Funny to call it reporting when it's more of an editorial by the renowned security researcher Bruce Schneier.
However, I'll defend his point: take the Monty Hall problem [https://en.wikipedia.org/wiki/Monty_Hall_problem]. The probabilities change, even when a door you didn't pick [and doesn't hold the prize] is opened.
I think this is a fair analogy. We've now gained knowledge about the existence of a vulnerability, and that knowledge makes everyone's device less secure [for a variety of reasons -- eg others know to look for the vulnerability, others know it can be bought, etc]. It doesn't matter that the vulnerability "has always been there" if nobody knew about it.
> The probabilities change, even when a door you didn't pick [and doesn't hold the prize] is opened.
That's the common misunderstanding of the problem. Most people think that the probabilities go fro 1/3, 1/3, 1/3 to 1/2, 1/2, after choosing a door and having Monty Hall open one of the others. The probabilities don't change.
The probabilities are 1/3, 1/3, 1/3 at the start. After you choose a door, they're still 1/3, 1/3, 1/3. Or a put a different way: 1/3 (your choice) 2/3 (what you didn't choose). When Monty Hall opens one of the other doors, the probabilities don't change. It's still 1/3 (your choice) 2/3 (what you didn't choose).
However, because he's removed one of the doors from the problem, the 2/3 probability is now applied to the remaining door.
That can be viewed as "probabilities changing" for the remaining door, but it's better described as the probabilities being shared between the doors you didn't choose.
This is a great clarification of how this problem works. I STILL can't grasp why you'd switch. Since you have no idea which door it is, couldn't the 2/3 probability be applied to either his door or your door? For all you know, the one that he removed was just one random one of the goat doors. Your chance of picking the car was 1/3 before, if you could have the car already, why would it be better to switch now that he removed which ever would definitely be a goat? It seems like you still have a 50/50 chance of getting the car and your chance of the one that remains (unpicked/unremoved) is just as likely to be the other goat as it is to be the car..
That said, I made a simulation of it where it does the following: 1. Assign random locations behind doors, 2. Player randomly chooses door, 3. Host excludes door (random if both are goats, goat if one is a car), 4. Player either switches, or doesn't switch based on what's chosen for that simulation (the full set gets one or the other)
After running 50,000,000 then dividing success/tries, my number is nearly exactly the same between the two. Is my simulation working incorrectly?
I find it clearer if you have 100 doors. Pick one. The host eliminates 98 doors [with no prize behind them].
Do you switch? Or do you stick with your original guess? As the parent mentioned, switching gives you a 99/100 chance of being correct, staying gives you a mere 1/100 chance.
Thanks for clarifying a very counter intuitive problem. I always struggled with this one, not anymore :) Sometimes scaling things up is the best way to understand things. Who knew!
I don't see why the other door has 99x more probability of being correct. It's still 50/50, original door or remaining door, the other 98 don't change the odds.
Your initial pick has a 1/100 chance of being right. If you switch, and you were right, you lose. On the other hand, your initial pick has a 99/100 chance of being wrong, and if you were wrong, and you switch, you win. So switch.
I've always flip-flopped on grasping the Monty Hall thing (sometimes I'd think I understand, other times not so much)... but this little guessing game really clarified it for me, once and for all. Thanks!
the behavior of the game host as he will never reveal the door with the car this is the key bit. If the door you picked is the correct one (1% chance) the host can open any door. If you picked incorrectly (99% chance) he can open any door except the winning door so the remaining door will be the correct one 99% of the time.
From the initial setup you have a 1/3 chance of choosing the correct door and a 2/3 chance of choosing the wrong door.
The key to this problem is the behavior of the game host as he will never reveal the door with the car. So, after he reveals the contents of one of the doors, if you choose not to switch, you still only have a 1/3 chance of having chosen the door with the car.
On the other hand, if you choose to switch, 2/3 of the time you will have chosen incorrectly initially, and under the switching strategy, those 2/3ds of the time you are guaranteed to win the car. Hence, you have a 2/3ds chance of winning under the switching strategy, vs a 1/3d chance of winning under the "staying" strategy.
> For all you know, the one that he removed was just one random one of the goat doors.
The key observation is that the problem states that Monty Hall opens an empty door. It's not clear whether Monty knows which doors are empty, but it doesn't actually matter, since the problem states that he will always open an empty door.
