They have no Google provided support, if you drop the phone and break it your only option (if you didn't buy the third-party warranty upsell) is to take it to a repair shop. I called the ones near me, none had seen or touched the device before.
Don't spend $800 on a phone that you can't send back to the manufacturer to repair.
Edit: I originally said "they have no warranty" and people seem to have understood that as "they don't provide free repairs" -- what I'm trying to say is that this phone is supposedly a competitor to Apple, but if you break it you can't walk to the Apple Store and ask them how much it'd be for a repair. You can't send it in the mail to them either. You have to go to an authorized third-party repair shop. That does not sound like first-class flagship $800 product support to me.
It's funny, I'm this exact same boat. My pixel died a little after two week (which is the requirement to get a return). I filled out their warranty claim thing, and >48 hours finally got a response, which is a trouble shooting guide. I replied that I tried all that stuff, and had to wait another 2 days for another response (asking for information I already gave).
I'm extremely disappointed. I thought with their whole advertising of "24 hour support" they identified customer support as a weakness of theirs, and are trying to remedy it. Nope.
> It's funny, I'm this exact same boat. My pixel died a little after two week (which is the requirement to get a return). I filled out their warranty claim thing, and >48 hours finally got a response, which is a trouble shooting guide. I replied that I tried all that stuff, and had to wait another 2 days for another response (asking for information I already gave).
Are you not in the US? Maybe it's different elsewhere, but my nexus 5x died a little while ago, and I only had the default warranty, not the extra protection, and it was insanely easy to get a replacement.
I filled out the form[1] (saying I had already tried the usual android-saving moves), got a call back in two minutes as promised by that form, the customer service person accepted I had already tried things and didn't ask me to do anything else, then I immediately got the email with the link to get a new phone shipped to me. Was probably less than 15 minutes of my time.
(you also seem to be talking about something else than the OP. If your phone died in two weeks that's definitely under the warranty, regardless of if you purchased extra protection).
My experience with Google Play Store returns is similar. I have bought a Nexus 5 for a friend and returned it three times because of various issues. Every time they have shipped the replacement phone immediately after I have submitted the claim.
I had the same experience with my older Nexus 5. However, I dropped my Nexus 6P and cracked the screen (And did not take the insurance). They now tell me there is nothing they can do and that I can try my luck with Huawei.
I'm glad to hear that they're good about it. At the end of the day, as long as I get a positive outcome I will be happy. I guess it's likely that due to the launch their support systems are totally overwhelmed at the moment.
FWIW before it stopped working, the pixel was hands done the best phone I've ever used, in almost every category.
I had a similar deal with a Nexus 4 where the Bluetooth died. I jumped through the Factory Reset hoop and they agreed to send me a new one. I even said "there's big gash on the screen" and the response was "if the screen is full functional then it's ok."
> I thought with their whole advertising of "24 hour support" they identified customer support as a weakness of theirs, and are trying to remedy it. Nope.
I'm very sorry you had that awful experience. I know it doesn't remedy your past experience, but please know myself and many other Googlers have been and still are putting a lot of work into the tools being used by the customer support reps around the globe to better help you.
I appreciate what you're trying to do, but unfortunately this is kind of the problem with the Google culture. Everything has to be done with automation and better tools because they simply do not have the ability to go through the massive amounts of customers that they have without them. Unfortunately, at some point you need a human on the other end that can make a decision, especially with refund/warranty cases.
Sorry that my first post wasn't emphatic enough. The tools the team I'm a part of builds are used by real people (including other Googlers) fielding real telephone calls helping real customers through warranty and refund cases. None of it is automated for use without a human in the loop.
Everyone on the team I'm a part of recognizes the perception you've eloquently provided, and very much care to scale with humans in the loop.
Nope, "in the loop" is just me mangling a slang phrase I personally use -- "Keep me in the loop" -- which means "keep me informed in a real time manner". It's not the first odd phrase I've put together, as my girlfriend likes to remind me: "I don't words well".
If you bought it with a credit card, you might want to contact your card's customer service number. Most credit cards offer protection from this type of manufacturer "weaknesses".
