Key IOCs for Pegasus and Predator Spyware Removed with iOS 26 Update
Mood
heated
Sentiment
negative
Category
tech
Key topics
iOS security
spyware
Apple
Pegasus
The iOS 26 update removed key indicators of compromise (IOCs) for Pegasus and Predator spyware, sparking concerns about Apple's intentions and the impact on device security.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
3h
Peak period
134
Day 1
Avg / period
40
Based on 160 loaded comments
Key moments
- 01Story posted
10/25/2025, 2:31:55 AM
25d ago
Step 01 - 02First comment
10/25/2025, 5:55:02 AM
3h after posting
Step 02 - 03Peak activity
134 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
10/29/2025, 6:41:41 PM
20d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
(They actually do use the expanded form in the article, just without some parentheses afterwards on the first usage of the phrase.)
Maybe everyone but me knows the abbreviation, but in case it helps _someone_ out there!
Abbreviations and acronyms are highly inefficient if not defined clearly and up front. It also creates a division between those who know and those who don't.
I absolutely detested seeing "ISO" suddenly everywhere on Facebook and Nextdoor in place of "in search of". If you didn't know that before, you know it now, but you may also be annoyed by it not being about the international organization for standardization, which also goes by ISO, but not for any reason people would magically guess, without a background in Greek. (ISO explains that, since the acronym would differ in every language, ISO is actually derived from isos, which means "equal". Happy coincidence that it almost matches the name of the organization, but could also become obscure with time and lost history.)
For our company, I've been very clear that we don't make up acronyms unless a layperson could reasonably guess what it stands for, and also not confuse it for something else.
Yeah, it's called "expertise" and it isn't as bad as you seem to think. Blogs for security professionals will use jargon and technical words aimed at other security professionals, and that's OK, not everything on the web is for everyone.
Just like how in my game development blog I don't explain what a "loop" is because I'm assuming the audience knows basic programming already, otherwise every article would be balloon out of scope easily.
Considering they have stuff like "Located within the Sysdiagnoses in the Unified Logs section (specifically, Sysdiagnose Folder -> system_logs.logarchive -> Extra -> shutdown.log)" in the article, my guess is that they're aiming for people who at least have a basic understanding of security, not general users, as those wouldn't understand an iota of that.
Any example where somebody says an article doesn’t do a great job defining its terms just becomes proof that the authors only wanted readers who already understand the terms.
> because you'd say that sentence to the typical computer user and most of them wouldn't understand most of it.
Yeah, do try that, just not your cut version focusing on the irrelevance of a specific path and the meaning of >, but the whole paragraph. Do see how many people fail to understand that there was some file at some folder. You could even ask extra SAT questions "what do you thing a "shutdown log" is, does it record activities during device shutdown?")
Now what if an “AI” system could come up with the key points to know for domain knowledge, that would make each domain that bit less intimidating.
Providing there’s a reliable publicly available store of data to extract the domain knowledge from.
Sounds so good I guess there’s several systems like that already.
https://samm.dsca.mil/glossary/initial-operational-capabilit...
In other HN discussions there have regularly been divisive gatekeeping trolls who, in response to people asking what acronyms stand for and suggesting articles like this define them after their first use, are inexplicably and vehemently opposed to defining acronyms, and who argue incessantly that acronyms should not be defined because everyone should already know what they are, and criticize people who don't already know, because they are meant to be excluded from the discussion. What possible motivations could they have?
I just don't understand that mindset, but I suspect there's a big overlap between them and the trolls who regularly throw tantrums about accessibility, usability, diversity, equity, and inclusion, and see empathy as a weakness, since it's a similar exclusionary mindset.
The anti-accessibility trolls are incredibly foolish and short sighted (pun intended) to not realize that unless you are "lucky" enough to die at an early age, EVERYONE is going to need and benefit from accessibility and inclusive interface design.
Edit: Oh I see one of them has dropped in and taken their precious time to argue back and forth in several posts, with orders of magnitude more words and off-topic noise than it would have taken to simply define the acronym in the first place and move on, thereby undermining their own circular arguments. What a sowapphtdo (strange obsession with a particularly pointless hill to die on)!
