Thursday, November 3, 2016

Password Managers

In my last post on password managers I detailed how to use KeePass to manage your passwords. In this post I will explain the differing types of password managers and their relative benefits and issues.

The various password manages may have one or more of the following features.
  • Encryption. This is essential and the level of encryption is one detirmination of the level of security.
  • Cloud storage. This makes the solution more feature rich and flexible but will reduce the security of the solution.
  • Integration with your web browser. This makes the solution much more convinient in that you can login to web sites automatically but there are trade offs. Tou can use more complex passwords since you do not need to type them but it does reduce the security.
  • Integration with apps. 
  • Integration with mobile devices. (Mobile app typically.)
  • Free, add supported, one off coast or subscription. 
There are basically two general types of password manager. Off line and online.

Off line is where the password database is stored on your local computer. This is by far the more secure password manager. Of these the go-to application is the open source project KeePass which I mentioned in my previous post. For the full detail of how to use KeePass and to integrate with iOS see my previous post linked at the top of this blog entry. You can use very secure encryption for KeePass with multi factor encryption. Obviously the higher the encryption the harder it is to get to your file and the more likely that you can lock yourself out. Swings and roundabouts. So if you are a security freak and you are paranoid about your security the offline is for you. The other advantage is that you do not need to be connected to open your password database. Some give you the option such as 1Passowrd which will allow you to store the database off line but if you pay for a 1Passowrd account you can store the database online.

Online is where the password database is stored on a site of the application owner's choosing. LastPass for instance stores your password database online so whenever you retrieve a password it comes over the internet to your computer or device. Now any good password manager such as 1Password or LastPass will use secure encryption so that your passwords or details for that matter cannot be sniffed. You are however trusting that the company is using the security that they claim.

For any password manager, but more so for online managers there is a huge question of trust. We know from recent revelations that many companies, particularly US based companies, have build into their encryption algorithms back doors to allow such TLAs such as the NSA to spy on your activity at will and some of the spying has been done (take Yahoo for instance) without due process. This leads us to the next topic, how secure is secure?

Any encryption method which is proprietary has inherent risks because it cannot be scrutinised. An open source program such as KeePass can be scrutinised and analysed to see if there are any flaws. This makes it potentially more secure since it can be subject to review by security and code experts. On the other hand proprietary systems such as 1Password and LastPass which are closed requires a level of trust that the coders know their stuff and have not been compromised with back doors.

To be honest this level of paranoia is maybe overkill for most of us. However there are situations where you need to be overly cautious. For instance if you are living under an oppressive government and you are a dissident. If you are a whistle-blower. If you deal with highly secure information. All of these are situations where you can never be too cautious. On the other hand most of us would be perfectly fine using any of these managers so long as we take proper precautions.

Finally let me give you some pointers to keeping  your information secure.
  • Do not use the browser's inbuilt password manager, always use a separate third party manager.
  • Use a complex but easy to remember password as your password manager's master password.
  • Use multi factor authentication where possible.
  • Use complex auto-generated passwords from your password manager. Ie. let the password manager generate passwords for you.
  • Never never never use the secret questions, they are never secret. If you have to, provide random nonsense answers and store the answers in your password manager
  • Make sure that the password manager is reputable, if necessary google them to make sure there are no known issues.
  • Share your master password with a trusted friend or family member just in case.
  • Never run a program install unless you are sure that it is safe and from a safe source.
  • Never open an email unless you know who it is from and who sent it.
  • Never tell anyone who rings you your password or give out a caller any identifying information.
  • If an email wants you to follow a ling from that email to their web site - never do it. Always get to the web site some other way by using a stored bookmark, typing in the site manually or googling the company, bank etc.
  • Never use apps on a social network site.
  • Never use a social network site to automatically login to another account, for instance using Facebook to login to Spotify.
  • Regularly check your social network app permissions to verify that no unwanted apps are using your social network account.
  • And finally educate your children on the safe use of social networks before they are allowed to get a login and monitor their usage. A chain is only as strong as the weakest link.