As others have said, your choice as a contestant is whether to take one door (the one you initially pointed at), or to take the other two doors (at least one of which is obviously empty). Stated that way, it's pretty obvious that taking 2 doors is better than taking 1 door.
The important bit is that Monty will never choose to show you the winning door, and he will always show you a door after you pick a door and before asking you if you want to switch. He always opens a losing door.
The location of the prize and the player choice of door are independent events. Monty's choice is dependent on whether the player choice and the prize location are the same. Monty will never open the door the player picked. Monty will never reveal the prize. Those rules generate exploitable information for the player.
Here is the complete probability tree, and two possible strategies of play:
Prize behind door A; P = 1/3 ALWAYS STAY strategy:
Player picks door A; P = 1/3 * 1/3 = 1/9 P(WIN) = 1/18 + 1/18 + 1/18 + 1/18 + 1/18 + 1/18
Monty shows Door B; P = 1/3 * 1/3 * 1/2 = 1/18 = 6/18
Player stays with A; WIN = 1/3
Player switches to C; LOSS P(LOSS) = 1/9 + 1/9 + 1/9 + 1/9 + 1/9 + 1/9
Monty shows Door C; P = 1/3 * 1/3 * 1/2 = 1/18 = 6/9
Player stays with A; WIN = 2/3
Player switches to B; LOSS
Player picks door B; P = 1/3 * 1/3 = 1/9 ALWAYS SWITCH strategy:
Monty shows Door C; P = 1/3 * 1/3 * 1/1 = 1/9 P(WIN) = 1/9 + 1/9 + 1/9 + 1/9 + 1/9 + 1/9
Player stays with B; LOSS = 6/9
Player switches to A; WIN = 2/3
Player picks door C; P = 1/3 * 1/3 = 1/9 P(LOSS) = 1/18 + 1/18 + 1/18 + 1/18 + 1/18 + 1/18
Monty shows Door B; P = 1/3 * 1/3 * 1/1 = 1/9 = 6/18
Player stays with C; LOSS = 1/3
Player switches to A; WIN
Prize behind door B; P = 1/3
Player picks door A; P = 1/3 * 1/3 = 1/9
Monty shows Door C; P = 1/3 * 1/3 * 1/1 = 1/9
Player stays with A; LOSS
Player switches to B; WIN
Player picks door B; P = 1/3 * 1/3 = 1/9
Monty shows Door A; P = 1/3 * 1/3 * 1/2 = 1/18
Player stays with B; WIN
Player switches to C; LOSS
Monty shows Door C; P = 1/3 * 1/3 * 1/2 = 1/18
Player stays with B; WIN
Player switches to A; LOSS
Player picks door C; P = 1/3 * 1/3 = 1/9
Monty shows Door A; P = 1/3 * 1/3 * 1/1 = 1/9
Player stays with C; LOSS
Player switches to B; WIN
Prize behind door C; P = 1/3
Player picks door A; P = 1/3 * 1/3 = 1/9
Monty shows Door B; P = 1/3 * 1/3 * 1/1 = 1/9
Player stays with A; LOSS
Player switches to C; WIN
Player picks door B; P = 1/3 * 1/3 = 1/9
Monty shows Door A; P = 1/3 * 1/3 * 1/1 = 1/9
Player stays with B; LOSS
Player switches to C; WIN
Player picks door C; P = 1/3 * 1/3 = 1/9
Monty shows Door A; P = 1/3 * 1/3 * 1/2 = 1/18
Player stays with C; WIN
Player switches to B; LOSS
Monty shows Door B; P = 1/3 * 1/3 * 1/2 = 1/18
Player stays with C; WIN
Player switches to A; LOSS
If your simulation does not conform with the mathematically derived result, your simulation is incorrect.
The most clear way that I've heard it described is by scaling it up to 100 doors or so, and then removing 98 doors instead of removing 1. (This is mentioned elsewhere in the thread.) It would be interesting to see the results of your test using this method. It seems intuitively clear with 100 doors that switching is the better method.
I only started to understand how to look at this problem once I realized the host was going to eliminate a bad door _no matter what was chosen_. Of course if you have already selected a bad door he won't eliminate it.
