Always strive to learn something useful. --Sophocles

This was a government order. And it was a secret. Apple was not allowed to reveal the order. The purpose of the order was allegedly to make it easier for the government to find CSAM, explicit child pornography. It was, in fact, admitting that they were not being very good at their investigations and wanted Apple to make it easier for them.

So Apple broadcast not only that they received the order, they actually broadcast the text of it.

And now they've announced that they are turning off ADP, Advanced Data Protection, a form of advanced encryption of iCloud information in the UK to comply with the order. If you turn on ADP, the only person who can access your data is YOU, which also means that you can lose it. That's the risk of encryption.

Apple basically engaged in naming and shaming the government, good for them! The Home Office said "We do not comment on operational matters, including for example confirming or denying the existence of any such notices." As of this time, Apple users in the UK can no longer turn on ADP, it is expected that with a future update it will be turned off for users who previously activated it.

Without ADP, the information is still encrypted, but it is done in such a way that if the government serves Apple with a warrant, Apple can get at the information. Need I remind people about an incident that I posted about a month or so ago about a back door that the U.S. government required telecommunications providers to install for surveillance purposes that the Chinese have cracked? Several telcom providers have been compromised, and it's an extreme fight to keep them out - it's an on-going problem.

I can't wait for a British tabloid to get ahold of some MP or Lord's data and splash it all over their paper.

https://www.bbc.com/news/articles/cgj54eq4vejo

https://apple.slashdot.org/story/25/02/21/1529255/apple-removes-cloud-encryption-feature-from-uk-after-backdoor-order

This was kind of inevitable, so many things are moving there and sometimes it's hard to what obscure thing you're looking for is where. In the end it will probably be a good thing, but it'll take a decade before it's stable. ;-)

https://support.microsoft.com/en-us/windows/system-configuration-tools-in-windows-f8a49657-b038-43b8-82d3-28bea0c5666b

https://it.slashdot.org/story/24/08/23/031251/microsoft-says-its-getting-rid-of-control-panel-in-windows


In other Windows news, Microsoft announces the return of Recall. That's the system where your operating system watches everything you do, OCRs it and stores it in a local database to help you remember what you were doing in the past for your convenience. This was announced back in June, and it was discovered in beta deployments that there was absolutely no security being deployed in the database in terms of encryption or permissions, so if someone gained access to your PC - which never happens - then they could see your bank credentials, credit card numbers, health insurance info, you know - trivial things.

Details have not yet been released as to what security protections have been put in place. A non-existent Microsoft PR flack was quoted as saying "Trust us!"

The revised feature will go to Insider Program testers in October. Microsoft says more details will be disclosed at that time.

https://arstechnica.com/gadgets/2024/08/microsoft-will-try-the-data-scraping-windows-recall-feature-again-in-october/

https://tech.slashdot.org/story/24/08/22/1648253/microsoft-will-try-the-data-scraping-windows-recall-feature-again-in-october

Finally! On Wednesday, "Judge Nina Morrison in the Eastern District of New York ruled that cellphone searches are a "nonroutine" search, more akin to a strip search than scanning a suitcase or passing a traveler through a metal detector."

Ultimately, of course, it'll still have to be locked down either through Congressional action, which will result in more challenges and CBP ignoring it, up through the Supreme Court. But for now, if you fly in to JFK, you're probably safe from search. A CBP agent admitted in court that most of the searches were fishing expeditions and most people were quite compliant.

I will still be inclined to power off my phone while passing through the ridiculous hell of customs and immigration while coming back into the country, but this is a great improvement, especially for journalists who work on potentially dangerous stories!

Meanwhile, since Biden is a lame duck, he's said to be working on a set of SCOTUS reforms that includes adding more justices to cover the additional circuit courts that have been added to the country.

https://reason.com/2024/07/26/courts-close-the-loophole-letting-the-feds-search-your-phone-at-the-border/

After suffering TONS of blowback in the press and industry, Microsoft is pulling the playback feature that took snapshots of what you were doing on your computer and saved them. The issue being that the save was unencrypted and readily accessible to anyone who could sign on to the PC: such as spouse abusers, hackers, etc. Why it was not encrypted from the get go, I don't understand.

Privacy? Who needs privacy! It's nifty! Nifty > privacy!