I was thinking about it, my credit card has always been extremely good about stuff like this. However, I use google for everything, my entire life is on it. I'd rather lose the $649 I paid for the pixel, then get blackballed from google services.
So for now, I'm just patiently awaiting their response and hopefully they'll give me the green light to mail it in for a replacement or something.
I think that the parent is saying that your credit-card company might be the 3rd party insurance, and you might be able to make a claim to take advantage of that insurance.
To add - many "good" credit cards provide "return protection" which allows you to make a claim against the card to get a refund within the first 30 days if the original vendor won't accept a return, and warranty extension which extends the original manufacturer's warranty a year. I have used both benefits quite a bit, and have always had a great experience.
Except the Google store does not sell the phone in Australia. It pretends to, but it sells it to you from Singapore in Australian dollars. You have no rights in regards to the Australian law in the case. If you buy the phone at an Australian store you have access to the strong Australian rights (and you pay their retail price). I bought mine on the day from the google store and paid 3℅ more than the local price as well as getting it a week after it was available in stores. Quite a bad experience and I would not recommend friends to deal with google directly.
I called the uBreakiFix in Denver: "we've never seen that phone before, but yeah I think I could fix it".
I'm not upset that they don't have an accidental damage warranty, I'm upset that I can't send it to them and pay them the $100/$200/$300 or whatever it is directly for _them_ to fix it, not some random dude who's never seen the Pixel before.
Google will never do anything that involves hiring O(N) employees to support N customers. They'll always outsource things like support, repairs, etc. so that someone else can handle scaling people, while they just go on scaling machines. Given that, the only real possibility is that "some random dude" is going to end up fixing your Pixel.
On the other hand, the "who's never seen the Pixel before" part? C'mon, the phone just came out—if an i-device breaks on the first day, you'd better believe that if you take it to an Apple Store someone's fixing it who has never seen that device before. That's the fundamental problem of new hardware designs (especially when coupled to bathtub curves); you can't blame Google for it. Give them a month and every repair shop around you will have fixed plenty of Pixels.
Got my iphone 7p on the 1st week, noticed some small debris in the lens, went to my local Apple Store, they had the same device ready in stock as a replacement, in&out took 10 mins. (note my device is probably one of the most wanted one, Unlocked-128 black)
When the first iPads came out, I actually received mine by post a day or two before the official launch day. It worked for a few hours, then the screen wouldn't switch on. At that point, iPads were super rare. Rarer than any iPhones have been since then.
I went to my local Apple store on release day, showed them it wasn't working, and they swapped it out straight away, no questions asked.
ZTE's Axon 7 comes with their Passport 2.0 warranty which covers accidental damage with a $80 deeucitble, I believe. It's not a full coverage of accidental damage due to the deductible, but it's still much better than its competitors (in many other aspects as well).
If I may say so, a family member has one, and the phone itself is excellent. Much better speakers and included accessories compared to the Pixel line at around half the price.
Have you ever tried to get something Apple branded repaired when it is out of warranty?
The repairs tend to basically cost as much as it would to buy the same item refurbished regardless of the issue.
SSD died on your MacBook air selling for $500 on eBay? That will be a $450 repair sir.
Sure, they may have manuals and everything else at the Apple store, but there is very clearly a reason why companies like iCracked and iFixIt exist, and it isn't because Apple offers such a wonderful and affordable repair shop.
It would be great if Google offered a way to get the phone repaired through them, but using Apple as an example of how it should be is a bit insane to me.
So this happened to me. My 2012 retina MacBook Pro battery was dying. Which makes sense, I used it every day for over four years.
I figured I could take it to Apple for a battery replacement. They said they would do it — for $900. They told me it involved replacing the entire bottom half of the computer as the battery was glued in.
So I called their support line and complained that the laptop was perfectly fine and it shouldn't cost that much to replace a battery. They ended up replacing it for free, as well as the screen (because they identified that the anti-reflective coating was starting to wear). So while the policy was ridiculous, the actual outcome was very positive.
