I have a Pixel 4a (with Calyx) for a few years already (start of 2021)
That’s just a little over three years ago.
This is why I run with Apple. Because even though their repairability sucks even more than Android, they are built like tanks and they get six to seven years of full OS updates, and not just security patches.
And the security patches continue for another year or two after that.
Nothing else comes close. Sure, the big players in Android have now claimed five years of OS updates, but I was promised Android 13 with my Nokia 7.2, yet I am still on the original Android 11 that the phone came with - Nokia never even released 12, much less 13 for that model.
I will believe these vendors once they are actually pushing Android v.X+5 to a phone that launched with v.X.
Apple is not an option for me as they are completely closed source and super invasive of customer privacy (their privacy claims are "only we will know everything about you" which is creepy AF)
On the same concept I can also say that hou should just use a linux phone as these are very likely to be kept updated for years, but it's not really a reasonable option for this situation.
Which is why they introduced Legacy Contacts for next of kin… if someone with an iPhone dies, and their relatives want access to the deceased’s data but no-one knows the phone passcode or the iCloud credentials and don’t have legacy access, they can spend hundreds of millions of dollars suing Apple and Apple will be unable to provide access.
As someone who has actually worked on a system like this in another capacity, it really does works as advertised.
Sure, your iCloud data is encrypted, but what about all the metadata that Apple collects from your phone or on the files in iCloud? What about everything else you're doing on your phone? It's not just about having access to the data of your files.
Also, not having encryption on by default is creepy and purposeful.
when was the last time you heard of an older model smart phone model or line becoming so insecure due to the lack of ongoing "operating system" or "manufacturers security updates", off the top of my head I can't think of one
cheers for that, but all i see on that list is a whole bunch of "this could lead" and "there's a possibility", not any widespread outtages of breaches of entire product lines, like we have seen in the past with botnets and viruses in the pc world. i'm all for precaution, but again, i can't think of a time there's been a worldwide, or even nationally localized, smart phone infection across a brand or product line due to the ending of regular security updates, and i'd be interested if anyone knew if there ever has been.
what i'm thinking is, while it's best practice to have manufacturers/phone company os gui security updates for any smart phone in use, it's not the end of the world if there aren't. i could be wrong, but "this could lead" and "there's a possibility" is warning, not proof or anything at all
In this example, they're renting access for thousands of dollars. These people have a clear motivation to find ways to exploit devices and unpatched CVEs are an easy way for them to do that.
ok, i browsed through that, and again, am not seeing where it actually was deployed and affected end users, just a breakdown of how it could, and what i've continually been requesting, wondering about is if a botnet/virus campaign has ever been actually pushed out to smart phones, anywhere, at any time, due to the ending of manufacturers security updates, and again, i've yet to be presented with any evidence it has (only that it could be)
Look, when it comes to security statistics, a lot of it is locked behind closed doors in all kinds of big security companies. I can tell you personally that I have worked in such a company and you could see a lot of exploitation (attempts) on Android devices. It was there.
Look once there's a CVE and there is a POC for it. Usually there comes a Metasploit module for it and then it's for sure being used by a bunch of people.
aha, the old, i know it happened, i just can't produce any real proof of it happening, anywhere, to anyone, at any time. got it. well, shit, i'm convinced, guess you shouldn't use that Pixel 4a then. question answered, problem solved. be well.
Look, I have no interest in convincing you, you can also find some materials online but yeah, plenty of this info is closed source, that's just how it is with some industries.
If you want to throw caution to the wind because you couldn't find anything that is your choice.
It's a vulnerability that is actively able to be exploited on any compatible system that isn't explicitly protecting against it (i.e., any outdated phone connected to the internet).
So a very big fucking deal in general, even if your specific phone may not be targeted. Your only defense is hoping that you're not unlucky, which is a really shitty approach to security.
If a device isn't getting security updates anymore, it's vulnerable. And a lot of the time these things aren't caught right away. This is the exact same reason why you should never put a computer running Windows XP or 7 on the internet - it's no longer secure and your system can be accessed by any person motivated to do so.
If you don't care, that's another matter. But you're inarguably at a higher level of risk when your system can be exploited in a greater number of ways than one with more recent security patches.
and again, not being a sea lion, as sea lions request others to research easily identifiable information, which my posit is precisely the oposite of, i've asked if there ever has been a smart phone vulnerability like a botnet/virus campaign that has ever been actually pushed out to smart phones, anywhere, at any time, any where due to the ending of manufacturers security updates, and again, i've yet to be presented with any evidence it has (only that it could be). so, not knowing of one personally (which in no way means it hasn't happened, just that i don't know about any such occurance) i put it to the comment section, and having been replied to almost a dozen times now with "vulnerabilities" i've yet to be presented with an actual infection case. not one.
