Good job ifixit! This should be a cause for outrage. Pretending to support the right to repair while also softwarelocking repairs is not just two faced, but actively harming the consumers.
selokichtli@lemmy.ml
on 20 Sep 2023 13:22
nextcollapse
Place Pikachu surprised face meme here for me, please. Apple simps, unite.
EDIT: They always do.
Dasnap@lemmy.world
on 20 Sep 2023 13:32
nextcollapse
While I personally wouldn’t repair my own iPhone. If I need it done I would want to go to an Apple Store anyway.
This makes selling on your phone for other people to fix and use and sell on and use again virtually impossible, which would’ve been more sustainable than just binning the phone.
It’s especially shitty since they also announced net zero plans. It’s all smoke and mirrors.
sadreality@kbin.social
on 20 Sep 2023 17:49
collapse
SIMPs don't think big picture but you do make a very valid point...
Second hand market benefits everyone except Tim apple
downpunxx@kbin.social
on 20 Sep 2023 14:22
nextcollapse
Has anyone been surprised in the slightest that Apple locks you in, since the 1980's? I mean, it's literally ALWAYS BEEN the shittiest company to do any tech work with because it's so proprietary, in their hardware, software, entire ecosystem. THIS WAS ALWAYS THE PROBLEM WITH APPLE WHY HAVE SO MANY IDIOTS BOUGHT INTO IT.
sadreality@kbin.social
on 20 Sep 2023 14:32
nextcollapse
Decent product with big marketing appealing to their desire to be uniquely elite
People voted with their wallets
DarkGamer@kbin.social
on 20 Sep 2023 14:46
nextcollapse
WHY HAVE SO MANY IDIOTS BOUGHT INTO IT.
Good UI, familiarity, catering to non-tech people, marketing to certain lifestyles, and the hassle of migrating out of the apple ecosystem and buying new apps. At one time apple had better offerings than the PC world did, but when it caught up any reason to buy apple products at 1.5x the cost evaporated for me. This was long before smartphones.
ivanafterall@kbin.social
on 20 Sep 2023 15:48
nextcollapse
At one time apple had better offerings than the PC world did
Source?
DarkGamer@kbin.social
on 20 Sep 2023 16:06
nextcollapse
Source: my personal opinion, pre-OSX in the PowerPC days.
downpunxx@kbin.social
on 20 Sep 2023 16:15
collapse
you mean back when it's only speciality was CAD and Music engineering, but no workflow, office or networking, yeah I remember
Photoshop mostly. Graphics people HAD to have a mac. Also Macintosh screens were better, or at least better than the average PC CRT.
Bartsbigbugbag@lemmy.ml
on 21 Sep 2023 03:03
collapse
At least some of their displays still are. The current 16” MacBook Pro has a 3456x2234 (what else uses 1.5:1 aspect ratio, so weird…) resolution, with HDR1000, and pre-calibrated profiles for a variety of film and graphic design color spaces. Just a monitor matching those specs is close in price to a base model 16”. Then professionally calibrating it if you’re not set up to do so yourself isn’t cheap either.
That’s always been the way with Apple. If you fit into the 0.1% of users that can make use of their products, it’s good value. If you don’t, it’s bad value and so locked down there’s nothing you can do about it. Most people don’t need what Apple is offering, yet buy it anyway. That’s the part I don’t get.
TheAnonymouseJoker@lemmy.ml
on 20 Sep 2023 18:23
collapse
Apple has the trashiest UX out of any smartphone maker. Their back gesture is not universal, and you need to adapt to 3 types of back function for apps. Sane goes for their MacOS, I never found it comfortable as someone who duals Windows and Linux.
merc@sh.itjust.works
on 20 Sep 2023 18:35
collapse
Yes, Apple locks you in, but Microsoft has always been worse. Apple’s options are proprietary, but Microsoft used their monopoly power to destroy their competitors like Netscape, and waged war against Linux. Meanwhile, Apple switched to a variation of NeXTSTEP which is mostly compatible with Unix and the GNU tools.