> $900. They told me it involved replacing the entire bottom half of the computer as the battery was glued in.
WTF? This is nonsense.
Apple prices for battery repairs are clearly outlined on their web site[0]. This has always been what I (or relatives/friends/coworkers) paid for France[1] when I had to change a battery.
That is the exact page I used to argue my case with Apple on the phone. I said it was misleading that the price given to me at the Apple store was so much higher than what was listed on their website.
They told me that those prices are the service pricing, but do not include parts. And because the entire lower-half of the laptop needed to be changed in the rMBP model, the total cost would come to about $900 AUD.
The actual item listed on the repair invoice is "Top Case Assembly with Battery" @ $562.73 and the "Hardware Repair Labor" charge is listed at $289 AUD.
Did you ever have friends or relatives change the battery in a retina MacBook Pro? Apple cannot remove the battery because it is glued into the lower case assembly. And so when I got my machine back from Apple the trackpad, keyboard, and lower aluminium chassis was brand new (however the bottom plate, logic board, and internals were the same).
I've heard of this happening before. If the non-battery bit of that part of the computer breaks you pay $900 (or whatever), but if you just need the battery replacing you pay a heck of a lot less, or even nothing. The repair involves exactly the same actual work being done and part. The Apple Store employee must have accidentally selected the wrong maintenance option in the system.
The Apple employee at the store explained that they cannot remove the battery from the rMBP model as it is glued in place.
When I complained in-person and through phone support I was told the same story specifically about the retina MBP model. They said that the standard charge for battery replacement in this model included the entire lower case assembly. I heard this from about four different support agents, even when it was escalated to the special support agent that was able to eventually authorise the free repair.
When I received my MacBook Pro back from battery service the keyboard, trackpad, and lower aluminium chassis were brand new. So they did change it all out just to replace the battery.
This is just nonsense. In some cases the repair may cost the same as refurbished item but definitely not always. And remember that refurbished item is not new so it's not guarenteed to last for ever either. Cracked screen repairs for example aren't the same price as a new iPhone.
At least with Apple I can drive to a physical store, hand my laptop or phone over and know it will be repaired properly. And in many cases I've been either (a) upgraded to newer hardware or (b) just had the device swapped entirely.
1. Cracked screens are incredibly easy to fix, so the one example you can give that doesn't cost an arm and a leg is the one thing that arguably any random repair shop should be able to do.
2. Not everyone even lives near an apple store, so while you might benefit from driving in to a physical store, there is a large chunk of the population who won't (at least not without driving a few hours).
PA is a great example of this - the only stores in PA are basically around Philly and around Pittsburgh. Live anywhere else in the state and you are driving to a store out of town.
That isn't so bad if prices are reasonable, but when you get there and hear "$600 to replace the battery" the stores start to feel less useful.
I understand that there is value in the Apple store. I'm not trying to say that there isn't any, but I do believe the original comment overstates that value, especially when Google (or a third party they work with) offers a pretty reasonable replacement plan as an add-on to your purchase.
Also little known fact: Mac repair hardware costs are price capped when repairs are done through an Apple Store. So replacing a keyboard and battery is close to the same price as replacing the screen, battery, logic board, keyboard, power board, etc... as they repair and replace basically up to every part of your laptop, the price stays capped (except for labor but that's low because they work fast). Most people don't know about this. Apple keeps it quiet for some reason.
> 1. Cracked screens are incredibly easy to fix, so the one example you can give that doesn't cost an arm and a leg is the one thing that arguably any random repair shop should be able to do.
Provided you can find spare parts, good luck finding spare parts for the Pixel. For Apple products it's usually a breeze.
I realize you are just providing info, and I appreciate it, so I want to preface this by saying I am also just trying to add some context to the conversation.
The pixel offers a $99 replacement plan, plus an additional $99 every time you replace the phone, up to 2 times. I think it lasts for 2 years.
If the only thing holding you back on getting the phone is being able to get it repaired, the cost difference is $70 or $50 the first time you break your screen, and $40 or $0 the second time, and the plan covers more than just broken screens.