Another useful exercise is to stretch the number of doors to some large N and suppose the choice was posed repeatedly with a decreasing number of doors. If you can have anywhere from 2 to N guesses and as N decreases the number of bad doors decreases, it seems more obvious that you should always switch.
> That's the common misunderstanding of the problem...
You've got a choice here... you can either interpret "The probabilities change" as meaning the probabilities of a given door being correct at the start (which would be a misunderstanding) or you could interpret it from the pragmatic angle; the probability of success if you switch doors after one is taken away.
Given the context I'm inclined to believe that wrsh07 intended the latter.
This is good reasoning. Unlike other probability puzzles, the new information isn't useful in this one.
P(my first choice was right) = P(my first choice was right | given that I've been shown a goat in another door)
It's my second-favorite probability puzzle; my favorite is the one in which the new information has no relevance at all but still changes the probabilities, the "not both daughters" problem.
I should have just given the other problem, sorry for the laziness.
Your friend tells you that she has two children. They're not both boys, she adds. What are the odds that they're both girls? (Obviously 1/3).
When she tells you that one child is named Mary, the odds that they're both girls change (to 1/2)! Even though you knew that at least one of the children was a girl, and the name might as well be arbitrary, and the new information seems useless... the odds have changed.
It's nontrivial to work this one out; exercise for the reader.
Presuming A and B to be independent events
(first child is a girl, second child is a girl)
P(A) = 1 - P(!A) = 1/2
P(B) = 1 - P(!B) = 1/2
P(A and B) = P(B|A) * P(A) = 1/2 * 1/2 = 1/4
P(A and !B) = P(!B|A) * P(A) = 1/2 * 1/2 = 1/4
P(!A and B) = P(B|!A) * P(!A) = 1/2 * 1/2 = 1/4
P(!A and !B) = P(!B|!A) * P(!A) = 1/2 * 1/2 = 1/4
Good so far.
But the probability later on depends on how you find out that at least one of your friend's children is a girl. If your friend tells you a random fact about her whole family, the probability is 1/3. If she tells you a fact about a randomly chosen child, the probability is 1/2.
You can presume from "they're not both boys" that the statement is equivalent to "there is at least one girl". When she tells you the name, you now know "a specific child of mine is a girl".
"Not both boys" gives you the precondition "!(!A & !B)" which equates to "A or B".
P(A or B) = P(A and B) + P(A and !B) + P(!A and B) = 3/4
P(A and B|A or B) = P(A or B|A and B) * P(A and B) / P(A or B) = 1 * 1/4 / 3/4 = 1/3
"Mary is a girl" gives you either the precondition "A" or the precondition "B"
P(A and B|A) = P(A|A and B) * P(A and B) / P(A) = 1 * 1/4 / 1/2 = 1/2
P(A and B|B) = P(B|A and B) * P(A and B) / P(B) = 1 * 1/4 / 1/2 = 1/2
These are both the same number, so that works out fine.
Now see if you can work it out if your friend told you this beforehand:
Between pregnancies, I had an accident that resulted in an odd medical condition. The doctors said that after it happened, 50% of boy fetuses that otherwise would have resulted in pregnancy would simply fail to implant, and I wouldn't even know about it.
Now there's an all new ambiguity. How do you decide whether your friend was planning on having two children all along, or if she has two children because that's how many times she got pregnant?
Remember, those odds are the level of certainty you have that a given statement may be true based only on what you already know. You can also assign a level of certainty to the facts you think you know.
Given the number of ways to mishear "Mary" and the dialectical variant in pronunciation characterized by the Mary-marry-merry merger, I'd tentatively assign the following values:
25% One child is a girl. (Heard correctly)
25% One child is a boy. (Heard incorrectly)
50% No new information. (Incomprehensible or ambiguous)
In the first case P(A and B|A) = P(A and B|B) = 1/2
In the second, P(A and B|!A) = P(A and B|!B) = 0
In the third, P(A and B|A or B) = 1/3
In any case, you're just guessing at the probability you might mishear something, so there's no definitive answer. The mere possibility that I might have heard a boy's name means that the overall probability could be anywhere between 0 and 1/2. By the above, my new odds are 5/12.
So the odds do change, based on your confidence in what you heard (and your confidence that your friend isn't the kind of parent to name her son "Meriadoc" or something similar).
