TMO Link

Link

Double-Spending Flaw Found in Major Bitcoin Wallets

Charlotte Henry ·

Israeli researchers at wallet startup ZenGeo have found a vulnerability affecting at least three major crypto wallets – Ledger Live, Edge, and Breadwallet. The flaw allows hackers to spend Bitcoin more than once,  Coindesk report,Ed.

The bug, which the Tel Aviv-based firm calls BigSpender, allows a hacker to double-spend a user’s funds and possibly prevent them from ever using their wallet again. It works by exploiting how certain wallet’s handle Bitcoin’s replace-by-fee (RBF) function, a failsafe that enables users to swap an unconfirmed transaction with one that has a higher fee. “[BigSpender] can lead to substantial financial losses and in some cases to make the victim’s wallet totally unusable, with no way for the victim to protect themselves,” ZenGo CEO Ouriel Ohayon said in an email. “So this can be seen as a high severity attack.”

Link

macOS Big Sur and the Return of Whimsical Design

Andrew Orr ·

Designer Michael Flarup writes about how macOS Big Sur will bring back “fun in visual design.”

With this approach Apple is legalising a visual design expressiveness that we haven’t seen from them in almost a decade. It’s like a ban has been lifted on fun. This will severely loosen the grip of minimalistic visual design and raise the bar for pixel pushers everywhere. Your glyph on a colored background is about to get some serious visual competition.

I don’t miss pre-iOS 7 skeuomorphism, but I don’t think I’ll mind some of that era’s icons coming back (just without the gloss). I also wonder if we’ll see them on iOS, or just macOS.

Link

What Does AirPods Pro Spatial Audio Mean for Augmented Reality?

Andrew Orr ·

Em Lazer-Walker digs into the AirPods Pro spatial audio feature announced at WWDC 2020. What does it mean for AR?

As Apple improves their indoor location technology, [spatial audio] could also easily become a big part of making indoor wayfinding viable before they ship AR glasses, since the ARKit model of “hold your phone out in front of you while you walk through a space” is both socially and physically awkward.

I can’t wait for spatial audio to arrive. I use an app I’ve mentioned before that uses 3D audio, and I wonder if Naturespace will make use of this technology.

Link

How Apple Disrupted Certificate Authorities With Safari

Andrew Orr ·

In February, Apple implemented a rule in Safari in which TLS certificates have a lifespan of 398 days. According to ZDNet, Apple made this decision on its own without going through the standard procedure with certificate authorities.

Instead of calling for a vote, Apple simply announced its decision to implement 398-day lifespans on its devices, regardless of what the CAs in the CA/B Forum thought of the issue.

What took place this year is, in no simpler words, a demonstration that browser makers control the CA/B Forum, and that they hold full control of the HTTPS ecosystem, and that CAs are merely participants with no actual power.

Link

Here’s Why This Company Won’t Add ‘Sign In with Apple’

Andrew Orr ·

Today is the deadline for developers to add Sign In with Apple to their apps. One company, AnyList, doesn’t want to add it and explained why.

After considering the merits of Sign in with Apple, we have decided not to support it. We understand that this may surprise some of our customers, so we’d like to explain in detail why we made this decision.

A couple arguments make sense, but I’m not buying some others. 1) I’m not a programmer so I don’t know how hard it is to add Sign In with Apple. 2) Saying iCloud isn’t “real email” is stupid. 3) AnyList removed its Facebook login, which is still a privacy-positive move even without adding Apple login.

Link

16 Web APIs Apple Avoided Over Privacy Concerns

Andrew Orr ·

ZDnet has a list of 16 Web APIs that Apple declined to add to Safari over concerns they could be used to track users.

The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla’s platform.

Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

Link

macOS 11’s Design Language is Meant for Augmented Reality

Andrew Orr ·

Jack Koloskus wrote about an emerging design language called neumorphism. Some of the new icons in macOS 11 are part of this design, like the Messages bubble that looks 3D. He believes we’ll be seeing more of this, while I am of the opinion that Apple, with this design, is laying the foundations for an AR/VR user interface. Of course an AR interface looks a bit odd on a 2D screen.

When you boil it down, neumorphism is a focus on how light moves in three-dimensional space […] What sets neumorphism apart from its progenitor is that the focus is on the light itself and how it interacts with a variety of objects in a purely digital space. The light simulations in neumorphism are more complex, and are focused on how light from one object could affect another, or the function of the object itself.

Link

AirPods and AirPods Pro Updates Coming With iOS 14

Charlotte Henry ·

There is a lot coming with iOS 14. Some of the updates announced involved AirPods and AirPods Pro. AppleInsider has a good rundown.