The biggest downside is that you have to front the $99.
Right, it's very similar to most plans where you break even around ~2 screen replacements. Like you said, if you have to utilize the insurance for things aside from the 2 screen replacements, then you come out even further ahead.
But that requires foresight in buying the insurance and most people just don't have that. In my case, I have only ever broken one phone, so buying insurance with the idea that I break even at ~2 incidents would not be worth it for me. In the Pixel's case, I would like the option to pay full fees for fixing rather than only the option of previously having had foresight AND having to break my phone twice.
I recently took my Macbook to get a new battery at the Apple Store. While I was there, I asked for them to fix the lid as it was a little loose and was bugging me.
Not only did they not do it (they initially said no problem), they lied and told me I needed to replace the entire panel for $800 as it was a broken `spring` and could not be fixed.
I called bullshit and fixed it myself at home with a screw driver set.
I had the same thing on an older MacBook Pro with dodgy graphics card. Took it in to an authorised dealer, who didn't charge me up front for diagnosis, to then get a call saying it had been replaced and no fee was due as covered by Apple under a previous recall. This was in the US.
I was burned by this and Motorola before as well here in the UK. The official repairers are just about as awful as you can get. Half the screen stopped working after a month. The official repairer cocked up the handset further and claimed water damage and sent me an invoice for £138 (handset price was £159 new) holding the handset to ransom. This was when Google/Motorola were the same company in theory.
A letter was sent back suggesting that they can insert the invoice in a body orifice of their choice and send it back now or it'd be small claims court. It arrived 5 days later by courier. Proximity sensor was dicky, so it went back again. That took a month.
Paying for an Apple product is almost worth it for the service. I prefer to go without either though.
In the article, the author says that other companies (Samsung, Apple) do support that, but for a fee. It seems reasonable to expect Google to also provide that service.
I guess Apple is one example I've used before, so I take back my previous statement there.
Still, I feel like that's a silly reason to advise people never buy the phone. Especially when they do provide an "insurance" policy with a "blessed 3rd party".
You can turn off the cast notification[1]. I'm pretty sure they started doing that because you could start casting things from the Home, so they wanted a way for the user to control that from the phone after it started.
Sounds similar to the level of support I've gotten out of Samsung. My primary consideration on phones is now: either cheap enough to chuck in the trash and buy a new one, or completely user repairable. So far I've been using $30~50 android phones off of Amazon, but I'm looking forward to the Fairphone.
Read the article. He's not saying he wants accident coverage, he's saying he should be able to pay a fee and get it fixed like all other manufacturers allow.
>I can’t send my $800 phone to the manufacturer and pay some extra money to get it repaired like I could if this was a Samsung or Apple device.
>Hey Google, if you want to pivot into a real brand: You need to provide real support. No other flagship phone tells people “well, good luck” if they have a common incident break the device.
heh, it's my phone, i broke it, I'm out a chunk of money. I am fully aware of that. I'm upset that I can't pay a small increment of money to a trusted source to remedy that. I have never felt the need to have a case on a phone before (I am a mobile developer and have dozens of phones) because all my other ones have been able to survive falls of that intensity.
I'm sad that I'm out some money, and I definitely think I am at fault, but I don't think I'm being unreasonable.
Good, now whenever I need tech support, all I need to do is get my gripes published in a global news site and trend on Hacker News so I can get Google to respond to me...
I got my Fastmail account set up yesterday. Then paid for the first month so as to have that done when the trial ends. Super impressed with the setup. Now just got to start moving things across..
Should be enough to use Gmail with your own domain (and regular backups)? In that case you can still use all Google services but have an easy migration in the (still unlikely) case they lock you out
> Somehow I feel we aren't getting the whole story there...
Well, yes, since Google isn't providing their part of the story.
I have no reason to think the OP of that thread is misleading, I believe from their perspective it is an accurate account. You don't have to go too far to read similar accounts from others who got suspended over Google Pay/Google Checkout fraud flags.
Unless Google comes out and says the OP missed out key information, I'm going to just assume OP is telling us everything they know from their perspective.
