Switzerland reportedly has an app in the pilot phase.
The iPhone can't upload data without someone noticing. Even if the data is encrypted, the destination IP address cannot be encrypted (or the packet cannot be routed). This is the kind of thing security researchers look for. Catching Apple exfiltrating data without permission would be the golden egg.
Gordon Welchman during WW II in Bletchey Park figured out the value of meta data. Before the telegraphs were being decrypted, he was able to track troop movements, the size of the troops, etc all just with knowing who was talking to who and how often ... the contact information.
This is what NSA uses. Obama has killed people via drone strikes based purely on this type of intelligence.
They don't care what you say as much as who you are connecting with.
Do you know if bluetooth is included? I see "WiFi", "Cellular" and "mic+camera"
I assume this is going to be based upon cell phone A coming near cell phone B and then they both record the encounter. This is likely to happen via the bluetooth LE. And then as soon as you do connect to the outside world, it dumps the data back to the mother ship.
What he claimed is that the government has the ability to remotely access your phone, which should be no surprise. There's a constant cat-and-mouse game in which exploits are discovered and fixed, closing loopholes that are used by both criminals and governments.
The other issue should also be no surprise: every time you use your phone, you leave a fingerprint. If you use an app that tracks your location, there's a record in a server somewhere because no app keeps all the digital map data on a phone. When your phone is on, it has to tell the cell phone system what base station has the best reception, so that any incoming calls can be routed to you. A cell's footprint can be a city block, or a hundred square miles.
However, a warrant is required to target a US citizen, either with an exploit or obtaining the metadata. There are still problems with the court that is supposed to rule whether there is probable cause for a warrant, but that's the fault of Congress.
Several years before Snowden made the news, someone else claimed that his former company did some consulting work for the FBI, and implemented a backdoor in IPSEC.
The code was carefully audited, and while several bugs were found, there was no backdoor:
You have a higher risk of being victimized by an exploit that you declined to fix, than someone getting access to your contract tracing data (which doesn't contain location information).
And, there will be no contract tracing data to obtain unless you download the app and enable it. So far, only 4 US states have expressed interest, and none have released an app yet.
Tbh I don’t really care about this, mostly just was sick of the constant pop ups every day asking to update, avoiding this software is just icing on top.
It's off by default, and you can't even turn it on unless you have the appropriate app installed:
https://9to5mac.com/2020/05/19/how-to-turn-on-off-covid-19-contact-tracing-iphone-ios/
At the moment, only 4 US states have said they will participate:
https://9to5mac.com/2020/06/05/covid-19-exposure-notification-api-states/
I was only able to find two European countries (Italy and Latvia) that have actually released an app:
https://www.macrumors.com/2020/06/01/italy-latvia-exposure-notification-api-apps/
Switzerland reportedly has an app in the pilot phase.
The iPhone can't upload data without someone noticing. Even if the data is encrypted, the destination IP address cannot be encrypted (or the packet cannot be routed). This is the kind of thing security researchers look for. Catching Apple exfiltrating data without permission would be the golden egg.
You don't understand...
Gordon Welchman during WW II in Bletchey Park figured out the value of meta data. Before the telegraphs were being decrypted, he was able to track troop movements, the size of the troops, etc all just with knowing who was talking to who and how often ... the contact information.
This is what NSA uses. Obama has killed people via drone strikes based purely on this type of intelligence.
They don't care what you say as much as who you are connecting with.
Do you know if bluetooth is included? I see "WiFi", "Cellular" and "mic+camera"
I assume this is going to be based upon cell phone A coming near cell phone B and then they both record the encounter. This is likely to happen via the bluetooth LE. And then as soon as you do connect to the outside world, it dumps the data back to the mother ship.
I'm totally speculating.
Spoiler: that's not what Snowden claimed.
What he claimed is that the government has the ability to remotely access your phone, which should be no surprise. There's a constant cat-and-mouse game in which exploits are discovered and fixed, closing loopholes that are used by both criminals and governments.
The other issue should also be no surprise: every time you use your phone, you leave a fingerprint. If you use an app that tracks your location, there's a record in a server somewhere because no app keeps all the digital map data on a phone. When your phone is on, it has to tell the cell phone system what base station has the best reception, so that any incoming calls can be routed to you. A cell's footprint can be a city block, or a hundred square miles.
However, a warrant is required to target a US citizen, either with an exploit or obtaining the metadata. There are still problems with the court that is supposed to rule whether there is probable cause for a warrant, but that's the fault of Congress.
Snowden didn't say anything about OpenBSD.
Several years before Snowden made the news, someone else claimed that his former company did some consulting work for the FBI, and implemented a backdoor in IPSEC.
The code was carefully audited, and while several bugs were found, there was no backdoor:
https://arstechnica.com/information-technology/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor/
Im going old school. No fb, no Instagram, no BS. Only thing I use to Donald.win on my laptop
And this is why I disabled updates to the iOS.
You have a higher risk of being victimized by an exploit that you declined to fix, than someone getting access to your contract tracing data (which doesn't contain location information).
And, there will be no contract tracing data to obtain unless you download the app and enable it. So far, only 4 US states have expressed interest, and none have released an app yet.
Tbh I don’t really care about this, mostly just was sick of the constant pop ups every day asking to update, avoiding this software is just icing on top.
This is the bug fixed by the most recent release (13.5.1):
https://support.apple.com/en-us/HT211214
But, the contact tracing API was actually added in 13.5. And, that release contains a fix for a huge security hole that dates back to iOS 6:
https://www.forbes.com/sites/gordonkelly/2020/05/13/apple-iphone-exploit-vulnerability-ios-13-mail-problem-update-iphone-11-pro-max-u-iphone-xs-max-xr-upgrade/
The iOS Mail app was vulnerable to an exploit that includes remote code execution, which could be triggered by simply sending an email to you.
I’m on 13.3 my man. And only that because I accidentally hit install to the pop ups a few months ago. Still don’t care
The asterisk is the most important part.
At this point I don't even care anymore, if they want to track me they'll track me
Surrender is always an option. It's just not recommended.
You are not wrong. All “opt out” of tracking/gps is false. They will track you regardless you opt in or out.