On the iPod / iPhone front, both Google and Apple lock users in to their app stores. Both manufacture un-repairable phones. The non-standard Lightning connector was a pain in the ass, but so was the frequent switching on Android phones from mini-B B to micro-B to USB-C. And, until USB-C there was the constant problem of trying to plug in the phone and getting the orientation of the plug wrong, something Apple got right with Lightning.
Then there’s advertising / surveillance. Google is an ad-tech company so privacy is never going to be high on their list of priorities for their end-users. Meanwhile, Apple led the way with App Tracking Transparency. Yes, Apple still surveils its users, but at least it doesn’t seem to use that data to rent eyeballs the way Google does.
Google and Apple are both shitty companies, but if you want a modern smartphone you basically have to deal with one of them. Apple and Microsoft are both shitty companies but if you want a desktop or a laptop, without the constant toil of dealing with Linux, they’re your only options. So, it’s about what bothers you more: anticompetitive actions including embracing standards with the aim of destroying them from within, or annoying proprietary stuff? Planned obsolescence and an extreme aversion to fixability, or slightly less surveillance, a slightly more open system, but much more surveillance?
Really, what’s needed is proper regulators who can reign in all these shitty companies.
kitonthenet@kbin.social
on 20 Sep 2023 14:39
nextcollapse
Mfs out here want to install their bootleg faceid in my phone at their sketchy self repair place so they can sell my data and break its security. Let’s not pretend ifixit isn’t the exact same rent seeking that apple is, they just want to be the middle man
moomoomoo309@programming.dev
on 20 Sep 2023 14:49
nextcollapse
Those “bootleg” screens often are genuine, but Apple makes features not work unless paired. You can literally swap the screens of two fresh out of the box iPhones and they won’t work. Swap them back, they work fine. Don’t defend their practices, and don’t believe the lies about repair they’ve been feeding you for years.
kitonthenet@kbin.social
on 20 Sep 2023 15:02
collapse
often are genuine, but Apple makes features not work unless paired
Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc
don’t believe
Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used
Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit
gamermanh@lemmy.dbzer0.com
on 20 Sep 2023 15:32
nextcollapse
Anything to defend the people who make your favorite magic rectangle amirite
kitonthenet@kbin.social
on 20 Sep 2023 16:25
collapse
No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software
greyhathero@lemmy.world
on 20 Sep 2023 16:44
nextcollapse
You cannot and that’s ok. The problem here is people have different levels of risk acceptance and that’s ok. If I was a government or corporate leader I would probably prefer buying direct from apple, but most end consumers, especially those who want to do these repairs should have the choice to accept that risk on a device that they own. The manufacturer shouldn’t decide who I trust. The owner should.
kitonthenet@kbin.social
on 20 Sep 2023 17:34
collapse
people have different levels of risk acceptance and that’s ok
Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.
TheAnonymouseJoker@lemmy.ml
on 20 Sep 2023 18:36
nextcollapse
Then why do Apple employees extract intimate sex life photos out of people’s phones, or give away passwords of protestors accused (not guilty) of vandalism?
greyhathero@lemmy.world
on 20 Sep 2023 18:37
nextcollapse
Noone is saying it should be outlawed. What they are saying is that in order for a device to be considered highly repairable to an end user this type of check should be able to be turned off or not included.
You can have both though. Just add some random menu in the settings that turns bright red when using a non-certified component so security can be easily verified, but don’t needlessly lock people out and charge $500 to fix a $10-50 module on a $1000 phone
Edit:
Adding on to this, Ifixit isn’t outlawing verification, the above example of whatever red warning is a clear way they could keep it.
cobra89@beehaw.org
on 20 Sep 2023 16:46
nextcollapse
Um how exactly do you think these “rogue devices” would exfiltrate that data? Do you think iOS is providing Internet access to the faceID module or the display? Or do you think these devices somehow contain an entire wifi chipset to connect to the Internet to exfiltrate your data without anyone noticing an entire extra SoC soldered onto the part?
