I love how the trend in tech seems to be to shift 100% of responsibility for professional development to the employee.
“Just get some certs on your own and build a homelab.”
Yeah, I have 2 degrees and a bunch of certs, of which many require CEU or renewal costs. Everytime I ask for professional development it’s “yeah there might be some budget for this one specific thing next quarter”.
Remember, when iPhones are off, they just become Airtags. Most modern phones are sending/receiving BLE signals even if you don’t expressly intend them to. I wouldn’t go anywhere near a protest with anything besides degoogled Android, because its the only OS where you can actually disable the radios. Even then I would probably opt for a Faraday bag.
Other considerations… Apple (and probably Google) devices are doing client side scanning of images and turning on GPS to geotag images unless you specifically disabled that features. In other words, there are ways you can be correlated to locations and activities after the fact. Just ask all those J6 rioters.
People don’t seem to understand the risks presented by normalizing client-side scanning on closed source devices. Think about how image recognition works. It scans image content locally and matches to keywords or tags, describing the person, objects, emotions, and other characteristics. Even the rudimentary open-source model on an immich deployment on a Raspberry Pi can process thousands of images and make all the contents searchable with alarming speed and accuracy.
So once similar image analysis is done on a phone locally, and pre-encryption, it is trivial for Apple or Google to use that for whatever purposes their use terms allow. Forget the iCloud encryption backdoor. The big tech players can already scan content on your device pre-encryption.
And just because someone does a traffic analysis of the process itself (safety core or mediaanalysisd or whatever) and shows it doesn’t directly phone home, doesn’t mean it is safe. The entire OS is closed source, and it needs only to backchannel small amounts of data in order to fuck you over.
Remember the original justification for clientside scanning from Apple was “detecting CSAM”. Well they backed away from that line of thinking but they kept all the client side scanning in iOS and Mac OS. It would be trivial for them to flag many other types of content and furnish that data to governments or third parties.