Of all the new features coming in iOS 14, the most headline-grabbing is spacial audio for AirPods Pro. This works with 5.1, 7.1, and even Dolby Atmos encoded audio to create immersive sound that goes far beyond simple stereo playback. So much content is now coming in HDR Dolby Vision video and Dolby Atmos audio these days that it makes sense for Apple to continue to invest in these. Creating 3D sound from a set of headphones isn’t easy but Apple took it a step further.

Link

Everything You Want to Know About iOS 14 Notes and Reminders

Andrew Orr ·

Ryan Christoffel has a nice write-up of iOS 14 Notes and Reminders in the developer beta, which I’ve been avoiding since I don’t have spare test devices. If you specifically want to know about Apple Notes and Reminders like me, check out the article. I was hoping for more features, like tags for notes, but I’m glad the texture is gone.

Though neither app’s improvements have been held up as tentpole features of this fall’s releases, Apple has nonetheless given noteworthy attention to making the user experience for each app better in a variety of key ways. You won’t find fundamental evolutions in how either app works, but these updates prove the power of iteration.

Link

Starting Today Get ’Magic: The Gathering Arena’ on Mac

Andrew Orr ·

Starting today, gamers can download “Magic: The Gathering Arena” on Mac through the Epic Games Store.

Our macOS release will feature full cross-platform support in parity with our Windows client, including the upcoming release of Core Set 2021. New and current players will find the same cards, formats, events, play queues, and features on macOS as they can on Windows.

Link

‘Lawful Access to Encrypted Data Act’ is Latest Encryption Attack

Andrew Orr ·

Senators Lindsey Graham (R-South Carolina), Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) introduced the Lawful Access to Encrypted Data Act yesterday. It seeks to bring back the Crypto Wars of the 1990s by crippling encryption with the introduction of backdoors.

Yet increasingly, technology providers are deliberately designing their products and services so that only the user, and not law enforcement, has access to content – even when criminal activity is clearly taking place.  This type of “warrant-proof” encryption adds little to the security of the communications of the ordinary user, but it is a serious benefit for those who use the internet for illicit purposes.

”Adds little to the security of the communications of the ordinary user.” That’s the level of contempt these people have for the rest of us.

Link

Apple Silicon Goes Beyond ARM

Charlotte Henry ·

Undoubtedly one of the biggest announcements from WWDC 2020 was the forthcoming rollout of Apple Silicon. As AppleInsider explained, the move is about more than ARM-chips.

Many custom software optimizations already developed for iOS — such as Metal graphics — can be brought over to the Mac directly now that both share the same access to Apple’s own sophisticated silicon. Currently, Apple has had to develop two versions of Metal, one for iOS and another for the GPUs used on Macs. So Apple isn’t just arbitrarily moving from “x86 to ARM,” but rather using its custom silicon work to enhance the performance, features, and deep integration on its Macs. Moving “to ARM” is sort of a side effect of Apple’s wanting to use its own custom silicon. Up to this point, Apple has been limited to adding a helper chip like the T2 to its Intel Macs to handle custom features like Touch ID and Touch Bar.

Link

EyeQue’s Update Lets You Try On Glasses at Home

Andrew Orr ·

EyeQue’s new Try-On Glasses service means you can try on several pairs of glasses based on your vision results to find a pair you like best, all while staying safely at home.

EyeQue Try-On Glasses are a low-risk way for consumers to experience their vision through lenses made using their EyeGlass Numbers® (EGNs) – the lens power required to correct nearsightedness, farsightedness, and astigmatism. EGNs are obtained by taking EyeQue’s self-administered refractive error tests using either the VisionCheck or Personal Vision Tracker, and are in the same format as a traditional prescription.

Link

NSO Group Tools Used to Hack Journalist Omar Radi’s iPhone

Andrew Orr ·

An investigation from Amnesty International reveals that NSO Group tools were used to target human rights journalist Omar Radi via his iPhone.

Through our investigation we were able to confirm that his phone was targeted and put under surveillance during the same period he was prosecuted. This illustrates how human rights defenders (HRDs) may often have to deal with the twin challenges of digital surveillance alongside other tactics of criminalisation at the hands of Moroccan authorities leading to a shrinking space for dissent.

The same NSO Group that hopes to woo American law enforcement with its dazzlingly array of hacking tools.

