I would rule out the possibility that the listening device is a smartphone, as the battery would last only a few days even with the most conservative energy saving settings.
I would suggest to enable logging on her router (if possible) and to check the MAC address of all devices that connect to her home Wi-Fi.
On smartphones, tablets, and computers, it should be easy to find in the settings (but check if they've set up a rotating private Wi-Fi address; if so, disable it).
It might be more difficult with other devices: for televisions or other appliances, you might need to unplug them and check the router logs to see if a specific MAC address disconnects at that precise moment.
Ultimately, if you have a MAC address that stays connected all the time or even just occasionally and doesn't match any known device, you have a good candidate for the listening device.
Doesn't this mean that no matter how securely your phone is locked, Apple (and probably the three-letter agencies) can always unlock it by installing an appropriate update?
Not necessarily. If the secret is protected in the secure element against something only you can provide (physical presence of RFID, password, biometric etc) then it is ok.
BUT you must trust the entire Apple trusted chain to protect you.
> If the secret is protected in the secure element against something only you can provide (physical presence of RFID, password, biometric etc) then it is ok.
But we already established unlocking is not possible, so going with the argument it's implied there is a side-channel. Nothing, but a secret in your brain is something only you can (willingly) provide. Especially not biometric data, which you distribute freely at any moment. RFID can be relayed, see carjacking.
If you can side-step the password, to potentially install malware/backdoor, that's inherently compromising security.
If the data you care about is encrypted with a token locked behind your passcode input, and it's not theoretically brute forceable by being a 4 character numeric only thing, then not easily, no.
Could they produce an update that is bespoke and stops encrypting the next time you unlock, push it to your phone before seizing it, wait for some phone home to tell them it worked, and then grab it?
Perhaps, but the barrier to making Apple do that is much higher than "give us the key you already have", and only works if it's a long planned thing, not a "we got this random phone, unlock it for us".
(It's also something of a mutually-assured destruction scenario - if you ever compel Apple to do that, and it's used in a scenario where it's visibly the case that 'the iPhone was backdoored' is the only way you could have gotten that data, it's game over for people trusting Apple devices to not do that, including in your own organization, even if you somehow found a legal way to compel them to not be permitted to do it for any other organization.)
> Perhaps, but the barrier to making Apple do that is much higher than "give us the key you already have", and only works if it's a long planned thing, not a "we got this random phone, unlock it for us".
The attack situation would be e.g. at the airport security check, where you have to part with your device for a moment. That's a common way for law enforcement and intelligence to get a backdoor onto a device. Happens all the time. You wouldn't be able to attribute it to Apple collaborating with agencies or them using some zero-day exploit. For starters, you likely wouldn't be aware of the attack at all. If you came home to a shut-down phone, would you send your 1000$ device to some security researcher thinking it's conceivably compromised, or just connect it to a charger?
If you can manually install anything on a locked phone, that's increasing the attack surface, significantly. You wouldn't have to get around the individual key to unlock the device, but mess with the code verification process. The latter is an attractive target, since any exploit or leaked/stolen/shared key will be potentially usable on many devices.
Part of the reason e.g. Cellebrite is obsessive about not telling people many specifics about their product capabilities outside of NDA is that Apple is quite serious about trying to fix these things, and "we can crack every iPhone before the 14" probably tells them a fair bit about what might have a flaw.
Tools like that lose a lot of value if anyone paying enough attention can infer they exist, even indirectly, like if all the TSA agents you know suddenly switch to Android phones, or some of them tell you not to bring iPhones through security and won't tell you why, or a thousand other vectors for rumors to start.
All it takes is enough rumors for people to say it's enough to not trust any more, and suddenly you've lost a lot of the value of a secret information source.
So if you have a tool like that, where most people don't think it's readily available, the way you probably use it is very sparingly, to keep it that way.
There is a difference in targeted software supply attacks vs. weakening encryption for everyone by introducing a master key. Apple would be required to cooperate by US law, it may never become public either. But as I said, Apple doesn't have to know, or "know". This feature inherently compromises security. Contrary to device encryption, OS update security depends on a single key held by Apple (rather several devOps guys...), which could be stolen, leaked or shared.
Would you bet, the NSA can't sign iOS updates?
> So if you have a tool like that, where most people don't think it's readily available, the way you probably use it is very sparingly, to keep it that way.
Of course. This is reserved for targeted attacks against journalists and other enemies of the state.
> All it takes is enough rumors for people to say it's enough to not trust any more, and suddenly you've lost a lot of the value of a secret information source.
None of those articles are inconsistent with the claim that Apple cares about security, though?
"We can be legally compelled to give up data we have" and "we thought letting people have custom kernel modules was a bigger threat" are not particularly incompatible with "we design things so we don't have keys to your data we can be compelled to give up" and valuing people's security. (I am not a fan of the latter, to be clear, but there are reasonable reasons you could argue for it.)