I like riehwvfbk suggestion: "expertise theatre". (But what does riehwvfbk stand for? ;)
or maybe ASS.md:
https://gist.github.com/klaaspieter/12cd68f54bb71a3940eae5cd...
I'm sure if such a relationship became public,most Americans will forget about it in few weeks time and half will be surprised what the big deal is. But apple will lose out on Asia and Europe where it has solid competition. Their hardware is their bread-and-butter.
It is more plausible for the US government to have planted or extorted an asset working as a developer at apple than apple itself making such a monumentally foolish decision.
Google and Microsoft on the other hand, that I am fairly certain of.
But... i digress a bit, only because Tim Cook was kissing the proverbial king's ring a lot lately. donations are one thing, giving gold gifts in person and on national tv is another.
I don't think I'd read more into it than that.
From Wikipedia: "Bribery is the corrupt solicitation, payment, or acceptance of a private favor (a bribe) in exchange for official action."
But let’s not motte bailey that into proof that Apple intentionally ships backdoors.
I think a bribe is better defined as "you cannot have this thing you want, unless you give me this". A quid pro quo.
I guess it comes down to who the "active" party was.
I would definitely call it a bribe if Tim Cook was the one that asked to get special treatment or lower Tariffs than anyone else and the response was give me a "gift".
Even if you believe it was a bribe, the value of it was purely symbolic. What was given wasn't a change in policy, it was a material gift of zero value to anyone else except for scrap. Others that have been subjected to this behavior have given up things like changes in hiring practices and working with "non favored" organizations.
Which, whilst morally repugnant, does make business sense - if Apple got hit by tariffs or other penalties, you can be sure the Carl Icahn style leeches would be popping out of the woodwork complaining that Tim Cook was ruining Apple / the share price / etc. and trying to orchestrate shareholder and/or board revolts.
(And Good Lord, imagine the threads on here if Apple's value dropped just because Tim Cook didn't give a hideous piece of tat to Trump.)
This is indeed how I read the comment you replied to.
How is none of this public knowledge
- Are you saying that you believe apple is picking someone who is a real wizz with css, but because of the country’s laws they had to serve with the IDF?
- Are you saying the formality of having to be a former of your previous employer, as part of taking on new employment is to be unexpected in any way?
Firstly, the exploits in play would not be introduced by a “css whiz kid” first of all. Creating holes for rootkits like Pegasus requires deep low level expertise.
Secondly, AFAIK all the teams that would be involved on working on that are located in Cupertino - so these people had to relocate to the US.
But yes, I think finding anyone who was a child in Israel and didn’t serve in the IDF is very difficult. This is doubly-so for the tech sector since the IDF is often where they obtain their initial technical education and are serving between 18 and 21.
Unless you’re blanket just going to disallow recruiting from Israel or hiring people who moved from Israel to the US and might even be US citizens. But then you’re also going to have to explain why you’re applying this policy to Israelis and not Koreans, Singaporeans, Taiwanese, Norwegians, who have similar mandatory service requirements (plenty of countries do).
I’m not saying that Mossad don’t try to get their own secret agents working long term undercover in these places. But that’s also true of other secret services of enemies and allies alike and I would think they’re less likely to generate exploits intentionally and more likely to gather information and look for exploits by having access to source, documentation, and able to get information from peers. But Israelis having previously worked in the IDF doesn’t really provide any signal to me on the motivations or beliefs of that person.
You know what, you’re absolutely right. But you’d be wrong if it turns out it’s not the general IDF we’re talking about, and specifically not one all Israelis have to serve. And that Google has all the good stuff.
But anyway I’m going to let you believe what you believe about a corporation that makes “donations” to a military, and I’m going to believe what I believe.
Like https://www.amazon.com/app-controlled-vibrator/s?k=app+contr... ?
Is there a "Rule 34" type proclamation where if it exists someone will add an app to it whether it needs it or not.
Everyone is somewhat aware that their phone are not impermeable to government agencies and it doesn't matter, that's the case for Americans of course because they are well used to it, but also for Europeans.
If they were to purposely make 'mistake' to allow Israeli spying companies to compromise their phone, it most likely wouldn't change anything.
/s
See: https://security.apple.com/blog/memory-integrity-enforcement...
