user this type of check should be able to be turned off or not included.
requires all devices to have the same vulnerability at the interface
Tell me you don't know shit about tech without telling me you don't know shit about tech.
But, my god, Steve jobs would laugh at how easy his marketing techniques made dumb people feel smart.
You can have both though. Just add some random menu in the settings that turns bright red when using a non-certified component so security can be easily verified, but don't needlessly lock people out and charge $500 to fix a $10-50 module on a $1000 phone
Edit: Adding on to this, Ifixit isn't outlawing verification, the above example of whatever red warning is a clear way they could keep it.
How the hell do you expect a screen to keylog you? This is a stupid argument. Even if the screen did know when the onscreen keyboard was visible how tf do you expect the logged data to go anywhere? Are you seriously worried that aftermarket iphone screens are including hidden LTE modems (and thus paying for illegitimate service) just to potentially log your keys? Do you realize how difficult and ridiculous this would be?
I bet someone could make that actually happen, but if they could do that they’d probably just find or buy a software vulnerability to attack you with.
As always, there is an XKCD for this.
Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn't going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you're doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.
Do you have any evidence that there's a pervasive effort from third party repair to mine your privacy for profit? I'd love to see it.
Also, fine, let's assume they have no way of knowing it's genuine. Why don't they release the tool to pair the OEM screens publicly? It'd only work on the real ones, and they have such a tool, so if it's actually about security, there's no reason not to.
[removed by mod]
So then you’ll let me change the locks on your front door to one I choose?
If a lock is broken, then you might call a locksmith to fix or replace it. This is something that happens frequently and isn't as absurd as you make it out to be.
I’m not saying it has to be absurd, but no one is acknowledging that the security risks are real, and requiring a lesser standard of security is a cost of legislating this stuff, which it is the editorial stance of ifixit to support
The security risks aren't real. They are simply trying to scare off people like you who will repeat nonsense over and over again.
Ok, so I can come change your locks then
No, you can't, because that isn't a good analogy. Those two situations are not at all the same, but I'll humor you.
The analogy you're making is like saying only the company who makes doors is allowed to change the lock on your door, and they're allowed to just stop offering the lock-changing service whenever they want. They also conveniently put a mechanism in so that whenever a third-party locksmith comes, your door falls apart. Your only option is to buy a new door, doorknob, frame, and hinge because your lock is worn out.
That's a bad comparison because I wouldn't let a random Internet stranger fix my phone either, but I would allow an actual locksmith to change my locks.
If you swap the faceid, you still need to unlock the phone with your passcode to re-enroll faceid.
I guess that’d be more like you changing the outside doorknob.
[removed by mod]
It absolutely could, if the processor trusts that the data coming from the faceid sensor is accurate, the faceid sensor can simply lie. You’re removing a layer of defense, which necessarily impacts security
What’s the faceid sensor going to do, brute force a damn cryptographic collision with the cyphertext of your faceid?!
If you have even the first fucking clue, even in the broadest of strokes, I’d really be interested in hearing about how this would actually work.
I think he think the face id just says "yeah, that's right, unlock" and the phone unlocks. So if you put in a custom one that always says "yeah unlock" it will just always unlock. As if the person putting in the thing couldn't see the data on your storage anyway
Never owned an apple device, so I might be drastically off base here.
Is face id actually its own unit, including authentication storage?
If I were designing the iPhone, I'd just use a camera that relays the data to the CPU, and authentication happens there. If it operates like this, a more accurate comparison is I'd let a third party reputable locksmith change my locks, but I'll set the key pins myself after.