This assumes you always open a door, that door never holds the prize, and there is exactly 1 prize.
You could run (ed:a similar game with different rules) such that the odds go 1/3,1/3,1/3 to 1/2, 1/2 if you flipped a coin to chose the second door and sometimes show the prize. Alternatively, if you chose when to open the second door, you could make swapping a very good (100%) or very poor choice (0%).
Worse, you could swap what's behind the doors after they chose.
Which IMO is why people find this so confusing. In the real world the odds presented may or may not line up with the actual odds. aka unknown unknowns.
Flipping a coin to "to chose the second door and sometimes show the prize." has no impact on the probabilities. The parent is correct - there is a 2/3 chance the prize exists under one of the other two doors, and if one of them is shown not to have the prize (through random flipping, deliberate selection, whatever) - then the final door now has a 2/3 chance to have the prize.
If one of the doors is shown to not have the prize, the odds are now 1/2 when the choice of reveal door is made randomly. That's because 1/3 of the time, you're not even offered the chance to switch, since it's pointless.
I'll run the trials here. Assume the first two doors have the goat, and the third door has the car.
Pick Reveal Switch? Outcome
---- ------ ------- -------
1 2 Y 3 Car
2 1 Y 3 Car
3 1 N 3 Car
3 2 N 3 Car
1 2 N 1 Goat
2 1 N 2 Goat
3 1 Y 2 Goat
3 2 Y 1 Goat
1 3 - No chance to switch
1 3 - No chance to switch
2 3 - No chance to switch
2 3 - No chance to switch
Meaning, given that you've made it to the point that an offer to switch doors is presented, there is no advantage to do so (or not do so).
But in the actual game, you are always given the chance to switch. Here are the possible outcomes of the game, with the third column being what the contestant should do to win:
You Pick Car Switch?
------- ----- ------
1 1 N
2 1 Y
3 1 Y
1 2 Y
2 2 N
3 2 Y
1 3 Y
2 3 Y
3 3 N
Without knowing anything else, switching means that you win 2/3 of the time.
Your comment (EDIT: Sorry, not yours, but parent) was talking about a random flip of coin determining which door Monty shows. That's not the actual game. If Monty is randomly showing a door without regard to goat/car, then you have to also consider the scenarios where he reveals a car and you lose early.
If, while randomly flipping a coin, he reveals the car then you have a 0% chance of winning. If he doesn't reveal a car then you have a 2/3 chance of winning if you switch doors.
In this scenario, Monty's door choice and your door choice are completely independent actions. Because of this, you gain no new information from the door he reveals. In the classic version of this puzzle (where Monty always reveals a goat), you do gain information, because most of the time Monty's forced to choose the only other goat, and therefore avoid the car.
The switching strategy is effective because it relies on Monty's avoidance of the car. When Monty isn't trying to avoid the car, his revelation doesn't help you out at all. It just tells you that you either (A) now have a slightly better chance (50%), or (2) you've already lost. (0%).
EDIT: Also see the table on this wikipedia article. It lists probabilities for all the different variants of the MHP. Your scenario is referred to as the Monty Fall or Ignorant Monty variant.
"Monty Fall" or "Ignorant Monty": The host does not know
what lies behind the doors, and opens one at random that
happens not to reveal the car
(Granberg and Brown, 1995:712) (Rosenthal, 2005a) (Rosenthal, 2005b).
Switching wins the car half of the time.
When you originally pick a door - there are three. (We all agree on this). Because you are picking at random, and the prize is only behind one door, there is a 1/3 chance that you have picked the right door. (likewise, We can all agree on that.) Therefore, I think we can all agree that there is a 2/3 chance that the prize exists behind one of the other two doors.
Let us take your approach, and have Monty flip a coin, revealing ANY door at random.
If he flips your door, and you have the prize - You have a 100% chance of winning.
If he flips your door, and you have the goat, 0% chance of winning. Those two scenarios are easy, and we can ignore them.
Likewise, if he flips the coin, and shows one of the other two doors, and they have the prize - then, once again - easy - 0% chance of winning. We can ignore these scenarios.
I think up to this point, we can agree on all of the above scenarios. (They are win/lose)
Where it gets complex, he flips a coin, selects one of the doors you aren't on, and reveals a goat.
