Apple Has Released Advanced Data Protection…. Here’s Why Most Of Us Don’t Need To Switch It On

Posted in Commentary with tags on December 30, 2022 by itnerd

Long time readers of my blog will know that I have always argued that you should have the right to encrypt everything if you should choose to do so. But the title of this post may make you think that I have flipped to the other side of that argument. In fact, it hasn’t. Let me explain.

With the release of iOS 16.2 and related macOS, iPadOS and watchOS releases, Apple has released Advanced Data Protection. This is meant to do the following:

Advanced Data Protection for iCloud is an optional setting that offers Apple’s highest level of cloud data security. When a user turns on Advanced Data Protection, their trusted devices retain sole access to the encryption keys for the majority of their iCloud data, thereby protecting it with end-to-end encryption. For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes and more.

Now your first thought is going to be “my iCloud data wasn’t end to end encrypted?” And the fact is that not all of your iCloud data was end to end encrypted. Without Advanced Data Protection turned on, iCloud end to end encrypts 14 sensitive data types such as passwords in keychain, health data, payment information, messages in iCloud, Apple card transactions, Home data, and much more. But that list goes up to 23 data types if you turn on Advanced Data Protection. You can find a list of what is and isn’t end to end encrypted here. The key thing is to look for the words “end-to-end” in the list.

So at this point, you might be thinking that more of your data is going to be end to end encrypted, this is a feature that you should turn on. Right.

Not so fast.

Here’s the thing about Advanced Data Protection that you need to know before you flip that switch. Apple makes you solely responsible for your encryption. Or put another way, because Apple will not have the keys required to recover your data, you need to set up an alternate recovery method, such as a recovery contact or recovery key in case you ever lose access to your account. And if you lose access to that alternate recovery method, you’re screwed because Apple cannot help you to get your data back. Nor can anyone else.

So with that in mind, should you turn on Advanced Data Protection? My answer would be no for the vast majority of you. And I include myself on that list. Why? Simply put, I am currently not a high value target for hackers or nation states who would see the data on my devices as being of significant value for them to acquire. And on top of the fact that Apple’s default security model works fine for me, encryption can make it harder for you to recover data should you need to as you would have to hop through extra hoops with little assistance from your local Apple Store or Apple’s phone support to help you. Thus I would argue that for the vast majority of you, Advanced Data Protection should remain turned off.

Having said that, you might want to consider Advanced Data Protection if you fall into one of these categories:

  • Politician
  • Journalist
  • Activist (human rights activist for example)
  • High probability of being a target of law enforcement

I am sure there are more categories, but I think you get the point. The fact is that these are the types of people that Advanced Data Protection was intended for because they are at high risk of getting pwned by hackers, nation states and other threat actors among other types who would want access to the data that’s in iCloud or on their iPhones or MacBooks. The other 95% of us should not touch this feature. But if you feel that you need to enable this feature, Apple has this support document that describes how to do it. But honestly, I would think long and hard before you go down that path. Because while I am glad that Advanced Data Protection is there, most of us don’t need to use it. And it may create more problems for you than it solves.

Leave a comment »

Rogers – Shaw Merger Approved By Competition Tribunal… Which Means That Canadian Consumers Are One Step Closer To Being Screwed

Posted in Commentary with tags , on December 30, 2022 by itnerd

Canadian telco consumers should prepare to have less competition in the telco space because late last night the merger of Rogers and Shaw which has been fought by Canada’s competition watchdog have been approved. CBC has the details:

In a summary of its decision released Thursday, the tribunal says the merger of the two telecommunications companies would not result in materially higher prices.

The decision says the deal, which includes the sale of Shaw-owned Freedom Mobile to Quebecor-owned Videotron, would not likely prevent or lessen competition substantially.

Quebecor agreed to buy Freedom Mobile in a $2.85-billion deal earlier this year.

Concerns that Bell and Telus — the closest competitors to Rogers in Canada’s telecom market — would be unable to compete with the combined company were also dismissed.

