> You know what people do when they're targeted by state actors? They don't use computers. And if they have to, they air gap.

That's like saying "men who don't have easy access to condoms just stay abstinent instead". This is what we wish would happen. But empirically, they just shrug and do the insecure thing.

(There was an article posted on HN a few years ago that was from a journalist pointing out this exact thing, from his personal experience. I can't find it though.)

Ok. You’re in the Republic of Somethingistan. You’re alone. All you have is your phone to contact people at home to help you and some money and you need to get out.

You know the state is after you.

So you ignore this, turn off your phone instead, and… what? Now you’re even more alone, can’t get help from friends/family.

This seems like a very reasonable option in some situations.

It's true, NSO Group doesn't exist and none of their exploits have ever worked on anyone.

It seems like there could be a median area between "in the crosshairs of the KGB" and "I need to avoid off-the-shelf exploits in a specific situation."

A great example of this might be visiting a country like China while on business. Straight up going "off the grid" isn't really an option in that scenario.

If you have any security concerns whatsoever, it's ill-advised to bring your primary personal phone in to China, period.

They may compel all kinds of things, such as unlocking it or more.

KISS.

Or Australia. Border agents here can now compel you to hand over your phone and credentials.

This is basically saying "If you have any safety concerns with your motor vehicle, it's safer to just walk to your destination."

That's not always practical.

> A great example of this might be visiting a country like China while on business. Straight up going "off the grid" isn't really an option in that scenario.

Most corporations who know what they are doing (and some who don’t) send their execs with burner devices when traveling to certain countries on business trips.

And what software will that burner or otherwise locked down phone run?

It's not going to be a flip phone, it's going to be a iOS or Android device specially provisioned by the company's IT department for use in environments like these.

You can't get anything done on a flip phone, you can barely operate in China without WeChat/AliPay.

It wouldn't be very difficult to provision an iOS device with limited connectivity to proprietary information while still maintaining necessary operational communication and productivity. The idea here isn't to just flip Lockdown Mode on and pray that all the secret stuff on your phone doesn't get hacked, the idea is to use it as one tool of many to reduce your blast radius.

> And what software will that burner or otherwise locked down phone run?

It’s irrelevant what it runs, the point is it doesn’t have the individual’s personal data and most importantly access to company data.

You realise users who sit on air gapped networks generally have a secondary device that connects to the public network. To you think the Elon airgaps his mobile?*

*maybe he has a team that audit comms for malicious activity and payloads, but not everybody is as well resourced so the point still stands

Someone better let those NGOs hacked by china know right away!