Given that you had a 1/3 chance originally of winning, and a 2/3 chance of not winning, and given that Monty has now revealed that one of the other two doors (By chance) does not have the car, your 2/3 chance of not winning is still the same, but now it applies to only a single door - I.E. You have a 66% chance of winning by selecting that other door - and the fact that Monty selected that door by chance, is irrelevant.
Unfortunately, despite my (flawed) apparently logical argument - I'm completely wrong, and you are correct.
from random import *
def putPrizeInDoor():
doors=[0,0,0]
door_winner=randint(0,2)
doors[door_winner]=1
return doors
trials=100000
testCount=0
win=lose=0
for x in range(trials):
doors=putPrizeInDoor()
userSelects=randint(0,2)
montyReveals=randint(0,2)
if montyReveals==userSelects: # Monty reveals the door user is on
pass
else:
if doors[montyReveals]==1: # Monty Revealed the prize.
pass
else: # this is where it's interesting - Monty reveals, at random, door not winning that user not on.
revealedDoors=set([montyReveals,userSelects])
newUserChoice=list(set([0,1,2])-revealedDoors)[0]
testCount+=1
if doors[newUserChoice]==1:
win+=1
else:
lose+=1
print ("Tested: {} Wins: {} Lost: {} Percentage: {:.2f}".format(testCount,win,lose,win/testCount))
It's interesting that the deliberate selection by Monty of the goat, increases my chance from 33% to 66% if I switch, but the random selection by Monty of the goat, only increases my chance from 33% to 50% if I switch. I'm not really sure where the argument I made breaks down, but, empirically, it's clearly broken. I'll have to meditate on it a bit to see where I've gone awry.
I must say this is one of the best comments I have seen on HN. I don't know if this helps you meditate on the game or not, but this is how I walk though the logic.
1/3 of the time you picked correct: 100% of those worlds he shows a goat. 1/3 of the time you picked wrong and he shows a goat. 1/3 of the time you picked wrong and he shows a car.
So your overall odds are 1/3 of winning if you don't change AND 1/3 of the time you don't get the chance to change.
Thus, your overall chances of winning in this case is 1/3. But, if he shows you a goat your odds are bumped to 1/3: 1/3 or 50/50.
Thanks for this comment! I thought this thread was dead.
I was searching for online simulators that let me tweak the rules of the game, but I could only find those that follow the original rules of the puzzle.
In thinking more about the Ignorant Monty scenario, I realized it's equivalent to having 3 contestants pick doors:
Me
Montgomery
Switchy McSwitcherson
First I pick a door. Then Montgomery picks a door. Finally Switchy McSwitcherson gets the remaining door. Once all the picking is done, Montgomery opens his door first, and is saddened to see a goat. At this point, who is more likely to win? Me or Switchy McSwitcherson? Since we both had 1/3 initial odds, there's symmetry there, and one of us can't reap all the odds-boosting.
But the classic puzzle is more like a 2-contestant game, where I pick a door, the host selects a goat to reveal (and reveals it), then Switchy McSwitcherson is assigned the remaining door. In that scenario, I'm mad that they made me pick first before the host eliminated a door for Switchy. Switchy enjoys all the odds boosting.
> Funny to call it reporting when it's more of an editorial by the renowned security researcher Bruce Schneier.
I respect Bruce and he's done a ton of great work, but I obviously disagree with him on this point. I do not believe governments (especially ones engaged in clandestine surveillance operations) have an obligation to share security vulnerabilities with companies. But neither do those companies have an obligation to create vulnerabilities for the governments to exploit (on the contrary; the companies have an obligation to find and fix the holes in their products).
> It doesn't matter that the vulnerability "has always been there" if nobody knew about it.
There's no guarantee that nobody knew about it, and that's the problem. Information asymmetry is a bitch, but the safest assumption is that someone else did indeed know about it, and then told the FBI. If someone was willing to tell the FBI, it's a safe bet the security community knows about this exploit.
Also, if I was the FBI I would intentionally try to obfuscate my capabilities as much as I can. I would want people to think I can hack every iPhone at any time, even if I can't.
> I do not believe governments (especially ones engaged in clandestine surveillance operations) have an obligation to share security vulnerabilities with companies.
