Remember...they can make you use touch id...they can't make you give them your password.
https://x.com/runasand/status/2017659019251343763?s=20
The FBI was able to access Washington Post reporter Hannah Natanson's Signal messages because she used Signal on her work laptop. The laptop accepted Touch ID for authentication, meaning the agents were allowed to require her to unlock it.
Link which doesn't directly support website owned by unscrupulous trillionaire: https://xcancel.com/runasand/status/2017659019251343763?s=20
Good reminder to also set up something that does this automatically for you:
https://news.ycombinator.com/item?id=46526010
I generally avoid extensions that can read all sites (even if technically necessary), so use the suggestion found here [1] instead.
A few bookmarklets:
javascript:(function(){if (location.host.endsWith('x.com')) location.host='xcancel.com';})()
javascript:(function(){if (location.host.endsWith('youtube.com')) location.host='inv.nadeko.net';})()
javascript:(function(){if (location.hostname.endsWith('instagram.com')) {location.replace('https://imginn.com' + location.pathname);}})()
[1] https://www.reddit.com/r/uBlockOrigin/comments/1cc0uon/addin...
Wow, where did these come from. these are great alternatives, especially the youtube. I like using the duck player but that's only in that browser.
For example duck://player/fqtK3s7PE_k where the video id in youtube url https://www.youtube.com/watch?v=fqtK3s7PE_k
But it doesn't have that overview page like inv.nadeko.net does
I actually think it is fitting to read about a government agency weaponized by an unscrupulous billionaire going after journalists working for an unscrupulous billionaire on an unscrupulous trillionaire owned platform.
There are trillionaires?
I guess technically musk rounds to a trillion. 852B acc to Forbes
That would be some aggressive rounding.
Yes and no. Obviously it’s unusual rounding or I wouldn’t have said “I guess technically,” but rounding is all about domains and relevant precision. To be honest, when someone says “billionaires” I don’t assume that the number 1,000,000 is a meaningful hard cut off. I assume we’re talking about the ones who are three orders of magnitude up from “millionaire” and orders of magnitude work by rounding from .5.
> orders of magnitude work by rounding from .5.
No, orders of magnitude are exponential, not linear, so conventionally “on the order of 1 billion” would be between 100 million × sqrt(10) and 1 billion × sqrt(10), but “billionaire” isn't “net worth on the order of 1 billion” but “net worth of 1 billion or more”, or, when used heirarchically alongside trillionaire ans millionaire “net worth of at least one billion and less than one trillion”.
What's $148,000,000,000 between friends
[flagged]
Maybe. I don't think we yet have a good understanding of how many deaths he will have caused as a result of DOGE so abruptly cutting off assistance to so many vulnerable people around the world, but I've heard estimates hover around 600,000.
Assuming that number turns out to be close to reality, how do you weigh so many unnecessary deaths against VTL rockets and the electric cars?
Perhaps a practitioner of Effective Altruism could better answer that question.
> I don't think we yet have a good understanding of how many deaths he will have caused as a result of DOGE so abruptly cutting off assistance to so many vulnerable people around the world
Nor how many deaths will be caused by his support for far right parties across Europe, when they start ethnic cleansings.
[flagged]
> The US taxpayer has no moral obligation to send welfare "around the world".
Sure. It's a transactional purchase of stability and goodwill, via which the US has benefited enormously.
Correct. But also, it's a bandaid (and a really ineffective one ie. 99% lossy) on real issues of that world.
> The US taxpayer has no moral obligation to send welfare "around the world".
I mean, by way of the atrocities we've committed around the world, we kinda do.
Even if we buy your thesis, foregoing morals, geopolitics, and history, it's a useful soft power strategy...
I'm not saying fund USAID before healthcare for all in america. I'm saying of all the insane things our government wastes money on, USAID was far down on the list of most egregious.
>I mean, by way of the atrocities we've committed around the world, we kinda do.
I've committed no atrocities. Going to guess that you've committed no atrocities. What atrocities did occur, most of those who committed those are dead, the rest are senile in nursing homes. I have no guilt and certainly feel no guilt for those events.
