As a IT security professional that has worked at multiple employers who are covered by DHS regulations of one type or another, I can say the majority of the time the issue is not stuff this stupid, but is in fact entitled executive management and the fact that DHS regulation has no teeth until something happens. Then it is too late. Things like refusing to allow the PC's to be locked down or refusing to set IT policy that works via whitelist where you can use company equipment to access things relevant to work that have been pre-vetted. IT security is not hard if you simply get rid of the fucking egos. Whitelist, fail by default, based systems solve 99% of issues before they occur. They are very very cheap compared to any other system but entitled management prioritizes happiness of themselves or users over security. Listen to music on your phone. Install that app you want on your home PC. Your work equipment should work for only the things that have been pre-authorized and then it becomes very simple and very cheap to maintain security. And DHS needs to put teeth on companies that don't live by those requirements BEFORE the bad stuff happens.

The citizens should rebel by never going outside or going anywhere without wearing a Niqab regardless of wheter you are male or female, Christian, Jew, Muslim, or Athiest.

Please read deeper, my statement is not restricted to imessage and bubbles and is much more broad, but still to tackle your Apple fanboyism, let me state that you really don't get it. Apple is not secure for you, they are secure for them. Take for instance the case a few years back with the suspected terrorist when California was trying to get Apple to give them access to the phone. It is ridiculous because apple should not even be ABLE to give up your security to any government entity. If devices and protocols are configured securely, then only the endpoints define and control both the encryption and how it is implemented. If a company dictates what encryption is used and controls it, then you are NOT secure no matter what you believe. Message apps, by definition can not truly be secure from the end user perspective unless the encryption algorithm and mechanism is controlled by the user. i.e. add ons at the control of the user or even better, PRE-encryption with peer reviewed, open source, verifiable encryption before it ever even sees any messaging app. Apple pulled off a marketing coverup by somehow manipulating it so that no one ever asked the question, "why is it even possible for you to give up my security in the first place?"

To broaden it back up again, let look at a similar marketing miracle that happened during hurricane Katrina with Tesla. Tesla remotely enabled extended driving range as a "favor" to help people get out of the path of hurricane Katrina and turned into a marketing win. The correct question was never asked "why the fuck do you have access to something that someone else owns in the first place". The answer is that they shouldn't or at the VERY least, there should be government enforced controls that you do not have to allow them access to your equipment (car) after you have purchased it. They should not be able to change anything remotely or in person without the approval of the owner of the device and technically the owner should have that control directly even if they get pissy about it and threaten to void warranties if you cause battery damage.

Security is not security unless it is in the hands of the 2 endpoints and ONLY those endpoints, otherwise it is just fancy, pre-loaded malware that they suckered you into paying for.

I work in the IT security industry. This is absolutely untrue and is FUD of epic proportions. Hardware keys and tokens are typically coded with open source encryption that has been peer reviewed and the ability to swap out that software by the people on either end of the software or hardware (the only 2 parties that matter) is completely up to them.

Let me give an example using one of the biggest shitshows in IT, pinned certificates. It should never be an option for a company to hide communications from the owner of a given device. If an owner of the device decides they need to view or authorize any data coming out of their device going back to the company they should ALWAYS have that option. They are the owner of the device and they have EVERY right to know and authorize every bit of data that comes out of that device that may be reporting back to home base. Pinned certificates make this difficult to impossible. If regulations were in place that enforced that the companies could not prevent users from loading their own self signed certs and proxying traffic in a way that the owner of the device can see and take action on the traffic content. This does not make the system any less secure from an internet perspective. People in the middle without direct access to the hardware are still just as locked out.

So basically if a company is bitching about not being able to secure their product or service against the owner of the device, then they are in fact malware themselves. Owners should God of the items they own. If they misconfigure and allow access that is on them, not the company or the protocols or hardware being used. But it should be their right to configure it any way they want and they should have the right to say yes or no to every single thing that device does, from network connected wall plugs to automobiles.

Because this goes way deeper than just one service on one platform from one company. And the way things are done now, it hinders and slows technological progress. In addition, enforcing interoperability would give us all a much better level of interoperability WITHOUT enabling any company to become a monopoly and even if one company did create a product or service good enough that even, despite the above protections, somehow would up being a defacto monopoly in their chosen space... if they then used that monopoly to go off the rails and start artificially crippling features so they can be sold back to their consumers, it simply opens the door for another company to step right in and fill the void. It will ENFORCE competition much more than any other method currently and will force focus on new features and technology advancements to gain and retain customers instead of much slower advancement that uses crippling technologies to grind every cent out of their users at every opportunity.