Thursday, May 12, 2016

Mr MC on the ATV4

Introduction
After setting up and using the ATV 4 for about a week I was searching for interesting apps. One of the disappointments was the facility of the two most popular streaming apps, VLC and Infuse. They both worked fine so far as they went but were somewhat limited andin the case of VLC not particularly user friendly.

A lot of people use Plex but apart from the way it wants to organise your media (not always correctly) it also wants to transcode everything before streaming it and it requires a Plex server separate from the media source and player. So what with the media management, transcoding and double handling resulting in doubling the network traffic I am not a real fan of plex.

The first media player I ever used was XBMC on the original XBOX. It has now been ported to many environments and diverse platforms, now including the ATV 4 and has a name change to Kodi. The problem is that you need a developer account, you need to side load it (that means buying a new USB C cable and connecting it to your Apple Mac and loading the binaries from there) and the installation expires after 90 days meaning that you have to re-load it every 90 days.

One of the principal developers of Kiodi for iOS has made his own branch minus a few features and called it Mr MC.

Installation and Setup
As with any app simply search the store and install. It was $10.99 in the Australian store.

I then went into the setup and changed a few settings. I change the Audio Output to 5.1 and turned bitstream on since my amp decodes all audio encoding formats.

I then had to add my media locations using SMB to the Audio, Video and Pictures section. As I added the audio share it asked if I wanted to catalogue my library and I answered yes. That allows it to sort by Artist Album, genre etc.

Apart from that it was ready to go.

Using
I understandably I found it identical to the modern ports of Kodi which I was already familiar with. A first time user would have a steeper learning curve but since I have been using XBMC for well over 10 years, of and on, it was very familiar to me. Apart from the lack of addons there was little difference that I could see.

I had no issues playing lossless music with excellent quality. It is possible to browse music using the file system browser but the music is also sorted by artist album and genre.

I tried various video media and it had few issues with any of the media formats I tried including DVD and Blue Ray rips I have up to and including 1080P, 60FPS DTS HD audio. On the larger files there was a slight amount of stuttering but I put that down to a network issue since I had to use a local USB drive on my Popcorn Hour to play the same media without stuttering. Where the audio needed decoding there was some distortion and have not been able to work out why. Where the audio was bit streamed the audio was flawless since it was decided by my AV receiver.

I found the Apple remote somewhat annoying to use with the MrMC interface but the Blue Tooth keyboard made it much easier to operate. I using the arrow, Enter and Esc keys made it much easier to navigate and the Enter, Esc, arrow and Space keys gave me good control when playing media.

Conclusion
The Mr MC app is so far the best media player I have tried on the ATV4 with no serious issues. The lack of addons I suspect is due to Apple's restrictions on Apps since Apple has no control over addons. Apart from that I think it is a definite winner for me and has now become my default player for local media.

Sunday, May 8, 2016

Apple TV 4 Review

Introduction

I have been using the third gen ATV for several years now and have mixed feelings about it. The inbuilt apps work fine and do exactly want they say on the box however it is pretty inflexible and allows for very little customisation. . I mostly use it for iTunes vodcasts, music, YouTube, and Netflix. I also use it to Air Play from my iPhone 6+ for such apps as Spotify and ABC iPlayer. I rarely use much else but seldom does a day go by without using the ATV. The biggest thing for me is the limited facility of the inbuilt apps.

When the ATV 4 was announced and the Australian pricing I was determined to buy one despite the high price. Last week I bit the bullet and ordered one from Kogan which was about $50 cheaper than the Apple store price including freight.

The ATV 4 is capable of 1080P 60 FPS but not 4K or HDR. The next generation of hardware may support HDR but we will probably not know until it is announced. There are many theories as to why Apple chose not to support HDMI 2.0, 4K HDR. I suspect that it may have been because the standard was only fleshed out mid 2015 and there was insufficient time to design it into the hardware. Even so it was not until this year that the new standard was available in hardware. The other issue is the availability of content. There is still only a few 4K HDR titles and few displays capable of displaying the new standard. Just because a display is 4K does not mean that it will properly display the 4K HDR standard media.