>it's a useful soft power strategy.
Sure, if you're some sort of tyrant. I thought the left was against colonialism... but you guys really just one a more clever, subtle colonialism eh? Figures.
>I'm saying of all the insane things our government wastes money on, USAID was far down on the list of most egregious.
What you're saying is that no cuts can or should be made, unless they are your favorite cuts first. And maybe after you get those, no others need be made at all.
[flagged]
I've seen corruption in the police. Government. Hospitals. Do you support immediately shuttering those offices with no replacements?
They could at least just get funded by their own government.
There is corruption everywhere. But do you deny that these organizations by-and-large provided aid and therefore saves the lives of folks who may have otherwise died from illness?
This doesn't make corruption OK. But he tore out a lifeline for some people without giving them an alternative way to get aid.
[flagged]
Even if his total contribution is positive, his current contribution is quite bad. And most of that bad has been tied directly to x.
I can atleast still voice against Israeli genocide there. I am good for now.
How many people do you think see those tweets, how many minds do you think you have changed, and at what mental cost to yourself?
I see other's tweets. I don't think most are being shadowbanned. I am doing fine myself and pretty productive actually.
What's the point of these questions? Seems like, "what's the point of dissent if the cards are stacked against you?"
He was begging to go party with someone that spent time in prison for child exploitation.
That in itself should make you hate the dude.
Yup. Hate him as person. But he is still net positive with his scientific/engineering contributions, is he not?
Wasn't Edison an asshole?
Maybe, but I personally don't believe whatever engineering contributions (money?) he made outweigh the regressions he's caused elsewhere. I think the world would be better off without him.
Dunno, I'd rather have unabused kids than the technological breakthroughs he has contributed to. Anyone being giddy to meet with a convicted pedo is very sus in my books, and deserves no respect, regardless of their prior contributions.
Children were exploited, and we're doing this net positive analysis on whether he should face the scorn. I'm not having a go at you - it's just frustrating to see very little happening after so much has been exposed, and I think part of it comes from this mindset - 'oh he's a good guy, this is a mistake/misstep' while people that were exploited as children can't even get their justice.
It's sickening.
> I'd rather have unabused kids than the technological breakthroughs he has contributed to
I'd rather have both. Hawthorne doesn't get nuked if Elon Musk goes to jail.
> Children were exploited
Abuse. Exploitation. CSAM. We're mushing words.
Child rape. These men raped children. Others not only stayed silent in full knowledge of it, but supported it directly and indirectly. More than that, they arrogantly assumed–and, by remaining in the United States, continue to assume–that they're going to get away with it.
Which category is Elon Musk in? We don't know. Most of the people in the Epstein files are innocent. But almost all of them seem to have been fine with (a) partying with an indicted and unrepentant pedophile [1] and (b) not saying for decades–and again, today–anything to the cops about a hive of child rape.
A lot of them should go to jail. All of them should be investigated. And almost all of them need to be retired from public life.
[1] https://web.archive.org/web/20220224113217/https://www.theda...
[flagged]
Direct? No. That he was indicted for it? Yes [1].
(Clarification: I’m using the term colloquially. Whether Epstein had a mental condition is unclear.)
[1] https://www.justice.gov/usao-sdny/press-release/file/1180481...
Unless I missed something, that's not pedophilia.
That widely-circulated ""email"" of Musk's was fake lol
Don't believe me? Go to the epstein emails and try to find it
How so?
nasa is fucked up. spacex is US’s only shot.
[flagged]
They can hold you in contempt for 18 months for not giving your password, https://arstechnica.com/tech-policy/2020/02/man-who-refused-....
Being held in contempt at least means you got a day in court first. A judge telling me to give up my password is different than a dozen armed, masked secret police telling me to.
> A judge telling me to give up my password is different than a dozen armed, masked secret police telling me to.
Yes, a judge is unlikely to order your execution if you refuse. Based on recent pattern of their behavior, masked secret police who are living their wildest authoritarian dreams are likely to execute you if you anger them (for example by refusing to comply with their desires).