“The tribunal has also determined that the strengthening of Rogers’ position in Alberta and British Columbia, combined with the very significant competitive initiatives that Telus and Bell have been pursuing since the merger was announced, will also likely contribute to an increased intensity of competition in those markets,” the decision reads.

It says a more detailed decision will be released in the next two days.

I’m sorry, but this decision is horrible for Canadians because the exact opposite is going to happen as there’s going to be one less player in the marketplace. While this still has to be approved by Innovation, Science and Economic Development Canada, I expect that to be a rubber stamp as the current federal government in Canada pays lip service to having an affordable and competitive telco space. Canadian consumers might want to remember that when the next election comes and vote accordingly.

1 Comment »

How Bad Is Elon Musk’s Cost Cutting At Twitter?… The New York Times Has That Answer And It Doesn’t Look Good

Posted in Commentary with tags on December 30, 2022 by itnerd

The New York Times has a mind blowing article about what Elon Musk’s cost cutting at Twitter looks like. And I do mean mind blowing. Let’s start with Elon cutting data centres. Something that I reported on last week:

Early on Christmas Eve, members of the billionaire’s staff flew to Sacramento — the site of one of Twitter’s three main computing storage facilities — to disconnect servers that had kept the social network running smoothly. Some employees were worried that losing those servers could cause problems, but saving money was the priority, according to two people who were familiar with the move but not authorized to talk about it.

The data center shutdown was one of many drastic steps Mr. Musk has undertaken to stabilize Twitter’s finances. Over the past few weeks, Twitter had stopped paying millions of dollars in rent and services, and Mr. Musk had told his subordinates to renegotiate those agreements or simply end them. The company has stopped paying rent at its Seattle office, leading it to face eviction, two people familiar with the matter said. Janitorial and security services have been cut, and in some cases employees have resorted to bringing their own toilet paper to the office.

And:

Those cuts may be yielding consequences. On Wednesday, users around the world reported service interruptions with Twitter. Some were logged out, while others encountered error messages while visiting the website. Twitter has not explained what caused the temporary outage. Three people familiar with the company’s infrastructure said that if the Sacramento facility had still been operating, it could have helped alleviate the problem by providing backup computing capacity when other data centers failed.

But it doesn’t stop there. Here’s where we get to the mind blowing part of this:

Last week, Twitter got rid of the cleaning staff at its New York offices and 10 people from corporate security, signaling that it may close one of its two buildings there, said two people familiar with the move.

At Twitter’s San Francisco headquarters, where the company has missed rent payments, Mr. Musk has done the same, consolidating workers onto two floors and closing four. He also canceled janitorial services this month, after those workers went on strike for better wages.

That has left the office in disarray. With people packed into more confined spaces, the smell of leftover takeout food and body odor has lingered on the floors, according to four current and former employees. Bathrooms have grown dirty, these people said. And because janitorial services have largely been ended, some workers have resorted to bringing their own rolls of toilet paper from home.

That last paragraph blows my mind because it makes working at Twitter akin to working in a sweatshop in a third world country. It also makes Elon look like a Grade A scumbag because nobody in a leadership position should want their employees working in such conditions. But as it’s become clear over that last few weeks, that’s not who Elon is. Elon does whatever he wants and he clearly doesn’t care anything about the people who work for him. Thus why I consider him to be a Grade A scumbag. Though I suspect at some level he does care because….:

He has also asked some leaders to snuff out the sources of leaks to the press and anonymous posts on social media sites, three people said, and is focused on eliminating people inside the company he believes are opposed to him.

Well good luck with that Elon. When you get people upset, screw them over, and act like a dictator, you’re going to have some people lining up to take shots at you by going to the press and telling them things that you don’t want out in public. Which by the way I hope people continue to do because Elon needs to be exposed for everything that he is.

Good thing that I’m off of Twitter in a couple of days. This place sounds like a horrible place to work.