There were ways to deactivate the Recall feature, how easily it could be turned off is a matter of some debate. Microsoft and other vendors are also infamous for silently turning on things with updates that users had previously turned off.

CoPilot+ goes live June 18. *sigh*

https://www.windowscentral.com/software-apps/windows-11/microsoft-postpones-windows-recall-after-major-backlash-will-launch-copilot-pcs-without-headlining-ai-feature

https://it.slashdot.org/story/24/06/14/0318213/microsoft-postpones-windows-recall-after-major-backlash

A quote from the Slashdot summary:
"Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He's never been responsible for an accident. So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor. LexisNexis is a New York-based global data broker with a "Risk Solutions" division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl's request, LexisNexis sent him a 258-page "consumer disclosure report," which it must provide per the Fair Credit Reporting Act. What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn't have is where they had driven the car. On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking."

So now it doesn't matter that you're accident-free, it matters what an algorithm thinks of your driving patterns.

The one thing that is certain is that data brokers have far too much power, and I want to make sure that I can disconnect any cellular connection on my next car!

At this time, the article is not behind a paywall, though that could change:
https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

https://tech.slashdot.org/story/24/03/11/2342228/automakers-are-sharing-consumers-driving-behavior-with-insurance-companies

The merger, announced August 2022, was seen as kind of fraught from the beginning. People didn't like the idea of Amazon having a robot running around inside their house with a camera and precision measuring devices mapping out their houses and reporting back to the Bezos mothership, then potentially reporting back that 'this couch or table would fit perfectly right There'. We know the privacy issues that Alexa has/had, and iRobot would probably have elevated those to a very uncomfortable degree.

https://www.businesswire.com/news/home/20240128042393/en/


In the good news area, the Amazon Ring video camera doorbell has improved things a bit. They have recently shut down an app that allowed police to access video footage without a warrant using an app called RFA, Request For Assistance. While this has obvious benefits for hot crimes of the moment, it also has profound potential for abuse for bored officers just wanting to pop around and see what's happening, or perhaps stalk old lovers. Now they'll have to explain things to a judge before they can pour through that footage.

https://arstechnica.com/tech-policy/2024/01/amazon-ring-stops-letting-cops-get-doorbell-footage-without-a-warrant/

I've never liked the Chrome browser, personally, for two reasons. It had an auto-update that at the time that I learned about it you couldn't disable, and it eats an awful lot of resources. And I don't use it except on a couple of PCs at work, not on my personal work station.

So let me give you a little background on how cookies can track you across web sites.

First off, don't go thinking that Google is mainly a search engine company. They are an advertising company. They make their money off of selling (functionally) ad space to companies through search results and looking at key words in your email. NEVER FORGET THIS. It used to be this was accomplished by what is known as third-party cookies. This was a special kind of cookie that could persist across web sites and browser sessions.

For example, you buy a pair of shoes off of Amazon. Amazon keeps a cookie (or three) in your browser's cookie cache that remembers some information about you, and theoretically no one except Amazon can read that information. So we have an Amazon.com cookie. Now, a super cookie is just a cookie with the name .Com and that's it. And because it's a top-level domain (TLD), apparently it can read some information below it, such as the Amazon.com cookie. It may not know what the information within the Amazon.com cookies means, but it knows the information is there and might be able to make some guesses.

Advertisers want as much information about people as they can get, supercookies are one such tool. Another tool is tracking pixels. These are invisible 1 pixel images that are inserted into a page or email that link to a server where the tracking pixel has a specific identity tied to the email or page that you open. If your email or web page doesn't block images or tracking pixels, when you open the page, that pixel is loaded - and the tracker database knows that specific pixel was loaded and ties that page or your email into tracking information about you.

Now, email programs can be configured to block tracking pixels and supercookies, which advertisers hate because they get less analytic information which means less information they can sell to potential ad or analytics buyers. And remember, Google is in the ad serving business.

Google came up with an alternative, baked into the browser that they want everyone to use. When you open Gmail, or Google Search, in Firefox or Microsoft Edge or Safari, you get this lovely popup: For the best experience, open this page in Google Chrome. Gee, wonder why! Now what Google is doing is they analyze the page that your browser is now looking at and generates a 'topic list', along with a unique identifier for your PC, and now they have analytics that they can sell for ad buyers! All without cookies! Oh, and it gets better! Google claims "a significant step on the path towards a fundamentally more private web."

