Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
The larger point here isn't whether they do, but that they'd rather not. They want you to rely on their app, and have been pushing people to it for years now (some more intensely than others).
Warrant canaries depend on action, the removal or altering of the canary document. It’s too clever but no more clever than what Israel is requiring here.
Yes, the equivalent of a warning canary would be that Google pays the Israeli government a set of payment every month such as 3100 shekels (for +31, NL) and then suddenly November 2025 they stop issuing it. That would mean there's a legal investigation targeting Google by the Dutch prosecutor (OM) involving Israeli data.
I suspect they didn't go for this route as it is too slow.
I would think to stopping doing something is equally an action as to do something, in regards to warrant canaries and gag orders. You had to take make some change to your process, or if automated take an actual action to disable. In either case, there was a cognizant choice that was made
The legal theory is that in the US the first amendment prevents the government from forcing you to make a false update. I don’t know if it’s ever been tested.
As I understand, this theory wouldn’t even hold up in other countries where you could be compelled to make such a false update.
What if I, sometimes, annually paint a canvas with an artistic interpretation of a canary bird? Can a government compel me to make an artistic expression with specific content, at my own expense? What if I'm just not in the right kind of creative mood to make it a good painting?
Or maybe I can bill the government for the compelled artwork -- I'm afraid I'm tremendously expensive as an artist.
More specifically, the theory is that cannot compel you to lie, there are all kinds of cases where businesses are compelled to share specific messages.
As far as I've seen, the examples of that have always been things like health warnings and ingredients lists, where showing that message is a condition of being in that (licensed) business, and applies equally to any company.
For employee things, I can understand being required to notify parties in agreements the company has entered into. As far as I understand, consent degrees are settlements and as such a mutually-agreed mechanism for ending a lawsuit early; their terms are whatever the parties negotiate and do not come from the government.
To be more precise, the law requires employees to publish the nlrb notice in well trafficked or otherwise conspicuous locations.
I think there are other places where "government mandated corporation inform people of their rights" is a thing, especially with things like data use and sharing.
In terms of consent decrees, that was the wrong example. But lots of judgements do involve various notification requirements.
Car manufacturer warranty recall letters are probably a good example.
I get them even though I've never done business with the car manufacturer -- I bought the vehicle from a private party.
But that still sort of connects (at least in my mind) to health warnings etc.
Right - the whole premise is that the government cannot compel speech (in the US). So if you publish something every week that says, “we’ve never been subpoenaed as of this week” and then receive a subpoena, the government can’t force you to lie and publish the same note afterwards. The lack of it being published is the canary here.
Whether you can be compelled to lie under these circumstances or not is not a resolved question of law. Although it seems fairly likely that compelling speech in this way is unconstitutional, if it has been tested in court, the proceedings are not public.
No, these should exist in the TPM and highly volatile memory like CPU cache. This including the decryption code. This can be achieved using mechanisms similar to what Coreboot does before RAM is initialized.
No need for the keys or decryption to touch easily intercepted and rowhammered RAM.
No, that misunderstands what a proof is. It is very easy to write a SPEC that does not specify anything useful. A proof does exactly what it is supposed to do.
No, a proof proves what it proves. It does not prove what the designer of the proof intended it to prove unless the intention and the proof align. Proving that is outside of the realm of software.
Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.
There's no issue booting a boot rootkit with the standard Windows bootloader unless you manually seal the image with command line or group policy, and even then it's possible to bypass by installing a fresh bootloader because the images are identical and will boot after a wipe.
>Thing is, because the whole design is closed as well as firmware, the security of it is near zero, even for sealing firmware device images (e.g. option ROM), much less bootloaders. Multiple security holes have been found.
Yeah right. Because building a freezer that goes to -30 C is as cheap as going to -18 C.
It's much beefier hardware with a lot more insulation.
Likewise a heat pump can only boost so much.
This, like other environment related changes never happen by market forces. Not once.
And small tweaks even on large scale produce small effects, insufficient for our needs.
