111 stories

iOS 11 Horror Story: the Rise and Fall of iOS Security


We loved what Apple used to do about security. During the past years, the company managed to build a complete, multi-layer system to secure its hardware and software ecosystem and protect its customers against common threats. Granted, the system was not without its flaws (most notably, the obligatory use of a trusted phone number – think SS7 vulnerability – for the purpose of two-factor authentication), but overall it was still the most secure mobile ecosystem on the market.

Not anymore. The release of iOS 11, which we praised in the past for the new S.O.S. mode and the requirement to enter a passcode in order to establish trust with a new computer, also made a number of other changes under the hood that we have recently discovered. Each and every one of these changes was aimed at making the user’s life easier (as in “more convenience”), and each came with a small trade off in security. Combined together, these seemingly small changes made devastating synergy, effectively stripping each and every protection layer off the previously secure system. Today, only one thing is protecting your data, your iOS device and all other Apple devices you have registered on your Apple account.

The passcode. This is all that’s left of iOS security in iOS 11. If the attacker has your iPhone and your passcode is compromised, you lose your data; your passwords to third-party online accounts; your Apple ID password (and obviously the second authentication factor is not a problem). Finally, you lose access to all other Apple devices that are registered with your Apple ID; they can be wiped or locked remotely. All that, and more, just because of one passcode and stripped-down security in iOS 11.

So What’s the Big Deal?

If you are working in a sensitive environment, is front door security all you need to secure a building? Don’t you need additional checks or e-keys to enter some rooms? This no longer applies to iOS. Once you have a passcode, you then have access to everything. Let us have a look at what you can do to the user and their data once you have their i-device and know their passcode.

The iTunes Backup Password

Imagine you’re working for a company whose main business is breaking passwords. iPhone backups one can make with Apple iTunes or third-party apps such as iOS Forensic Toolkit can be protected with a password. That password is strong or very strong depending on the version of iOS. Your company builds better software, while Apple makes backup passwords even more secure. In the end, Apple seemingly wins the race: breaking those passwords now requires a powerful computer (or multiple computers) equipped with high-end video cards, but even then, you cannot try more than handful passwords per second.

Then Apple makes a sudden twist, allowing anyone to simply reset that highly secure password. That’s what they did in iOS 11. If you have access to the device and know its passcode, you will no longer need to perform lengthy attacks. Just go ahead and remove that password.

Why is this important? Before I tell you that, let us look at how it used to be in iOS 8, 9 and 10.

Backup Passwords in iOS 8, 9 and 10

In these versions of iOS, one could protect their backups by specifying a backup password in iTunes. One would only need to do it once. Once a password was set, all future backups made on that computer and any other computer, with no exceptions, would be protected with that password:

The password would become the property of the i-device and not the PC (or the copy of iTunes) that was used to set the password. You could connect your phone to a different computer and make a local backup with a freshly installed copy of iTunes, and that backup would still be protected with the password you set a long time ago.

Any attempt to change or remove that password must pass through iOS, which would require to provide the old password first. Forgot the original password? There’s no going back, you’re stuck with what you have unless you are willing to factory reset the device and lose all data in the process.

If you ask me, this was a perfect and carefully thought through solution. Want to protect your data against an attacker? Set a long and complex backup password and don’t store it anywhere. Forgot that password? You can still make a cloud backup and restore your phone from that backup; even your passwords (keychain) would be restored if you rolled out the cloud backup onto the same device you made the backup from (or used iCloud Keychain if that was to be a different device).

A perfect system? Apparently, it was not to everyone’s liking. The users whined. The police complained. The FBI complained. And Apple gave up.

iOS 11: Stripping Backup Passwords

In iOS 11 you can still specify a backup password in iTunes, and you still cannot change or reset it through iTunes if you don’t know the original password. However, this means very little as you can now easily remove that password from iOS settings.