And some interesting excerpts:
Both approaches revealed the same conclusion: Memory Integrity Enforcement vastly reduces the exploitation strategies available to attackers. Though memory corruption bugs are usually interchangeable, MIE cut off so many exploit steps at a fundamental level that it was not possible to restore the chains by swapping in new bugs. Even with substantial effort, we could not rebuild any of these chains to work around MIE. The few memory corruption effects that remained are unreliable and don’t give attackers sufficient momentum to successfully exploit these bugs.
Notably, attackers confront Memory Integrity Enforcement early in the exploitation process. Although some issues are able to survive MIE — for example, intra-allocation buffer overflows — such issues are extremely rare, and even fewer will lend themselves to a full end-to-end exploit. Inevitably, attackers must face MIE at a stage where their capabilities are still very limited, leaving few viable avenues for exploitation. This leads to fragile chains where breaking just one step is often enough to invalidate the entire exploit strategy. When that happens, most of the chain’s components can’t be reused, and the attackers have to restart exploit development with entirely new bugs.
If it costs you millions of dollars for an exploit that gets patched a week after it's deployed, you can't use that for mass surveillance. If it costs you hundreds of millions, you can hardly use it for targeted attacks either. The cost of exploiting phones is constantly going up. It used to be within the ability of a single hobbyist developing a jailbreak. Now it's only in reach of the most well funded hacking groups for highly targeted attacks.
Do you really think that with all of the years of iPhone device and account takeovers, from a text message requiring no reading or interaction, Apple with their maximum controlled walled garden aren't facilitating? Apple spent billions moving factories because the US government told them to. They are the keymaker.
Apple could do a lot of things, such as preventing the black market for stolen phones from existing. A single city, London, had 80,000 phones stolen in 2024.
"...Onwurah argued that "robust technical measures" such as blocking stolen phones taken overseas from accessing cloud services could make devices "far less valuable".
"She also pointed to comments by Mobile UK, the trade association of the UK's mobile network operators, who said blocking IMEI in other countries was a "necessary step to dismantle the business model of organised crime".
"However, she said when giving evidence, Apple, Google and Samsung had avoided saying why they would not implement the technology." <--**
Doesn't iCloud lock basically already makes a stolen iPhone unusable? What more do you want?
The solution strikes me as being to make repairability easier and cheaper by flooding the market with parts/components. Someone may say that Apple prefers selling new Apple products, but the repairing is not only still happening in the black market, but they are also not getting a cut of it under this state. Am I missing something?
If you make the mistake of not notifying the carrier immediately, which you won't think to do because everyone thinks the phone was stolen for the phone itself, you're on the hook for the charges.
Carriers know that no legitimate users use (or even know of) shortcodes, yet they have them enabled by default on all plans, exactly because they take a cut from this theft and they can turn a blind eye to it by pretending the charges are consensual.
Any chance you'd have article links?
I guess that also means you either need the SIM card or an unlocked phone?
"46 people were arrested, including two men who were detained in London last month on suspicion of handling stolen goods after 2,000 phones were found in their car and addresses linked to them."
These aren't local street thugs. This is a massive, global criminal enterprise:
"London Metropolitan Police, which had initially assumed that "small-time thieves" were behind the city's wave of phone thefts, got their first major lead on Christmas Eve last year. A woman using "Find My iPhone" had tracked her stolen device to a warehouse near Heathrow Airport."
"We discovered street thieves were being paid up to 300 pounds ($403) per handset and uncovered evidence of devices being sold for up to $5,000 in China."
https://www.timesunion.com/news/world/article/uk-police-unco...
https://timesofindia.indiatimes.com/world/uk/industrial-scal...
TL;DR if the device is stolen from you by a stranger, this is possible. If the device is stolen from you by someone you permitted to use the device, this is not possible
I suspect these kinds of thefts are a small fraction of the "80,000 phones stolen in 2024" that OP was talking about. Moreover the only plausible case I can think of this happening is for corporate devices, which can be MDN enrolled and locked to a particular organization.
So to confirm, you don't want Apple to remote lock phones after a theft, and you can already lock phones before a theft. What's missing? Do you want them to put a placard in every iPhone box reminding small businesses owners to lock their phones with MDN?
>You're also victim blaming here, and it's definitely not helpful or even appreciated.