Setup
On arrival and opening the box there was the ATV, a UK power cable (Kogan shipped the UK version), a lightening cable, the remote and some documentation. The localisation appears to consist only of the power cord and paperwork. Also in the packaging was a power adapter supplied by Kogan for the British plug so that it could be plugged into an Australian outlet.

I removed the old ATV and plugged in the HDMI, Network and power and turned it on. There was an option during setup to use a Blue Tooth to my iPhone to pull the setup from that to set up the Apple TV.  That did not work, which I suspect was due to a bug in the shipped OS 9.0. Otherwise the setup was pretty much straight forward.  I went into settings and manually added my credentials.

I tried to add a BT keyboard but it would not recognise it. 

I then went to the app store and downloaded my favorite apps including YouTube, Netflix and VLC but ABC iView would not install since it required TVOS 9.1 or later.

I performed a manual update to the latest OS and then went back and downloaded ABC iView.

After the update I was able to pair the BT keyboard so it appears that OS 9.0 has a issue with the BT stack.

In Use

The ATV is capable of HFR 60 Hz which means that it can properly deliver HFR video to the display. Playing a 60 FPS video media file appeared to be flawless. The video I streamed showed no artifacts but ... more later.

The app store is limited but have all of the usual suspects except for Spotify. I have contacted Spotify but they are tight lipped on the availability of an ATV app. I suspect that there is one in the works but no idea on the release date. In the mean time I am happy with Air Play which works perfectly fine. I downloaded Infuse media player which has a pro version but I have not yet taken the plunge to upgrade to Pro. I also investigated Kodi (XBMC) and there is a pre-alpha release for developers but it is pretty buggy according to the forums. I have to say that this has always been my favourite media player being completely open source and it has a lot of very good features. I have been using it off and on since it was available on the original XBOX and was the first media center I used.

The interface is fine if somewhat confusing. The home page and Apple apps insist on displaying a banner on the top third of the screen that scrolls through what they think you may want which steals from screen real estate and interferes with navigation. This is inherited from the old ATV and I find it distracting confusing and annoying. Would be nice to be able to turn it off.

The Sony TV I have has a bug in its HDMI negotiation whereby with 1080P 30 Hz the screen would initially appear blank and took some fiddling to fix each time the system turns on from cold. The new ATV also does this to my TV which is really annoying. To be fair it is the Sony TV, not the ATV.

I am really pleased with the ABC iPlayer app. It has the option to stream high def video (it appears to be 720p). You still see compression artifacts but not nearly as distracting as the lo-fi version we have been used to. It is almost as good as over-the-air quality. We have been watching iTunes Podcast versions of some ABC shows and they are utter rubbish with very low definition and obvious and distracting compression artifacts. So the new iPlayer is a huge winner for watching ABC shows.There are also apps for Seven, Ten and SBS streaming which vary in the quality of the streaming media but are fine if not Hi Def.

I used two streaming aps to stream video from my NAS. VLC and Infuse. Since my receiver includes the necessary decoders the player streamed the audio in  raw which appears to work up to and including DTS HD. Infuse did not seem to recognise a BD rip but played all of the other formats I tried including a 60FPS copy of The Hobbit TUJ. The one issue I have is that the necessary frame rate conversion for 24 FPS media leaves somewhat to be desired and resulted in distracting stutter. This is where the device (in this case the ATV) has to insert or remove frames in order to match the native frame rate of your display. So lets say for instance you have a 60Hz display and have a 24 frame source which is the most common combination. The frames are sent to the display multiple times to match the 60Hz of the display. Now a proper conversion will send an alternate stream of repeated 2 and 3 frames in order to match the frame rate. This will appear nice and smooth to the human eye. In the case of the ATV 4 they appear to send a bunch of frames 2 times and every few seconds it just skips a bunch of frames to catch up and hope that you do not notice. With static scenes this is fine but when you have on screen movement for instance moving characters or panning you suddenly see the scene jump. This has come up in forums and Apple are aware of it and don't appear to really care. My Popcorn Hour media device does this conversion seamlessly and without stutter but Apple have chosen the easy option it appears. This is independent of the media player. It seems only to happen to high definition media where there is a lot more processing required to perform the frame rate conversion.