I would really love to see Google tackle fixing the security problems presented by the radio chip. A closed source esoteric firmware full of vulnerabilities that has DMA on your primary CPU and is remotely exploitable by state and private actors? Not to mention that it's an entry point into a device that's always on your person, has all of your contacts, emails, text messages, and phone calls, and has a GPS module in it. The radio is a huge problem and dramatically outweighs any other security concerns on a phone imo.
"We then modified the inline encryption block driver to pass this to the hardware. As with ext4 encryption, keys are managed by the Linux keyring. To see our implementation, take a look at the source code for the Pixel kernel."
Isn't the pixel the phone that was just pwned inside 60 seconds by security researchers?
And doesn't google have a terrible track record of releasing data to federal agencies?
So, aside from purchasing a phone that is built by data-mining, internet advertising giant, google can't even begin to make the claim that they value user security.
"pwned in 60 seconds" is a hugely misleading statement. Every time there's a hacking competition you see "Chrome, Firefox, IE fall in seconds" - ignoring the weeks or months that it takes to find the vulnerabilities and develop exploits for them.
It's not misleading, the issue is that your actual phone could be actually compromised in 60 seconds time, not some giant period of guessing and trying or cracking a complicated crypto scheme. The research time isn't material to the severity of the threat at the time of attack.
The vast majority of exploits of that nature take less than 60 seconds. It is nothing at all interesting or special or rare that it took < 60 seconds. Just clickbait, like every year when pwn2own rolls around.
I trust this as far as I can throw it. Trustzone is at best as secure as the Trustzone secure world kernel, Qualcomm supplies that code (even in the Pixel AFAIK), and the Qualcomm secure world kernel is notoriously poorly written.
Countries with stronger consumer protection laws should have much less of an issue with warranties. My father dropped his Nexus 5 about 11 months after he bought it and Google provided a replacement really promptly.
Wait, so you mean security issues were found in a security conference where google pays top dollar to researchers who find security issues so Google can fix them ASAP?
I have not seen so many gotos in many many years. I guess it's the programming model in this case. I am sure this bit of code is going to be audited quite closely.
The use of goto in C for error and exception handling is good practice. It keeps the code easy to read, and also provides common code for error and/or exit handling. You'll see this paradigm used a lot in large open source C projects, such as the Linux kernel and QEMU.
In my experience, a lot of closed source C projects ban goto outright, in (IMO) an overly dogmatic adherence to the idea that all goto use is spaghetti code and therefore bad.
I have used them myself for error handling many times many years ago. When you don't have exceptions and longjmp scares the shit out of you, gotos for error handling are fine by me too. I agree, dogmatic banning of them precludes the useful case of error handling but it is a slippery slope that they seem to be already sliding with got_key:.
I'm aware of only two reasonable use cases for goto, both of which could be avoided with extra language features. Namely, breaking out of nested loops (which could be solved with optionally named loops) and error handling (which can be solved by some form of exception flow control).
Not that I think C should add these features, goto does these jobs okay, and there's enough stigma that it's unlikely to be used foolishly. But I think it's worth keeping in mind as we think about future languages.
I don't know if this is the case here, but I often hear that this kind of thing is the only valid use case for goto.
In low level performance critical code where refactoring it to something more "traditional" would not only cause much more complexity, but would also be slower.
Still waiting on Google to at least match, if not surpass, Apple's long-term support in regards to updates (which is about twice as much what Google offers right now, even though the Pixel has identical prices to the iPhones, at every level).
Pixel/Google does not motivate a threat model under which to evaluate or understand their design and marketing promises, but we can take a hint from "protects your data if your phone falls into someone else's hands." - Namely thefts of opportunity.
Unlike other phone manufacturers, Google does not promise potential customers that your data will be protected from Google, it's partners and from law enforcement and mass surveillance programmes.
Therein this product doesn't provide a stronger security posture that competitors - and furthermore it's threat model and security properties do not meet what are in my opinion minimal reasonable requirements.