This is what Apple has to say in its Knowledge Base:

You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do:

  1. On your iOS device, go to Settings > General > Reset.
  2. Tap Reset All Settings and enter your iOS passcode.
  3. Follow the steps to reset your settings. This won’t affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.
  4. Connect your device to iTunes again and create a new encrypted backup.

You won’t be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password.

If you have a device with iOS 10 or earlier, you can’t reset the password. 

You’ll be looking for these settings:


That’s it? That’s it. You have just removed the backup password. You can now make a new backup or, rather, extract information from the device. Don’t rush and make sure to specify a temporary password (“123” always works) before you make that backup. A password-protected backup will allow you decrypting the user’s passwords, credit card data, health data and other things that would be otherwise inaccessible.

So, set a temporary password, make that backup, decrypt it with Elcomsoft Phone Breaker or just use Keychain Explorer (a tool in Elcomsoft Phone Breaker) to access that user’s passwords, authentication tokens, credit card numbers and other interesting things. Oh, and their pictures, too.


While there, look for their Google Account password. If it is there in the keychain (and I don’t see why not), you’ll gain access to a whole lot of highly interesting information including several years worth of precise location data, all passwords they saved in Chrome, Google Photos, bookmarks, Google search history and a log more. Two-factor authentication? I bet it’s that SIM card or Google Prompt on the iPhone in your hands.

What if you don’t have any photos in the backup? Check in the iOS Settings app whether iCloud Photo Library is enabled in iCloud account – Sync – Photos. If it is, the photos are synced with iCloud and are not included in local or cloud backups. Simply switching this feature off makes it possible to back up the photos into a local backup.

What if the iPhone in question runs an earlier version of iOS that does not allow removing backup passwords? I say you’re lucky because you can simply update that device to iOS 11 and then reset that password. We tried this strategy multiple times, and not once did we have an issue.

What if the device simply cannot run iOS 11, like that iPhone 5c from San-Bernardino? If this is the case, your best bet is attempting to jailbreak that iPhone. 32-bit devices (iPhone 4s, 5, and 5c) allow for complete physical acquisition (including the keychain). Just note that we are talking about the situation when the passcode is known, though that was not the case in San-Bernardino.

With access to just an iPhone and its passcode, you have already gained access to all of the following:

  1. Everything contained in a local backup (with a password)
  2. Passwords and tokens from the local keychain
  3. Local pictures and videos
  4. Application data (mostly SQLite)

This alone is massive, but that was just the beginning. You can do more; in fact, a lot more. What if I say you can now change the user’s Apple ID password, remove iCloud lock, remotely lock and/or erase user’s other devices and make sure they can never get back control over their account?

Changing Apple ID Password and Removing iCloud Lock

Normally, changing an account password requires confirming the old password first. In some cases, one could reset a password by receiving a one-time password reset link to a trusted address. This is about the same for the Big Three (Apple, Google and Microsoft) if you do it through the browser.

But (and this is a very important “but”) Apple has its own way. For Apple accounts with two-factor authentication, one can simply reset their Apple ID password from the device by confirming their device passcode (as opposed to supplying their old Apple ID password).

What does that mean in practice? If you have someone’s iPhone, and you happen to know or can recover the passcode (solutions allowing to brute-force device passcodes are available on the market), you can do the following:

  • Change the user’s Apple ID password
  • Remove iCloud lock (then reset and re-activate the iPhone on another account)
  • Discover physical location of their other devices registered on the same Apple account
  • Remotely lock or erase those devices
  • Replace original user’s trusted phone number (from then on, you’ll be receiving that user’s 2FA codes to your own SIM card)
  • Access everything stored in the user’s iCloud account

So how do you reset the user’s Apple account / iCloud password? For that, we’ll use the preinstalled Find My Phone app (reminder: this is going to work on 2FA-enabled accounts only):

From there, tap “Forgot Apple ID or password?” The app will prompt for device passcode:

Enter the passcode. During the next step, enter and confirm a new Apple ID password (same as iCloud password):

It’s that simple. You were never prompted to enter the original Apple account password; device passcode was enough to reset account password.