I used VLC to try to watch a downloaded TV series. I selected Ep 7 and it started playing Ep 8 then about 5 minutes in skipped to Ep 9 for no apparent reason. This did not happen when I was playing movies. It seems to be a really strange bug. I went back to the PCH to watch that particular TV episode. Infuse appears to work flawlessly. We watched several transcoded videos and except for a reset in the middle of a video stream it worked without a hitch.

Referring specifically to the two streaming apps, VLC and Infuse I found them both relatively easy to use. One of the features I preferred with Infuse is the ability to create favourite shares. With VLC you had to start with navigating through the list of discovered network devices then navigate down through the media to your location which took many keystrokes. With Infuse though you create network favourites which enable you to choose from a list of locations with custom labels. This makes it much faster to locate the media file you want to stream. I created several shares to various locations on my NAS which made navigating pretty smooth. Infuse will also download artwork if available but it will not cache the artwork (which Kodi will do) so it downloads it every time you navigate to a location.
I am eagerly awaiting Kodi (XBMC) for ATV 4. I think that the Kodi interface has the best of every world and I may install the pre-release version. what is the worst that could happen :O.

As mentioned when the ATV 4 arrive it was on 9.0 TVOS which had a number of bugs including not being able to pair with BT devices other than the remote. It took about an hour to update. The update fixed the BT bug, added app groups as per the iPhone, improvements to Siri, and a number of other enhancements and fixes.

The new remote is interesting to say the least. It has a touch pad which is both a blessing and a curse. It means you can scroll easily using the touch pad  and it is designed to give you fine control over video playback. It also has the simplicity and de-clutter of the old remote. However the glass touch pad can be a bit sensitive and takes some getting used to. For those who lack dexterity I can see that it would be frustrating. It came with about a 75% charge but will change via lightening. You can see the amount of charge bu opening Settings and selecting Remotes. The battery will last weeks on a single charge so plugging it in over night about once a week should keep it charged.
The highest definition movie I tried was The Hobbit  at 60FPS 1080P. It was clear and smooth with no apparent artifacts. Short of a 4K movie it should be able to play anything you throw at it.

Conclusion
Overall I am really happy with the ATV 4. The minimal interface is easy to use and negotiate if you can ignore the top banner. With the latest OS the ability to create groups and customise the layout is very nice. The apps are a definite winner but some companies are somewhat behind the time in terms of app development. I am sure over time that we will get more apps and thus provide greater utility. Not being a gamer I cannot comment on games and there does not seem to be a lot of good games as yet.

The only big criticism for me is the stutter on high definition 24 FPS video. This is a huge mis-step on Apple's part IMHO. If they could fix that then It would be the perfect hi def set top box.

Thursday, April 7, 2016

Managing music on iOS devices

The Problem
I have had many and varied conversations with people over the years regarding their favourite computer based music player and some have been more interesting than others. The solution I describe here is just one but it may assist in developing you own solution. As far as I understand it this complies with the current Australian law.

When I started collecting music the benchmark was the vinyl record, with some people actually purchasing high quality reel to reel tapes (yes, that was a thing) for an ever higher quality. People would spend many thousands of dollars on the turntable alone, let alone amplifiers and speakers. I had a friend who boasted that he built custom enclosures from concrete and filled them with sand. I never heard them but I can imagine that they would not have lived up to the expense and effort involved. Then in the 80s the CD emerged and to this day there is a furious debate over the efficacies  of either format.

Now there is digital music and as with the past there are facts and there are fallacies and unfortunately the fallacies reign supreme whilst the facts languish amidst the ignorance of those who know enough to be dangerous but not enough to know what they are talking about. In the next two paragraphs (which you may skip or skim if you wish but I suggest you do try to understand if you are at all interested in music).