You playing "victim blaming" card to dismiss arguments isn't appreciated either. It's not "victim blaming" to point out that contrary to what you claim, Apple provides ways to lock phones and that they're not particularly onerous.
Fail is an overstatement. Apple is part of PRISM and the functionality is working as intended. When a hole becomes public, it is quickly patched.
PRISM was semi voluntary. And the legal immunities it operated under expired in 2017.
Irrelevant to the inaccuracy of the statement “Apple is part of PRISM.” Present tense. (Emphasis mine.)
It’s important in these discussions to separate the nihilists who are convinced all is always lost from those who know what they’re talking about.
Which is important to identify as it separates the eternally hopeful from those who've seen this cycle before.
You say from unfalsifiable supposition.
That’s fine. You may not be wrong. But if the only evidence is mis-citing a shuttered programme, that’s important to note, too.
Enlighten us?
Edit: Looks like for multithreaded code they suggest you use thread sanitiser, so in multithreaded code it doesn't enforce memory safety. At the same time, I don't see a history of memory safety issues with Swift compared to C and C++, I don't see this being a big deal in practice, particularly if you adopt the strict concurrency checking.
- Swift has a feature where you can unwrap a nullable which is basically just unusable, as it completely crashes the entire program if it fails, with no way for you to gracefully handle it or present a message to the user. And it's a massive footgun, since it has such convenient syntax that makes it seem like it should be used. But no, you have to avoid to like the plague.
- There are some Apple APIs where they just disregard their own types, and pass nil to your callback where the type says it's non nullable. This means if you access the var at all, crash.
- Concurrent access of dictionary, crash. And very hard to track down why as well since it can be very intermittent; in our case we were using an asynchronous dispatch queue instead of a sync one, so a single keyword. Oops!
- Stack overflow, crash.
- This isn't really Swift's fault, but in general every single macOS API is riddled with bugs and undocumented behavior. As a matter of fact, I would venture to say that almost every macOS API is virtually undocumented, either since there is literally no documentation or the existing documentation is just names of functions and occasionally an extremely out of date sample app.
So IMO it's about as memory safe as C. We're floating around the idea of just porting everything to Rust and moving on, haven't researched or committed to it yet though.
From that article I linked:
If you have conflicting access to memory from within a single thread, Swift guarantees that you’ll get an error at either compile time or runtime.
Does any of what you said lead to a vulnerability that can be exploited?
As someone who actually worked there a decade ago, that doesn’t reflect the attitudes and positions of people I worked with then. And many people generally tend to stay working at Apple for long periods of time.
I can’t speak if that’s changed or other things happening, but this could easily be just a late-introduced bug as it wasn’t present in earlier betas as someone noticed - my expectation would be such a change would be present quite early. I would be very very surprised something this insignificant was a late introduced change at the request of the government - Apple historically just doesn’t act that way (see the San Bernardino row over unlocking the iPhone for the FBI).
Every company works with whoever gets elected. This isn’t new. It isn’t indicative of political support. It’s just how business is done.
There is a triangular structure, where government, corporations, and labor all keep each other in check. The balance between these three represents the golden age of America in many metrics, although attributing that age to JUST this balance is silly.
Happiness, income inequality, trust in institutions, etc. all of it follows this trend. Even life expectancy is dropping! Literacy rates are declining!
Why? A huge part is that this balance is completely shattered. Labor has almost no influence, with corporations consuming 80% of it. Now we are rubbing up against a true fueudal Corporatocracy and the tip of the spear is not shy about that (https://rationalwiki.org/wiki/Peter_Thiel)
>"It’s just how business is done"
I will not just roll over and accept this. It's worse than it ever has been, and the last time it got bad we had a severe economic collapse that led to starvation in the streets. How will it go next time, with the core problem being 100x larger and globally networked? Maybe we should address the problem before catastrophe?
First, I never claimed Cook "supports" Trump - as I said, I suspect he personally loathes him. The point is that corporations are making unprecedented concessions to avoid Trump's wrath.
Second, companies push back on government constantly when it serves their interests. Apple previously fought the FBI over privacy, but more typically companies push back or evade the law for financial benefit, not principles. When penalties are low enough they accept them as the cost of doing business, e.g. Meta's consistent, willful FTC consent decree violations.