Is this a bug in the Find My Phone app? Absolutely not! You can do the same even without using the app. Open the Settings app on the user’s iPhone, and open the user’s Apple ID settings. From there, open Password & Security:

Tap Change Password. You will be prompted for device passcode:

Then you’ll be able to change the password to iCloud / Apple ID:

In fact, you can do even more from the Settings app compared to Find My Phone. In addition to account password, you can also replace the user’s Trusted Phone Number with your own phone number, making it insanely difficult for the ex-owner to regain control over now-yours Apple account. In order to replace the trusted phone number, first add and confirm a new trusted number; then you can remove the old one.

At this point, removing iCloud lock (the very lock that protects iOS devices from theft) it as easy as switching off Find My iPhone and typing your newly created Apple ID password.

Accessing iCloud Account

Access to iCloud data (backups, synced data, iCloud Photos and stored passwords) is normally securely protected. In order to access that data you would need a login and password (and access to the second authentication factor).

Wait! We’ve just reset the user’s iCloud password, and we’ve just added a new phone number to receive one-time codes! This means we can easily access everything the user has in their Apple account, including iCloud backups, photos taken on all of their devices, their iCloud Keychain, contacts, call logs, and a lot more.

iCloud Backups

We wrote about iCloud backups many times before. In a word, Apple may store up to three last backups per device. If the user has multiple iOS devices registered on the same Apple ID, up to 3 cloud backups will be available for each device.

By resetting the iCloud password, you’ve just opened the possibility to access those backups. All you need is the user’s Apple ID, your newly reset password, and one-time code to pass two-factor authentication.

Use Elcomsoft Phone Breaker to download backups. [Tools] | [Apple] | [Download from iCloud] | [Backups].

The backup will be downloaded and saved in the iTunes format. You can view its content with Elcomsoft Phone Viewer or other forensic tools.

Call Logs, Files and Synced Data

iCloud is a lot more than just backups. Apple devices use iCloud to sync information such as browser bookmarks and open tabs, Web browsing history, contacts, notes, call logs, and even passwords. This information is collected and synchronized across all devices registered on the same Apple account.

Extracting synced data is simple. Just use Elcomsoft Phone Breaker to download, and Elcomsoft Phone Viewer to analyse.

What if the user has a Mac? We can then access Documents and Desktop files synced by that Mac with iCloud Drive! Use Elcomsoft Phone Breaker: [Tools] | [Apple] | [Download from iCloud] | [iCloud Drive] to obtain those files. Finally, as an added bonus, you may be able to extract the user’s FileVault2 recovery key (if the user allowed cloud recovery, that is).

The Passwords: iCloud Keychain

iCloud Keychain is a cloud service for synchronizing Safari passwords, authentication tokens and payment information across iOS devices. After changing iCloud password and assuming you know device passcode (and this, for the purpose of this article, is a given), you can easily download those passwords.

Step 1: in Elcomsoft Phone Breaker click [Tool] | [Apple] | [Download from iCloud] | [Keychain]

Step 2: use login, password and 2FA code to log in to iCloud

Step 3: select a trusted device from the list (this must be the device that you know the passcode to) and enter its passcode into the Device passcode box

Step 4: the iCloud Keychain will be downloaded. You can now go back to the main window and open Keychain Explorer to access those passwords. By the way, you will now have access to the original (old) password to the user’s Apple ID account, as well as (possibly) passwords and tokens to that user’s other Apple ID accounts, if there are any. In addition, you may also see passwords to email accounts and Wi-Fi networks, as well as pretty much every password the user typed in Safaru.


With the release of iOS 11, Apple developers made too many assumptions, breaking the fragile security/convenience balance and shifting it heavily onto convenience side.

Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left. Everything (and I mean, everything) is now completely exposed. Local backups, the keychain, iCloud lock, Apple account password, cloud backups and photos, passwords from the iCloud Keychain, call logs, location data, browsing history, browser tabs and even the user’s original Apple ID password are quickly exposed. The intruder gains control over the user’s other Apple devices registered on the same Apple account, having the ability to remotely erase or lock those devices. Finally, regaining control over hijacked account is made difficult as even the trusted phone number can be replaced.

This is just scary. Why Apple decided to get rid of the system that used to deliver a seemingly perfect balance between security and convenience is beyond us.

If you don’t think this is a big issue, just one word for you: celebgate. Obviously, the victims had a password protecting their accounts, and yet that was not enough to stop hackers from stealing their photos. This is what the second protection layer is for as delivered by two-factor authentication. What I am saying is: once they have your iPhone and your passcode, you are no longer in control of their device and their Apple account.

What can you do to protect yourself? Since the passcode is now the one and only safeguard left, make sure you use at least 6 digits. Four-digit PINs are no longer secure. Other than that, we’ll just wait and see if Apple can fix it.

Tags: 2FA, Elcomsoft Phone Breaker, Elcomsoft Phone Viewer, EPB, EPV, FileVault, iCloud, ios 11, passcode, Two-Factor Authentication

This entry was posted on Wednesday, November 29th, 2017 at 4:59 pm and is filed under Did you know that...?, Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Read the whole story
7 hours ago
Toronto, ON
16 days ago
iPhone: 49.287476,-123.142136
Share this story

Le temps d'être soi

1 Share

Writing code is fun. Building something to fix a complex problem, watching the tests finally go green and landing in production is one of my favourite things to do. It is addictive, and you always want to do more. But software is ephemeral. You write it, it’s useful for a while, and then it gets replaced with something new. The time you have with the people you love is limited too.

Kim Moir, Let's talk about side projects in software.

Peut-être prendre le temps de lire le billet de la citation avant de lire le reste ici.

Le temps d'être soi, d'être chez soi, de ne pas s'exposer est un temps précieux. Tout ne doit pas nécessairement se révéler. Partager du code pour aider les autres, pour permettre à d'autres de progresser est une belle idée. Se mettre en spectacle pour obtenir un job est un choix plus difficile, mais que nous avons tous plus ou moins intégré dans nos échelles de valeurs. Recruter un nouveau développeur (homme ou femme) est miné par nos biais de jugements, culturels, personnels. Et d'ailleurs doit-on recruter un développeur ou doit-on recruter un bel humain qui sera bien intégré dans l'équipe. Et peut-être finalement, peut-on se poser la question de combien accepterons-nous de changer individuellement avec l'apport de cette nouvelle personne dans une équipe ?

Read the whole story
1 day ago
Toronto, ON
Share this story

Thinking like a hungry crow and other intelligence tests

1 Share

What did the crow imagine it would find on my trailer?

This morning (November 22) found me at a restaurant in the 1400 block of West Broadway enjoying breakfast. At least I was enjoying breakfast until it was brought to my attention that a crow was orbiting my parked bike trailer, locked to a pole a few metres away.

Crows bring a level of intelligence and inquisitiveness (not to mention acquisitiveness) to the business of foraging that I find almost unnerving, particularly when it is my business they are poking their beaks into.

I well remember a spring day in 2014 when I was sitting in the same restaurant seat and watched a person place a wrapped, store-bought sandwich on my bike trailer, locked to the same pole.

Before I could even stand up, four crows swooped in like flashes of black lightning and, between them, unwrapped and consumed the sandwich in not much more time than it takes to say “Hey! What the f—.”

The three pigeons that then appeared were not backward in cleaning up the remaining crumbs.

It was as if the sandwich had never existed. The flocking air pirates even made off with the plastic sandwich wrapper!

So this morning, the most important meal of the day suddenly became less important to me than finding out what the curious corvid thought was so interesting about my trailer.