Please provide any argument as to why you think these could exfiltrate data over these interfaces? Unless you think iOS’s security is so poor that it lets any hardware device that’s attached to it get full network access? (Which I’m pretty sure is not physically even possible in most cases since those connectors are only capable of sending the type of data across for that particular sensor.)
kitonthenet@kbin.social
on 20 Sep 2023 17:40
collapse
To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.
If you think keyloggers require software running on your physical keyboards you’re in for a rude awakening.
Keyloggers are almost always at a pure software level and are conceptually simple to make. So simple that in fact, it’s the same thing as running a regular application with background shortcuts. The only thing that is different is that regular apps aren’t saving/recording anything, they’re just listening for you to press cmd+whatever.
It takes maybe ~10-15 minutes to make a keylogger in Python that could run on any computer, mac, windows, or Linux. Maybe a little longer if you wanted to use a compiled language and properly hide it.
Sorry to burst your bubble.
A software developer
macaroni1556@lemmy.ca
on 28 Sep 2023 01:19
collapse
And what does that have to do with the risk of a screen repair?
I can also install a key logger on Linux and I can also freely change the SSD to anything I buy on the internet.
And yet somehow people still use computers!? Madness.
I think we’re on the same page? If an attacker wanted a keylogger they wouldn’t even need to go as far as a screen, there are plenty of other ways (like a 3rd party keyboard app) that would work just as well, if not better, on an iPhone.
Hell, while we’re at it, using a phishing email to get you to enter a password in a fake site or using social engineering to reset your passwords is way more effective than reverse engineering and modding a camera/screen.
There’s no reason why Apple should get to keep exclusive rights on repairs just to profit more on parts. 3rd party screens, cameras, face id modules, etc. aren’t going to suddenly make your phone less secure.
macaroni1556@lemmy.ca
on 28 Sep 2023 20:29
collapse
Ok, agreed we are on the same page! My misunderstanding.
(I thought you were defending the idea a keylogger is a risk not worth taking with a screen replacement, somehow.)
ursakhiin@beehaw.org
on 20 Sep 2023 20:45
collapse
Why isn’t purchasing the part through Apple enough?
And also Is the consumer not allowed to assume the risk of going through after market repair that you seem to be concerned about?
This issue has always been about Apple trying to force older iPhones into obsolescence. They want the freedom to eventually say that no more parts exist for that device so you’ll have to upgrade. If repair shops can leverage broken phones to repair other phones, that extends the life of the device part Apples plans.
Most people will continue using older phones as long as they can because they don’t need the latest phone.
Jumpinship@lemmy.world
on 20 Sep 2023 16:09
nextcollapse
Pervasive effort? Any examples?
CalcProgrammer1@lemmy.ml
on 20 Sep 2023 18:00
nextcollapse
How the hell do you expect a screen to keylog you? This is a stupid argument. Even if the screen did know when the onscreen keyboard was visible how tf do you expect the logged data to go anywhere? Are you seriously worried that aftermarket iphone screens are including hidden LTE modems (and thus paying for illegitimate service) just to potentially log your keys? Do you realize how difficult and ridiculous this would be?
NightAuthor@lemmy.world
on 21 Sep 2023 00:16
collapse
I bet someone could make that actually happen, but if they could do that they’d probably just find or buy a software vulnerability to attack you with.
DarthYoshiBoy@kbin.social
on 20 Sep 2023 21:47
nextcollapse
Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn't going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you're doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.
moomoomoo309@programming.dev
on 22 Sep 2023 00:29
collapse
Do you have any evidence that there’s a pervasive effort from third party repair to mine your privacy for profit? I’d love to see it.
Also, fine, let’s assume they have no way of knowing it’s genuine. Why don’t they release the tool to pair the OEM screens publicly? It’d only work on the real ones, and they have such a tool, so if it’s actually about security, there’s no reason not to.