>Unlike other phone manufacturers, Google does not promise potential customers that your data will be protected from Google, it's partners and from law enforcement and mass surveillance programmes.
Are you referring to Apple? Because they don't promise that either.
I used the term 'motivate' specifically because of the PR language intending for customers to evaluate the Apple product as something that could be used by those who need to use their phone for private and/or sensitive reasons.
Apple of course backdoors their phones for government surveillance access. But they do motivate a threat model that includes government surveillance.
I know parsing my comment in this way may seem difficult, but I used the terminology I did on purpose.
There are no illusions that Apple achieved the security properties that it has motivated.
Google Pixel does not even pretend to address the security concerns of journalists, politically active citizens, IT professionals, or individuals contacting attorneys.
> Apple of course backdoors their phones for government surveillance access.
Nice job slipping a completely unfounded lie into your response.
Starting with iOS 10, you can actually just mount the root filesystem disk image from iOS restore images. You are able to reverse engineer and audit any application or daemon that the OS runs. You can use open source tools (Such as idevicerestore) to perform an OS restore on your device, and point it directly at the filesystem disk image that you just audited the binaries of. That way you can be sure of what is being flashed onto your device if you have any doubts that the OS you just audited is the one going onto your device. No "blackbox" at all in this process.
I am looking forward to hearing any form of evidence regarding your claim.
How can you say you're able to audit any application or daemon without viewing the actual source code? Case in point - if the sslKeyExchange.c code had not been published the "goto fail" bug would likely still be in the wild.
Reverse engineering tools like IDA can be used to audit closed source code. However, this takes significantly longer than reading source code, and it's not exactly feasible to audit the entire operating system for something (hypothetically) intentionally hidden.
That is not true. In fact, the "goto fail" bug was only known because it was patched in iOS and then some folks dug into the SecureTransport sources. You may be thinking of the fact that, from what I understand, OS X was not yet patched at the time so this was considered big news (See here: https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-got...).
Definitely an issue, but seeing as it was patched in iOS (and thus discovered in the SecureTransport source code), it would most certainly not still be in the wild.
With regards to auditing: The machine code is available for review, you just need to invest some time into learning the ARM instruction set. Most users of HN have invested time into learning various programming languages and that is why the trope of "open source == more secure" is often repeated, but the truth is that ARM assembly is just another programming language and is almost never obfuscated to a point in which you would not be able to read through it and understand what is happening once you understand the instruction set.
Chronic: but the bootloader of the device is still encrypted and not subject to your audit (well, maybe you can audit it, but most people can't ;P), which totally undermines the chain of trust you just laid out...
That said, an iBoot-level backdoor may not be as useful these days, considering Data partition is still protected with passphrase (and 10-attempt limit being SEP-enforced now).
I suppose you could argue root filesydtem access would be a concern, yet you would still need multiple zero-days to get persistence, defeat CS, etc.
While the argument regarding auditing is valid (for 64-bit), we both are aware that certain parties have privately been able to decrypt those. I highly doubt they would not say something if they had discovered a backdoor in iBoot.
- iTunes (name, physical address, email address, and telephone number, purchase/download transactions and connections, update/re-download connections, and iTunes Match connections, iTunes subscriber information and connection logs with IP addresses, specific content purchased or downloaded).