Proof that being a birdbrain isn’t what it used to be

A flock of one. A time lapse photo of this morning’s crow investigating my trailer.

Crows are as cautious as they are clever and covetous. I’ve never seen a crow become so focused on spoils that it loses sight of its surroundings.

This particular crow was constantly breaking off its investigation of my trailer in order to keep a comfortable distance between itself and oncoming traffic—both vehicular and pedestrian.

So it took a bit of observing for me to see exactly what the crow thought that it saw in my trailer. Time and again, though, its attention returned to the same thing: a branded plastic supermarket carrier bag visibly tucked in the front left side of the trailer, under a sheet plastic rain cover.

After the dodging and swooping crow got a chance to observe the bag up close three or four times it apparently dismissed the possibility that it contained food and flew off, presumably in search of better pickings elsewhere.

The bag didn’t food and it never had; it contained clean socks. And it wasn’t the only plastic bag on front of my trailer—just the only plastic supermarket bag.

The suggestion here—for me at least—is that the crow’s interest wasn’t guided by simple direct evidence, such as the sight or smell of food. Perhaps it was acting on its own memories of other supermarket carrier bags that had contained food. Or perhaps crows have enough language that one of its peers told it that a supermarket-style plastic bag has a higher probability of containing food than, say, a shoe store bag.

Either way though, this morning’s crow arguably appeared to be doing more than just processing real time facts of the “here and now”, like the smell of food—what’s called concrete thinking. It looked to be engaging in complex abstract thinking, involving past events and conceptualization.

Abstract thinking was once believed (by human beings, at least) to be a uniquely human capability. Many studies in the last 20 years, though, have convincingly shown that crows (and other corvids, such as ravens) can think abstractly and conceptually, understand analogies and even fashion crude tools as needed.

Brain size was long believed to correlate to higher intelligence—but only chauvinistically, in so far as humans have bigger brains than most other animals—never in the sense that whales have the biggest brains and are therefore smarter than human beings. Another thing that used to be considered essential to cognition was the complex neocortex unique to mammalian brains.

Crows, however, seem to be able to do a lot of high-level, human-like thinking with very small brains which conspicuously lack a neocortex.

Are other species more intelligent or are we are less-so?

The prospect of artificial intelligence (A.I) obsesses many people and the idea of discovering and communicating with alien species captivates many more.

Meanwhile, crows and ravens—not to mention elephants, cephalopods (octopus and squid) and cetaceans (whales and dolphins)—are far more complexly and completely intelligent than any so-called artificial intelligence that has so far been created. And cephalopods and cetaceans are quite literally intelligent alien species with apparent language, living right here on our own planet.

Yet, outside of a small minority, informed by specialized fields of research, human civilization stubbornly clings to a fictional mytho-religious conceit that we are the apex of creation, with the god-given right to kill or otherwise exploit all other life on the planet solely for our immediate gratification.

And while we blithely go about killing incredibly sophisticated and intelligent species that we barely understand, we flatter ourselves that we do understand intelligence—enough to play god and create fake digital life in our own image.

But I for one do not think that we have a handle on what intelligence actually is yet. Our ideas of cognition still seem too bound up in explaining how and why we are the most intelligent species on earth. Even as we raise our estimates of the intelligence of other species we find another metric that keeps us ahead of the pack.

A real understanding of the underlying principles of the acquisition of knowledge will probably see us fundamentally unseated as the apex species.

Crows and all other animal species on earth will probably be seen as more intelligent but first and foremost this will likely be because we have finally admitted that human beings are comparatively less intelligent. Click the images to enlarge them.

Read the whole story
1 day ago
Toronto, ON
Share this story


1 Comment

Simplenote is good software. It’s a very simple cross-platform note taker with excellent cloud synchronization between devices. It’s perfect for drafting a few paragraphs of text, keeping a simple to do list, or jotting down an address while you’re on the phone. Under the hood it’s got some remarkably sophisticated features like version history, note sharing, etc. But all that is out of the way if you just want a box to type in.