Third, openly bribing a sitting president with a 24-karat gold gift is not normal corporate behavior. The Trump administration has used state power to control private enterprise in a completely unprecedented way: tariff threats as extortion, DOJ investigations targeting companies over DEI programs, prosecution of high-profile figures who resist - mostly political enemies so far but Zuckerberg faced threats of "life in prison" before he showed sufficient fealty.
I'm waiting for the whataboutism replies here, and executive overreach was a thing in the past, but Trump has fundamentally changed the character of the US system of government. The enabling environment is unprecedented: a Congress with zero interest in oversight and a Supreme Court granting immunity for official acts. When you combine unlimited executive power with no checks, corporate capitulation isn't "just business" - it's rational fear of an authoritarian using every lever of government to punish dissent.
Regarding the basis of Apple's market cap, I would suggest that profitability ranks a bit higher than privacy. Apple's potential tariff burden was $44 billion annually, reduced to $7 billion after Cook plied the mad king with flattery, gold and cash. Apple had lost $300 billion in market value before Trump exempted smartphones, then immediately regained its $3 trillion market cap.
Privacy is nice brand positioning, but the truth behind it was always that Apple wasn't beholden to "surveillance capitalism" like the other tech behemoths as hardware was their primary profit center. This allowed them to take the high ground on this one, while coincidentally kneecapping Meta and others with App Tracking Transparency - which cost Meta an estimated $10 billion in 2022 alone and hit Google as well. But ATT only blocks third-party tracking across apps and websites - it doesn't apply to Apple's own growing advertising business, which uses first-party data from the App Store, Apple News, etc. Apple claims they don't "track users across apps and websites owned by other companies" - but they absolutely track within their own walled garden for their expanding ad business.
And the iOS 26 removal of Pegasus/Predator detection artifacts right as ICE activates Paragon spyware contracts? Maybe a coincidental bug, maybe what happens when keeping Trump happy is worth tens of billions.
But yours does?
I know some fairly high-up folks in Cupertino. They care about privacy more than the median American, possibly the median techie. They overshot in San Bernardino precisely because they were internally calibrated off the political mark.
In my experience, people want to believe they're good, that they're doing good things, and that the institutions they're associated with are good. You say you "know some fairly high-up folks in Cupertino" - taking that at face value, that means either: (a) you're of similar status, in which case they may be personal friends or peers you naturally view charitably, or (b) you're of lesser status and get social capital from knowing high-status people, which creates its own incentives to view them favorably.
But here's the thing: "knowing someone" to some unknown degree doesn't give you access to their innermost thoughts and beliefs. You're inferring their true convictions from their behavior and what they tell you - the very behavior I'm arguing demonstrates something other than absolute commitment to privacy principles. It's easy to believe you'd stand on principle when your financial interests happen to align with it - the real test is when they conflict, and we're seeing that now.
This is actually why having some distance gives _more_ insight, not less. Every white-collar criminal convicted of horrific personal or corporate malfeasance has had plenty of people vouching for them based on "knowing them" - shocked that this person they knew would have done what the evidence clearly showed they did.
The San Bernardino case you cite as evidence of Apple's privacy conviction? That was 2016, when Apple's business interests happened to align with privacy advocacy - their profit center was hardware, not surveillance capitalism like Meta or Google, so taking a stand cost them nothing and disadvantaged competitors. It also came during Obama's administration and Trump's first term, when the costs of corporate pushback against government demands were considerably lower than they are now, for reasons I've outlined elsewhere.
Here's the reality: the theory that corporations act in their financial interest is almost completely predictive. The theory that "good guys at the top" will protect principles when those principles conflict with tens of billions in market cap? Not so much.
I’ll point you to Apple developing the privacy-preserving CSAM scanning feature which got approved at lower levels and then got pulled back when it actually started hurting their brand. They respond to this stuff and I don’t think perfection is a reasonable bar.
> And the iOS 26 removal of Pegasus/Predator detection artifacts right as ICE activates Paragon spyware contracts? Maybe a coincidental bug, maybe what happens when keeping Trump happy is worth tens of billions.
And if iOS 26.1 or 27 restores previous behavior or does that change the narrative you’ve built in your head and you’ll just say “of course - they just got caught”? If you can’t falsify your narrative there’s no point having a constructive argument - I can’t factually argue you out of a position you didn’t argue yourself factually into.
