Supreme Court deals a blow to Apple Pay

Ed Hardy reporting for the Cult of Mac:

The SCOTUS decided that retail store owners who accept American Express can not suggest to customers who bring out this card that they use another method of payment. That includes Apple Pay, even though this iPhone payment system would save the merchant money.

A good reason to ditch your AmEx because they have been overcharging members and merchants for years.

What 7 Creepy Patents Reveal About Facebook

Sahil Chinoy reporting for the New York Times:

“...create a unique camera “signature” using faulty pixels or lens scratches. That signature could be used to figure out that you know someone who uploads pictures taken on your device, even if you weren’t previously connected. Or it might be used to guess the “affinity” between you and a friend based on how frequently you use the same camera.”

“I’ve seen no indication that Facebook has changed its commitment to watch everything we do, record everything we do and exploit everything we do,” Siva Vaidhyanathan, a professor of media studies at the University of Virginia said.

What social media companies say and what they do are two different thing.

Verizon and AT&T will stop selling your phone’s location to data brokers

Jon Brodkin reporting for the Ars Technica:

“After my investigation and follow-up reports revealed that middlemen are selling Americans' location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off," Sen. Ron Wyden (D-Ore.) said. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned.”

You invade my privacy, it's nothing. I try to get it back, it's a crime.

Spyware geeks freak after Singapore reporters get free USB fans

Mary Papenfuss reporting for the Huffington Post:

The Twitterverse exploded in a spyware panic after a Dutch journalist in Singapore posted a photo of a press kit freebie of a tiny fan that connects to computers via the USB portal. It was part of a goodie bag for the journalists covering U.S. President Donald Trump’s meeting with North Korean leader Kim Jong Un.

Techies flooded Twitter with warnings not to plug the fans into computers because to do so would risk a serious spyware or malware incursion.

You and everybody connected need to stay on top of it all the time, hackers however need to be right only once.

Apple Is testing a feature that could kill police iPhone unlockers

Lorenzo Franceschi-Bicchierai reporting for the Motherboard:

“I think it's clear they want to include it but are just trying to figure out what the implications of it will be and are obviously taking their time to get it right,” Ryan Duff, a Director of Cyber Solutions at Point3 Security, said. “It's a pretty radical security change and I'm sure they want to make sure it's the right move to make before pushing it. They definitely don't want the scandal of removing a security feature because of something they didn't anticipate.”

The basic concept of privacy is the option to limit the access others have to one's personal information.

“Because privacy isn't about something to hide. Privacy is about something to protect.”
- Edward Snowden

“If you have nothing to hide, you have nothing to fear”
- Joseph Goebbels, Nazi Propaganda Minister.

Everyone complaining about Microsoft buying GitHub needs to offer a better solution

Peter Bright reporting for the Ars Technica:

As a private company, we don't know exactly what GitHub's bank account looks like, but we can make some reasonable inferences. The company has had two rounds of venture capital funding, one for $100 million, a second for $250 million. Leaked financials from 2016 painted a picture of a company burning cash at a prodigious rate, with salary and benefits alone rivalling revenue. Even a more positive analysis of the numbers suggests that GitHub was on track to have burned through that $250 million by around the middle of this year.

Hotmail, Skype, Linkedin and now GitHub. Go figure.

At Beijing security fair, an arms race for surveillance tech

Pei Li and Cate Cadell reporting:

At a Beijing fair, several firms reported they could crack 4-digit passwords on platforms ranging from iOS 6 to iOS 8.1, and were working to break through security of the latest iOS 10 platform.

Always, update your iOS device to the lastes version and check doko.com's Tech & Privacy podcast on how to create a strong password.

Amazon admits Alexa device eavesdropped on Portland family

David Moye reporting for the Huffington Post:

“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. “Alexa then asked out loud, ”[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

You're basically installing a WiFi microphone in your home because every vendor, except Apple, is in the business of industrial scale data mining. Privacy always an afterthought, "will look into it", after incidents become public.

