Dear Jailbreak Community

(This is what I said on Twitter in response.)<p>So, yes: someone approached me with a potential jailbreak; the goal being to get a non-piracy-laden jailbreak out; this does not seem bad...<p>...in particular, I do not see how it is &quot;backstabbing&quot; @evad3rs (as some claim): it was unlikely to work, and was mostly just &quot;having fun&quot;.<p>Also, I am not part of @evad3rs: they made that very clear to me. They never told me anything about their exploit. Should I not help others?<p>I guess now the argument is that if people come to me with a potential jailbreak, in order to not &quot;backstab&quot;, I am not allowed to help them?<p>Regardless, I gave the iOS 7 Substrate build to evad3rs on September 30th, and all I needed to test was a new copy of redsn0w (not evasi0n).<p>I guess I don&#x27;t understand &quot;we really wanted TaiG&#x27;s deal, so when we heard a rumor of an open jailbreak we were rushed: shame on saurik&quot;. :&#x2F;

I don&#x27;t think this really helps evad3rs build credibility.<p>They put a giant, user-facing blob payload into their jailbreak with no transparency about how it got there or what it is. Reading between the lines they were paid for it, but they don&#x27;t even manage to come out and say that outright in this &quot;letter.&quot;<p>There&#x27;s always some level of faith involved in installing an early iOS jailbreak, because exploits often aren&#x27;t documented or open-sourced until long after their release (for a variety of reasons - vanity, ripoffs, weaponization, etc.). But at least most of the jailbreaks released in the past have been transparent and configurable.<p>In the Dev Team jailbreaks, all userland packages were optional and if a user wanted, they could uncheck the &quot;Install Cydia&quot; box in the payload configuration, configure their own Cydia (because the source is open, imagine that!), or install a completely different set of user-land applications. Plus a variety of parties with various interests in the development community were given previous jailbreaks early, which provides at least a cursory level of auditing and sign-off. This evad3rs release offers none of these reassurances.<p>I certainly wouldn&#x27;t call any iOS jailbreak &quot;trustworthy&quot; in the truest sense but this one is definitely the worst so far.

It doesn&#x27;t seem like there has any response this:<p>From @Hackl0us: &quot;Taig also uploads users&#x27; private data to iphonespirit.com(belongs to Qihoo360 company). @iH8sn0w @pod2g @MuscleNerd @winocm&quot;[0]<p>Other sources: [1][2]<p>[0]: <a href="https://twitter.com/Hackl0us/status/414835565524422656" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;Hackl0us&#x2F;status&#x2F;414835565524422656</a><p>[1]: <a href="https://twitter.com/JonathanSeals/status/414835993015894020" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;JonathanSeals&#x2F;status&#x2F;414835993015894020</a><p>[2]: <a href="http://bbs.weiphone.com/read-htm-tid-7417919.html" rel="nofollow">http:&#x2F;&#x2F;bbs.weiphone.com&#x2F;read-htm-tid-7417919.html</a>

Am I the only one who thinks this makes evad3rs look even more shady?<p>One example: they carefully avoid <i></i>denying<i></i> the presence of malware in their jailbreak. Instead,<p>&quot;We are saddened by the accusations that we would ever do such a thing, or sell weaponized exploits. If anyone ever attempted to include malware in a jailbreak, we are confident that the many security experts combing through jailbreak software would find it.&quot;<p>The explanations about Saurik and piracy in their Chinese pals&#x27; app store comes off as similarly evasive.

I am not sure how to interpret this statement:<p>&quot;Yes, we have benefitted financially from our work, just as many others in the jailbreak community have, including tweak developers, repo owners, etc. Any jailbreak from us will always be free to the users but we believe we have a right to be compensated in an ethical way, just as any other developer. &quot;<p>In my world view people do work in exchange for money, there are two sets of people, people who make money through legal means, and people who make money through illegal means. On the border of those two realms are people who walk back and forth over the line between legal and illegal. If you&#x27;re &#x27;productizing&#x27; a jailbreak (nominally legal in some countries, illegal in others) the people you&#x27;re going to get money from are the folks on the illegal side of the line.<p>Given that world view you want to be compensated in an &#x27;ethical way&#x27; by people who threw ethics out the window? That is what I have trouble with.

This is interesting. The jailbreak community is a weird place on the edge of free software- normally, &quot;just open source it&quot; is an easy answer to security concerns, but there are understandable reasons not to open-source exploits. However, the whole competition thing between evad3rs and saurik seems kind of strange. Honestly, I wish Apple would just get with the times and allow an appropriate degree of freedom on their devices; even if evad3rs are as innocent as they claim in this instance, forcing users to install potentially sketchy obfuscated third-party system-level code in order to do basic things like set default apps seems like a recipe for eventual disaster.

The status page on <a href="http://jailbrea.kr/" rel="nofollow">http:&#x2F;&#x2F;jailbrea.kr&#x2F;</a> is hilarious: <i>such jailbreak</i> <i></i>so drama<i></i> <i>wow</i> <i></i>tweak omg<i></i> <i>many piracy</i>

I&#x27;m still baffled as to why someone would want to buy a locked up device and be forced to use frequent &#x2F; complicated measures to be somewhat freed... I understand if you didn&#x27;t get a choice at first, but I people realizing they are really stuck in a jail anyway, without any jailbreaks, might do more good than having them. (Though I encourage breaking things! ;)

I do not believe that helping a Chinese company that is related to Qihoo360, which has a very bad ethical record will in anyway benefit the Chinese users. I also don&#x27;t see how is this benefiting the jailbreak community, except for the compensation they took in.

Chrome seems to detect the encoding of this page wrong -- find the deeply-buried &quot;Encoding&quot; menu and set it to UTF-8 for more readability.

BTW, if anyone was going to post this to reddit, don&#x27;t bother. I posted it to &#x2F;r&#x2F;technology and &#x2F;r&#x2F;apple but davidreiss666 removed both links with no explanation.

This site uses Cloudflare and I use Tor, so I can&#x27;t view it. Could somebody mirror?

The justification of their actions, to renumerate developers for their work, is of course a sentiment of paramount importance. However, clearly, the way in which it was executed (bundling a questionable foreign App Store) wasn&#x27;t the best, and in my opinion they should look to more interesting monetisation avenues than sponsorship.

Malware should be easy enough to detect by MiTMing the device, assuming the baseband is unmodified and cellular is shut down. (edit: no, it doesn&#x27;t-- shouldn&#x27;t post before I&#x27;m awake) I have just updated my phone and I have no traces of the chinese app store mentioned here, for what it&#x27;s worth.

A chinese safety company named 360(<a href="http://360.cn)pay" rel="nofollow">http:&#x2F;&#x2F;360.cn)pay</a> $1000000 cash to evasi0n team buying cydia replace to taiji in china.

TaiG is a pirated app distribution platform...

This situation sort of reminds me about the xbox scene, which now seems to mostly be about piracy and profit now, which sort of sucks..