BWAHAHAHAHAHAHAHAHA!

They also claim that they'll block third-party cookies in the second half of 2024. I think Firefox now does that by default. And while Microsoft Edge, which is a pretty good browser, is built on Chrome code, it can also block third-party cookies.

https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/

Of course there's the 'absent exigent circumstances' clause inserted, always gotta have that. Regardless, huge step forward for privacy.

This is both complicated and simple. The simple part is that the government has a reasonable interest in preventing some things from entering the country, like drugs, undeclared/untaxed items, etc. But at the same time, our phones have become digital repositories of our lives, and even though it is not a declared constitutionally-protected value, we do have some legal rights to privacy.

From the article: "Just as in Riley, the cell phone likely contains huge quantities of highly sensitive information—including copies of that person’s past communications, records of their physical movements, potential transaction histories, Internet browsing histories, medical details, and more … No traveler would reasonably expect to forfeit privacy interests in all this simply by carrying a cell phone when returning home from an international trip."

Apple introduced a feature in the previous(?) version of their phone operating system that disables the interface port and the facial recognition unlock to tighten security. It is recognized that the government has to go through great lengths to compel you to produce something you know - a password or passcode - versus something you posses - a key to a lockbox or your fingerprint or face, being the key to your phone. By disabling these, your phone is much harder to access since the phone will wipe itself after X number of failed attempts. I believe Android has something similar, but I'm not familiar with their specifics.

A lot of people would simply wipe their phone before re-entering the USA, then reload their contacts from an iCloud backup once they're past Customs and restore everything once they're back home to avoid such things.

A second part of the article is also quite interesting: The court focused on the internet and cloud storage, stating: “Stopping the cell phone from entering the country would not … mean stopping the data contained on it from entering the country” because any data that can be found on a cell phone—even digital contraband—“very likely does exist not just on the phone device itself, but also on faraway computer servers potentially located within the country.” This is different from physical items that if searched without a warrant may be efficiently interdicted, and thereby actually prevented from entering the country."

But I'm not sure what this means for potential laptop searches and siphoning. Best to use solid full-disk encryption and a BIOS password if you're at all concerned about your laptop contents.

https://www.eff.org/deeplinks/2023/05/federal-judge-makes-history-holding-border-searches-cell-phones-require-warrant

https://yro.slashdot.org/story/23/05/31/0439200/federal-judge-makes-history-in-holding-that-border-searches-of-cell-phones-require-a-warrant

So now they're getting U.S. data protection, which basically means none. I'm sure that BoJo can fix that by the end of the year.

https://www.reuters.com/article/us-google-privacy-eu-exclusive/exclusive-google-users-in-uk-to-lose-eu-data-protection-sources-idUSKBN20D2M3

According to this Reuter's article, "Smart TV manufacturer Vizio has formed a partnership with nine media and advertising companies to develop an industry standard that will allow smart TVs to target advertisements to specific households, the companies said Tuesday.

The consortium includes major TV networks like Comcast Corp’s NBCUniversal and CBS Corp, as well as advertising technology companies like AT&T Inc’s Xandr.

Addressable advertising, or targeting viewers on the household level based on their interests, has long been the goal of TV marketers. But TVs lack cookies that internet browsers use to allow ads to follow people around the web. And TV manufacturers have so far used different technology and standards to enable addressable advertising, hindering the industry’s growth, said Jodie McAfee, senior vice president of sales and marketing at Inscape, a subsidiary of Vizio."

Myself, I refuse to own a smart TV, likewise I won't own an Alexa or similar device. The only thing connected to my router is my Apple TV. There are too many things tracking my life already that I can at least eliminate what I can, and smart TVs are one such category. When I bought my latest TV last year, I purposely chose a dumb TV: I wanted all of the control to come through my Apple TV and DVD/BR player, which also makes the TV less expensive. I've always had an inherent distrust of all-in-one devices, I've especially been burned by multifunction printers where the scanner doesn't work if the ink cartridges are empty.


https://www.reuters.com/article/us-vizio-advertising/vizio-wants-next-generation-smart-tvs-to-target-ads-to-households-idUSKBN1QT16V

https://entertainment.slashdot.org/story/19/03/13/216213/vizio-wants-next-generation-smart-tvs-to-target-ads-to-households