Civil rights groups warn Amazon about govt use of facial recognition

Jeffrey Dastin and Pushkala Aripaka reporting for Reuters:

“People should be free to walk down the street without being watched by the government,” said the letter to Bezos. “Facial recognition in American communities threatens this freedom. In overpoliced communities of color, it could effectively eliminate it.”

Realtime facial recognition will change policing and surveillance. This could become one of the most powerful regime tools if not properly regulated.

Apple cracking down on CallKit apps in China App Store due to government regulation

Chance Miller reporting for 9to5Mac:

The Chinese government likely takes issue with the VoIP functionalities of CallKit. Such services are frowned upon in the country. Apple removed the Skype application last summer for a similar reason.

However, Apple’s crackdown this time around seems to be blankety related to CallKit, as even applications that use the functionality to pause audio for an incoming call have been removed.

China forced Apple to close its iTunes Movies and iBook store in 2016, remove VPN apps in 2017 and now remove all apps that use the CallKit framework.

Steve Jobs President & CEO, NeXT Computer Corp and Apple. MIT Sloan Distinguished Speaker Series

Massachusetts Institute of Technology posts a newly discovered Steve Jobs speech delivered to the Sloan School of Management in the spring of 1992.

“I think that without owning something over an extended period of time, like a few years, where someone has a chance to take responsibility for one’s recommendations, where one has to see one’s recommendations through all action stages and accumulate some scar tissue for the mistakes and pick one’s self up off the ground and dust one’s self off, one learns a fraction of what one can,” Jobs said. “You do get a broad cut at companies, but it’s very thin.”

He foresees everything we now take for granted. A mastermind selling the future. Truly miss him.

Experts say keep Amazon’s Alexa away from your kids

Sam Biddle reporting for The Intercept:

Commercially-produced voice-recognition technologies, such as Amazon Echo, are primarily designed to promote products and brands. Amazon is acting irresponsibly by urging parents to unleash an AI-driven Alexa product into their children’s lives, without first ensuring that it will not harm their cognitive and emotional development. Echo Dot Kids is designed to encourage children to give up their personal information so it can drive even more revenues for the E-Commerce colossus.

What goes for Amazon’s Alexa goes for Google Echo and other voice-commanded artificial intelligence systems. There is no substitute for a real friend or responsible parenting. If you have no time for your kids might as well don't have them at the first place.

Future Apple biometric security may include scanning veins in a user's face

Malcolm Owen reporting for AppleInsider:

Vein-based authentication would potentially help Face ID from solving its "twin problem" if the two systems were used together. Face ID's facial map creation is thought to have a one-in-a-million false positive rate, with Apple itself suggesting there could be issues with identical twins or family members that are visually similar to each other.

Systems like that need a Secure Enclave, architecture central to security in iOS. Don't be fooled by copycat systems that processes your data online.

When Your iPhone Reinforces Sexism

Jessica Bateman on assignment for HuffPost:

Because AI is created by humans, it’s vulnerable to the biases and stereotypes people hold. Some worry that, as AI and automation become more important in our daily lives, these biases will become more ingrained in technology.

Siri probably would send “#MeToo” messages all day long.

Facebook closed 583m fake accounts in first three months of 2018

Alex Hern and Olivia Solon on assignment for the Guardian:

“This is a great first step,” said Jillian York from the Electronic Frontier Foundation. “However, we don’t have a sense of how many incorrect takedowns happen – how many appeals that result in content being restored. We’d also like to see better messaging to users when an action has been taken on their account, so they know the specific violation.”

Facebook isn’t the only platform taking steps towards transparency. Last month YouTube revealed it removed 8.3m videos for breaching its community guidelines between October and December.

"Every country has the government social media it deserves".

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw

Erica Portnoy, Danny O'Brian and Nate Cardozo reporting for the Electronic Frontier Foundation:

A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim. The proof of concept is only one implementation of this new type of attack, and variants may follow in the coming days.

Quick solution: disable the use of active content like HTML and outside links, and secure your email server against external access.

Tap to talk with us