Viewing a single comment thread. View all comments

blastermaster555 t1_j26c6ai wrote

So if someone steals your phone, unlocks it, then downloads data that lets them steal your identity, that's alright?

Stolen phones get bricked is good if everyone does it - then phone thefts go down because word on the street is, it's not worth it.

4

FeralCJ7 t1_j26duhz wrote

I was a cop for 14 years and just got out. I absolutely remember iphones getting stolen constantly when they were fairly new; gradually the thefts have tapered off due to being able to be tracked so easily by the owners and locked remotely.

I agree with you that allowing software to unlock these devices would just increase thefts.

4

Guffawker t1_j26f7j6 wrote

No one is saying that....you're making a gross assumption on how things like that work. We are talking about manufacturer password/admin use to "reset" the phone, not "unlock" it. No one is saying the data should be widely accessible, but that's a SEPARATE thing. You can make the device function again without allowing access to the user data.

That's the whole point. We shouldn't sell devices that become bricks just because of theft (and in a lot of cases we don't, users just don't have that access). Having a way to reset the phone into working order is NOT the same as allowing unauthorized access into the phone. I'm advocating the former. Not the later. Stolen phones getting bricked does nothing, because people will still steal your phone, because it's always a user opt in feature, and users won't always use it. People will steal your phone in the hopes it's unlocked, because it's a small, incredibly easy device to lift, check, and bin if not the case. Even then, people will still steal them in hopes that they will be able to do something with it.

No amount of anti-theft measured are going to prevent someone from stealing a phone. You can lift 100 of um off people and if 1 person doesn't have a password, those 100 you stole don't matter. These measures just mean they get thrown in landfills instead of used. Shit, it might even REDUCE theft in the end, because if you can steal 1 and be able to make a buck off of it, you don't have to risk stealing 100. Phone theft works on the same "operation" as email scams. Doesn't matter how secure 99% of them are, you are looking for the 1% that isn't.

Again, no one should have access to your data. Full stop. Don't invent bs to my argument because you don't understand it. But you should be able to reset a phone into working order. That's the whole point. Your data is still safe, the theft already happened, the bricked device didn't prevent it, so instead of artificially keeping your stock off the second hand market and ending up in landfills, let's make them actually usable.

−1

blastermaster555 t1_j26jaou wrote

Every theft is a chance to get caught.

I understand the separation, but the way the post was worded, it sounded like advocating for being able to unlock locked devices, which means getting access to user data.

Before the device locking (device tied to account, requires unlock), phone theft was more profitable, because tossing the sim card and resetting it was trivial. Now that we have stolen phone databases (carriers refuse phone on the network when stolen), device sign in requirements (phone serial attached to account and required to unlock), and on device encryption, now we have a different problem.

From what I understand via RtR, the problem is not this, but being able to connect replacement parts that are serialized for security reasons. It is a security risk to have a bugged part paired such as a touchscreen or print reader that can easily have an extra chip used to steal customer info. The problem that it clashes with RtR is with manufacturers not providing a way to put official parts on yourself (such as re-pairing these serialized parts with the device).

3

Guffawker t1_j26swiw wrote

Yes, but getting caught is not a deterrent to theft. If it was....people wouldn't steal. The people that steal do it because the risk of getting caught is worth the return. That doesn't change just because a device is locked. Phones are easy to steal. So it will always happen. Even with increases in security phone theft is on a rise. People don't give a shit if the device is locked or not, again, because they can pick it up, stick it in their pocket, and walk away. No amount of increased security changes how easy they are to steal. It's the same thing as spam emails. It works because you only need 1% of the 99% you go after to be unsecure for it to be worth your while.

Again, kill switches are the problem. I know how trivial it was. I've worked tech repair/IT my whole life. I've dealt with this issue. All that happens is the dude that came in with a phone asking for it to be fixed just walks outside and throws it in the trash. The theft still happens, but the device ends up in a landfill which is a problem. It may reduce it slightly, but it's not going to prevent it, all it does is prevent that device from ever being used again. If you want to stop the theft, make better measures of tracking the device, not allowing manufacturers to turn their device into a useless $1000 piece of landfill. These companies don't do this because it "protects" your device. That's just an added bonus. They do it so their devices don't end up costing $200 at a pawn shop. They could build other methods of theft reporting/alerting into the software if they wanted, but it's more beneficial for them if the device becomes a brick, because it kills the second hand market and the og owner now has to purchase a new one. Again, as you've said too, carriers have already implemented blacklists and such for stolen devices, so bricking the device does even less in that regard.

Again, data should always be secure.

This isn't in any way pointing to this as the problem of RtR.....this was a response to someone discussing the particular aspect of this bill that referenced the article mentioning the lack of requiring manufacturers to provide access to "save locked devices" as an oversight of this bill.

As far as RtR is concerned that's hardly the issue at all. It's not about using unofficial parts. That has little to do with RtR at all. RtR is honestly a LOT of fights wrapped into one, but the bi issue is about manufacturing companies having a monopoly on the ability to service and repair devices they manufacture, often to the detriment of the user. RtR is about separating the "electronics repair" industry from the "electronics manufacturing" industry, because they are two separate entities. It doesn't mean "users can shove whatever they want into their tech" (although, largely, they should be able to. It's your equipment, you bought it, you should be able to do what you want with it), it means "John Deere must provide other companies (and even the tech savvy DIY farmer) with the parts for repairs and make repairs accessible via normal means. You're still using their manufactured stuff, it's just you have more options then your current option of "Pay John Deere $7500 to service my tractor, or throw it away and buy a new one". A lot of tech companies have a monopoly on their services and outright refuse to sell parts to any other company. That means they can charge you whatever they want because your only solution to fixing the device is "buy a new one". Even if the fix is simple. Your argument is the kind of shit companies spew to make it seem like RtR is a bad thing, but it doesn't mean or prevent anything, and largely has little to do with RtR itself. RtR is about forcing manufactures to provide access to the tools/software/components for users and third party individuals to actually have options to repair, especially, because as is, it's completely legal to repair and modify things you purchase. It's not a security thing. It's about manufacturing companies not wanting to provide repair materials to external companies and individuals because if they are the only ones that can service their devices, they can make a shit ton more money. It's not a security risk at a to allow people to repair their own equipment or use a third party. It's not even a security risk to allow third party manufacturers to make parts that work in your equipment. We already have regulations on that shit, and consumers can/do spend time researching options like that when replacing parts. As a side note, things aren't serialized like that for "security" it's so the manufacturer can detect if you're using their parts and void/refuse service if you aren't. If people want to steal your data, they aren't going to "install an unauthorized touchscreen". They are gonna use cheap external hardware that can easily be removed/installed/disposed of, that they have full access to instead of having to find a way to implement it in the companies software as well, that would have to continually broadcast data to them in some way.

Manufacturing companies having a monopoly on servicing their products doesn't prevent a security risk. You, as a consumer, can still shop around for reputable repair service tecs, that use genuine parts provided by the manufacturer, or do it yourself with parts purchased from them.

The whole intent of RtR is to point out and clarify that manufacturing and service are two different industries, and just because you provide the former, does not give you exclusive rights to the later. In fact, just the opposite. It should be incredibly difficult for a company providing a product to be allowed to be the sole service point of that product, as it's in direct violation of already established copyright laws and allows the company to extort the consumer for repair cost.

2