Why should we possibly believe that any software switches actually fully disable anything? If there isn't a hardware killswitch, there is no reasonable expectation that the cellular radio is actually disabled...
There are trustworthy sources claiming that the NSA still tracks devices that are completely "powered off".
No reason to believe that the CCP doesn't have that ability as well.
I'm not trying to convince you of anything. I'm just pointing out that there is a tangible benefit to end-user privacy that is enabled by this change inasmuch as the features are advertised to work and inasmuch as I personally have investigated how they operate.
Certainly the CCP has other means to surveil their dissidents, and at a certain level of paranoia, leaving the cell phone behind might be a good idea. However that is a completely separate topic that does not deserve to be convoluted with this discussion.
It seems in the fervor to lambast Apple, very few people seem to be fully considering that the original feature is extremely problematic. People will often enable 'Everyone' when they need to exchange a file with someone, but forget to change it back. If you need any more evidence that this is so, I invite you to go into a public space and scan for Airdrop targets.
I once had my phone, which I had turned off, loudly ring during a moment of silence I was attending. It was extremely embarrassing, and until I replaced that phone whenever I was in a similar situation where it was critical to be quiet, I removed the battery. It wasn't that I didn't trust the phone or it's software, but mistakes and accidents happen, and for some critical situations it's better to be safe than sorry.
Same thing applies to phones with hardware switches.
No. You can inspect the hardware. If you can verify that the switch disables the radio, you don't have to worry about software do you?
... unless there is some other way to exfiltrate data, such as:
1. alternative antennae, chipsets?
2. some kind of filtering + buffer + delayed send
3. something else...?
Whatever the case, such techniques are not free of cost and increase the chance of exfil detection. So, killswitches provide a later of protection. Therefore, the claim that killswitches are of _no_ use is not adequately argued above.
> hardware. If you can verify that the switch disables the radio, you don't have to worry about software do you?
Until the next time you turn radio on, when it could just send out anything, anywhere if the software stack is untrusted, so we are back at square one.
I'm aware. You apparently did not notice my point #2 above:
> 2. some kind of filtering + buffer + delayed send
Resources (compute, storage) are needed for filtering, buffering, sending. However, these actions are not "free": (1) they increase the chance of detection later; (2) they require electrical power; (3) they require additional design and testing for the device using them. Isn't raising the cost of breaching security the basic idea?
So my point stands: A hardware kill switch serves as a security layer. I'm not saying it's perfect, but it is not (in general) simply security theater (your point above).
Assuming the MAC randomization does not work as advertised and airplane mode does not actually disable the cellular and satellite modems as advertised, and airdrop's identity hashes are not as secure as advertised, or the attacker can fingerprint your specific radio and trilaterate its location via satellite, then sure, it can be tracked. Boy, do I feel stupid.
If on the other hand you want to enjoy having your phone broadcast your name and picture to everyone just because you forgot to change that setting back after the last time you AirDropped a video to your coworker, then by all means, Apple has done you a disservice.
if people started doing it in mass it would be pretty strong and obvious signal in and of itself due to the manual and intentional nature of the action