If you want documented evidence that there is a nefarious cadre of organizations hacking phones en masse using high-profile exploits before you'll believe that out of date phones are something to give a shit about, then you'll never be "presented with an actual case."
What you're describing isn't the reason why we should care about security. If you don't care, whatever, but planning for bad things that could happen is just basic preparedness even outside of computing. If a fire started in my apartment and I didn't have a fire extinguisher I'd be fucked regardless of how likely I think a fire would be.
I know people who have had fires in their apartments, I have seen news reports on tv and the internet, there are entire subsections of literature giving excruciatingly grand detail of historical fires throughout time. You know, proof that a thing happened, and investigation of why and how it happened.
What I have not seen any proof of, at any time, from any source, is a mass infection of consumer grade smartphones which would have been prevented by ongoing timely security updates. Not one. Rien. Bubkas. What I am seeing a lot of is people convinced that a warning is as good as an experience which has been studied and learned from. What I'm seeing without fail in this thread are people so jammed up with "could" and "possibly" but no "here's what we learned from this exploit being detonated in the wild, and here's the reason it happened".
I like your fire analogy, I'm worried about fires, I've seen the results. The same can't be said about not getting ongoing manufacturers security updates for smart phones.
Okay, then you don't care. That's fine. There's no mass hacking of phones going on, that's not the risk and whoever told you that it was is stupid.
It's an individualized problem, which is why it doesn't make the news and why you're on your own when companies fail to keep your device up to date. It's not as sensational as a massive fire so it's hard to care about.
Anyway, hopefully you'll never have to worry about being hacked. The odds are in your favour, after all. The issue is when you get unlucky.
I own the same phone. Also mine still is perfectly alright. I'm currently on GrapheneOS but that's also not supported anymore. Sometimes I get some smaller patches. I'm planning to switch to LineageOS. The phone seems still supported there and they even have Android 14 available.
I'm certainly not wasting that phone. Except for the camera which seems a bit outdated to me, compared to the camera of my partner's Samsung... It's still a really nice phone. And I refuse to buy a new one at this point.
Sure. But running an unmaintained operating system also is an huge security issue. I mean the proper choice is quite obvious: get rid of the phone and buy a new one that's supported by Calyx or Graphene. But since I'm not willing to do that, I have to choose what's more important to me.
And with security, it always depends on the specific threat model. I'm not sure if I need secure boot that badly. Can people steal my phone, flash a different OS and access the cryptographic key to my storage? Because that'd be one of the things I worry about. If not, I don't think I care about secure boot that much... YMMV
The reason is more likely that they want to avoid people enabling all the software features they disabled because you didn't take the super-premium-customer-comfort pack for 15$/month.
How do you expect car manufacturers to survive you anticapitalist swines! /s
You can't really do that with diagnostic tools, but you can change the vehicle mileage. I see a lot of cars coming from shady car lots with under 100k miles that look like they have over 300k on them.
The auto industry is full of POS bullies. Everytime one for them goes into another industry they are totally turds and mess everything up then leave cause no one likes them and they pissed off vendors.
That's treating people as Humans. But in our capitalist hellscape, we aren't people, we're Consumers. We exist to provide money to companies, and they're ever interested in finding more ways to make us give them money.
It's not enough that you buy a TV, the manufacturer needs to have ads in it. They need the telemetry on what you watch, when you watch it, and for how long so they can make the ads more relevant. We can't have you replacing your phone battery, so we'll make it an internal component so when it goes bad you're more likely to just get a new phone.
But we can't pay people more, because that's an expense.
The National Automotive Service Task Force (NASTF) is a 501 C6 not-for-profit organization established in 2000 by Automakers and the independent aftermarket to identify and resolve gaps in Service information, Tool Information and Training.
Chrysler, jeep, dodge, ram, fiat all have a SGW- a secure gateway that doesnt let any un-authorised diagnostic tool to connect to the car and delete faults or do any repairs, you can still see faults but cant do anything more. If you want to do more you have to buy theyr tool for 15000$ and 1000$ a year, or to bypass the SGW and do the repair ilegaly.
Renault, nissan, infiniti all have a SGW that cant be bypassed normaly so you have to pay about 10€ for a 24h connection for one VIN code. There is no free way to connect to these cars.
Mercedes just introduced a new SGW that i dont know anything much but you can pay to bypass it. The price i got was for 800€ for 50 connections.
VW group is working on a new platfrom with Rivian that is sayed to be 100% not bypassible in any means. Onley a dealer would be able to do anything.
BMW is letting connect and do anything but its made harder by locking every part to a VIN so that you cant use used parts. Rumor is that next generation bmw will not be able to use used parts. Some cars dont let you do it now but there are ways to make it work.