- Apple Retail Store Transactions (cash, credit/debit card, or gift card transactions, type of card, name of the purchaser, email address, date/time of the transaction, amount of the transaction, and store location, receipt number)
- Apple Online Store Purchases (name, shipping address, telephone number, email address, product purchased, purchase amount)
- iTunes Gift Cards (sixteen-digit alphanumeric code, nineteen-digit code, any purchases, name of the store, location, date, and time, user account
- iCloud (music, photos, documents, iCloud email, encryption keys, Subscriber Information, iCloud feature connections, connection logs with IP addresses, Mail Logs, records of incoming and outgoing communications such as time, date, sender email addresses, and recipient email addresses, Email Content, Other iCloud Content, Photo Stream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups, stored photos, documents, contacts, calendars, bookmarks and iOS device backups, photos and videos in the users’ camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail)
- Find My iPhone (including connection logs)
- Other Available Device Information (MAC Address for Bluetooth, Ethernet, WiFi, or FireWire)
- Requests for Apple Retail Store Surveillance Videos
- Game Center (Connection logs with IP addresses, specific game(s) played)
- iOS Device Activation (including upgrades the software, IP addresses, ICCID numbers, and other device identifiers)
- Sign-on Logs (iTunes, iCloud, My Apple ID, and Apple Discussions, Connection logs with IP addresses, Sign-on transactional records)
- My Apple ID and iForgot Logs (password reset actions, Connection logs with IP addresses)
- FaceTime (logs when a FaceTime call invitation is initiated, content protected by 15 bits of entropy if secure enclave baked key is obtained from manufacturer)
And, from this thread on HN today (https://news.ycombinator.com/item?id=12977612): All call logs including contacts, timestamps, and durations including for third party applications on the phone like WhatsApp, Skype and Viber.
I'm baffled. I like to think of the quality of HN comments as much higher.
Apple had options to make this data unavailable by design to themselves and to law enforcement. They chose a design so that they could provide this information. The phone does it without the user's consent.
However, I understand that there are people who would rather redefine terminology to suit their cognitive dissonance.
In any case we can agree on the following:
-----------
Apple provides a near majority of your sensitive information to law enforcement by the design of the product, and you can not use the product in a meaningful way without that information becoming available to state surveillance and state law enforcement.
It's not a backdoor because there is nothing bypassing the security of your iPhone.
All the data supplied comes from Apple's records, not your phone. If your phone was destroyed one day, and law enforcement requested this information the next, Apple would have no issue supplying it. They're not going to simply "not keep" records of your iTunes transactions and account details, for example.
Your complaints regarding the inability to use their product in a meaningful manner without letting Apple collect this data have merit.
There is no redefinition occurring here. Your claim was this:
> Yes Apple backdoors their phones for government surveillance access.
That very specifically is referring to the phone itself. Nobody would be arguing if you had said:
"Apple hands over non-encrypted information (such as webmail and other data that cannot be encrypted at a higher level) from iCloud and iTunes Store servers, in response to a valid legal demand"
This is silly, you can absolutely use the product in a meaningful way without exposing data. Just don't use iCloud or iMessage (just use SMS) problem solved; no personal anything will go to their servers.
Perhaps I am not following your logic correctly, but it sounds like you are saying "Apple says government threats are an issue, but then backdoors the phones for the government anyways." which, to me, paints Apple in a very poor light.
How would Google protect its customers from law enforcement and mass surveillance programs? The government can just force them to do whatever and issue a gag order to keep them quiet.
Apple is just putting on a show with their tough security rhetoric, they can't resist the US government if they really want some data.
Apple is doing more than putting on a show. They've actively trying to build ML products that don't involve sending everything back to the mothership ala Google, FB, etc., but rather store and execute on the local device. (The efficacy and user experience of these products remains to be determined.)
From a security standpoint, Apple wouldn't have anything to turn over, because they never had it to begin with. Google et al, hoover up everything the least bit interesting.
No, he's right. Apple is putting on a PR show. If a warrant is served to Apple they'll hand over whatever data they have on you including any metadata on your encrypted data. They also have teams working 24/7 to serve up this data to government officials and law enforcement. It's all in the leaked Apple/Podesta emails.
Your framing is disingenuous, considering that any large company will have staff ready to respond to legal / discovery demands. This is a legal process, not something Apple is doing out of their own volition.
I'm sure all large companies have staff to handle these requests for information, but this is the first time I've heard of a company creating a team that does nothing but hand over customer data 24 hours a day.
Apple VP Lisa Jackson:
>Please know that Apple will continue its work with law enforcement. We share law enforcement’s concerns about the threat to citizens and we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day. Strong encryption does not eliminate Apple’s ability to give law enforcement meta-data or any of a number of other very useful categories of data.