Leave a comment »

LG Launches ThinQ UP Upgradeable Home Appliances

Posted in Commentary with tags on December 29, 2022 by itnerd

LG Electronics (LG) has announced the global launch of its LG ThinQ™ UP upgradeable home appliances, including refrigerators, washers, dryers, oven ranges, and dishwashers. Able to adapt to the unique needs and changing lifestyles of each customer, LG’s appliances enable users to enjoy new features and functions without having to make any additional purchases. Launched in South Korea in January 2022, LG ThinQ™ UP will begin rolling out internationally starting in March 2023 in the U.S., with availability in other key markets to follow.

Built around the customer-centric concept of Evolving with You, LG ThinQ UP appliances can incorporate new features throughout their life, providing more value to users over time. LG will continuously develop easy-to-install software updates and hardware add-ons, delivering specialized options and new conveniences based on the usage patterns and suggestions of ThinQ UP appliance owners. 

One of the custom features available to download in 2023 is Laundry Saver Mode, which can be applied to dryer models with ThinQ UP. Extremely useful for those times when you can’t unload the dryer right away, Laundry Saver keeps the drum tumbling after the cycle has finished (and until the dryer door is opened) to help prevent wrinkles and odours. Another feature on offer is Improved Nighttime Brightness Control for refrigerators with ThinQ UP, which makes the fridges’ interior lighting softer at nighttime so as not to overwhelm users when they open the door. All new software features are optional, and can be easily downloaded from the LG ThinQ app.

Visitors can experience all of LG’s latest innovations, including the new ThinQ UP appliances, at the company’s booth (#15501, Las Vegas Convention Center) at CES 2023 in Las Vegas from January 5-8. 

Leave a comment »

Rival Password Manager 1Password And A Security Researcher Call Out LastPass…. As They Should

Posted in Commentary with tags on December 29, 2022 by itnerd

The issues with LastPass and their habit of getting pwned and having customer data in the wild is a big deal as the data in question happen to be customer’s passwords for their online lives. But LastPass has played this down by saying this:

If you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology. Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture. There are no recommended actions that you need to take at this time. 

Well, this didn’t go over well with Wladimir Palant who picked apart what was said by LastPass and said this:

Their statement is also full of omissions, half-truths and outright lies. As I know that not everyone can see through all of it, I thought that I would pick out a bunch of sentences from this statement and give some context that LastPass didn’t want to mention.

I encourage you to read the full post as Palant really rips into LastPass in a systematic way that makes it crystal clear why he feels the way he does. But he’s not the only one. 1Password has piled on with their own statement. And it’s damming:

That “millions of years” claim appears to rely on the assumption that the LastPass user’s 12-character password was generated through a completely random process. Passwords created by humans come nowhere near meeting that requirement. As I have been saying for more than a decade, humans just can’t create high-entropy passwords. Seemingly clever schemes to create passwords with a mix of letters, digits, and symbols do more harm than good.

Unless your password was created by a good password generator, it is crackable.

Translation, LastPass users may be in deep trouble according to 1Password.

The fact is LastPass really dropped themselves in it. As a result, I am now of the belief that LastPass users should do the following in this order:

  • Turn on two-factor authentication for as many of your accounts as possible, particularly high-value accounts like your email, financial services, and highly used social media accounts.
  • Change all the passwords that are stored in LastPass for every online service that you have to something totally different. Starting with high-value accounts like your email, financial services, and highly used social media accounts.
  • Stop using LastPass and delete all LastPass data.
  • Switch to a password manager that is either local and encrypted, or in the cloud under your control and encrypted. I use eWallet which supports both use cases. But 1Password and BitWarden are other options.

The fact is that LastPass users are in immediate danger as highlighted by 1Password and by Wladimir Palant, and they need to take immediate action to protect themselves. Because clearly LastPass can’t keep them safe.

Leave a comment »

Elon Musk Trolled After Tweeting That He Made “Significant” Changes To Twitter AFTER Twitter Went Down Last Night

Posted in Commentary with tags on December 29, 2022 by itnerd

Last night’s Twitter outage made Elon Musk a target on Twitter. To recap, Twitter started to have issues around 9PM EST last night, and those issues were logged by third party services like DownDetector. Right around that time Elon Tweeted this:

The timestamp on this Tweet indicates that this Tweet was posted AFTER the outage based on DownDetector’s graph of the outage.

