Guffawker

Guffawker t1_j26swiw wrote

Yes, but getting caught is not a deterrent to theft. If it was....people wouldn't steal. The people that steal do it because the risk of getting caught is worth the return. That doesn't change just because a device is locked. Phones are easy to steal. So it will always happen. Even with increases in security phone theft is on a rise. People don't give a shit if the device is locked or not, again, because they can pick it up, stick it in their pocket, and walk away. No amount of increased security changes how easy they are to steal. It's the same thing as spam emails. It works because you only need 1% of the 99% you go after to be unsecure for it to be worth your while.

Again, kill switches are the problem. I know how trivial it was. I've worked tech repair/IT my whole life. I've dealt with this issue. All that happens is the dude that came in with a phone asking for it to be fixed just walks outside and throws it in the trash. The theft still happens, but the device ends up in a landfill which is a problem. It may reduce it slightly, but it's not going to prevent it, all it does is prevent that device from ever being used again. If you want to stop the theft, make better measures of tracking the device, not allowing manufacturers to turn their device into a useless $1000 piece of landfill. These companies don't do this because it "protects" your device. That's just an added bonus. They do it so their devices don't end up costing $200 at a pawn shop. They could build other methods of theft reporting/alerting into the software if they wanted, but it's more beneficial for them if the device becomes a brick, because it kills the second hand market and the og owner now has to purchase a new one. Again, as you've said too, carriers have already implemented blacklists and such for stolen devices, so bricking the device does even less in that regard.

Again, data should always be secure.

This isn't in any way pointing to this as the problem of RtR.....this was a response to someone discussing the particular aspect of this bill that referenced the article mentioning the lack of requiring manufacturers to provide access to "save locked devices" as an oversight of this bill.

As far as RtR is concerned that's hardly the issue at all. It's not about using unofficial parts. That has little to do with RtR at all. RtR is honestly a LOT of fights wrapped into one, but the bi issue is about manufacturing companies having a monopoly on the ability to service and repair devices they manufacture, often to the detriment of the user. RtR is about separating the "electronics repair" industry from the "electronics manufacturing" industry, because they are two separate entities. It doesn't mean "users can shove whatever they want into their tech" (although, largely, they should be able to. It's your equipment, you bought it, you should be able to do what you want with it), it means "John Deere must provide other companies (and even the tech savvy DIY farmer) with the parts for repairs and make repairs accessible via normal means. You're still using their manufactured stuff, it's just you have more options then your current option of "Pay John Deere $7500 to service my tractor, or throw it away and buy a new one". A lot of tech companies have a monopoly on their services and outright refuse to sell parts to any other company. That means they can charge you whatever they want because your only solution to fixing the device is "buy a new one". Even if the fix is simple. Your argument is the kind of shit companies spew to make it seem like RtR is a bad thing, but it doesn't mean or prevent anything, and largely has little to do with RtR itself. RtR is about forcing manufactures to provide access to the tools/software/components for users and third party individuals to actually have options to repair, especially, because as is, it's completely legal to repair and modify things you purchase. It's not a security thing. It's about manufacturing companies not wanting to provide repair materials to external companies and individuals because if they are the only ones that can service their devices, they can make a shit ton more money. It's not a security risk at a to allow people to repair their own equipment or use a third party. It's not even a security risk to allow third party manufacturers to make parts that work in your equipment. We already have regulations on that shit, and consumers can/do spend time researching options like that when replacing parts. As a side note, things aren't serialized like that for "security" it's so the manufacturer can detect if you're using their parts and void/refuse service if you aren't. If people want to steal your data, they aren't going to "install an unauthorized touchscreen". They are gonna use cheap external hardware that can easily be removed/installed/disposed of, that they have full access to instead of having to find a way to implement it in the companies software as well, that would have to continually broadcast data to them in some way.

Manufacturing companies having a monopoly on servicing their products doesn't prevent a security risk. You, as a consumer, can still shop around for reputable repair service tecs, that use genuine parts provided by the manufacturer, or do it yourself with parts purchased from them.

The whole intent of RtR is to point out and clarify that manufacturing and service are two different industries, and just because you provide the former, does not give you exclusive rights to the later. In fact, just the opposite. It should be incredibly difficult for a company providing a product to be allowed to be the sole service point of that product, as it's in direct violation of already established copyright laws and allows the company to extort the consumer for repair cost.

2

Guffawker t1_j26f7j6 wrote

No one is saying that....you're making a gross assumption on how things like that work. We are talking about manufacturer password/admin use to "reset" the phone, not "unlock" it. No one is saying the data should be widely accessible, but that's a SEPARATE thing. You can make the device function again without allowing access to the user data.

That's the whole point. We shouldn't sell devices that become bricks just because of theft (and in a lot of cases we don't, users just don't have that access). Having a way to reset the phone into working order is NOT the same as allowing unauthorized access into the phone. I'm advocating the former. Not the later. Stolen phones getting bricked does nothing, because people will still steal your phone, because it's always a user opt in feature, and users won't always use it. People will steal your phone in the hopes it's unlocked, because it's a small, incredibly easy device to lift, check, and bin if not the case. Even then, people will still steal them in hopes that they will be able to do something with it.

No amount of anti-theft measured are going to prevent someone from stealing a phone. You can lift 100 of um off people and if 1 person doesn't have a password, those 100 you stole don't matter. These measures just mean they get thrown in landfills instead of used. Shit, it might even REDUCE theft in the end, because if you can steal 1 and be able to make a buck off of it, you don't have to risk stealing 100. Phone theft works on the same "operation" as email scams. Doesn't matter how secure 99% of them are, you are looking for the 1% that isn't.

Again, no one should have access to your data. Full stop. Don't invent bs to my argument because you don't understand it. But you should be able to reset a phone into working order. That's the whole point. Your data is still safe, the theft already happened, the bricked device didn't prevent it, so instead of artificially keeping your stock off the second hand market and ending up in landfills, let's make them actually usable.

−1

Guffawker t1_j268gkr wrote

Theft will always happen. It's not going to change. Theft still happens right now even when people know the device is basically non-functional. The difference is it would just get tossed in a dumpster since it's a brick. That's absurdly wasteful. Now, you're down a phone and have a brick in a landfill. You don't fix that issue by making tech obsolete if it's stolen, you fix that issue by tighter regulations on repair/second hand shops. Every device has an SN, that SN can be registered. It can be tracked to the owner. Realistically there are ways that could fix this both in ensuring the device is being sold by the proper owner, and having the software check/alert the owner when the device is reactivated or reset.

This doesn't even get into the fact that you can accidently lock your own phone, forget your password, buy something second hand, etc and be left with a brick. This kind of thing doesn't help anyone. Your phone will still get stolen because the thief doesn't gaf if it's locked or not. If it's locked they bin it, if not they sell it.

These aren't anti-theft measured....these are measure to limit the second hand use of these devices, and keep prices high by artificially regulating the amount of devices that can end up on the second hand market. That's the problem.

The whole "locks only keep honest people out" applies to comp sec as well. Let's not keep contributing to e-waste by pretending things like these do anything for our "security". Once your device is stolen, it's stolen. This just determines if it ends up in a trash can or usable once it is.

1