So I take it then you don't believe in a government "for the people"? Like it or not, Apple is legally a person, and even tossing that aside, we know that many of Apple's customers are American citizens, and this whole idea of "keeping knowledge from you for your own good" just reeks of the patronizing oligarchy that the US government has become known for.
Lest you jump to the argument that this would endanger operations, I would still point out two very salient facts: this information is not intelligence data, and as Schneier pointed out, this attack can be used against many in the US government, including FBI agents in the field. Getting it fixed is the right thing to do.
Presuming security is when someone says "restricted data should not be [handled] on a mobile device". Spills happen, intentionally or otherwise. This security hole should be fixed before a field agent gets his iPhone hacked by the Chinese.
> Lest you jump to the argument that this would endanger operations, I would still point out two very salient facts: this information is not intelligence data, and as Schneier pointed out, this attack can be used against many in the US government, including FBI agents in the field. Getting it fixed is the right thing to do.
I agree with you that given the facts we know today, notifying Apple is the right thing to do. But I also think the FBI should have some latitude in deciding what is in its best interest; and if they're making their own agents vulnerable to an exploit they know exists -- well, that's dumb and I hope it bites them in the ass.
We do not even know if the FBI knows the vulnerability. The phone could have been attacked by a contractor working for the FBI without the contractor sharing the tools.
This is a great point. Cellebrite's known for their black box approach. Law enforcements and Courts can send their locked iPhone and get it back unlocked. They'll just get the job done without knowing what was actually performed on the phone. This might as well be the case here.
Don't think so, it's basically like lock picking a suspect's apartment with a warrant. What is found should be valid evidence, no?
Law enforcement can break the door or call a locksmith and pay him for his service. In this case Cellebrite's the locksmith.
That seems reasonable, but usually investigators would be on the scene while the locksmith works. If the process is a black box that happens while the device is in Cellebrite's possession isn't it more like calling up the locksmith from the precinct and saying "hey, could you open up the apartment at this address and call us when you're done? Don't go inside or touch anything though, thanks!" What prevents Cellebrite employees from planting or deleting evidence after the device is unlocked and before returning it? What guarantees are there that Cellebrite's unlocking process doesn't intentionally or unintentionally modify some other aspect of the device? Scouts honor? What if their process is to just flash a new rom filled with child porn and no passcode then skip merrily to the bank to cash their checks?
Yep, I understand that. I don't think that was posed as a problem in the Italian case I know of, although I think that in the U.S. rules on the chain of custody are stricter, indeed. That's a good point.
> I respect Bruce and he's done a ton of great work, but I obviously disagree with him on this point. I do not believe governments (especially ones engaged in clandestine surveillance operations) have an obligation to share security vulnerabilities with companies.
Interesting. What obligations do governments have? On the one hand we have government agencies (the CPA, e.g.) whose entire function is to protect consumers from bad products and marketing. On the other hand there's the many regulatory and standards bodies, which are to ensure orderly marketplaces and discourage anti-competition. Then there's an agency that protects the environment, one that administers health, education....yet there's no obligation to disclose security vulnerabilities? Hmmppf. I'm stumped.
Here's the oath stated by FBI agents when they join [1],
> I [name] do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter. So help me God.
"Our mission is to help protect you, your children, your communities, and your businesses from the most dangerous threats facing our nation—from international and domestic terrorists to spies on U.S. soil…from cyber villains to corrupt government officials…from mobsters to violent street gangs…from child predators to serial killers."
Our mission is to help protect ... your businesses ... from cyber villains. The FBI acknowledges right on their home page that they have an obligation to share security vulnerabilities with companies.
> I do not believe governments (especially ones engaged in clandestine surveillance operations) have an obligation to share security vulnerabilities with companies.
Is this view particular to software defects? For example, do government inspectors have an obligation to report food safety violations that they've discovered? In either case, the problem puts the public at risk.
> I respect Bruce and he's done a ton of great work, but I obviously disagree with him on this point. I do not believe governments (especially ones engaged in clandestine surveillance operations) have an obligation to share security vulnerabilities with companies. But neither do those companies have an obligation to create vulnerabilities for the governments to exploit (on the contrary; the companies have an obligation to find and fix the holes in their products).
How do you determine if a vulnerability was there because it was overlooked in development, or if it was there because the government demanded it from the company but used the law to impose a gag order on the company preventing the public from finding out about it?
