Indie iOS app developer with a passion for SwiftUI

  • 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle

  • There are a couple of concerns with biometrics.

    The big one is, as you already mentioned, spoofing biometrics.

    The FaceID or TouchID sensor essentially saying “I got that face/fingerprint that you have in your Secure Enclave”. Granted it is a sophisticated attack, but nevertheless one you’d want to prevent if only because it’s good practice to maintain a secure chain in which the individual links can trust each other.

    For similar reasons the lockdown mode exists, which is mainly useful in limited scenarios (e.g. journalists, dissidents, etc).

    On the other hand, if ever there was a potential attacker, it would be a government because they unlimited funds in theory and it isn’t hard to imagine the FBI trying to utilize this in the San Bernardino case if it was available.

    A different risk, which would make the above quite a bit easier to accomplish, would be an altered biometrics scanner that, in addition to working the way it’s supposed to work, stores and sends off your biometrics or simply facilitates a replay attack.


  • Lossless is understood to have a bitrate of at least 1411kbps, or about 1.4Mbps.

    Theoretical sustained bandwidth capability of Bluetooth on the 2.4Ghz spectrum is 1Mbps, but in practice it’s a chunk lower in part due to overhead.

    Even if we assume if you could just cram a higher bitrate through a smaller bandwidth (spoiler, you can’t), everyone would be up in arms about Apple lying about lossless and class action suits would ensue.

    That said, you can’t. This is not like your internet connection where you’ll just be buffering for a minute.

    As for what is and isn’t perceptible, I think you’re mixing up your tonal frequencies with your bitrates here.


  • Honestly the most frustrating part is that there is plenty to criticize Apple on, so there’s no reason to get caught up in fabricated clickbaity nonsense.

    But instead of focusing on genuine concerns, people would rather hop on some misinformation train.

    All the while, if you espouse opinions that are bit more nuanced than “Apple bad”, then you must be a bootlicker like you said.

    It’s as if people are more concerned about missing out on joining the hype and showing off their armchair skills, rather than exercising a modicum of critical thinking.


  • Obfuscating what you have to do ≠ not providing you with a roadmap on what you have to do.

    If they didn’t obfuscate it there would be many tools out there already to let it be done.

    This is a non sequitur.

    It doesn’t automatically follow that a lack of tools means there is obfuscation. The simple fact that there can be many reasons why tools aren’t widely available alone breaks that logic.

    But I’d say the fact that we already know exactly why difficulties arise when replacing parts, definitely proves that there’s no obfuscation.

    Which again circles back to the difference between anti-repair and not pro-repair.

    Just because Apple doesn’t go out of their way to provide a roadmap and hold your hand and as a result you are having difficulties when you’re trying to do it yourself, doesn’t mean they are actively thwarting you.

    Apple doesn’t even think about you and me, their concern is to facilitate their own repair processes.

    They literally serial lock almost half of their parts.

    They don’t.

    Aside from biometrics none of the parts are serial locked.

    What you’re thinking about is parts based factory calibrated data loaded into the parts from a central database.

    Just because the system ignores the calibration data once the part doesn’t match the one the calibration was intended for, doesn’t mean it’s “locked”, it just means that you’re trying to use calibration data for the wrong part.



  • I’m not sure if you’re serious or trying to be sarcastic.

    Bluetooth and WiFi are two different things.

    For starters standard Bluetooth operates on 1MHz wide channels, BLE on 2MHz wide channels, whereas WiFi (nowadays) operates on 20 or 40 MHz wide channels.

    Modern Bluetooth (on 2.4Ghz) can theoretically do bursts of 2Mbps, but in practice even 1Mbps is hard to hit in a sustained fashion.

    2.4Ghz is just a frequency band and is not the same as bandwidth.

    You might as well argue that a pickup truck and a formula 1 race car should be able to reach the same top speed in the same time because their wheel distance is the same.

    I think […]

    Think again



  • The proposal is bad enough as it is, but it’s the duplicitous gaslighting BS that really pisses people off.

    If they came out and said “We came up with this thing to prevent loss of revenue on ads and prevent LLMs from capturing data” then people would still be against it, but at least it would feel like an honest discussion.

    Instead it’s just another page out of Google’s playbook we’ve seen many times already.

    1. Make up some thinly veiled use cases that supposedly highlight how this would benefit users, while significantly stretching the definition of “users”
    2. Gaslight every one by pretending that people simply misunderstand what you’re proposing and what you’re trying to achieve
    3. Pretend that nobody provides reasonable feedback because everyone is telling you not to commit murder in the first place instead of giving you tips on how to hide the body
    4. Latch onto the few, inevitable, cases of people going too far to paint everyone opposing it in a negative light
    5. Use that premise to explain why you had to unilaterally shut down any and all avenues for people to provide comment
    6. Make the announcement that you hear people and that you’re working on it and that all will be well
    7. Just do what you want anyways with minimal concessions if any and rinse repeat

    For what it’s worth I blame W3C as well.
    Their relatively young “Anti-Fraud Community Group” has essentially green lit this thing during meetings as can be seen here:

    https://github.com/antifraudcg/meetings/blob/main/2023/05-26.md

    https://github.com/antifraudcg/meetings/blob/main/2023/07-07-wei-side-meeting.md




  • Like some have pointed out there are ways to circumvent this, but it doesn’t make for a great experience, might cause issues down the line in particular with updates and there’s no guarantee it’ll keep working.

    If you’ve purchased this form your company’s surplus and they refuse to unenroll from MDM I’d just give it back and ask for my money back, it’s not worth the hassle and the warranty is a nonsense reason since they can take the MBP off of their warranty service plan.