I don't practically see it happen, but you have to be careful once you are in a jail though, because there are often few limits on what the administration of the jail can do to you for any supposed violation of the jail rules (which they can legally make up on a whim, and due process is extremely limited). In Illinois, at least, a county Sheriff has unlimited power to punish a detainee in any extreme way they can imagine for even the very slightest infraction. There are no laws (statutes) which define what a "crime" is inside jail and what the punishment for it is. If it wasn't for SCOTUS limiting the death penalty to certain levels of behavior (e.g. murder) then a sheriff would be able to simply legally execute a detainee for pretty much anything.
That's a very unusual and narrow exception involving "foregone conclusion doctrine", an important fact missed by Ars Technica but elaborated on by AP: https://apnews.com/general-news-49da3a1e71f74e1c98012611aedc...
> Authorities, citing a “foregone conclusion exception” to the Fifth Amendment, argued that Rawls could not invoke his right to self-incrimination because police already had evidence of a crime. The 3rd Circuit panel agreed, upholding a lower court decision.
I do not follow the logic here, what does that even mean? It seems very dubious. And what happens if one legitimately forgets? They just get to keep you there forever?
Lawyer here - let me try to help.
This is an area that seems to confuse a lot of people because of what the 5th amendment says and doesn't say.
The reason they can't force you to unlock your phone is not because your phone contains evidence of stuff. They have a warrant to get that evidence. You do not have a right to prevent them from getting it just because it's yours. Most evidence is self-incriminating in this way - if you have a murder weapon in your pocket with blood on it, and the police lawfully stop you and take it, you really are incriminating yourself in one sense by giving it to them, but not in the 5th amendment sense.
The right against self-incrimination is mostly about being forced to give testimonial evidence against yourself. That is, it's mostly about you being forced to testify against yourself under oath, or otherwise give evidence that is testimonial in nature against yourself. In the case of passwords, courts often view it now as you being forced to disclose the contents of your mind (IE live testify against yourself) and equally important, even if not live testimony against yourself, it testimonially proves that you have access to the phone (more on this in a second). Biometrics are a weird state, with some courts finding it like passwords/pins, and some finding it just a physical fact with no testimonial component at all other than proving your ability to access.
The foregone conclusion part comes into play because, excluding being forced to disclose the contents of your mind for a second, the testimonial evidence you are being forced to give when you unlock a phone is that you have access to the phone. If they can already prove it's your phone or that you have access to it, then unlocking it does not matter from a testimonial standpoint, and courts will often require you to do so in the jurisdictions that don't consider any other part of unlocking to be testimonial. (Similarly, if they can't prove you have access to the phone, and whether you have access to the phone or not matters to the case in a material way, they generally will not be able to force you to unlock it or try to unlock it because it woudl be a 5th amendment violation).
Hope this helps.
> excluding being forced to disclose the contents of your mind for a second
This seems like a key point though. What's the legal distinction between compelling someone to unlock a phone using information in their mind, and compelling them to speak what's in their mind?
If I had incriminating info on my phone at one point, and I memorized it and then deleted it from the phone, now that information is legally protected from being accessed. So it just matters whether the information itself is in your mind, vs. the ability to access it?
There are practical differences - phones store a lot more information that you will keep in your mind at once.
You can actually eliminate phones entirely from your second example.
If you had incriminating info on paper at one point, and memorized it and deleted it, it would now be legally protected from being accessed.
One reason society is okay with this is because most people can't memorize vast troves of information.
Otherwise, the view here would probably change.
These rules exist to serve various goals as best they can. If they no longer serve those goals well, because of technology or whatever else, the rules will change. Being completely logical and self-consistent is not one of these goals, nor would it make sense as a primary goal for rules meant to try to balance societal vs personal rights.
This is, for various reasons, often frustrating to the average HN'er :)
And why do they need to unlock your phone if they already proved you did the crime?
It means that if all the other evidence shows that the desired evidence is on the computer, then it is not a question of whether it exists, so youre not really searching for something. Youre retrieving it. That doesn't implicate the 4th amendment.