Simplenote is free software, a gift from the folks at Automattic. They’re mostly known for WordPress but they have a surprising number of other public good services they run, mostly for free or with value-add purchases. Akismet, Longreads, Gravatar, Cloudup; I had no idea these were all Automattic. Good for them.

Read the whole story
1 day ago
Automattic owning Longreads was news to me.
Toronto, ON
Share this story

Email: What Does it Mean to Listen to Riders?

1 Share

To make sense of this article, you’ll first need to read my short piece The Dangers of Elite Projection.

From Arielle Fleischer of the San Francisco Bay Area’s excellent public policy institute, SPUR:

I read with great interest your post on elite projection, but was rather dismayed by your conclusion. You wrote (bold mine)

Again, we can’t challenge elite projection in others until we forgive it in ourselves.  Almost everyone reading this is part of some kind of elite.  But the more powerful you are, the more urgent this work is.  We must all ask ourselves: “Would this idea work for me if I were in a typical citizen’s situation, instead of my fortunate situation?”  Because if not, it won’t work for the city, and in the end that means it won’t even work for you.

I would argue that a key way to challenge elite projection is by elevating the voice of actual riders. What you describe– putting yourself in your riders’ shoes– is, to me, elite projection in another form. We shouldn’t ask ourselves the question you propose; rather we should ask the people who are actually in that situation and make decisions based on their answers, not what we think their answers may be.

One of the key lessons that can be drawn from your post is that the voice of the elites is too loud. But how to actually lift the voice of the everyday rider is not well understood. To glean insights into their riders, transit agencies tend to rely on focus groups and customer surveys, but customer surveys are measures of satisfaction and focus groups ask for reactions. These tools don’t provide meaningful insights into the physical and emotional needs of riders (and those who could become riders)– the kind of insights that could help push back against elite projection by providing a more clear picture of what it would look like if we developed a transit system grounded in the needs, wants and preferences of riders (and potential riders).

I think you did an excellent job in your post pointing out a problem, but at the end of the day, countering elite projection is as much about checking one’s own privilege as it is talking to actual riders. I think we need to get transit agencies in the habit of seeking the thoughts and ideas of transit riders (and non-riders)– again, beyond focus groups and surveys. At SPUR, we hold a Transit + Design conference and the purpose of the day is to help planners learn new tools to better understand their riders. (We describe the tools in our blog post recap of the conference). In addition, we led a group of transit agencies through a design thinking course at Stanford and our main takeaway was that transit is lacking community and connection and that we need to build a human dimension into how we present transit information. (See here for a blog post recapping this experience). Tools like design thinking aren’t regularly used in transit planning but can go a long way to unearthing the needs and wants of riders (and potential riders) and, ultimately, countering elite projection.

It is impossible to argue with the notion that transit agencies should listen to riders, and I applaud all of SPUR’s efforts to enhance this communication.

But to be fair, I have never encountered an agency that doesn’t put enormous effort into the task of listening — to riders and potential riders.  The problem is not that agencies aren’t listening. It’s that most public comments are hard to turn into actions — i.e. they are not things that the transit agency can do something about, or at least not without harming other people.

In fact, one of the most common mistakes in transit planning — a mistake encouraged by too many elected officials — is to change something in a way that satisfies a noisy commenter but makes the service worse for everyone else. This is exactly why the simplicity and usefuless of bus systems tends to deteriorate over time — requiring the occasional intervention of a network redesign.