Digital Vs. Analogue
First let me try to explain the difference between analogue and digital formats. Old formats such as tape and records (shellac and vinyl) record the music in a form that reflects what we would understand sound to look like, waves. Sound is just pressure waves in air and on tape the signal is a varying magnetisation of the tape that looks exactly like the sound waves. On the record there is a groove that looks exactly like the sound waves. When the tape or record is played then your sound system converts these variations into electrical signals which are eventually turned back into sound pressure waves that come from your speakers or headphones. There are serious limitations with both tape and vinyl however. The accuracy of the sound depends on various factors including how accurately the sound is converted from pressure waves into electrical signals, how well that signal is transferred to the recording device and the particle size on either the vinyl record or tape. You can hear it the most with the old shellac 78 RPM recordings where you can hear a constant hiss. You get the same thing with both tape and vinyl but there are ways of limiting its effect, but even so it is still there. There are also limitations in the mechanism that lay the sound onto tape and vinyl and also getting the signal back out. Both of these media are fragile and easily damaged and the sound on tape degrades over time and records can be worn by the stylus or scratched.

Consumer digital started with the release of the CD. There are a number of advantages with digital. The first is that it is easier for computers to process so that you can do many smart things with the digital file to process the recorded sound that are impossible, or extremely difficult with analogue. Next there is no loss to the signal when you process it. With analogue every time the editor processes the track it adds all of the inconsistencies of the analogue transfer and over time this can degrade the signal. Not so with digital. Then there is the preservation of the original sound. Once you have the digital file that represents the recorded sound it cannot degrade (in theory). If you look after that file it never changes and will be exactly the same forever unlike analogue formats. You scratch a record you damage the sound. You keep a tape for too long, get too hot or expose it to too much moisture the sound goes to pot. No so digital. You can copy it over and over and it stays exactly the same.

Digital Distribution
There are now a plethora of digital media, some of which have come and gone but the one that has stuck with us due to its cheap cost is the CD. I read that a factory can stamp out a recorded music CD for 20c per disk. This means that the remainder of the money you pay for the CD goes into distribution less royalties, which is precious little if you buy from your average music outlet. Most of the money you pay goes to the label. Of the sticker cost 13% (or 13% of 90%, there is a 10% deduction for supply chain losses) goes to the musician (more if you have negotiating power such as Madonna or Sting). This sounds a lot but your musician also has overheads so in truth you average musician takes about 0.23% of the CD which if it was a $15 CD, about average these days, (it is only your Madona or Sting  who can expect to still get away with charging $30) you musician only gets about 3.5c per CD. Not a lot to live on for the smaller artist. For your typical CD run this makes it hardly worth while getting out of bed. This has given rise to a lot of independent music distribution sites such as CD Baby, and Blue Coast music which leaves the musician with much more recompense. Even better are those musicians who self publish. Many more new musicians are going down the route of self publishing as the become more tech savvy. Indeed there is one musician I know of, Daria Musk  who streams her concerts live over Google Plus.  She also produces and distributes her music herself but she is very technically knowledgeable and has teamed up with another musician who is her producer. Digital music files are now becoming more popular and are not limited to the quality of CD or two track stereo. Surround and higher bit rates are proving to be more popular now.

I collected a large number of music CDs over the years but the problem is that music CDs will deteriorate over time, especially if stored in damp and cold environments. Also putting a CD into a music player is a pain. CDs are excellent media but they have their limitations. Most of the music I have bought recently has been from the artist either on their web site or from Kickstarter. I have also bought a number of albums from iTunes where the artist does not sell direct.
The old CD distribution mechanism via large record producers is probably the lease beneficial way for the artist to be reimbursed for their work. the next best is iTunes the next via independent distribution such as CD Baby, Blue Coast and the like. Finally the best is from the artist themselves. I choose the options from the last to the first for this reason. There are a few artists whom I support by buying direct from them either digitally or by buying their CDs. So how to manage this music?

