It means on what basis can you stand and say to people who's lives may be at risk that you trust apple's press releases?
Please don't respond with the strawman you keep using of Iphone vs. Android. I am not arguing that Android is more secure. I am saying that taking either to meet an at risk source is bad. Your advice on this forum will contribute to journalists feeling comfortable doing this.
I want to preface this with an apology, because I don't think there's a way to say this without sounding cliquish. For that, I apologize in advance, but because your account appears to be relatively new, I feel like this is somewhat necessary. If this account is a re-roll of a previous one, then I doubly apologize.
Things you probably don't know (whether based on account age or admissions within this thread):
* tptacek has been an exceedingly active member of this forum for many, many years
* tptacek has been giving us all free security advice for as long as I can recall
* tptacek has founded at least two successful companies primarily dealing with security
* tptacek has, in the past, given much advice that I've considered questionable at the time, but which has proven to be right to me after I've learned enough to realize my errors
And because that all sounds very much like an appeal to authority, I apologize again, but here's the thing -- the comments he made that you object to, and consider to be trolling? They're spot on. I'm not saying that you should believe him because he has a history of making believable claims. What I am saying is that you should believe him because he's far more versed on the subject at hand than you are, and that's by your own admissions within this thread.
It's worth taking a step back here and asking yourself how well you actually know the things you think you know in regards to this thread. I am honestly not savvy enough on mobile security anywhere near capably enough to suggest that he's right and that you're wrong, so please don't assume that's what I'm doing here -- but many of the people you're arguing with in this thread are people who have the requisite bona fides to make their claims with confidence, and while you are boldly asserting the opposite, you acknowledge that this is not your field of expertise, and that you haven't bothered to learn reverse engineering.
Again, if this seems harsh, please know that it isn't intended to. Language is clumsy, and I'm not its best handler on the best of days, but while you might be 100% correct in every one of the claims you've made, the consensus seems to be otherwise, and you haven't done a good job of convincing me that you should be believed over someone who literally pays their bills through the dispensation of their subject matter expertise on this type of material.
Because of the fantastic community, it's obvious that HN is a great place to teach and to learn. Knowing which to do, and when isn't always so obvious. Most of us have made that mistake in the time. Consider whether or not you may be making it now, or figure out how to better support your claims so as to teach more effectively, but cat-pawing at each other throughout the entire thread isn't doing anyone any favors.
Thanks, but I'm not even asking him to trust me in this particular subthread. The point he made, about the NSA having better reverse engineers than everyone else, really does seem to me to be a non-sequitur.
Reverse engineering isn't zero sum. The benefit you get from reverse-engineering a closed platform doesn't vanish when someone else reverse-engineers the platform, just like your ability to read open source code isn't damaged by NSA's ability to read it faster.
Please provide some references to back up any of your claims in this or other threads. By references I mean articles by other reputable researchers (preferably peer reviewed). Blog posts and summaries of your chat logs do not count. As you are a researcher this will not be hard (a quick search in your reference manager software should suffice) - or a link to one of your articles from which I can follow the citations.
I've been on here for years. I just don't tend to remember my passwords very well :).
I am very familiar with the OPs posts. I do not want this to become personal. If you re-read this thread (and others in this discussion you might notice that.)
