Did anyone else say "your sign looks like you spent $1 on it, you're keeping the devices insecurely out on a bench, and this whole setup doesn't inspire confidence and is sketchy af?"
I see you're getting downvoted (gray comment) but I'll jump aboard the unpopular opinion here:
There is exactly zero chance I'd be leaving my device with these people. Trusting your phone to strangers when you can just silence it and leave it in your pocket is a fool's errand - this whole thing is just silly. It's unnecessary risk - everything from auth, to payments, to my career is piped through this device. Leaving it with absolute strangers is leaving someone with my most significant and risk-prone tool that I own.
Sorry to be pedantic but common folks - let's use some common sense here. This is so silly.
Chiming in to say this is not an unreasonable standpoint.
It's not that you're likely to be victimized in this particular venue. It's that you should practice good habits if your device has, or ever will have, access or exposure to information you or your company would be damaged by if stolen.
Yes, but not before removing my wallet and passport and briefcase that has all my logins to my business’s internet banking written down on a sheet of paper inside.
Obviously it would be worse if the valet started using my wallet and passport and business banking to steal from me, but it would still suck if they merely threw it all out the window.
You lost me with this analogy. Is the thief wiping the contents of your phone? This sounds like you need to improve your backup and recovery system... what if you lose your phone, or drop it in the toilet?
To be concrete, the concern isn’t that the phone check people are going to steal important data from my phone, it’s that they are going to lose my phone. I have backup and recovery systems but they are not seamless and not complete, something would probably get lost.
You're implying that car-theft would be equally as bad or worse than phone-theft. I'm not sure that's true for everyone. Further, stealing a car may be more difficult than stealing a phone.
This. I'd rather my vehicle was stolen vs or damaged vs getting digitally compromised. The damage someone could cause with my phone vs. stealing my car is vastly different.
How insecure is your phone that someone can digitally compromise you without knowing the passcode? If you lock a modern iPhone, even the FBI will have trouble extracting any content from it.
For years, phone forensics firms pretty much consistently had non-public exploits that would allow compromising even locked phones. As recently as 2019, Cellebrite publicly claimed that they can attack any iPhone with up to date software: https://www.wired.com/story/cellebrite-ufed-ios-12-iphone-ha...
And those are publicly known capabilities. You should assume that potential adversaries will have more than that. Am I certain that such exploits are known for the very most recent iPhone/iOS? No. But it would still be foolish to bet on them not being known.
Further, stealing a car may be more difficult than stealing a phone
Stealing it may be more difficult, but it's much easier to lose a phone than a car. I've never lost my car, but I've lost 2 phones (I got one of them back).
There are more types of phones than just iPhones, and there have been enough high profile incidences of zero day exploits that allow you to exfiltrate data from a locked phone to give a reasonably security conscious person pause to just hand over their phone to a stranger.
Even if you think of the people you're giving the phone to are trust worthy there's just no good goddamn reason to risk it.
My phone is safer in my custody - it doesn't matter who I am giving it to, including YC founders/staff. Giving my phone to other people, regardless of who those people are, is an extraneous risk when compared to having it in my pocket on silent.
I'm sorry - but this is just bad personal opsec regardless of what event you're attending, or who you're rubbing elbows with. Sorry, but my opinion on this is different than yours.
Agreed wholeheartedly. I would have refused not because I don’t trust the guys (the context of being a ycombinator founder event would give me a lot of confidence), but because it’s clear they aren’t really doing anything to safeguard the phones very well. Looks to me like it’s ripe for someone pulling a social engineering hack on them and getting access to some high-value phones.
If they had a bank of PO Box style lockers (so some rudimentary physical security) and a security guard I’d be satisfied, but a couple fellow founders standing guard over a card table while also themselves being distracted by the meet-and-greet nature of the event is not my idea of a good place to leave my phone.
they're sitting on a bench right behind him. One could fall off and get smashed. a third party could steal them. the fire alarm could go off and then what would they do?
It's just a dumb way to run this, if this is what you want to do. The amazing part is that they found so many people willing.
> The amazing part is that they found so many people willing.
Honestly it doesn't surprise me that much. People who tend to end up in these opportunities have incredibly privileged lives that allowed them to arrive at such an event/opportunity. With those privileged lives they can be quite insulated from stuff like theft, security, etc.
Just because someone's privileged, or rich, or a founder, or hell even technical... doesn't mean they have common sense. Handing custody of your phone over for no reason other than a "social experience" is just evidence of how they're out-of-touch from normal life/security practices.
If you can easily afford the latest iPhone why bother stealing one? More to the point being part of the YC social circle is worth a lot more than a phone. Being known as a thief, untrustworthy , would either lead to being ejected from that group or render it much less valuable. People do stupid things all the time but they do them less when they’re clearly not in their self interest.
some third party might steal it. It might fall off the super safe bench they're storing it on and break. It might somehow get compromised by them or a third party.
Why would anyone with an ounce of sense give these people and their setup anything of value?
They all just got half a million in funding. That may not meet your definition of “rich”, but it at least makes the economics of stealing a $500 phone pretty silly
they're storing it on a bench behind them. it might fall on the floor and break. someone else could steal it. The fire alarm might go off and it might get destroyed or lost.
It's just a setup I'd expect from someone in grade 2, not people pretending to be professionals.
I also use my phone for all sorts of security authentication. I wouldn't volunteer it to anyone else for any reason that wasn't an absolute emergency. It's a needless risk without any benefit. I can just keep it in my pocket on silent.
At the rate this economy is headed, it wouldn't surprise me. "Y Combinator Apologizes For Funding White-Collar Smartphone Theft Ring, Refunds Victims*"