HughJanus@lemmy.ml
on 20 Sep 2023 16:11
nextcollapse
Do you really think that replacing FaceID suddenly gives thieves unfettered access to your phone?
kitonthenet@kbin.social
on 20 Sep 2023 16:28
collapse
So then you’ll let me change the locks on your front door to one I choose?
HughJanus@lemmy.ml
on 20 Sep 2023 16:38
nextcollapse
I’m assuming this is supposed to be metaphorical but you don’t seem to understand that it is not analogous because replacing FaceID doesn’t suddenly give you access to the device.
kitonthenet@kbin.social
on 20 Sep 2023 16:41
collapse
It absolutely could, if the processor trusts that the data coming from the faceid sensor is accurate, the faceid sensor can simply lie. You’re removing a layer of defense, which necessarily impacts security
NightAuthor@lemmy.world
on 21 Sep 2023 00:12
collapse
What’s the faceid sensor going to do, brute force a damn cryptographic collision with the cyphertext of your faceid?!
If you have even the first fucking clue, even in the broadest of strokes, I’d really be interested in hearing about how this would actually work.
I think he think the face id just says “yeah, that’s right, unlock” and the phone unlocks. So if you put in a custom one that always says “yeah unlock” it will just always unlock. As if the person putting in the thing couldn’t see the data on your storage anyway
Neve8028@lemm.ee
on 20 Sep 2023 16:47
nextcollapse
If a lock is broken, then you might call a locksmith to fix or replace it. This is something that happens frequently and isn’t as absurd as you make it out to be.
kitonthenet@kbin.social
on 20 Sep 2023 17:31
collapse
I’m not saying it has to be absurd, but no one is acknowledging that the security risks are real, and requiring a lesser standard of security is a cost of legislating this stuff, which it is the editorial stance of ifixit to support
The security risks aren’t real. They are simply trying to scare off people like you who will repeat nonsense over and over again.
kitonthenet@kbin.social
on 20 Sep 2023 17:47
collapse
Ok, so I can come change your locks then
TheAnonymouseJoker@lemmy.ml
on 20 Sep 2023 18:33
nextcollapse
No, but Android world allows more environmental friendly tech reusability and the freedom to employ any locksmith’s locks, instead of using only one dictator’s certified lock. While I would not want to compromise secure face unlock camera, I sure as hell want to to be able to employ any maker’s screen, battery, speaker, back cover and so on. The rotten fruit company disallows this environmental sustainability.
If not for Europe’s market size, Apple would not have implemented USB-C either, despite having USB-C on all their other devices.
Zangoose@lemmy.one
on 20 Sep 2023 18:39
nextcollapse
No, you can’t, because that isn’t a good analogy. Those two situations are not at all the same, but I’ll humor you.
The analogy you’re making is like saying only the company who makes doors is allowed to change the lock on your door, and they’re allowed to just stop offering the lock-changing service whenever they want. They also conveniently put a mechanism in so that whenever a third-party locksmith comes, your door falls apart. Your only option is to buy a new door, doorknob, frame, and hinge because your lock is worn out.
Maalus@lemmy.world
on 20 Sep 2023 23:58
nextcollapse
Not how it works lmao
NightAuthor@lemmy.world
on 21 Sep 2023 00:10
nextcollapse
If you swap the faceid, you still need to unlock the phone with your passcode to re-enroll faceid.
I guess that’d be more like you changing the outside doorknob.
papertowels@lemmy.one
on 21 Sep 2023 00:42
collapse
That’s a bad comparison because I wouldn’t let a random Internet stranger fix my phone either, but I would allow an actual locksmith to change my locks.
papertowels@lemmy.one
on 21 Sep 2023 00:41
collapse
Never owned an apple device, so I might be drastically off base here.
Is face id actually its own unit, including authentication storage?
