Its being reported elsewhere that future new teslas will not have basic autopilot (the name Tesla use for the standard lane keep assist they offer) at all, the only way to get any form of lane keep assist will be to subscribe to FSD. The wording in the ars article linked here does a terrible job of explaining the change. Existing Teslas which already have basic Autopilot will still continue to have the feature.
New Teslas will now only have "Traffic Aware Cruise Control" as standard without lane assist, i.e. keeps pace with traffic and can stop/start, but user still has to provide steering input.
Isn’t lane keeping pretty standard for most new cars?
It’s like an upside down freemium model - try out our basic self driving product, which is (now) the worst in the market, so you’ll convert to the premium FSD offering.
Of course Apple offers a similar feature. I know lots of people here are going to argue you should never share the key with a third party, but if Apple and Microsoft didn't offer key escrow they would be inundated with requests from ordinary users to unlock computers they have lost the key for. The average user does not understand the security model and is rarely going to store a recovery key at all, let alone safely.
Apple will escrow the key to allow decryption of the drive with your iCloud account if you want, much like Microsoft will optionally escrow your BitLocker drive encryption key with the equivalent Microsoft account feature. If I recall correctly it's the default option for FileVault on a new Mac too.
If they say they don't, and they do, then that's fraud, and they could be held liable for any damages that result. And, if word got out that they were defrauding customers, that would result in serious reputational damage to Apple (who uses their security practices as an industry differentiator) and possibly a significant customer shift away from them. They don't want that.
The government would never prosecute a company for fraud where that fraud consists of cooperating with the government after promising to a suspected criminal that they wouldn't.
That's not the scenario I was thinking of. There are other possibilities here, like providing a decryption key (even if by accident) to a criminal who's stolen a business's laptop, or if a business had made contractual promises to their customers, based on Apple's promises to them. The actions would be private (civil) ones, not criminal fraud prosecution.
Besides, Apple's lawyers aren't stupid enough to forget to carve out a law-enforcement demand exception.
Terrible security... compared to what? Some ideal state that exists in your head, or a real-world benchmark? Do you expect them to ignore lawful orders from governments as well?
Cooperating with law enforcement cannot be a fraud. Fraud is lying to get illegal gains. I think, it's legally ok to lie if the goal is to catch a criminal and help the government.
For example, in 20th century, an European manufacturer of encryption machines (Crypto AG [1]) made a backdoor at request of governments and never got punished - instead it got generous payments.
None of these really match the scenario we're discussing here. Some are typical big company stuff, some are technical edge cases, but none are "Apple lies about a fundamental security practice consistently and with malice"
That link you provided is a "conspiracy theory," even by the author's own admission. That article is also outdated; OCSP is as dead as a doornail (no doubt in part because it could be used for surveillance) and they fixed the cleartext transmission of hardware identifiers.
Are you expecting perfection here? Or are you just being argumentative?
> That link you provided is a "conspiracy theory," even by the author's own admission.
"Conspiracy theory" is not the same as a crazy, crackhead theory. See: Endward Snowden.
Full quote from the article:
> Mind you, this is definitionally a conspiracy theory; please don’t let the connotations of that phrase bias you, but please feel free to read this (and everything else on the internet) as critically as you wish.
> and they fixed the cleartext transmission of hardware identifiers
Have you got any links for that?
> Are you expecting perfection here? Or are you just being argumentative?
I expect basic things people should expect from a company promoting themselves as respecting privacy. And I don't expect them to be much worse than GNU/Linux in that respect (but they definitely are).
It was noted at the bottom of the article as a follow up.
> I expect basic things people should expect from a company promoting themselves as respecting privacy. And I don't expect them to be much worse than GNU/Linux in that respect (but they definitely are).
The problem with the word “basic” is that it’s entirely subjective. What you consider “basic,” others consider advanced. Plus the floor has shifted over the years as threat actors have become more knowledgeable, threats more sophisticated, and technologies advanced.
Finally, the comparison to Linux doesn’t make a lot of sense. Apple provides a solution of integrated hardware, OS, and services. Linux has a much smaller scope; it’s just a kernel. If you don’t operate services, then by definition, you don’t have any transmitted data to protect. Nevertheless, if you consider the software packages that distros package alongside that kernel, I would encourage you to peruse the CVE databases to see just how many security notices have been filed against them and which remain open. It’s not all sunshine and roses over in Linux land, and never has been.
At the end of the day, it's all about how you weigh the evidence. If those examples are sufficient to tip the scales for you, that's your choice. However, Apple's overall trustworthiness--particular when it comes to protecting people's sensitive data--remains high for in the market. Even the examples you posted aren't especially pertinent to that (except for iCloud Keychain, where the complaint isn't whether Apple is securely storing it, but the fact that it got transmitted to them in the first place, and there exists some unresolved ambiguity about whether it is appropriately deleted on demand).
> Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order.