In all of the digital space, there really needs to be government intervention to guarantee that artificial blocks to interoperability should be illegal. There is a term for it.... adversarial interoperability. But the thing is, if this were in place and couple with protections that hardware and software MUST be considered separate for all devices, technology would advance WAY faster, and competition would be much stronger if this were enforced by law. Anti competitive and anti consumer practices like artificially crippling hardware so that the functionality could be sold back to you would go away literally overnight. It would force actual innovation to get ahead rather than beating on consumers with these shit practices. Even in items like cars with subscriptions for heated seats. If you could swap out software or use software of your choice if one company decided to do stupid shit like this.

I guarantee you this is about accessing and controlling your data to a higher degree. I don't mind who does my system as long as it is usable and doesn't spew my data everywhere. At least with android auto its very easy to just keep an old phone paired to the car that isn't tied to a normal user account. Hiding in plain site. I guarantee you they are going to tell you you have buy yet another data connection also.

I got into a huge argument years back on the Homeassistant forums when homeassistant started banning plugins that did not use official API's. The biggest majority of homeassistant users are using homeassistant exactly because it allows controlling your home devices without having to authenticate to servers that you don't control and ask permission of someone else to control equipment behind your firewall. In my opinion everyone that went with change is getting what they deserve. Cloud controlled devices are a security joke. Connected devices are wonderful, but they should expose a local web interface or some other local API.

And if you do continue with his logic then you have to come to the ultimate conclusion that people are born either bad or good (within a spectrum of course), but the following logic is if someone falls on the bad end of the spectrum, then why should society allow them to pass their genes along?

I think you are focusing on the wrong word. CONNECTED devices are awesome. I want as much control as I can. But by connected and control, I mean me and me alone for things behind my firewall. I wanted connected things. I just refuse to have things that connect back to the manufacturer who I then I have to ask permission from to control a device behind my own firewall and who can see everything that is going on behind my firewall. Device manufacturers like using the word connected because they want less tech savvy people to believe that their way is the only way and that there is no choice other than using apps and servers that the person who owns the device doesn't control.

I was going to post that most of the best beer in Europe has very little hops at all compared to American crap. The really super strong Belgian Ale's for instance have VERY little hops in it. I'm really not a huge beer drinker, but I severely despise our crap in the United States. The only beer that I really enjoy is the Belgian trappist Chimay blue label grande reserve. Very strong alcohol content, very dark, very little hops. Beer in America is trash, especially lager, but even the ales are crap.

For two reasons, session is superior to signal. Primarily is also secure and verified original user, but also anonymous. Too many people try to break security and privacy into two separate things. But they are very closely related and you can not truly have security without also being able to be anonymous if you choose. The fact that signal ties the account to a phone number which is usually tied to a real person or can easily be tied to real person is not acceptable. Two people need to be able to verify that the people that exchange credentials are truly each other after that initial exchange, but they do not need to able to expose the real world identity of the other party if that party chooses not to exposed. Many times it is important that two parties trust the communication between each other but due to circumstances need the security of ensuring that neither side, nor the company creating the software, nor the carriers delivering the traffic can easily work out who the real person is behind the communication.

It isn't even better than most. I would argue that it is in fact worse. This legislation is still sorely underwhelming unless it completely addresses artificial crippling of devices when 3rd party components and 3rd party repair shops are ruled out. The only thing that Apple did was stall so they could get crippling software in place that allows then to lock out 3rd parties. Just fixing the devices is not sufficient. The legislation needs to ENFORCE that there is competition in both the parts and the repair arenas. Also, any software necessary should be free of charge to the owner of the device if they decide to self help.

Glad I'm not the only one. I was already semi-boycotting Sony even prior to the rootkit thing because of their insistence on using proprietary memory stick format for all their devices long after everyone else had adopted a standard... I think it was MMC at the time. But when they did the rootkit it has been a complete boycott for me. I have not given Sony a single cent of my money since then other than watching a few of the Spider-Man movies. Even then I felt dirty afterwards.

When any branch of government ever remotely tries to justify ANYTHING like this it is time to rid them from their positions. If the people in NYC and state aren't voting every fucking idiot out that supports this from the police in any remote way, they need to be removed. Police unions need to be stripped and removed. Cameras should not be able to be turned off by poilce. ALL police camera footage should immediately be accessible, no questions asked to anyone in any police interaction whatsoever. In addition to that, all police footage even when there is not an incident should have a regular citizen review board that constantly and randomly reviews footage from all cameras whether there is an active incident or not. Purely randomized review and if the camera is not worn or is covered, the police are not acting in an official capacity. This is the only way that police corruption will be rooted out. They need to brought down not just a notch, but they need their damn wings clipped.