If I were designing the iPhone, I’d just use a camera that relays the data to the CPU, and authentication happens there. If it operates like this, a more accurate comparison is I’d let a third party reputable locksmith change my locks, but I’ll set the key pins myself after.
donescobar@lemmy.world
on 21 Sep 2023 01:25
nextcollapse
You know, as both an Apple fanboy and a repair advocate I was disgusted by their over affirmation of being carbon neutral like it’s a badge to be proud of when people KNOW they are just not friendly to repairing your shit easily.
I’m heavily locked into their ecosystem but they are starting to push their luck with me trying to push this bullshit.
HughJanus@lemmy.ml
on 21 Sep 2023 14:22
nextcollapse
people KNOW they are just not friendly to repairing your shit easily.
You know, I got into an argument about this recently and there were 3 different people trying to argue exactly the opposite to me. And they used ifixit’s scores as evidence. So no, people don’t know. Apple’s disinformation works.
sodiumbromley@lemmy.blahaj.zone
on 22 Sep 2023 03:01
collapse
My partner and I left the apple ecosystem about a year ago. We got new phones and gave our old watches, airtags, and airpods to friends and family that wanted them. It felt like it was going to be too much to give up, but honestly it’s been great.
There’s so much more freedom in every facet of the phone. Apple likes to give an option, a rich people option, and occasionally a truly professional tier. Leaving Apple behind, I have wireless earbuds I love that have an 8hr lifespan out of the dock. They were fifty dollars and they sound easily better than airpods. It felt like it would be expensive to leave, but the alternatives once you leave the ecosystem tend to be cheaper pound for pound.
Hamartiogonic@sopuli.xyz
on 21 Sep 2023 13:56
collapse
Ever wondered why the cable breaks so easily? It’s because they use crappy materials. Oh, and it’s also ecological or something, which obviously has no impact on profit margins, right.
Lemmyvisitor@lemmy.dbzer0.com
on 21 Sep 2023 00:30
nextcollapse
seems to make apple’s support of easily removable batteries a bit less rosy.
hiramfromthechi@lemmy.world
on 21 Sep 2023 00:31
collapse
threaded - newest
Good job ifixit! This should be a cause for outrage. Pretending to support the right to repair while also softwarelocking repairs is not just two faced, but actively harming the consumers.
Place Pikachu surprised face meme here for me, please. Apple simps, unite.
EDIT: They always do.
<img alt="" src="https://wallpapercave.com/wp/wp5338276.jpg">
Most Apple SIMPs don't care it seems they got nothing to hide and they are deff not poor to be worried about shit like this. Just buy a new one ;)
While I personally wouldn’t repair my own iPhone. If I need it done I would want to go to an Apple Store anyway. This makes selling on your phone for other people to fix and use and sell on and use again virtually impossible, which would’ve been more sustainable than just binning the phone.
It’s especially shitty since they also announced net zero plans. It’s all smoke and mirrors.
SIMPs don't think big picture but you do make a very valid point...
Second hand market benefits everyone except Tim apple
Has anyone been surprised in the slightest that Apple locks you in, since the 1980's? I mean, it's literally ALWAYS BEEN the shittiest company to do any tech work with because it's so proprietary, in their hardware, software, entire ecosystem. THIS WAS ALWAYS THE PROBLEM WITH APPLE WHY HAVE SO MANY IDIOTS BOUGHT INTO IT.
Decent product with big marketing appealing to their desire to be uniquely elite
People voted with their wallets
Good UI, familiarity, catering to non-tech people, marketing to certain lifestyles, and the hassle of migrating out of the apple ecosystem and buying new apps. At one time apple had better offerings than the PC world did, but when it caught up any reason to buy apple products at 1.5x the cost evaporated for me. This was long before smartphones.
Source?
Source: my personal opinion, pre-OSX in the PowerPC days.
you mean back when it's only speciality was CAD and Music engineering, but no workflow, office or networking, yeah I remember
Photoshop mostly. Graphics people HAD to have a mac. Also Macintosh screens were better, or at least better than the average PC CRT.