Your CSAM example perfectly illustrates my point, not yours - Apple pulled back "when it started hurting their brand," meaning they respond to financial and reputational pressure, not pure privacy principles. And you're asking if I'd change my view if iOS 26.1 restores the logging? Sure - that would be evidence it was unintentional [or that pushback raised the costs - see Disney / Kimmel]. But right now I'm looking at documented patterns: $37B in tariff relief, gold gifts to Trump, court findings of deception, and suspicious timing on forensic artifacts. You're arguing from "I knew people there who cared" a decade ago. Which of us is reasoning from evidence that can be falsified?
I’m not claiming Apple is flawless as a company - no individual is and no group of individual is either.
> You're arguing from "I knew people there who cared" a decade ago. Which of us is reasoning from evidence that can be falsified?
A good chunk of the people I know are still there and constantly being promoted to more and more senior positions.
> Your CSAM example perfectly illustrates my point, not yours - Apple pulled back "when it started hurting their brand," meaning they respond to financial and reputational pressure, not pure privacy principles
I think you’re confusing the situation - both things can be true. It can both be simultaneously true that Apple thought they developed a privacy preserving CSAM solution AND that there was enough public blowback that they decided it wasn’t worth it to continue.
> But right now I'm looking at documented patterns: $37B in tariff relief, gold gifts to Trump, court findings of deception, and suspicious timing on forensic artifacts
None of which really means anything in terms of the privacy stance of the company. You’ve conflated the political moment (and perhaps legit malfeasance in dealing with the EU - I haven’t followed that situation closely) with their policy on privacy.
I’m happy to update my priors when presented with evidence to the contrary but I just haven’t seen any. I don’t see how bending the knee to a fascist government that has significant influence over a good chunk of their revenue and regulatory control of their HQ is evidence of them sacrificing their stance on privacy. I see it as being a concerning step but to me that’s more of an issue of the rapidly deteriorating political situation in the US and within that context Apple’s actions matter negligibly.
You see your direct personal experience at Apple as giving you insight into how the company operates. I think that experience can actually cloud judgment - when you've invested years in an institution and know people there, and have some of your own identity tied up in that institution and how it's perceived, you're naturally inclined to interpret ambiguous situations charitably. That's not a criticism, it's just human nature.
As for "bending the knee to a fascist government" not being evidence of sacrificing privacy stance - you're describing the mechanism by which principles get compromised while claiming it doesn't count. When you acknowledge that Apple's actions are driven by "significant influence over a good chunk of their revenue and regulatory control" from a government that's deploying zero-click spyware through ICE, the removal of forensic artifacts for detecting that spyware stops being "just a technical decision" that happened to occur at a really convenient moment.
I don't actually know what happened here in this specific instance - whether the iOS 26 change was deliberate, accidental, or something in between. I'm basing my priors on general corporate behavior and the observation that Apple isn't special, just that circumstances have allowed them to take positions that aligned with what you and I both see as right. I don't doubt the people at the top genuinely believed in those positions when they were cost-free or profitable. But we're past that now.
At some point we'll likely know more - this stuff tends to come out eventually through investigative reporting, court filings, or the Trump administration bragging about it. Until then, I guess we have different base assumptions about how much institutional conviction survives when it costs tens of billions.
does this show conviction or it's just basic prevention of brand damage?
could they do more? of course.
can any company stand up to Trump? unlikely.
If you are a high target or require better privacy & security, GrapheneOS is the best option which delivers on everything it promises
As far as Windows goes, https://www.loldrivers.io is a thing.
You have a good point with attack surface, but apple has a pretty robust system already for ensuring boot and lock security that doesn't rely on EL0/El1 security. I'm sure you know more than me about higher EL's like EL3 and secure world code that can take care of all that. I'm pretty sure they don't have to issue new signing keys either, matter of fact, why let even 3rd parties do this, apple themselves could expose a memory and file system dumping api without involving third parties. That way, they could sanitize away anything they consider sensitive as well. They can also require that the commands be issued over a physical/authorized usb connection.
Point is, there are very legitimate are critical cases where memory and file system forensics could be critical. From what little chatter I've heard, forensic software today is resorting to exploitation of the devices and those exploits tend to be abused for other reasons too.
