not to mention "...creates a disk image of everything that’s on the phone..." is misleading, even with the following caveat. It would be far more accurate to say something like "...creates a copy of file access times of everything that's on the phone, and other metadata such as file size and other timestamps." But that wouldn't be bait for journalists and misquotation. (And if the dumped iOS file system metadata includes other things, perhaps mention those -- but timestamps and file size are the main things.)

I think it is worthwhile to just discard the point about abuse of power because I don't think it is necessary to even bring up.

While at first blush the "running a red light" bit might sound silly the reality is that it *isn't* always safe to just pull over and stop. Sometimes it has to do with predictable things (like not having a shoulder to pull onto) and sometimes it isn't (dynamics of traffic, which may not have previously been obeying the traffic laws). The point is that once you get past the easy things (pre-identifying pull over spots so that the vehicle knows where to redirect to) you get into hard things. Like the tractor trailor that is on fire. Or that stopping would obstruct another vehicle that is *not* stopping (and resulting collision would block emergency vehicle).

In the end, there is a need for judgement calls, *especially* when emergencies are involved. A simple "pull over and stop" is too simple.

you made a real jump from tracking to remote control, but it is unlikely a car stolen by criminals who were planting a bomb could be recalled. Unless they were nut jobs who just happened to have access to explosives or made them, but killing a recall mode would be high on the list for a number of people (not all of them necessarily evil). Presumably, safeguards against tampering would be put in place, but I wouldn't hold my breath on them holding up.

Lets put it another way: lojack works fairly well and is on a number of computers. But can it be subverted? Are systems with lojack installed and enabled still stolen and sold for money? And all you really need for the case you mention is a temporary work around.

"legally tied to someone": Dammit, I never rented that driverless car. Yes, I know that it was my credit card and I hadn't reported it stolen, but it wasn't me!

"has not been reported stolen": paid for rentals aren't generally reported as stolen. If you are a business with a driverless car and a wide region of operation, it could easily take longer than a simple "hijacked for crime" to discover and report.

"How many legal trips match that?": who knows. You're speculating, I'm speculating. Unless you have data to show it is significantly anomolous, it is irrelevant. But you *are* arguing for more government surveillance. "Hello citizen, I see that you have been on the road for more than two hours without filing a travel plan with Department of Homeland Security."

"legally, search": random stops? that would likely have to be settled. But there's *always* cause for pulling a vehicle over. And without a human to contest the search...

"It is not enough to obey the laws": true, but the "greater effort" is usually required to escape when one is already labeled. Local police have you fingered as a "troublemaker" you'll discover just how much they can get away with and no lawyer will take your case. But when discussing traffic -- if the vehicle is in proper working order (e.g., no headlights/brakelights out, etc.) and is being used properly (e.g., no traffic violation) unless there is something else to draw attention to the vehicle ("hey, Mark, isn't that the deviant druggie we busted up last night?") they are going to ignore it. Cops don't just go pulling over and searching vehicles on a random basis. (Well, infrequently, at any rate -- they just don't have the time to harrass that many people.)

(Please, don't take this as an anti-LE post. But just like there are good cops, there are bad cops. And if you have the misfortune of getting labeled by local LE it can be tough. And good cops don't go randomly pulling over vehicles so in your scenario we are talking about the less well behaved ones. You bring up the whole in a category they aren't interested in.)

you wouldn't be so infuriated with their stupid requirements (and, I agree, most are stupid) if you just used a password manager. Then the only thing that is annoying is figuring how what parameters of the random generator you have to weaken to get an acceptable password. Instead, you have to remember how you had to adapt your generation rules to their site.

Humans are terrible at selecting passwords, and it isn't just the obvious 123456 or password. If you think you have a clever password method, it isn't. If you think you are randomly selecting characters, you aren't. The bad guys know all of this and exploit it. It may not have fancy equations, but there's some practical information at Ars Technica (e.g., http://arstechnica.com/securit... and http://arstechnica.com/securit...)

Personally, I use a lot of rather weak passwords. You know, for the site that insists I create an account to read it. Whatever, they get the "stupid" password. (And I mean "stupid".) Those are throwaway "accounts" that I couldn't care less if they were hacked. I know the password, because its "stupid", just like all the rest (or "stupid123" if they require numbers). OTOH, if it is a password for access to something I *do* care about it gets a computer generated password that is stored in a password safe. I don't care how hard it is to type, because I don't have to. I don't care how hard it is to remember, because I don't have to.

The only middle ground are login passwords (e.g., to a computer, or something I have to type into a mobile device, ugh!). There the ability to actually input the password can become a consideration, and for a desktop login it has to be memorable -- but when you don't have to remember a laundry list of passwords, the two or three you *do* have to remember aren't that bad (home system, work login, mobile phone -- you *do* lock your mobile devices, right?)

I'm going to go out on a limb here and guess you're someone who loves the recent hobby lobby decision that grants freedom of/from religion and specific religious rights to corporations. By the rationale of the decision a corporation owned by a muslim family should be able to enforce sharia on its employees. But you are comfortable believing that this cannot happen because you have faith that the courts will only give religious rights to corporations that are identifiable as christian.