Nope. For this threat model, E2E is a complete joke when both E's are controlled by the third party. Apple could be compelled by the government to insert code in the client to upload your decrypted data to another endpoint they control, and you'd never know.
This is a wildly unrealistic viewpoint. This would assume that you somehow know the language of the client you’re building and have total knowledge over the entire codebase and can easily spot any sort of security issues or backdoors, assuming you’re using software that you yourself didn’t make (and even then).
This also completely disregards the history of vulnerability incidents like XZ Utils, the infected NPM packages of the month, and even for example CVEs that have been found to exist in Linux (a project with thousands of people working on it) for over a decade.
You're conflating two orthogonal threat models here.
Threat model A: I want to be secure against a government agency in my country using the ordinary judicial process to order engineers employed in my country to make technical modifications to products I use in order to spy on me specifically. Predicated on the (untrue in my personal case) idea that my life will be endangered if the government obtains my data.
Threat model B: I want to be secure against all nation state actors in the world who might ever try to surreptitiously backdoor any open source project that has ever existed.
I'm talking about threat model A. You're describing threat model B, and I don't disagree with you that fighting that is more or less futile.
Many open source projects are controlled by people who do not live in the US and are not US citizens. Someone in the US is completely immune to threat model A when they use those open source projects and build them directly from the source.
We're talking about a hypothetical scenario where a state actor getting the information encrypted by the E2E encryption puts your life or freedom in danger.
If that's you, yes, you absolutely shouldn't trust US corporations, and you should absolutely be auditing the source code. I seriously doubt that's you though, and it's certainly not me.
The sub-title from the original forbes article (linked in the first paragraph of TFA):
> But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
...is completely utterly false. The journalist swallowed the marketing whole.
Okay, so yes I grant your point that people where governments are the threat model should be auditing source code.
I also grant that many things are possible (where the journalist says "isn't possible").
However, what remains true is that Microsoft appears to store this data in a manner that can be retrieved through "simple" warrants and legal processes, compared to Apple where these encryption keys are stored in a manner that would require code changes to accomplish.
These are fundamentally different in a legal framework and while it doesn't make Apple the most perfect amazing company ever, it shames Microsoft for not putting in the technical work to accomplish these basic barriers to retrieving data.
> retrieved through "simple" warrants and legal processes
The fact it requires an additional engineering step is not an impediment. The courts could not care less about the implementation details.
> compared to Apple where these encryption keys are stored in a manner that would require code changes to accomplish.
That code already exists at apple: the automated CSAM reporting apple does subverts their icloud E2E encryption. I'm not saying they shouldn't be doing that, it's just proof they can and already do effectively bypass their own E2E encryption.
A pedant might say "well that code only runs on the device, so it doesn't really bypass E2E". What that misses is that the code running on the device is under the complete and sole control of apple, not the device's owner. That code can do anything apple cares to make it do (or is ordered to do) with the decrypted data, including exfiltrating it, and the owner will never know.
> The courts could not care less about the implementation details
That's not really true in practice by all public evidence
> the automated CSAM reporting apple does
Apple does not have a CSAM reporting feature that scans photo libraries, it never rolled out. They only have a feature that can blur sexual content in Messages and warn the reader before viewing.
We can argue all day about this, but yeah - I guess it's true that your phone is closed source so literally everything you do is "under the complete and sole control of Apple."
That just sends you back to the first point and we can never win an argument if we disagree about the level the government might compel a company to produce data.
Youtube always kept downvotes and the 'dislike' button, the change (which still applies today) was that they stopped displaying the downvote count to users - the button never went away though.
Visit a youtube video today, you can still upvote and downvote with the exact same thumbs up or down, the site however only displays to you the count of upvotes. The channel owners/admins can still see the downvote count and the downvotes presumably still inform YouTube's algorithms.
I think that just the absence in official app and the existence of this tool makes this point largely irrelevant. Company in question could easily reverse this decision overnight as the data exist, but absent that people adjust to an available proxy estimate. It is interesting though, because it shows clear intent of "we don't want to show actual sentiment".
The official youtube stats (views, comments, upvotes) are not real/real-time either. But that's the best we have. And dislike numbers are in the same universe of credibility and closeness to reality. It's definitely good enough.
If you want downvote data be more precise, do your part and install the extension! :-)
This is how the popular car auction site bringatrailer.com bidding process works for cars sold on their site too, a quirk of which is that it makes watching the end of the auctions live online kinda fun, especially given the discussions that break out in comment section on each car up for sale while folks nervously watch the current candidate for the final bid cool down.
Much like your example, in the two minutes before the end of the auction, every new bid placed extends the auction clock by another two minutes, the winner hasn't won the auction until two minutes have passed with no further counter bids.
Auction site design where most every transaction is a very material amount of money for buyer and seller probably have different trade-offs from something like eBay where most items are rounding errors compared to the income or wealth of the participants.
