I really have to disagree with this point. State actors have a mission and that one mission is to gain access to Alice’s phone no matter what. They will have advanced knowledge of exploits, hardware to find those exploits, money to pay to build that hardware, people to throw at the problem, etc. The local person down the street isn’t going to have any access that a state has access to. Look at how many security holes have been out there for decades while the manufacturers were never contacted to fix those security holes. There is a reason the manufacturer didn’t find those security holes through their own testing (lack of time and money and laziness). State actors are involved in solving problems like the “air gap”. Certainly no one local to me is looking into that capability. Do you use a computer made in China? Does it have the snooping “chip” everyone has been talking about? Or the routers all your data flows through infected with the same snooping “chip”? That is why state actors have the upper hand that we as commoners will never be able to overcome. We can have all the greatest security in the world undermined by some unscrupulous state actor that beat us to the punch.
I’m not sure why I’ve lost. I don’t do anything on my phone that is “important”. I didn’t say I only depended on screen lock and password. I merely stated that is good enough for most people. If I lived in a suppressive country then I might be taking other precautions. As it is I’m pretty good that my phone is secure enough for its primary purpose (to make and receive phone calls). All other uses are secondary and non-critical. I do not have any sensitive personal accounts installed on my phone (bank, credit card, etc).
I’m also not worried about anyone sending a gotenna text as I know for a fact I’m the only gotenna mesh user in my neighborhood and all the mesh units I’ve distributed have never been paired to a phone and are in stationary relay mode. My wife has one but it is never on. Probably will not be unless we are in the middle of an emergency.
Again, if there is a reason for security that needs more than what has been done and if there are mitigating factors that can be used I’m fine with it.