Wouldn't that make it easier for people to find vulnerabilities and more importantly (for Apple)? Which would allow people to find vulnerabilities for rooting the phone, something Apple really seems hellbent on preventing.
Why would somedy want to disturb in memory exploits ? /s
> Consider holding off on updating to iOS 26 until Apple addresses this issue, ideally by releasing a bug fix that prevents the overwriting of the shutdown.log on boot.
That said, if we take Apple’s stance on privacy seriously, users should also have deep inspection capabilities on their own devices. After all, they’re supposed to own them.
apple always trying to hide things and lock people more out of how the device works. they use privacy as an excuse and even sue and jail ppl who try to look at things properly.
Just because you own a device, that doesn't mean the manufacturer is obligated to add features you want.
Since there is no sideload and the criptographic keys belong to Apple, then the device belongs effectively to Apple and you just rent it for a fixed fee.
You can't both own it and not own it depending on the situation, thus exposing Apple's hypocrisy as a well-intended parentified gatekeeper just protecting the users/childified adult users.
Another way to think of this is imagine if Apple burned the OS into a ROM chip. That doesn't make them the owner of the device because the user can't write to the ROM chip. By that logic no one would own the device because no one can update it, but that can't really be true.
Except that they are not actually given that freedom.
The entire notion of free software is that users should be free to modify the software stacks of their devices.
Very few consumer devices are free in that sense. You can't run a custom OS on an iPhone.
Sure you can, you just need to replace the components that don't let you with ones that allow your custom OS.
We're discussing consumer hardware.
Can a consumer "just" replace the components of their iPhone? No, they cannot.
Not everyone cares about the bits. It’s true that the vast majority of consumers prefer having a single supplier to having freedom to run their own bits.
This is unique to modern technology, and the fact that they sell you the house keeping sole ownership of the keys to certain rooms is indeed worth examining I think.
That’s really reductive thinking. I guess the idea is to blur all the different connotations of “own” into one thing and assert they are all the same?
I “own” a car, but am not allowed to drive it in some situations (if I’m drunk, on the wrong side of the freeway, …). Does that mean the state actually owns it?
Disregarding context in favor of reductive binaries is the #1 sign of zealotry. You see it everywhere: either a movie is original or it’s not, so Avatar is / isn’t (pick one) because it follows familiar tropes / innovated in visual arts (pick one).
The world is actually contextual. The moment you throw that out, no meaningful statement can be made.
No, it means that the state owns the freeway.
By registering the car and obtaining a license you are agreeing to obey the rules set out by the state in exchange for permission to use the roadways.
To steelman the argument, you could argue that by using an iDevice you are using Apple's services and agree to follow the rules set out by them. But there is no such possible way to use an iDevice without relying on Apple's services.
With a car you can have it delivered and only use it off public roads on your own property. That would be a lot less useful, but it is something people do sometimes, such as with vintage/museum cars, race cars, construction/farm/mining vehicles, etc.
It's always your vehicle. The issue is the roads not the vehicle. But with an iDevice, even if it's legally "your phone", it's been designed to be impossible to do whatever you want with it within the bounds of the law, which weakens the traditional notion of what it means to "own" something (ie "right of disposal").
Again to steelman it, the retort is "Apple has the right to manufacture devices in alignment with protecting their business model, if you don't like it then buy other devices". Which is fine normally, except that the only other major similar device manufacturer is starting to do similar kinds of things and our society increasingly depends on the assumption everyone has a phone.
So what's increasingly becoming the scenario is that you have a choice: either allow your rights over your own property be infringed, or allow your ability to participate in society be infringed.
There is. One can go through the iPhone setup wizard and opt out of everything. You don’t need to have any accounts, neither iCloud nor App Store one, or to be logged on to any Apple services to use your phone.
Someone who knows more about iOS than both you and me could comment further on whether subtle things like aGPS would continue to function as expected, but everything you specifically thought of when you wrote “to use an iDevice” would work.
Not really. Apple reserves the right to start WiFi or Bluetooth.
And that's not even the main issue, you're still unable to decide what software you're running on it, so Apple controls what you're able to do on it even if you opt out if all of that.
26 more comments available on Hacker News
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.