That suggests that he might have been doing something around that time that caused the outage. Clearly I am not the only one who thinks that because the trolling of Elon came in hot and fast:

https://twitter.com/iamraisini/status/1608390249717145601
https://twitter.com/danvanmoll/status/1608350675477626880

Clearly Elon isn’t winning any friends here. And he’s likely to have problems doing that as time goes on as his ability to use his “reality distortion field” to make himself look smarter than he actually is can best be described as no longer effective.

Leave a comment »

BREAKING: Twitter Appears To Be Having Issues…. Thanks Elon

Posted in Commentary with tags on December 28, 2022 by itnerd

Over the last hour I’ve been tracking reports of issues with Twitter. And DownDetector seems to confirm that there are issues at Twitter:

And users on DownDetector are saying stuff like this:

Not to mention people on Twitter who are using the hashtag #TwitterDown are saying the following:

https://twitter.com/CaptainCommie77/status/1608289429830901762

I’ve had some random issues in the last hour with Tweets not posting and being force logged out of Twitter. So this is absolutely happening. I guess that this is result of an ego driven billionaire (though his net worth is falling by the day) who has no clue what he’s doing who is simply trying stuff and hoping that it will work. Twitter might not die tonight (though I would not at all be surprised if it did), but I think you’re starting to witness the beginning of the end of Twitter.

Great job Elon!

1 Comment »

Guest Post: YouTube removed a record 5.8 million channels in Q3 2022

Posted in Commentary with tags on December 28, 2022 by itnerd

According to Atlas VPN analysis, Google’s video platform removed a record number of channels last quarter  — 5.8 million. 

Prior to Q3 2022, the highest volume of removed channels was recorded during the third quarter of 2021, at 4.8 million terminations. 

Over 91.2% of all removed channels last quarter were flagged as either misleading, participating in scams, or simply spamming.

The number of channels removed in Q3 2022 increased by 1.8 million compared to Q2, representing a growth of 46%. 

The figures were extracted from the YouTube Community Guidelines enforcement report

Another 194 thousand channels, or 3.3% of the total, were terminated due to breaking YouTube’s community guidelines by showcasing nude or sexual content.

An official statement by YouTube notes that the high volume of terminated channels might be due to the actions they have taken to preserve their workforce and cut in-office staffing in response to COVID-19. 

Most videos deleted in India

When YouTube deletes a channel, all of its videos are removed as well. Together with 5.8 million channels, due to channel-level suspension, more than 5.6 million videos were removed in the third quarter of 2022.

Surprisingly, one country stands above the rest in terms of the volume of recordings terminated. 

Throughout Q3 2022, as many as 1.7 million videos originating from India were deleted. The second country on the list — Indonesia, saw 629 thousand videos removed. 

The United States stands in third place, with 534 thousand removals. Brazil (276 thousand) and Russia (218 thousand) round up the top five countries in terms of deleted Youtube videos as a result of overstepping community guidelines. 

Interestingly, video and channel removal reasons differ completely.

While 91.2% of channels were removed due to spamming, misleading, and scams, only 3.9% of videos were removed based on these grounds. 

In contrast, the largest portion of videos were terminated due to child safety concerns, totaling 2 million videos deleted, comprising 36% of the total.

To see the full article, head over to: https://atlasvpn.com/blog/youtube-removed-a-record-5-8-million-channels-in-q3-2022

Leave a comment »

TikTok Banned From US Government Devices

Posted in Commentary with tags on December 28, 2022 by itnerd

TikTok has long been a source of contention as it is seen as a Chinese app that at best is full of security issues, or at worst a data harvesting machine for the Chinese government. Well, it now seems that TikTok is back in the news again as Reuters is reporting that the app has been banned from US government devices. Meaning if you have the app, you need to delete it. And if you want to download it, you won’t be able to:

The popular Chinese video app TikTok has been banned from all U.S. House of Representatives-managed devices, according to the House’s administration arm, mimicking a law soon to go into effect banning the app from U.S. government devices.