For example, think about "sniping" from the seller side. Sellers are rightly concerned about any wrinkle of the bidding process that might leave money on the table. Automatically extending the time so that every potential buyer has time to "answer" a new bid soothes the concern that buyers were willing to pay higher, but they didn't have the technological prowess to post their bid in the last 0.3 seconds.
In the case of 1, the usual mantra "ask a stupid question, get a stupid answer" surely applies?
There's "nothing worth clicking on" for question 1 because it's arguably (certainly so in my opinion) a worthless question. Without at the very least providing the specific model of car, even an experienced mechanic will struggle to answer it for you meaningfully as phrased - there are a huge range of recommended oil service intervals across different car models.
While I don't know much about cleaning windows, providing more specific context for example 2 will likely do wonders to the quality of result returned too.
It's not a worthless question at all. The answer is "read the manual" and maybe also "your usage might meet the severe maintenance schedule and you'll need to read the footnotes."
Yes, it's not a question that has a literal numerical answer in the exact form that's being asked for, but if you ask an actual human they can 100% answer it for you.
I can’t say I’m in the business of asking 10 or more friends to confirm this, but any number they provide without knowing the car is a guess at best, and likely erroring on side of caution. A Google search with the car model in the query virtually always returns the correct figure ranges for said car.
Ah but see the most important piece of information is not what the manufacturer specifies. Most mechanic friends would tell you manufacturers are over-extending the interval to make their cars look good to purchasers and because they only care about getting to the warranty end not total life of the car. While 3k miles old wisdom is out dated, if you do your own oil changes you can see a massive change in what comes out after 5k miles.
By over specifying the question you will miss out on the more important context.
Much of what you say is true, but again your mechanic friend can only provide a meaningful answer if they know the model of car. It’s the first question any half way competent mechanic will ask!
The cars sitting outside my home vary in oil service interval by over 10k miles, as just one simple example, and I don’t drive anything particularly exotic.
By under-specifying the question, you rob it of the context to be answered accurately.
>There's "nothing worth clicking on" for question 1 because it's arguably (certainly so in my opinion) a worthless question. Without at the very least providing the specific model of car, even an experienced mechanic will struggle to answer it for you meaningfully as phrased - there are a huge range of recommended oil service intervals across different car models.
Doesn't seem too hard to generate a bunch of content marketing articles for "how often to change oil for {2012,2013,...2026} corolla", similar to how there's content marketing spam for every windows error message imaginable, which end up being some variant of "have you tried sfc /scannow?".
Apple appear to be using the same rules that they made up when "allowing" third party browser engines in the EU. It's worth pointing out that these restrictions are such, that to best of my knowledge, no one has shipped a browser with an alternate engine in the EU app stores yet despite being permitted to for over a year now.
The demand that the application with its alternate browser engine must be a completely new and separate binary from any app already using the built in browser makes it hard for existing big players like Chrome - they would have to manage two apps on the store during any transition to their own engine, which supposedly has been one of the biggest stumbling blocks for them already in the EU.
The P3s often cost more than the MSRP at retail too back in the day, as they were supply constrained in period for various reasons, which heavily contributed to the popularity of BP6 builds with enthusiasts. Intel really struggled to ramp up P3 production.
> which is just displaying a web page with some information and buttons.
If all the device needs to be is a dumb terminal locked to displaying a web page, it's really hard to beat the value proposition of modding a dirt cheap Amazon/Android tablet. Most Pi home-built solutions with an addon touchscreen, battery etc will be less elegant solutions that cost more a lot of the time.
Locking a cheap android tablet to a single page is super common in home-brew home automation builds etc, even in builds where Pis are used. You can trivially turn a great many Amazon tablets into home automation dash/remotes/web kiosks.
> but the locked-down android and really android of any kind is just not something I am interested in.
When all you want is the browser, Android is as good a place to start as virtually any other on a device like this.
I have a fire tablet that I’ve tried that with, but for various reasons I prefer to have Linux on all the things. As a long time Android phone user Android still gives me an irrational ick, non-standard android even more so.
Ideally all my home devices would controlled and managed by the same underlying OS and tooling
I have to stop being such a prude, it just frustrates me that after so many years I can’t buy a cheap Linux tablet
much better, you can make one yourself! and considering touch displays out there (Waveshare have nice ones) already have supports to hook up your pi without much CAD tinkering, it's all about making a case and developing your system for a battery (which also are quite popular and have already made solutions). if we stop being prudes all we get is Jeff and Jobs locked devices! take a look at the cyber-deck scene on Reddit
The "Cheap Yellow Display" was one of my favorite discoveries this year, it's now just my default choice for any micro-controller based project with a small display most of the time.
This is hardly that strange, life gets in the way for many of us. I too have many times wished for an easy way to recap a book I've had to put down for a week or two - this is by no means an endorsement of how Amazon have done it here, but you are making incredibly arrogant assumptions about how others enjoy books.
New Teslas will now only have "Traffic Aware Cruise Control" as standard without lane assist, i.e. keeps pace with traffic and can stop/start, but user still has to provide steering input.
reply