On the contrary, I would have said that it is!Quote:
Originally Posted by Eevo
Printable View
On the contrary, I would have said that it is!Quote:
Originally Posted by Eevo
9.00PM Monday night, still going well, and so it should be,...2M signed up.Quote:
Originally Posted by Pickles2
Pickles
What has my garage have to do with the discussion.Quote:
Originally Posted by Tombie
As you are such a 'know all' well you use it -I am not going to at this stage.
*disclaimer* : I'm playing devils advocate here.
Maybe you do. I don't.Quote:
Originally Posted by DiscoMick
So they "release" the code. How do you know the binary you get from the "app stores" is built from the same code?Quote:
Originally Posted by DiscoMick
I actually think the implementation sounds adequate, and it sounds like a good idea, but even if you actually know enough to examine the code, do you know what you are running on your device (hint, the answer is a resounding no).
I won't be putting it on my device. Not because I don't believe it's a good idea, but with what I have going on, I'm already part of a "contact tracing" network and it's going to have zero value to me and people I come into contact with (and the battery hit is actually an issue).
So they release the code to the geek nation. One of their number (or many) delve into the code to find a way to utilise the BT connection to their advantage to unlock your phone, steal sensitive information, or install hidden applicaitons. Yes, conspiracy theory. Possible, absolutely.
This app will (on iPhone) require constant refreshing because iOS does not allow extended BT activity in order to prevent TRACKING. Just because the grubberment say they will not be tracking you doesn't mean other unscrupulous individuals will not take advantage of the situation. More conspiracy theory? If you like.
That's a no from me.
And you will most likely want to carry a charge cable and/or a power pack because with the constant pinging for phones within range will eat batteries.
Tried both ways, neither worked.Quote:
Originally Posted by Tombie
Can someone who is suspicious of the app explain to me exactly how their life will be affected by the data this app collects?
Something more specific than "I don't want the government tracking me" would be helpful.
I find it funny that some are carrying on about privacy and someone knowing where you are all the time, privacy has been gone for years and if you carry a phone, your location is known to someone or something - Turing settings off does nothing as the cell tower has to know where your phone is to connect you, also almost all of us would run Google maps to see what the traffic is like - where do you think that data comes from?
Privacy has been a ruse for ages now.
A checksum (MD5 hash or similar) can confirm the app that's downloaded has the same binary code as the binary code the source compiles to. It's like a fingerprint - the fingerprint of the app in the store can be compared to the fingerprint of the app derived from the released source code.Quote:
Originally Posted by BradC
It's routinely done when downloading some files. After a file download the MD5 checksum can be calculated and can be compared to the publicly available checksum to ensure what is downloaded is actually what is purported to be download.
I tried to respond to this about 6 different ways, but trying to convey the difficulty in getting a third party source to compile to an *identical* binary on your machine is probably not nearly as difficult as actually doing it. Let alone signing the binary which then changes the md5 anyway.Quote:
Originally Posted by Ferret
Once you have that, how do you get the md5 of a binary on an IOS device?
An md5 is great for me to send you the tarball and md5 for you to check that what you received is what I sent. It's actually pretty much impossible for you to use to prove the binary I sent you is compiled from the source I sent you unless you are compiling it on a machine with absolutely *identical* versions of every library and the compiler and signing it with my private certificate.
So no. You (and I) won't be able to verify the binary you download from whatever "store" is built from the unadulterated sources that may be made public. You can of course compile it up yourself and install it on your own device.