But yes, I would probably, at the moment, bet that if the NSA can sign a custom iOS build on consumer hardware, Apple doesn't know about how, both because that's a very hard secret to keep, and because you'd see a massive uptick in people avoiding Apple devices in governments that might be of interest to US intelligence if even a rumor of that got out.
> None of those articles are inconsistent with the claim that Apple cares about security, though?
You are moving the goalpost.
> "We can be legally compelled to give up data we have" and "we thought letting people have custom kernel modules was a bigger threat" are not particularly incompatible with "we design things so we don't have keys to your data we can be compelled to give up" and valuing people's security. (I am not a fan of the latter, to be clear, but there are reasonable reasons you could argue for it.)
They do have the signing keys your iPhone will gladly accept to circumvent encryption, which is the argument.
I'm not the one moving the goalpost; my argument was that Apple's incentives are not in favor of them permitting even the appearance that they might allow that kind of compromise, your argument with that wall of articles appeared to be that Apple has a history of making decisions inconsistent with that, which I disputed. If that wasn't your intended argument, you might wish to be more explicit than a wall of links and "As if Apple users would care...".
> They do have the signing keys your iPhone will gladly accept to circumvent encryption, which is the argument.
Yes, and my argument is that the plumbing for either multiple release signing keys, one of which is never seen in the wild, or to avoid a second "iOS 13.1.5" or whatever with different build information showing up in various telemetry that would leak this existing, is very difficult to have built without far too many people who would spread rumors about it coming about, and even that rumor would be a problem.
So the most plausible thing, to me, would be that if such a capability exists, it's a "nuclear option" for whoever holds it to only use in a circumstance where it's so important they don't mind potentially never being able to use it again, whether that's because it's an exploit chain that will be fixed or because it's been coerced out of the target company and they will probably be compelled to fix it if it gets out.
Keep in mind that everyone else is usually unaware (by design) of what all the intelligence agencies can do, but I doubt they would help in this scenario even if they could.
On the other hand, if this happens to a far more important person...
You would first have to imagine portuguese being the lingua franca of the iberian peninsula. Hard to imagine.
Passing that hurdle, then you'd have to imagine portuguese being the lingua franca of western europe. Hard to imagine that.
Then of europe as a whole and so on. Almost a joke now.
Portuguese was never the major power of it's immediate vicinity, let alone the world. Portugual, like the netherlands, was a glorified trading network rather than a legitimate empire. And portugual, like the netherlands, were minor powers within europe. Neither were major global powers as we understand the term and neither were powerful nor significant enough to produce a lingua franca of anything.
I think the comparison with the Netherlands is generally appropriate, but we must recognize that what they did in Brazil was exceptional (meaning not comparable to their former possessions in Asia and Africa, a difference from the mere trading nodes) and the NL never did achieve anything like it.
The Portuguese managed to maintain territorial integrity and make their religion and language dominate it entirely, in what's today the 5th largest nation state by area. They also had to defend the longest coastline.
The Portuguese Empire did exist but AFAIK never did aspire to world hegemony like the U.K. Their idea of empire was best represented by something they briefly had which was the combined union with Brazil after its promotion from colony in 1815.
So, not an empire like the U.K. and never wanting to be an empire like the U.K. but also not a total failure to achieve some version of it, however short lived that was.
> The Portuguese managed to maintain territorial integrity and make their religion and language dominate it entirely, in what's today the 5th largest nation state by area. They also had to defend the longest coastline.
Conquering multiple ethnic Malay kingdoms - a number of whom were armed and backed by the Ottomans, Mughals, and Americans and had access to gunpowders, naval yards, literacy, and proto-industrialization - and unifying them into Indonesia is a Herculean task that I'd argue is much more complex than the Portuguese project in Brazil.
You may want to look into the genetic composition of modern-day Brazilians to consider whether "Amerindians were exterminated" is a coherent way to represent it.
edit: we are just comparing 2 completely different models here. You're not wrong about some things, you are just talking about a different thing than I :)
edit 2: you are lacking information if you think that Brazilian Amerindians did not also partner with European powers (France and the NL itself comes to mind) against the Portuguese and it's somewhat amusing that you think that Portugal was never challenged on that vast territory by other powers.
My point still stands. Their culture was completely decimated and they were largely replaced by European and African migrants, indentured servants, and slaves.
Subjugating a native people that lacked metalworking, gunpowder, and literacy is different from conquering multiple nations that had all of those and was backed by the Ottomans, Mughals, and Americans.
You are imprinting your worldview on someting that differs from historical facts, maybe influenced by anglophone chronicles of what the spanish did in the americas. Spanish were no angels, however, much of what is published tends to be biased and differ quite a bit from what happened on the ground.