At least some of their displays still are. The current 16” MacBook Pro has a 3456x2234 (what else uses 1.5:1 aspect ratio, so weird…) resolution, with HDR1000, and pre-calibrated profiles for a variety of film and graphic design color spaces. Just a monitor matching those specs is close in price to a base model 16”. Then professionally calibrating it if you’re not set up to do so yourself isn’t cheap either.
That’s always been the way with Apple. If you fit into the 0.1% of users that can make use of their products, it’s good value. If you don’t, it’s bad value and so locked down there’s nothing you can do about it. Most people don’t need what Apple is offering, yet buy it anyway. That’s the part I don’t get.
Apple has the trashiest UX out of any smartphone maker. Their back gesture is not universal, and you need to adapt to 3 types of back function for apps. Sane goes for their MacOS, I never found it comfortable as someone who duals Windows and Linux.
Yes, Apple locks you in, but Microsoft has always been worse. Apple’s options are proprietary, but Microsoft used their monopoly power to destroy their competitors like Netscape, and waged war against Linux. Meanwhile, Apple switched to a variation of NeXTSTEP which is mostly compatible with Unix and the GNU tools.
On the iPod / iPhone front, both Google and Apple lock users in to their app stores. Both manufacture un-repairable phones. The non-standard Lightning connector was a pain in the ass, but so was the frequent switching on Android phones from mini-B B to micro-B to USB-C. And, until USB-C there was the constant problem of trying to plug in the phone and getting the orientation of the plug wrong, something Apple got right with Lightning.
Then there’s advertising / surveillance. Google is an ad-tech company so privacy is never going to be high on their list of priorities for their end-users. Meanwhile, Apple led the way with App Tracking Transparency. Yes, Apple still surveils its users, but at least it doesn’t seem to use that data to rent eyeballs the way Google does.
Google and Apple are both shitty companies, but if you want a modern smartphone you basically have to deal with one of them. Apple and Microsoft are both shitty companies but if you want a desktop or a laptop, without the constant toil of dealing with Linux, they’re your only options. So, it’s about what bothers you more: anticompetitive actions including embracing standards with the aim of destroying them from within, or annoying proprietary stuff? Planned obsolescence and an extreme aversion to fixability, or slightly less surveillance, a slightly more open system, but much more surveillance?
Really, what’s needed is proper regulators who can reign in all these shitty companies.
Mfs out here want to install their bootleg faceid in my phone at their sketchy self repair place so they can sell my data and break its security. Let’s not pretend ifixit isn’t the exact same rent seeking that apple is, they just want to be the middle man
You know what’s funny? It’s not the independent repair shops stealing your data, it’s the “official” ones. theverge.com/…/apple-repair-multimillion-iphone-n…
Those “bootleg” screens often are genuine, but Apple makes features not work unless paired. You can literally swap the screens of two fresh out of the box iPhones and they won’t work. Swap them back, they work fine. Don’t defend their practices, and don’t believe the lies about repair they’ve been feeding you for years.
Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc
Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used
Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit
Anything to defend the people who make your favorite magic rectangle amirite
No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software
You cannot and that’s ok. The problem here is people have different levels of risk acceptance and that’s ok. If I was a government or corporate leader I would probably prefer buying direct from apple, but most end consumers, especially those who want to do these repairs should have the choice to accept that risk on a device that they own. The manufacturer shouldn’t decide who I trust. The owner should.
Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.
Then why do Apple employees extract intimate sex life photos out of people’s phones, or give away passwords of protestors accused (not guilty) of vandalism?
www.youtube.com/watch?v=xt3YSD36ZNc
businessinsider.com/apple-fbi-icloud-investigatio…
Noone is saying it should be outlawed. What they are saying is that in order for a device to be considered highly repairable to an end user this type of check should be able to be turned off or not included.
Tell me you don’t know shit about tech without telling me you don’t know shit about tech.
But, my god, Steve jobs would laugh at how easy his marketing techniques made dumb people feel smart.