Managing Your Music Library
I use iTunes because it is the most convenient way of managing large music libraries and supports all of my mechanisms for playing my music. I have tried a number of different music library managers in the past but I always come back to iTunes.
First CDs. I simply pop the CD into my CD drive in my computer and it automatically imports into iTunes. I have set the default format to Apple lossless which encodes the bits exactly as they come off the CD so you loose no quality. Once the CD is in the drive iTunes goes out and finds the album information (it uses the signature of the tracks on the CD to match it to online databases of CD information). If there are multiple entries, for instance different people have entered the same CD  or different regions or different release dates then you get to pick from a selection. Once it is "ripped" into iTunes you then have the digital copy and it appears in your iTunes library. In Australia this is allowed for in the legislation. If you own the CD you may make copies of it for your own personal use for playing in different formats. For digital media simply drag your downloaded music into your iTunes liibrary and it automatically catalogs it but this does depend on the music format.

Once in my iTunes library I can backup the library. To see where your songs are stored you can look in settings or you can right click on any song and look at Get Info.
Now that you have all of your music there you can do things such as create play lists. There are smart play lists where you specify all of the attributes and iTunes automatically adds music to that play list any songs with that attribute. For instance you can crate a John Mayer playlist and specify artist as containing John Mayer. You can also create normal play lists. For instance create a Christmas play list and drag all of your Christmas songs into it. then when Christmas comes around shuffle play all of your Christmas songs to the endless delight (or disgust depending on your relative tastes) of your family. I created play lists for my children's weddings with several play lists specifically designed for various parts of the evening. You can also see the timing of each play list which helps with the programming.
Once your library is set up you then turn on Home Sharing which enables you to see your library from anywhere in the house. You can see it on your Apple TV, your iPhone, iPad or any other computer running iTunes. You can also selectively sync tracks to your iOS device if you want the music on the go. You can choose to sync in the original format for high quality music or if you want you can select to compress your music which gives you about a 50% reduction in file size for a loss in quality.

Additional Tools
These days I get most of my music via a streaming service but I do still purchase music, mostly from places such as Blue Coast and CD Baby, and even from the artist. In the case of downloads the format is typically FLAC which iTunes does not recognise. In addition I like to play music on other players which do not decode Apple Lossless. To convert between formats I use dBpoweramp. The basic version is free but I bought the license which is a small one off purchase which adds an mp3 license, multi parallel conversion plus more. Major upgrades though do require an upgrade fee but it is not a huge cost. I have a reasonably powerful 8 core PC and I can convert a full CD to/from Apple lossless/FLAC format in under 30 seconds.



The Video Lan Client (VLC) player is free and supports all major audio and video formats and is a great media player. It is available for PC, Mac, iOS, Andriod and Apple TV V4. If anything will not play in iTunes then it will most likely play in VLC.


My PC does not have an internal optical drive so I use an external optical drive to read my media. These are not expensive and are very convenient.


Storage and Backup
There  are many options for storage. You can use external USB drives, internal drives, NAS (Network Access Storage or via your router's USB port. Each has advantages and disadvantages.

An external USB drive is relatively cheap and can store many hundreds of CDs. However unless you keep a copy of the external drive you have no backup and will loose everything when your single drive fails. You can get multi drive external boxes which include data redundancy but this is not a particularly robust solution. There are better ways of storing your music.

You can use internal drives inside your PC to store the music. Windows allows you to use RAID (redundant array of inexpensive disks), in the case of Windows this is specifically 2 disks which store exactly the same data (RAID 1) so that if one disk fails then you still have the data. You can then replace the failed disk and re-synchronise the RAID. I have two 2T disks for storing data on my PC but that is not my only copy.

Probably the most robust solution is what is termed a NAS or Network Attached Storage. This uses a dedicated box, either a PC or purpose built containing several hard drives of (usually) identical model and size with redundancy so that if a drive fails you can simply replace the drive and it will resync in the background. If you are technically minded you can use a free program such as FreeNAS with a standard PC but the better solution for the rest of us is to use a "NAS Box" such as the Thecus 4 drive NAS N4310which is $249 from MSY. You need to then add hard drives. You can use a web interface to configure the system to alow you to access this from anywhere on your network including your smart phone, PC, Apple TV, generic media player, smart TV, the list is endless. You should then still backup the NAS but it is a good robust solution for storing all of your data.