Despite neighbour to Spain: Portugal built a different culture altogether since its inception as an iberian kingdom. For example, instead of wiping out the muslim populations, the first king established a policy nowadays known as "don't ask, don't tell" in regards to religion. Which clashed with the Spanish/Italian approaches but at the same time permitted rapid expansion of territory since the population was absorved rather than decimated.
The Brazilian land has dense vegetation and native populations that never generated large settlements nor advanced cultures as you'd see in other parts of America, existing in a continuous state of tribal warring against each other.
The crown/church forbid portuguese women from travelling overseas and the number of sailors travelling was low (the kingdom was small population-wise). Portuguese technology and culture were very, very, very attractive to the native populations who came in contact with these sailor crews. They quickly mixed with the locals to create blood-related families on those locations with local leaders (same as done in India). The portuguese doctrine remained the same as during foundation times of the kingdom, aimed to mix as much as possible with local populations to thrive. This resulted in centuries of family ties across the atlantic that still last until today. Looking on my own example, I keep family ties on three different continents that all speak the same language.
All of this to say that integration was very fast from the native population point of view to join the empire because of mutual benefits for either parties, to the point that the portuguese army in the Americas was composed and lead in majority by natives themselves which went to subjugate rival tribes with better equipment than the counterparts.
The Rajahdoms and Sultanates that became Indonesia and Malaysia did so via existing domestic capacity and intercultural exchange with the Ottomans, Safavids, Mughals, and other "Gunpowder" empires [0][1].
Heck, the only reason the Dutch couldn't completely invade Aceh was because the Ottomans and Mughals threatened to sanction the Dutch [2] in the 17th century for threatening a fellow Sunni state.
We are reverting to the historical norm where we don't need you Farangis anymore. O facto de o IDH da Malásia ter atingido o IDH de Portugal de há 7 anos mostra que vocês, portugueses, precisam de rever os vossos egos. Tendo passado anos em Boston, conheci muitas pessoas do seu tipo - Brasileiro e português.
This is one resentful individual. Likes to imply how this or that people is inferior to the other (I thought we were discussing differences in forms of settlement, colonization and maritime expansion) then pivots to modern day economic statistics to again imply that some people are superior to others then finally succumbs to racism but is careful enough to change the language!!
Yes and no. it's not like they ever extracted taxes from most of the natives living in the amazon jungle. Saying that you rule over people that have literally never heard of you is, IMO, stretching the definition of "rule" quite a bit :-)
Since when is taxing all subjects a necessity? Britain didn't tax people in the 13 colonies so could we conclude that before the American Revolution they were not part of the British Empire?
Yes! The losses were due to independence loss to Spain. In a sense the loss of sovereignty to Spain destroyed the Portuguese empire.
Spain joined the Portuguese and Spanish armada and went on to fight the English (and Dutch to some extent), with catastrophic results for both Spain and Portugal fleets. When Portugal regained independence 1640 it needed to get back sovereignty of overseas territories, including from the Dutch.
The Dutch controlled a big part of north Brazil when Portugal and Spain were the Iberian Union, but the Dutch and were driven back afterwards at great cost. The damage was done, and 1755 earthquake was the final nail.
There were also terrible mistake in terms of state management up to the XX century where the natives, were not seen as full citizens, and naturally rebelled.
As a post colonial portuguese citizen, it seems like an incredible fantasy that our society descends from such a grandiose history. Even in this thread i see the name Henry the Navigator and am incredulous people know who he was.
A less known both inside and outside Portugal bad ass dude was Afonso de Albuquerque. This is from his English wikipedia page about Hormuz in the middle east:
> At the same time, Albuquerque decided to conclude the effective conquest of Hormuz. He had learned that after the Portuguese retreat in 1507, a young king was reigning under the influence of a powerful Persian vizier, Reis Hamed, whom the king greatly feared. At Ormuz in March 1515, Afonso met the king and asked the vizier to be present. He then had him immediately stabbed and killed by his entourage, thus "freeing" the terrified king, so the island in the Persian Gulf yielded to him without resistance and remained a vassal state of the Portuguese Empire.
Here came a dude that does both diplomacy and war in person, and moved on. Vasco da Gama was a bit similar. Portuguese were quite out of their minds and for me shows shows the pedigree of bloodlust[1] that Europeans must have gained after endless continental strife. That is why I am really afraid of the rearming of Europe, I believe Europeans have a genetic disposition for destruction, and history shows that.
> The Portuguese Empire did exist but AFAIK never did aspire to world hegemony like the U.K
Every time I meet a laid back, easy going and kind Portuguese person — which is most of them — I always think that explains their relatively unambitious world domination plans.
The 1755 earthquake effectively nuked the capital and killed maybe a third of GDP.
Portugal was never interested in dominance of Europe - hard to project power to the centre when you're out on the far edge and have more of a navy than an army.
But the trade network was the first truly global network, and very much non-trivial.
reply