Apple doesn't help prop up an authoritarian regime? CCP gonna CCP, but at least Apple's hands are clean. It's not any individual Chinese citizen's fault, but they unfortunately have to deal with the consequences of an illiberal, ruthless regime.
If the CCP believed that Apple's absence would strengthen the regime, then they would get rid of Apple. Clearly they think it's in their best interest to have Apple around. You can disagree with them, but I think the CCP is much better positioned to know what's in their interest than we are.
You are granting CCP omniscience, power and integrity they don't have.
Apple probably came to China to expand their market, had enough lawyers to navigate the muddy bureaucracy, CCP could block them regardless but decided to let them open shops and profit from taxes for now. Many Chinese would buy Apple products overseas in HK or Taiwan anyway; CCP is powerless to stop it and would not mind a share of the sales.
CCP may be blind to Western values brought in by Apple, or discount their influence, or tolerate them for now because it is economically lucrative.
Are we really that lacking in creativity that we can't imagine a world in between "Panopticon" and "Oregon Trail"? Legislation that makes this illegal would be a great (and really easy) start.
> Legislation that makes this illegal would be a great (and really easy) start.
Legislation is really working right now, with Congress sitting on 400+ bills and refusing to vote on them, and with known members of the government, including the actual President of the United States of America, committing crimes and the top law enforcement agent doing worse than nothing about it.
Laws work in a society that values them. Once you throw that away, your authoritarians will do whatever fits their needs. And surprise, the authoritarians are doing just that right now.
I disagree with legislation being an easy path forward. legislation takes a long time. for example, we are 12 years into jewel v. NSA. even if you do change the law, lawmakers can create (and other governmental bodies can apply) other, conflicting law. it's very cat-and-mouse in the age of the PATRIOT act, secret courts, etc.
Agreed. Legislation will even take an infinite amount of time to pass when the political parties in power don't want to pass it (despite any ineffective posturing to the contrary).
A court case in the judicial branch does not in any way speak to the difficulty of enacting legislation the legislative branch. Our system of government intentionally separates the creation of laws from their interpretation.
It’s really not that complicated. If sufficient political will existed to enact stronger clearer privacy protections, legislation would be drafted and approved rapidly, and there is no reason Generating that political will is another matter.
There are three components worth looking at. Each of them is popularly secured with TLS.
Firstly, submission, sending an email you just wrote from your client to a server. This is usually done over a specifically TLS-secured "SMTP submission port" 587 although it can also be done with STARTTLS.
Second, relay, getting email from your server to somebody else's server. A large proportion of today's servers default to STARTTLS over SMTP for MX. So this means when they connect to a peer server to exchange mail they'll enquire about using TLS and do so if possible. A passive adversary can't stop this happening.
Finally, delivery. Almost all modern IMAP clients default to using TLS with IMAP, so this step will be encrypted. Even in clients that don't require TLS a passive adversary can't stop them upgrading by default if possible.
This is misleading. Remember our context here is that we're getting a sign-in token for some web site, let's say it's the EXA Metal Pole Limited (Europe) site, example.com
The plain text is stored briefly on EXA's outbound mail server mail-blast.example.com, and then it's transmitted to my inbound MX mx1.tlrmx.org, stored very briefly there, and passed to the IMAP server imap.tlrmx.org.
So that's three servers, but, one of them is controlled by the same people as the site we're logging into. If they want a backdoor they can just make one, they don't need to steal their own sign-in tokens, that would be really stupid.
OK, so two servers left. But those are both operated by me, the recipient of the tokens. Why am I stealing my own tokens? To what end? "Oh no I broke into my own account and have impersonated myself" ?
Now, many people use say GMail instead of their own mail servers. But can we reasonably say these people's mail was "intercepted" by GMail, the outfit they've explicitly chosen to receive and store email on their behalf?
And even if we insist upon using the word "intercepted" this way ("The Buccaneers pass was intercepted by Mike Evans" [Evans is a Buccaneers Wide Receiver, the pass was presumably meant for Mike and so we would not ordinarily call this an interception, but if you insist...]) it's unclear what unexpected gain is achieved. GMail could just build their own backdoor and sign in as you to get the tokens instead of "intercepting" them if for some crazy reason that was what they wanted.
Email is federated, not point to point. It quite often hops between a couple of servers. Cloud hosted stuff typically gets routed through the cloud provider first (and whatever intelligence agencies are tapping that feed), which then pushes it to the top-tier smtp server nearest the destination for obscure hosts.
Still we’re in a perverse situation here. Running your own server is getting harder to do since everything operates on white lists, and I wouldn’t trust the big name providers for something like this.
Or 0 per minute and 25,000 per hour for two days a month. Traffic can be bursty; don't assume that X/month means they're getting exactly X/30 per day..
No, what's harmful is "oh, just spend $50,000 on managed Kubernetes to run a Django web app". That costs real time and real money and makes young engineers think that a phpBB forum is impossible with a five-digit AWS bill.
It's always easier to destroy than create. I mean, you can demolish a house in a few hours. This isn't new. Creation is hard. Nuance is hard. "How do we fix healthcare" is hard; "don't change anything ever" or even "dismantle the system" is easy.
Not particularly. JavaScript still runs on computers, and the broad concepts are transferrable. Like, I don't need to know how loops work, but an intro video will probably talk about that. Or even something more complicated like promises. If you've done concurrent programming before, you won't be surprised. After a certain point, truly, all that's old is new again. All that changes is the syntax.
I guarantee literally nobody removes the batteries before throwing these out. It's a shame, really. I'm sure there are bulkier sources of eWaste, but still. Someone pees on a computer for 30 seconds and then it gets thrown away forever.
And then it sits in a landfill for eternity! Imagine how many millions of tiny computers (and batteries - oof) are just sitting in dumps right now. That's the most egregious part for me: this test is exactly the same as the analog one, but it generates eWaste.