Plenty of telecoms have had 24 hour abuse desks, which generally handled this sort of thing. Even more specialized departments for law enforcement in the huge majors and you always had a 24x7 on-call legal counsel if needed. It is absolutely possible to get someone on in real time if you are Important(tm) enough and have a lawful reason that is life critical in nature.
Facebook, Google, Apple, Twitter, etc. all pretty much fall under the "telecom" label these days in what they do, so it's not surprising in the least.
Just expanding on that - not dipping my toe into any other part of this debate!
For an understanding of what data Apple gives surveillance operations access to, the following list is enumerated in an older Law Enforcement Access document: https://news.ycombinator.com/item?id=12983081
It's also important to understand that the purpose for this surveillance (this following section being informed by the Snowden Disclosures) is not merely for investigative work or for tracking down terrorists. Intelligence work of this kind is used in HUMINT operations (mass propaganda), for industrial espionage, for diplomatic espionage and for signals collections (intelligence used to break into networks).
It is not clear whether Apple shares these concerns with the US government, or whether it shares lesser concerns that show up at a much lower frequency.
I agree with this. Government leverage on Apple is huge, as is the magnitude of public-private partnership. Mass surveillance of its products is not likely something that Apple would have pursued on its own.
However, it Apple has capitulated to a combination of carrots and sticks. Today, it enables surveillance of its customers.
No, we'll block your account if you never wanted to own the phone, but ordered it directly to a reseller to make money. We block the account because it's a violation of the ToS you agreed to.
However, we reinstate the account after a few days. [1]
You don't find it strange at all that a post with only 2 points in the past 28 minutes shot up to the front page on a weekday afternoon?
My only answer is that what's displayed doesn't necessarily match what's used for the ranking--that there may be some sort of lag. But yes, it could be possible too that somehow one can bump up their posts through other means.
The original commenter even mentioned this as an aside. If another reader didn't like it, they could've collapsed it.
I don't find it relevant. Given that the front page of HN doesn't 'directly' cater to what I want to read, it may as well just be random for all the difference it makes.
Encryption is all well and good but I feel like Google's handling of root causes a lot of issues.
There are a lot of pretty basic things (like ad blocking or monitoring battery usage) that require root, which severely impacts the security of the device.
EDIT: Okay, I stand corrected on ad blocking. Access to detailed battery stats however is locked behind the BATTERY_STATS permission which isn't accessible to anything except for system apps. That aside, there are other basic things like backup that also require root.
Apps can use the VPN API to do ad blocking without root, and there are tons of ways to do more battery monitoring without root, like the built in battery monitoring...
> there are tons of ways to do more battery monitoring without root
Sorry, I mean more than the built in monitor, which is largely useless.
There is no API through which I can enumerate wakelocks, CPU usage, GPS usage, mobile radio traffic and activity, wifi radio traffic and activity or screen on/off time without system level permissions (i.e. built into the ROM). Therefore, there's no way for these things to be exposed to me as a user.
And of course there's a bunch of apps on my device (Pixel) that have that permission such as Qualcomm's CNE app, Play Services (com.android.vending), another Qualcomm package (com.qualcomm.qti.auth.secureextauthservice) and a bunch of other Qualcomm packages.
Given recent news about mass surveillance, it's important to note that Pixel's security model does not and can not seek to protect your data for use for private messaging, conversation with attorneys, for journalists, or to organize for political reasons.
If you are interested in a communications device that can be used for any of these things, Pixel's security model will not cover you and you will need to look for an alternative product.
They have no Google provided support, if you drop the phone and break it your only option (if you didn't buy the third-party warranty upsell) is to take it to a repair shop. I called the ones near me, none had seen or touched the device before.
Don't spend $800 on a phone that you can't send back to the manufacturer to repair.
Edit: I originally said "they have no warranty" and people seem to have understood that as "they don't provide free repairs" -- what I'm trying to say is that this phone is supposedly a competitor to Apple, but if you break it you can't walk to the Apple Store and ask them how much it'd be for a repair. You can't send it in the mail to them either. You have to go to an authorized third-party repair shop. That does not sound like first-class flagship $800 product support to me.