Unlocking/forced unlocking is not a 4th amendment issue, but a 5th amendment one.
The 4th amendment would protect you from them seizing your phone in the first place for no good reason, but would not protect you from them seizing your phone if they believe it has evidence of a crime.
Regardless, it is not the thing that protects you (or doesn't, depending) from having to give or otherwise type in your passcode/pin/fingerprint/etc.
You're delusional. When ICE starts executing people on the spot for not giving up iPhone passwords, I'll eat my words.
???
I don't think that was the comment I was originally trying to reply to. Strange.
I previously commented a solution to another problem, but it assists here too:
https://news.ycombinator.com/item?id=44746992
This command will make your MacBook hibernate when lid is closed or the laptop sleeps, so RAM is written to disk and the system powers down. The downside is that it does increase the amount of time it takes to resume.
A nice side benefit though, is that fingerprint is not accepted on first unlock, I believe secrets are still encrypted at this stage similar to cold boot. A fingerprint still unlocks from screensaver normally, as long as the system does not sleep (and therefore hibernate)
> I believe secrets are still encrypted at this stage similar to cold boot.
Does this mean that the Signal desktop application doesn't lock/unlock its (presumably encrypted) database with a secret when locking/unlocking the laptop?
It wouldn’t matter because the whole OS would be evicted from memory and the entire storage encrypted.
Signal itself wouldn’t even be detectable as an app
Is the knowledge of which finger to use protected as much as a passcode? Law enforcement might have the authority to physically hold the owner's finger to the device, but it seems that the owner has the right to refuse to disclose which finger is the right one. If law enforcement doesn't guess correctly in a few tries, the device could lock itself and require the passcode.
Another reason to use my dog's nose instead of a fingerprint.
I really wish Apple would offer a pin option on macos. For this reason, precisely. Either that, or an option to automatically disable touchid after a short amount of time (eg an hour or if my phone doesn't connect to the laptop)
You can setup a separated account with a long password on MacOS and remove your user account from accounts that can unlock FileVault. Then you can change your account to use a short password. You can also change various settings regarding how long Mac has to sleep before requiring to unlock FileVault.
I didn’t understand how a user that cannot unlock FileVault helps. Can you please elaborate on this setup? Thanks.
With that setup on boot or after a long sleep one first must log in into an account with longer password. Then one logs out of that and switches to the primary account with a short password.
As another alternative, rather than using Touch ID you can setup a Yubikey or similar hardware key for login to macOS. Then your login does indeed become a PIN with 3 tries before lockout. That plus a complex password is pretty convenient but not biometric. It's what I've done for a long time on my desktop devices.
I often see people use a "pin" on Windows and I never got it. What is the purpose of a pin makes it different from a password?
PIN numbers are easier to remember. Remember, 99% of the population does not care about defense against state actors, just stopping nosy co-workers or family members from looking at their stuff. The next group (which I would include myself in) is concerned about theft (both physical and remote), where someone can get "unlimited" access to your machine and may be able to defeat a short PIN but is unlikely to beat a strong password. If you are in the realm of defending against state actors, then that is something you have to take multiple steps to ensure, and a single slip-up will tank your operation (like with this lady).
Wait, wasn’t touch id phased out together with the intel touch bar macbooks? I’ve never used anything but a long password to unlock.
No, it's been part of the power button since then.
On my Macbook Pro, I usually need to use both touch and a password but that might be only when some hours have passed between log ins.
You can script a time out if desired.
uhm, are you saying its not possible to require an actual password to unlock osx?
My guess is they want to have a PIN as a short-term credential analogous to the Touch ID, that is, it only works for X hours per password auth before needing password auth again, and then you only get X tries on the PIN before it either locks the PIN out and you need the full password to reactivate it (or I guess it could wipe the laptop à la iPhone).