You can have both though. Just add some random menu in the settings that turns bright red when using a non-certified component so security can be easily verified, but don’t needlessly lock people out and charge $500 to fix a $10-50 module on a $1000 phone
Edit: Adding on to this, Ifixit isn’t outlawing verification, the above example of whatever red warning is a clear way they could keep it.
Um how exactly do you think these “rogue devices” would exfiltrate that data? Do you think iOS is providing Internet access to the faceID module or the display? Or do you think these devices somehow contain an entire wifi chipset to connect to the Internet to exfiltrate your data without anyone noticing an entire extra SoC soldered onto the part?
Please provide any argument as to why you think these could exfiltrate data over these interfaces? Unless you think iOS’s security is so poor that it lets any hardware device that’s attached to it get full network access? (Which I’m pretty sure is not physically even possible in most cases since those connectors are only capable of sending the type of data across for that particular sensor.)
To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.
If you think keyloggers require software running on your physical keyboards you’re in for a rude awakening.
Keyloggers are almost always at a pure software level and are conceptually simple to make. So simple that in fact, it’s the same thing as running a regular application with background shortcuts. The only thing that is different is that regular apps aren’t saving/recording anything, they’re just listening for you to press cmd+whatever.
It takes maybe ~10-15 minutes to make a keylogger in Python that could run on any computer, mac, windows, or Linux. Maybe a little longer if you wanted to use a compiled language and properly hide it.
Sorry to burst your bubble.
And what does that have to do with the risk of a screen repair?
I can also install a key logger on Linux and I can also freely change the SSD to anything I buy on the internet.
And yet somehow people still use computers!? Madness.
I think we’re on the same page? If an attacker wanted a keylogger they wouldn’t even need to go as far as a screen, there are plenty of other ways (like a 3rd party keyboard app) that would work just as well, if not better, on an iPhone.
Hell, while we’re at it, using a phishing email to get you to enter a password in a fake site or using social engineering to reset your passwords is way more effective than reverse engineering and modding a camera/screen.
There’s no reason why Apple should get to keep exclusive rights on repairs just to profit more on parts. 3rd party screens, cameras, face id modules, etc. aren’t going to suddenly make your phone less secure.
Ok, agreed we are on the same page! My misunderstanding.
(I thought you were defending the idea a keylogger is a risk not worth taking with a screen replacement, somehow.)
Why isn’t purchasing the part through Apple enough?
And also Is the consumer not allowed to assume the risk of going through after market repair that you seem to be concerned about?
This issue has always been about Apple trying to force older iPhones into obsolescence. They want the freedom to eventually say that no more parts exist for that device so you’ll have to upgrade. If repair shops can leverage broken phones to repair other phones, that extends the life of the device part Apples plans.
Most people will continue using older phones as long as they can because they don’t need the latest phone.
Pervasive effort? Any examples?
How the hell do you expect a screen to keylog you? This is a stupid argument. Even if the screen did know when the onscreen keyboard was visible how tf do you expect the logged data to go anywhere? Are you seriously worried that aftermarket iphone screens are including hidden LTE modems (and thus paying for illegitimate service) just to potentially log your keys? Do you realize how difficult and ridiculous this would be?
I bet someone could make that actually happen, but if they could do that they’d probably just find or buy a software vulnerability to attack you with.
As always, there is an XKCD for this.
https://xkcd.com/538/
Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn't going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you're doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.
Do you have any evidence that there’s a pervasive effort from third party repair to mine your privacy for profit? I’d love to see it.
Also, fine, let’s assume they have no way of knowing it’s genuine. Why don’t they release the tool to pair the OEM screens publicly? It’d only work on the real ones, and they have such a tool, so if it’s actually about security, there’s no reason not to.
Do you really think that replacing FaceID suddenly gives thieves unfettered access to your phone?
So then you’ll let me change the locks on your front door to one I choose?
I’m assuming this is supposed to be metaphorical but you don’t seem to understand that it is not analogous because replacing FaceID doesn’t suddenly give you access to the device.