> How do you determine if a vulnerability was there because it was overlooked in development, or if it was there because the government demanded it from the company but used the law to impose a gag order on the company preventing the public from finding out about it?
You don't; but that's possible today with the way the gag orders and FISA courts work. That's a real problem around transparency in our legal system; which IMO is a different issue from transparency around security issues relating to privately-developed products.
That's a really interesting viewpoint. Thanks for sharing it.
In my opinion the government should be obliged to share the vulnerability for the purposes of the keeping the rest of the users safe from the same exploit, whether executed by the government or executed by somebody else.
In summary, I disagree with you but I'm glad I took the time to ask you about your view since I learned something new.
It amazing how many people still don’t get the Monty Hall problem. Its lesson is that the probabilities do NOT change – until we make a choice!. That’s why it’s better to switch once we see the goat behind door 1. The probability of our having made a good choice, initially (1 in 3), has NOT changed even though there are now only two ‘choices’. But they are not REALLY choices because we’ve ALREADY chosen. The probability can only change if we make a NEW choice, because the ‘probability’ that we’re discussing is the probability that our choice, at the time it was made, would produce a result that we wanted. The iPhone 5 is clearly no less secure now than it was then. But we can switch.
The iPhone 5 is now less secure because attackers now know that there is a vulnerability, and they will find it. If, previously, they had thought there wasn't a vulnerability, they might have invested fewer resources in hacking it. That is now no longer the case.
Increasing the number of people who will find exploits on a device, will reduce the security of that device.
Put another way - a platform that no (talented) engineers are attempting to find exploits for is more secure than the same platform if many talented engineers put their time into finding exploits for it.
Well, Monty doesn't know (or care about) your choice. He's 'constrained' by the fact that his 'probability' is 100%: he knows where the goats and car are.
You’re right. I forgot that you had to tell him which door you wanted to open (instead of just saying that you've decided on a door - like the FBI as just SAID that they've cracked the iPhone5). But it doesn’t matter because Monty was always going to open one of the two goat doors, and the one that he opens doesn’t matter to the 1/3 probability that you picked the car door. Your probability of getting the car ALWAYS doubles when you switch (even though you still may not get it).
I have to respectfully disagree here. There are bugs in iOS, iPhones and pretty much everything. It would be naive and foolish to think that any electronic device you use doesn't have bugs.
It would also be remiss to think that people aren't looking for the vulnerabilities, people like Stefan Esser have plenty of research documenting the security mechanisms and flaws in iOS, and in the hardware. People have crawled over the hardware and software documenting everything, looking for bugs. People have bugs we haven't heard about because they put the time in to go down the avenues that lead nowhere in order to find them. The people that would find these bugs have a deep knowledge and understanding of the internals of the devices in question, and some suspicion of how they would be applied in this situation. They are not people who would go from zero knowledge to chasing 0day without at least a decent lead as to what the FBI's third party did.
The thing is, the FBI are not obligated to hand over their bugs, nor are the third party. It's the third party's trick, they found it, if they want to keep it it's their right to do so.
Asserting that somehow because someone has specific 0day (designed to bypass unlocks when the phone is in their physical possession for an extended period of time) and doesn't want to share makes us all less secure is incredibly ingenuous and a logical fallacy at best.
I really don't see how this relates to the Monty Hall problem. The FBI just revealed how to unlock an encrypted phone. That's like opening the door with the car behind it.
According to the article, the vulnerability was known. All that changed is the FBI got somebody to use it.
I would agree with the "less secure" bit if the FBI had uncovered the vulnerability, or asked some third party to do it. But since they just used something that was already known, the "less secure" statement makes no sense to me.
It would be a better analogy if they had actually revealed anything, instead of just saying that they had. This was more like telling us which door had a car behind it and trusting us to believe them.
However, I'll defend his point: take the Monty Hall problem [https://en.wikipedia.org/wiki/Monty_Hall_problem]. The probabilities change, even when a door you didn't pick [and doesn't hold the prize] is opened.
I think this is a fair analogy. We've now gained knowledge about the existence of a vulnerability, and that knowledge makes everyone's device less secure [for a variety of reasons -- eg others know to look for the vulnerability, others know it can be bought, etc]. It doesn't matter that the vulnerability "has always been there" if nobody knew about it.