> uhm, are you saying its not possible to require an actual password to unlock osx?
uhm, are saying that i'm saying that? if so, please show me where i said that. thank you
no, thats why i was asking, as i was not fully sure what you meant
what im saying is that i dont want to type in a long ass password all the time
and biometrics have "legal problems" as stated above
a pin or allowing touchid to automatically be disabled after a period of time or computer movement ("please enter password to login") would be greatly appreciated
as it stands now, i have biometrics disabled.
seems reasonable
There's only ten possible guesses, and most people use their thumb and/or index finger, leaving four much likelier guesses.
Also, IANAL, but I'm pretty sure that if law enforcement has a warrant to seize property from you, they're not obligated to do so immediately the instant they see you - they could have someone follow you and watch to see how you unlock your phone before seizing it.
0.1 in itself is a very good odd, and 0.1 * n tries is even more laughable. Also most people have two fingers touchID, which makes this number close to half in reality.
Remember that our rights aren't laws of nature. They have to be fought for to be respected by the government.
> they can't make you give them your password.
Except when they can: https://harvardlawreview.org/print/vol-134/state-v-andrews/
75 footnotes for 89 sentences, nice! I guess that's how they roll over at the HLR.
I don't get why I can be forced to use my biometrics to unlock but I cannot be forced to give a pin. Doesn't jive in my brain.
It's something you know vs. something you have. That's how the legal system sees it. You might not tell someone the pin to your safe, but if police find the key to it, or hire a locksmith to drill out your safe, it's theirs with a warrant.
It's interesting in the case of social media companies. Technically the data held is the companies data (Google, Meta, etc.) however courts have ruled that a person still has an expectation of privacy and therefore police need a warrant.
When they arrest you, they have physical control of your body. You're in handcuffs. They can put your fingers against the unlock button. You can make a fist, but they can have more strength and leverage to unfist your fist.
There's no known technique to force you to input a password.
Are we not talking about a legal difference? That was my reading.
The law follows practicality in this instance.
Yes, my statement was related to legal means. I’m not a lawyer.
Well there is one known technique. https://xkcd.com/538/
The fifth amendment gives you the right to be silent, but they didn't write in anything about biometrics.
"technicality" or "loophole" is probably the word.
I fully agree, forced biometrics is bullshit.
I say the same about forced blood removal for BAC testing. They can get a warrant for your blood, that's crazy to me.
[dead]
Also, using biometrics on a device, and your biometrics unlock said device, do wonders for proving to a jury that you owned and operated that device. So you're double screwed in that regard.
Remember, this isn't how it works in every country.
One thing I miss from windows (on mac now) is there was an encrypted vault program that you could have hide so it wasn't on the desktop or program list but could still be launched. That way you could have private stuff that attackers would likely not even know was there.
Reminder that you can press the iPhone power button five times to require passcode for the next unlock.
Serious question. If I am re-entering the US after traveling abroad, can customs legally ask me to turn the phone back on and/or seize my phone? I am a US citizen.
Out of habit, I keep my phone off during the flight and turn it on after clearing customs.
my understanding is that they can hold you for a couple days without charges for your insubordination but as a citizen they have to let you back into the country or officially arrest you, try to get an actual warrant, etc.
they can just break the law
There is no law when entering the country. They can do everything they want, or making up anything they'll imagine.
If you are a US citizen, you legally cannot be denied re-entry into the country for any reason, including not unlocking your phone. They can make it really annoying and detain you for a while, though.
They can also practically keep your phone indefinitely.
[dead]
Did you know that on most models of iPhone, saying "Hey Siri, who's iPhone is this?" will disable biometric authentication until the passcode is entered?
hm. didn't work on my 17 pro :( might be due to a setting i have.
They disabled that in like iOS 18.
Everyone makes this same comment on each of these threads, but it's important to remember this only works if you have some sort of advance warning. If you have the iPhone in your hand and there is a loaded gun pointed at your head telling you not to move, you probably won't want to move.
Or squeeze the power and volume buttons for a couple of seconds. It’s good to practice both these gestures so that they become reflex, rather than trying to remember them when they’re needed.
Sad, neither of those works on Android. Pressing the power button activates the emergency call screen with a countdown to call emergency services, and power + volume either just takes a screenshot or enables vibrations/haptics depending on which volume button you press.
On Pixel phones, Power + Volume Up retrieves a menu where you can select "Lockdown".
Not on my Pixel phone, that just sets it to vibrate instead of ring. Holding down the power button retrieves a menu where you can select "Lockdown".
On my 9 you get a setting to choose if holding Power gets you the power menu or activates the assistant (I think it defaulted to assistant? I have it set to the power menu because I don't really ever use the assistant.)
Yes, that was the default for me, but I changed it in settings.
Did you check your phone settings? Mine has an option to add it to the power menu, so you get to it by whichever method you use to do that (which itself is sad that phones are starting to differ in what the power key does).
Oh wow, just going into the "should I shutdown" menu also goes into pre-boot lock state? I didn't know that.
It doesn't reenter a BFU state, but it requires a passcode for the next unlock.
It's close enough, because (most of) the encryption keys are wiped from memory every time the device is locked, and this action makes the secure enclave require PIN authentication to release them again.
> It's close enough
Not really, because tools like Cellbrite are more limited with BFU, hence the manual informing LEO to keep (locked) devices charged, amd the countermeasures being iOS forcefully rebooting devices that have been locked for too long.
There is a way now to force BFU from a phone that is turned on, I can't remember the sequence
It’s called restarting the phone.
I believe doing the standard Restart everyone knows is not enough though. The instructions saw were these
Quick-press Volume Up, then Quick-press Volume Down. Hold the side power button until the screen turns black (approx. 10 seconds). Immediately hold both the side button and the Volume Down button for 5 seconds. Release the side button but continue holding the Volume Down button for another 10 seconds. The screen will remain black. If the Apple logo appears, the side button was held too long, and the process must be repeated.
That’s DFU mode. We are talking about BFU in this thread.
Eh? BFU ("before first unlock") is, by definition, the state that a phone is in when it is turned on. There's no need to "force" it.
If you mean forcing an iOS device out of BFU, that's impossible. The device's storage is encrypted using a key derived from the user's passcode. That key is only available once the user has unlocked the device once, using their passcode.
Alternately, hold the power button and either volume button together for a few seconds.
This is the third person advocating button squeezing, as a reminder: IF a gun is on you the jig is up, you can be shot for resisting or reaching for a potential weapon. Wireless detonators do exist, don't f around please.
In case anyone is wondering: In newer versions of MacOS, the user must log out to require a password. Locking screen no longer requires password if Touch ID is enabled.
Is that actually true? I'm fairly confident my work Mac requires a password if it's idle more than a few days (typically over the weekend).
Settings -> lock screen -> “Require password after screen saver begins or display is turned off”
Even with that option set to "Immediately" you can still use Touch ID after locking.
I am not sure how it works on Macs, but on iPhone, after first unlock after a reboot, it’s trivial for law enforcement to break into your iPhone - the same with Android.
Shift+Option+Command+Q is your fastest route there, but unsaved work will block.
As far as I know lockdown mode and BFU prevent touch ID unlocking.
At least a password and pin you choose to give over.
As if the government is not above breaking the law and using rubber hose decryption. The current administration’s justice department has been caught lying left and right
And threats aren't illegal. They can put a gun to wife's head and say they're going to shoot. It's up to you then to call their bluff.
Plausible deniability still works. You enter your duress code and your system boots to a secondary partition with Facebook and Snapchat. No such OS exists.
How plausible the deniability is when they discover you only have those two apps and both logged out due to inactivity, while they can see your storage usage is definitely larger than those two apps?
Allowed to require - very mildly constructed sentence, which could include torture or force abuse...
https://xkcd.com/538/
Is there a way to setup Mac disabling Touch ID if the linked phone goes into lockdown or Face ID requires passcode? Apple could probably add that.
I just searched the case. I'm appalled. It looks like USA doesn't have legal protection for reporter sources. Or better, Biden created some, but it was revoked by the current administration.
The real news here isn't privacy control in a consumer OS ir the right to privacy, but USA, the leader of the free world, becoming an autocracy.