There are really four problems here:
  1. Public feedback processes can never represent people who are busy.  Have you ever attended a public meeting where everyone who came to give comments was either retired or unemployed?  Probably not, because you’re too busy, but I have been to maybe 100 such meetings as a professional.  We love retired and unemployed people too, but a transit system designed around the tastes of people with lots of spare time is likely to be different from one designed for busy people.   The more time it takes to submit a comment, the worse this distortion is, so it’s worst in public meetings and much better with web surveys, intercept surveys and so on. Still, any kind of listening requires a busy person to engage, so busy people will be under-represented.  And most people are busy.
  2. Public feedback tends to be low-altitude.  It expresses desires and aversions about specific bus routes or stops, or some detailed aspect of the service.  Sometimes these can be addressed at their correct micro scale, but again, often the result is harm to someone else.  And it’s hard to derive any useful advice about the big policy decisions a government must make from this kind of input.
  3. Public feedback tends not to talk about priorities, but only about desires and aversions.  For example, most unstructured public comments will say “spend more here” without saying where the agency should spend less.
  4. Public feedback is often laced with abuse.  Because so many public comments are not actionable for the reasons outlined above, some members of the public assume that this inaction means that the transit agency isn’t listening, and that they therefore need to yell louder.  This contributes to an overall culture of abuse toward public employees.  And of course, many people are also just angry about other things and direct this anger at anyone who seems to be in authority.  (Bulletin: There is a lot of agony and rage in society, especially in the US, for many good reasons that your transit manager can’t do much to fix.)

I have been listening to public comments about transit for 25 years — and making them for 15 years before that — so trust me when I say that these patterns are really obvious. I do not want to imply that agencies are perfect in how they respond to comments, but I do know that they work harder at this than almost anyone gives them credit for.

Our firm specializes in building robust conversations with the public as intrinsic parts of planning processes, but we use strategies to bypass these known problems, and we are delighted to see these strategies used more widely.  To put it simply, we never ask the public to tell us what they want.  We ask them to tell us about priorities:  How would you choose between this or that?  We also put a lot of effort into helping people come to altitude, which means thinking about your personal complaint or idea might be an example of a bigger principle worth talking about.  Many transit problems — including good network redesign — can only be fixed by first viewing them at a high altitude, looking at the structure of the entire city or the policies that govern the transit agency.  So we need to help people come to the necessary altitude to influence those decisions at the scale where they actually occur.

For this reason, our studies rely heavily on groups of invited stakeholders, who are selected because they (a) represent lots of other people, (b) collectively represent the diversity of the community, and (c) have the time and professional interest to focus on the problem.  These stakeholders get an intensive education in the high-altitude questions that govern a network design, and the opportunity to have input on them.  In return, they commit to represent the study to their own communities of interest — by presenting to whatever groups they represent and helping those groups to engage.  This isn’t perfect, but it’s the least bad way we know of to get input at the right altitude — which requires some education and focus — while still hearing about the experience and perspectives of a diverse public.

So in the end, am I guilty of my own elite projection?  Well, I’m elite in the sense that I have both some innate skill and a lot of training in critical and spatial thinking.  But if I make assumptions about what people want without continually asking them, I do so based not just on decades of listening to public input but also noticing what generates ridership:  More than anything, most people just want to be able to get more places faster, in a way that’s safe and civilized but not luxurious.  When we do this, as a rule, more people ride.  But elite projection would mean assuming that other people want what I want beyond that nearly universal desire, and I am very careful not to assume that.

In the end, your transit system cannot just be the result of everyone’s opinions, because there really are some spatial facts about this topic.  There are also people like me with the skill of working with those facts critically and creatively.  My role, my firm’s role, in a community is to convene people in the presence of those facts, and let them figure out what they want to do.


The post Email: What Does it Mean to Listen to Riders? appeared first on Human Transit.

Read the whole story
1 day ago
Toronto, ON
Share this story

The meek shall inherit the vase

1 Share
Digging up gladiolus corms wasn’t the only thing I ran around doing before the recent cold snap. All the tender annuals were cut off at the ankles, and brought indoors by the armload, just in case. Just in case I wanted to root some cuttings (like coleus or purple tradescantia) – or try Gayla Trail’s cool recipe […]
Read the whole story
1 day ago
Toronto, ON
Share this story
Next Page of Stories