Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Small reality check for everyone being outraged that company founders "risked" their company, customer information and all their bank accounts by doing that:

They are not that important, nobody is going to use a zero day iOS exploit or roll up with a Cellebrite device to unlock phones at a early stage founder event.

It's not the same as surrendering your phone to a hostile border guard as a human rights activist.



>They are not that important

Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."


Thank you! I've been trying to remember that quote. It's a keeper.


“Surely there are no threat actors here. Not that I’ve checked or anything, I just feel surely there wouldn’t be any here…”

Great opinion


I check under my bed for threat actors before going to sleep every night.

That said, in all seriousness you're right: the notion of handing over one's phone is insane to me.


I’d be willing to bet that you already take reasonable steps to reduce the likelihood of threat actors ending up under your bed at night. My point is simply that relying on people you have no formal relationship, and haven’t screened in any way, to have your best interests at heart simply because “what are the odds?”, is a rather stupid approach to security. Especially when you’re making such a compromise simply for a little bit of cheap virtue signalling.


>I’d be willing to bet that you already take reasonable steps to reduce the likelihood of threat actors ending up under your bed at night.

Sadly not. Truth be told I'm kind of lonely.


No it’s actually 1000% exactly the same. Literally the exact same shit.

You’re giving away your informational life to some random dude.


Just because the act "giving your phone to a person" is the same, it doesn't mean it's the same thing.

Trust and incentives are a thing. Just like depositing money in your bank is different to telling a stranger on the street to keep your money safe even if the act of handing over valuables is the same. It's not in the interest of the bank to lose trust, just like the founders of that app are not in the business of cracking the phones of fellow founders.


It would absolutely be worth the investment to put 99% of attendees' phones in normal boring lockers, to spend an hour with _one phone_ belonging to a high-value target attending such an event.

No way to prove that happened here, but it's the sort of thing that any crook worth their salt would be spinning up a fake phone-locker business for. "We'll provide phone lockers for your event" would get you a lot of boring-but-profitable gigs, and the occasional chance of a lifetime.


You're not getting it - I'm putting forward that the act is the same regardless of the intention.

You're exposing the same level of vulnerability whether you give it to a border guard, the cops, or your nurse in hospital.

It's fundamentally the same action and same vulnerability, papering it over with "you can trust this particular system" means nothing - the act is the act.


You need to think more holistically. Normalizing this practice makes it harder for that activist to resist handing over their phone at the border.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: