With mobile usage now far outpacing desktop usage, the latter has an antiquated air about it to many. Mobile is the future, implying that desktop must be the past. It’s natural to expect a more secure future, having learned from past failures. Indeed, as noted in the preceding piece, mobile devices feature no shortage of security controls.
However, mobile devices are also new enough that we are still engineering around the problems they introduced. Although cellular networks are decades old, their infrastructure still lacks a means of concealing device locations or encrypting messages and calls. Cell-site simulators exploit these very limitations.
Developers and security researchers continue to find new inferences that can be made about users by correlating the readings from the panoply of mobile device sensors — to say nothing of sensors on internet of things (IoT) devices, some of which can be thought of as “mobile.”
By contrast, desktop devices are well-understood architecturally. Their operating systems are decades old, maintained by the most experienced developers in the industry. As such, secure engineering patterns are established and validated, a practice that has only recently taken shape in mobile OS development.
In this second installment of my juxtaposition of “security” and “privacy,” we will examine the unique challenges and opportunities for engineering these properties on desktop platforms.
Desktop Hardware Privacy Advantages
A claim that desktops are less secure than mobile devices can be true or false, but this depends highly on their configuration. While desktop devices are less secure out of the box, they are more private and can be made more secure than mobile devices.
For one thing, users can impose more hardware restrictions on desktop devices because their components are easier to access physically. With mobile devices, the hardware is so tightly packed into a glue-sealed brick that, unless you really know what you’re doing, you have to just trust the OS when it says an application was denied hardware access. Mobile devices also house many more types of sensors.
With desktops and even some laptops, users can install physical switches that disconnect hardware units on demand. A simpler option is to remove all but the essential built-in hardware and only use external accessories, such as USB-connected webcams, microphones, and keyboards.