Two faced hypocrites are the worst.

Actually, every file in the system does not have different time stamps and they tend to be in clusters (e.g., different groups of system files).

Timestamps can be manipulated in various ways and they are often taken at face value, but it does get quite a bit harder if the investigator digs deeper. For example, in your proposed situation the inodes for the newly created files would not be as expected for files having those time stamps.

and here I thought the tongue was so firmly planted in cheek, and in the context of a response to a sarcastic post, and with the absurd links, that -- ah well...

I think this is really what is bothering me about the MAYDAY PAC. The idea that the game can be beat by playing it on the terms of those who have rigged it... I understand the principle is to back politicians who will vote for reform, but a couple of seats -- even if it happens -- don't mean squat. Having a few bought-and-paid-for stooges who will vote for something doesn't actually work: it has to make it into a bill first, in a form that hasn't been mangled into the opposite of the intent, and brought to a vote. To actually get a bill into law requires seniority and support from senior politicians. And those will be the ones least susceptible the MAYDAY PAC. This seems like much ado about nothing.

I think the people behind it have good intentions, but I fail to see how the effort will produce any meaningful change or reform.

You know, I think you are on to something there. if that is the end goal then it must be stopped. The founding fathers were anti-democracy http://www.dailykos.com/story/... http://www.godlikeproductions.... http://www.thecommentfactory.c... and we, too, should be against the tyranny of the masses and promote the enlightened government by and for the elite. To this end it is imperative that the general public be kept uneducated and in the dark -- and above all, disempowered.

Don't say that like it is a bad thing. I *want* my devices to have predictable identities because that is how the home router knows what IP address to hand out. Same thing at work. Also understand that a repeatable MAC only links sessions locally: your MAC address is not advertised to the internet.

Now, what would be nice would be an option to only use the assigned MAC when associating to selected networks. E.g., home, work, a friend's, etc., but by default use a randomly generated MAC. The hotels I've been at "forget" your device quickly anyway requiring a new acceptance of the terms so using a random MAC per session wouldn't hurt any. That'd be great for hot spots.

More important is the IP6 address selection. I'm not sure of the current state of affairs, but last I knew MS Windows was the only one that respected privacy. Apple used the MAC to generate a predictable suffix which allows global unique device tracking no matter where you go in the world. Now, they were not alone in this and IIRC it was originally a recommended method. But it is ironic, given MS close ties to NSA spying, that MS Windows (Win7 home, I believe) was the one that would generate a new suffix periodically even on a single connection (e.g., each day the suffix would change).

do yourself a favor and don't ever try to represent yourself in a legal setting. Get a lawyer and follow their advice.

that isn't very hard. I have no special information and haven't read TFA, but presumably they select an Apple prefix and use an algorithm to generate the rest. It'll actually be pseudo-random, but that isn't a particularly relevant distinction as very few systems have true random number generation and approximate it by collecting entropy from various sources to see the algorithm.

Given the large space represented by just Apple prefixes, the odds of a collision are incredibly small. If they used other prefixes as well (to avoid leaking it was an Apple device) then the risk of collision drops even further. Given that it reverts to the assigned MAC for an actual connection it amounts to a low impact and trivial way to improve the anonymity of a device before associating with a network.

really? I know they were roundly accused of this with no evidence ever provided other than a bug which caused excessive *local* retention of location data. Interestingly, it came out at about the same time that *google* was in fact shipping the location data back to the mothership (something Apple doesn't do) with no retention limits evident.

As a company, Google *depends* on eliminating privacy -- it is the source of their revenue. Apple depends on hardware sales. So while they make some money by selling aggregated data (and try to foist obnoxious things like itunes radio on their users) that is not actually their core business nor a significant part of their revenue stream. When Apple advertised an earlier incarnation of icloud as being better privacy they didn't call out Google specifically -- they didn't need to. The people who cared already knew who they are talking about.

But somehow Apple is the anti-privacy company and google is okay. I never understand the fanboys.

If you want to bust on Apple, great, I'm all for it. Just bust them on things they are actually guilty of and don't try to misrepresent them. They've definitely done some bad things, but strangely they don't seem to get beat up for things they've really done (or the issue is misrepresented).

What I'm saying is that while it may be fun to trot out things like the "640K should be enough for everyone" to bust on Bill Gates that is an urban myth and he never said it. Instead, bust on him for things that he *did* do (like hire someone else to pirate CPM). Same for Apple and Jobs (I just have a somewhat better memory for the Microsoft end of things, hence using MS-centric example).

if they were brought to trial you would like it to be "fair"? Or, you think they *should* be brought to trial for their documented crimes, and that the trial should be fair?

Your repeated insistance that Snowden be kangaroo jury trialed has been repeatedly shown by your posts for the bunk that it is. Making half statements like this one that is just begging to be misread is misleading and dishonest.

Its okay, you can admit that you approve of the governments actions. It won't make people like you, but those who can appreciate honesty and abhor hypocracy won't see you in such a poor light as you are currently putting yourself in.