Re: The underlying point is deeper
@ Christian Berger
you are a fucking idiot. Here's some simple maths for you - how many operating systems do you have to get right for a secure smartphone as opposed to a semi-smartphone + a server that has to do everything?
Further practical considerations involve a communication channel between them (also nice MITM opportunities there)? With infinite free bandwidth? That is always available?
From an attacker's perspective, a server that is always on will always have password active in memory - much easier to access than a smartphone that has been switched off.
Also others may have different usage scenarios from yours - having a fully portable fully functioning computer (after all, that is what a smartphone is) allows them to do things directly on the device without needing connectivity.
Go back to playing "snakes" - or have you never moved on from that?
After saying all that, your paragraph 2 is very accurate. We are in the position where we have to absolutely trust the smartphone software provider, and we are completely at their mercy regarding updates. There may be some niche players trying to provide secure smartphones using open systems, but are expensive and may still be hit with a writ they have to comply with.
So I think ultimately it ends up with "who do you trust"? Or maybe distrust least? Or do we simply have to learn to live in a panopticon and the consequences of what that will do to the sanity of the inhabitants?
I guess I'll just leave quoting the words of wisdom of a wise old man. "We're doomed I tell ye - doooooomed."
Biting the hand that feeds IT