It absolutely could, if the processor trusts that the data coming from the faceid sensor is accurate, the faceid sensor can simply lie. You’re removing a layer of defense, which necessarily impacts security
What’s the faceid sensor going to do, brute force a damn cryptographic collision with the cyphertext of your faceid?!
If you have even the first fucking clue, even in the broadest of strokes, I’d really be interested in hearing about how this would actually work.
I think he think the face id just says “yeah, that’s right, unlock” and the phone unlocks. So if you put in a custom one that always says “yeah unlock” it will just always unlock. As if the person putting in the thing couldn’t see the data on your storage anyway
If a lock is broken, then you might call a locksmith to fix or replace it. This is something that happens frequently and isn’t as absurd as you make it out to be.
I’m not saying it has to be absurd, but no one is acknowledging that the security risks are real, and requiring a lesser standard of security is a cost of legislating this stuff, which it is the editorial stance of ifixit to support
The security risks aren’t real. They are simply trying to scare off people like you who will repeat nonsense over and over again.
Ok, so I can come change your locks then
No, but Android world allows more environmental friendly tech reusability and the freedom to employ any locksmith’s locks, instead of using only one dictator’s certified lock. While I would not want to compromise secure face unlock camera, I sure as hell want to to be able to employ any maker’s screen, battery, speaker, back cover and so on. The rotten fruit company disallows this environmental sustainability.
If not for Europe’s market size, Apple would not have implemented USB-C either, despite having USB-C on all their other devices.
No, you can’t, because that isn’t a good analogy. Those two situations are not at all the same, but I’ll humor you.
The analogy you’re making is like saying only the company who makes doors is allowed to change the lock on your door, and they’re allowed to just stop offering the lock-changing service whenever they want. They also conveniently put a mechanism in so that whenever a third-party locksmith comes, your door falls apart. Your only option is to buy a new door, doorknob, frame, and hinge because your lock is worn out.
Not how it works lmao
If you swap the faceid, you still need to unlock the phone with your passcode to re-enroll faceid.
I guess that’d be more like you changing the outside doorknob.
That’s a bad comparison because I wouldn’t let a random Internet stranger fix my phone either, but I would allow an actual locksmith to change my locks.
Never owned an apple device, so I might be drastically off base here.
Is face id actually its own unit, including authentication storage?
If I were designing the iPhone, I’d just use a camera that relays the data to the CPU, and authentication happens there. If it operates like this, a more accurate comparison is I’d let a third party reputable locksmith change my locks, but I’ll set the key pins myself after.
Your brain is rotted
Better late than never
So sad. I got into argument just a few days ago and they used ifixit’s repairability score as justification for their nonsense.
.
You know, as both an Apple fanboy and a repair advocate I was disgusted by their over affirmation of being carbon neutral like it’s a badge to be proud of when people KNOW they are just not friendly to repairing your shit easily.
I’m heavily locked into their ecosystem but they are starting to push their luck with me trying to push this bullshit.
You know, I got into an argument about this recently and there were 3 different people trying to argue exactly the opposite to me. And they used ifixit’s scores as evidence. So no, people don’t know. Apple’s disinformation works.
My partner and I left the apple ecosystem about a year ago. We got new phones and gave our old watches, airtags, and airpods to friends and family that wanted them. It felt like it was going to be too much to give up, but honestly it’s been great.
There’s so much more freedom in every facet of the phone. Apple likes to give an option, a rich people option, and occasionally a truly professional tier. Leaving Apple behind, I have wireless earbuds I love that have an 8hr lifespan out of the dock. They were fifty dollars and they sound easily better than airpods. It felt like it would be expensive to leave, but the alternatives once you leave the ecosystem tend to be cheaper pound for pound.
Ever wondered why the cable breaks so easily? It’s because they use crappy materials. Oh, and it’s also ecological or something, which obviously has no impact on profit margins, right.
seems to make apple’s support of easily removable batteries a bit less rosy.
I love the Fair movement