The app is considered “high risk due to a number of security issues,” the House’s Chief Administrative Officer (CAO) said in a message sent to all lawmakers and staff on Tuesday, and must be deleted from all devices managed by the House.

The new rule follows a series of moves by U.S. state governments to ban TikTok, owned by Beijing-based ByteDance Ltd, from government devices. As of last week, 19 states have at least partially blocked the app from state-managed devices over concerns that the Chinese government could use the app to track Americans and censor content.

Given this sort of momentum, you have to wonder if there will be a move towards an outright ban where nobody can use TikTok in the US. Which will likely spread to other countries. I’ve argued that they should be banned for the following reasons:

Ban them. Ban them now. And get other countries to ban them. This discussion about if TikTok is a national security threat has been going on for years. And if you’re having this much discussion about a topic, and stuff keeps coming out that says that whatever it is that you’re talking about is bad, you should probably ban it. Because keeping TikTok around really doesn’t do anyone any good.

Thus it’s high time that countries stating with the US stop talking about banning them and get about actually doing it.

3 Comments »

Why The Twitter Hack Is Very Bad News For Elon Musk On Two Fronts

Posted in Commentary with tags on December 27, 2022 by itnerd

You might recall that Twitter appears to have been pwned. And pwned big. When I posted this story, I had said that “millions” of Twitter users might be affected. The number is actually 400 million users:

They have already warned Elon Musk’s Twitter as “they should purchase the data before it leads to a large fine under Europe’s GDPR privacy law.”

“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source,” wrote Ryushi in a forum post. “Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.” 

In the post, the hacker explains how this data can be used for phishing attacks and other scams. Ryushi says they were able to collect public and private Twitter data, such as users’ email addresses, names, usernames, follower count, creation date, and phone numbers. While most of this data can be found online, phone numbers and email addresses are private information.

Ryushy acquired data from 37 celebrities, including Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuba, Kevin O’Leary, and Piers Morgan, Bleeping Computer reports. The hacker told the publication that they are “attempting to sell the Twitter data exclusively to a single person/Twitter for $200,000 and will then delete the data. If an exclusive purchase is not made, they will sell copies to multiple people for $60,000 per sale.”

The hacker highlighted why this is very bad news for Elon. The GDPR. He’s running the risk of having to cut a check for hundreds of millions of dollars because of this. And buying the data won’t make that risk go away methinks. In fact, as I said in the original post that I made about this, an investigation is already underway.

John Gunn, CEO of Token chimes in with this:

The claims of the hackers are baseless as far as possible fines are concerned as GDPR does not mandate that companies never get hacked, and equally important, claiming you were a victim of hackers and paying a ransom does not alleviate any company from their responsibilities and potential penalties under GDPR or any other EU regulation.

Thus Elon is in deep trouble on the EU front. But his problems don’t end there. Twitter is under a consent decree with the Federal Trade commission. And that consent decree says that Twitter will do the following:

  • prohibit Twitter from profiting from deceptively collected data;
  • allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers;
  • notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about Twitter’s privacy and security controls;
  • implement and maintain a comprehensive privacy and information security program that requires the company, among other things, to examine and address the potential privacy and security risks of new products;
  • limit employee access to users’ personal data; and
  • notify the FTC if the company experiences a data breach.

As far as I can tell, Elon and company haven’t even admitted that this breach exists despite it being the worst kept secret in cybersecurity right now. Thus if Elon and company truly haven’t told the FTC about this, they’ve violated the last part of that consent decree. Which means that he’s just asking to get slapped silly by the FTC. In fact, I would not be surprised if the FTC is already dotting its “I”‘s and crossing its “T”‘s in preparation of dropping a bomb or two on Twitter.

I suspect that life is about to get very, very difficult for Elon in the next few days. You might want to pop some popcorn as it will be interesting and fun to watch. Unless you’re Elon Musk.

1 Comment »

« Older Entries
Newer Entries »