Summary
I use iTunes to rip my CDs then dBpoweramp to convert to FLAC when necessary. I store them on my server which is a standard PC with FreeNAS installed and using RAID quality drives.

I can access all of my music from my media players on my home thaetre, Apple TV, PC and mobile devices.

Thursday, March 17, 2016

The iPhone Encryption Debate - A Personal View

I have read the many opinions and news stories in the ongoing dispute between Apple and law enforcement in the US regarding "that" iPhone. Regardless of the merits of that particular case I think that the implications are much wider than they first appear. But first some background.

Why we need good encryption
I have been working in electronics for 34 years and specifically in IT for 26 years. Hacking has been part of the whole IT environment for as long as I have been working. In the early days it was security through obscurity and we can see how well that worked. Leaked service manuals was all that was needed for the smart and inventive to get into telephone exchanges. That of course made it easy for law enforcement to tap phones of interest, but it also made it equally easy for nefarious organisations to gain access to the same sources of information. Of course this was subject to abuse, just look at Hoover's personal campaign against King for instance.

Fast forward to today and we still have systems that can be hacked. As soon as one hole is discovered and blocked yet another hole is discovered. Just look at the number of major breaches in security in the US alone in the last year. And several very high profile security breaches in the US government. I suspect that these could have been prevented had good security processes been in place. What this highlights is that even the worlds most powerful government cannot protect their data.

Then consider people in countries where they have a corrupt government who are protesting or trying to highlight their government's corruption. There is nothing that they would like more than to spy on the trouble makers.

But what about your personal information such as your credit card details, fingerprint details and other information that could be used to steal your identity or bank details. It may also be important to hide from people such as people who have been in abusive relationships. I heard just this week of an old acquaintance who is hiding from an abuser. Industrial espionage is a huge problem and they use weak encryption to steal the secrets of their competitors.

The list of things that nefarious people would find valuable is endless.

The Solution
What we need is a good way to keep that information safe. What Apple is  doing is implementing in hardware and software a way of keeping your information from people who would misuse that information. To do this they are building in safeguards that would make it impossible for anyone but the owner of the device to get to the data stored on that device. At the present time the best secure access methods are three way. They use something you know, something you have and something you are. Something you know may be a password or pin. Something you have may be an app on a smart phone, a rotating one time code on a secure key or a custom generated key on a USB memory stick. Something you are is your fingerprint, your eye scan, or maybe in the not too distant future your DNA. The current generation of iPhone have two of the three. Something you know, ie pin, then something you are, that is fingerprint. The pair that with the high level of encryption on the phone itself then you have a good system to protect your data.

What about data going to and from your device. The backup can be encrypted so that the device backup to the cloud or your PC can be securely encrypted. On the other hand much of the data that passes externally may not be encrypted. Phone calls, internet data which may include banking details or site logins, SMS, application data including third party messaging apps, location details, personal details from and app. That is why your banking app uses a secure encrypted connection. That is why dissidents use encrypted apps. It is critical that these things be perfectly secure and there be no chance of any of this data falling into the wrong hands.

The Problem
Every time a way into any of these secure devices is created it increases the chance exponentially that the security on the device can be bypassed. So if you give the government a way in (a government who cannot even keep their own information secure) it provides a way in for others that should not be able to get in. So it is with other secure services. Secure web sites, secure file encryption. The US government has been arguing for years for deliberate back doors into all of the se data encryption methods. To the lay person all of this sounds reasonable but for those in the industry this spells disaster for encryption. If the government cannot keep their peoples information secure there is no way these back doors could not be exploited by others. Remember that there are a lot of very talented people trying to find a way around encryption and the more weaknesses there are the more likely they are to succeed.

Conclusion
We must keep our data safe and building in back doors will make it that much easier for criminals, companies and corrupt governments to take advantage of these back doors. Good security is not a privilege it is a necessity in modern life. The world has changed and we must change our attitudes with it. It is no longer good enough to rely on obscurity.

People such as Apple have a duty to their customers to enable good encryption and it is unreasonable for any government to ask them to deliberately break that regardless of the reason.