Looks like I'm gonna run my Mercedes 300D until it literally collapses into a heap. The engine is supposed to be good for a million miles, after that I guess I can change bearing journals, valves and seats, bore it out and do oversize pistons like they did back in the day.
I'm appreciating more and more owning a car that only has an electrical system for the lights and radio
I've been advocating right to repair and have been trying to raise the alarm bells to stuff like this. Unfortunately people have been blind to it and keep putting up with this crap.
"Oh I have to go to the ram dealership instead of an independent and pay $10,000 more? Sounds good to me!"
"Oh they track everywhere I drive, the speed I'm driving and also sell it to my insurance so they can increase rates, and advertisers to stalk me? If you have nothing to hide you have nothing to fear!".
How do you find energy to keep going? I got too tired and burned out from trying to explain to people why the right to repair is important, but it seems like they already got too used to thinking replacing stuff all the time and tossing them away because of simple things is normal. When I try to talk about it, I am portrayed as the weird one, who thinks we should be using stuff manufactured more than a couple of years ago.
I've advocate by doing. I work at a computer repair shop with honest rates, and transparent practices. I volunteer at repair cafés sharpening tools for free. This way you demonstrate directly towards them what you're doing and what companies are doing.
I can show customers that apple's ribbon cables are thinner than tissue paper, all of the freaking glue holding it together, the serialized components, the convoluted design, etc.
Whenever I speak about it outside of the repair shop people think I'm some conspiracy nut, but people will listen with the evidence right in front of them.
Car company’s have been doing it for decades.
There are legitimate reasoning; theft relevant parts for instance; you don’t want to enable vehicle theft and the “security through obscurity” model did work for a long time. Unfortunately for the manufacturers, most factory security systems are being cracked by locksmiths and vehicle rebirthers.
Another reason is for warranty claims. The manufacturer builds the cars to be the right balance of price, reliability, efficiency and performance. If you modify your vehicles ECU software, the engine may not be as reliable or efficient. If an “unauthorised repairer” changed the programming of the ECU, it can compromise the efficiency and reliability of the vehicle.
There are been plenty of accusations of “planned obsolescence” because a vehicle has died just out of the warranty period, after someone has fucked with the vehicle tuning.
Finally, the other reason, especially for Volume Manufacturers is that their vehicles are sold as a Loss Leader so they can make up the shortfall through aftersales.
Some vehicle importers make deals with governments to lower tariffs on new vehicles, but increase tariffs on genuine parts, like what the Japanese industry and the Australian Government made in the 1980s.
Whether you agree with this logic is irrelevant; this is the reasoning manufacturers use for restricting aftermarket parts and labour.
When a “free-market” Aftermarket Aftersales industry causes the Genuine Aftersales industry to fail, Manufacturers will try to make up any losses through other channels, like requesting government subsidies “for the good of the local industry” or selling telematics data (which just “happens” to have personal user data) to data brokers.
"Whether you agree with this logic is irrelevant; this is the reasoning manufacturers use for restricting aftermarket parts and labour."
Isn't this this the point of this community? To say we don't agree with this reasoning, whether locking people out of repairs is a good business model or not, it's one that some people don't agree with.
This is an escalation the others haven't taken yet, but I'm sure they'll soon follow if they're allowed. But all prevention of repair should be illegal, not just this company.
It's not laziness or incompetence. It's risk vs reward. It's not worth spending extra time and money to be able to work on a car you might see once a year. Send it to the dealer and work on one of the other 20 cars waiting in your parking lot. If you owned a Ferrari, would you take it to one of the the shops around town? No, you wouldn't, and they wouldn't touch it either.
Now that hybrids have been out for a minute, more shops will work on them. My shop now does but we didn't until recently, because we see one or two per month now.
So what I take from this is… don’t buy a new car. Well, since I’ve never owned a car newer than 10 years old, I guess I’m ahead of the game for once. #winning
thus the actual answer is "move to a place where you don't need a car to live", you don't need to worry about the repairability of public transport vehicles and bikes are trivial to repair.
lol. fuck cities. i will take my old car and live on my compound as far away from all of you as i possibly can. i see what yall have done with the world.
The lack of independent repair hurts the used car market before the cars get that old anyway. Lack of repairability reduces the number of cars that make it into the used market in working condition and keeps prices higher.
My 17 year old truck has all the features I need from a vehicle. If I can just keep it running I have no desire to upgrade it in the foreseeable future. Even if I had infinite money I'd probably just get one with lower mileage and upgrade it with offroad accessories and stuff. I have basically zero interest in new cars.
Right to Repair
Active
This magazine is not receiving updates (last activity 0 day(s) ago).