Link

Craig Federighi Reveals iOS 14 Clipboard Will Be Locked Down

Andrew Orr ·

Michael Grothaus interviewed Craig Federighi where he talks about iOS 14 privacy features. One feature is restricted access to the system clipboard/pasteboard. Apps will no longer have full access, which was a problem in the past.

Though there isn’t a lot of evidence apps have done this on a wide scale, apps will now require your approval to access the pasteboard for the first time. If a messaging app requests approval, it’s probably legit–but look out if, say, a free gaming app wants to get at your pasteboard.

As regular readers can guess, I’m excited for the new privacy features in iOS 14 and macOS Big Sur.

Link

Apple Approves ‘Hey’ Email App, Developer Adds Free Burner Accounts

Andrew Orr ·

Apple has approved a new version of the Hey email app once the developers added a free option for users. You can now create a free, temporary email account that expires after 14 days, making it a new privacy service for burner emails.

…the company will now offer iOS users a free temporary Hey email account with a randomized address, just so the app is functional when it is first opened. These burner accounts will expire after 14 days. Hey is also now able to work with enterprise customers, as Apple initially took issue with the app’s consumer focus.

I like the burner option. Find it in the App Store here.

Link

Keep an Eye Out: Mozilla VPN to Launch in Near Future

Andrew Orr ·

Mozilla, the company behind the Firefox browser, announced Thursday that its Mozilla VPN product is launching in the next few weeks.

We are working hard to make the official product, the Mozilla VPN, available in selected regions this year. We will continue to offer the Mozilla VPN at the current pricing model for a limited time, which allows you to protect up to five devices on Windows, Android, and iOS at $4.99/month.

You can sign up to join the waiting list here.

Link

Phil Schiller Speaks Out on ‘Hey’ Email Controversy

Andrew Orr ·

A controversy over the past few days has been about an email app called Hey that was initially approved by the App Store review team, then rejected later. Phil Schiller spoke about the issue in an interview.

One way that Hey could have gone, Schiller says, is to offer a free or paid version of the app with basic email reading features on the App Store then separately offered an upgraded email service that worked with the Hey app on iOS on its own website. Schiller gives one more example: an RSS app that reads any feed, but also reads an upgraded feed that could be charged for on a separate site. In both cases, the apps would have functionality when downloaded on the store.

My opinion is that Apple could stand to reduce its cut from 30% down to 15-18%. But we definitely don’t need other proposals, like downloading apps from outside the App Store like you can on the Mac.

Link

‘Bundlore’ Adware Targets Macs With Updated Safari Extensions

Andrew Orr ·

A report from Sophos today reveals a wave of adware belonging to the Bundlore family that targets macOS. Bundlore is one of the most common bundlware installers for macOS, accounting for almost 7% of attacks detected by Sophos.

This installer carried a total of seven “potentially unwanted applications” (PUAs)—including three that targeted the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income. The injected content in at least one case was used for malvertising—popping up a malicious ad that prompted the download of a fake Adobe Flash update.

Link

Zoom Backtracks, Will Give Free Users Encryption Protection

Andrew Orr ·

After a lot of negative attention from press and privacy advocates, Zoom has backtracked on its stance. It will provide free users with end-to-end encryption, a feature previously limited to paying customers.

The company said that free users will have to verify themselves with a phone number in a one-time process. It claimed that this will stop bad actors from creating multiple abusive accounts.

Zoom is also releasing an updated design of its end-to-end encryption solution on GitHub that intends to achieve a balance between “the legitimate right of all users to privacy and the safety of users.”

Good to see Zoom do this.

Link

New Feature ‘Sleep Mode’ Could Arrive on iOS 14

Andrew Orr ·

Apple leaker Fudge (@choco_bit) claims that a new feature coming to iOS 14 will be called Sleep Mode.

When Sleep Mode is enabled, the lockscreen will dim, calls and alerts that arrive while locked will be silenced, and notifications will be sent to history. Emergency alerts will break through. Sleep will analyze your sleep patterns based on your iPhone usage at night.

Bedtime in the Clock app can set an alarm and track your time in bed. Do Not Disturb can silence calls and alerts. So if this rumor is true then it sounds Apple is rebranding and combining these disparate features into one Sleep Mode toggle.

Link

Google Chrome 85 Hides Full URL Addresses

Andrew Orr ·

Google wants to follow in Apple’s footsteps by hiding the full URL in Google Chrome 85. Instead, with an optional (for now) toggle, users can choose to have the address bar display only the top level domain.

There’s no public explanation yet for why Google is pressing ahead with these changes, but the company has said in the past that it believes showing the full address can make it harder to tell if the current site is legitimate.

However, it’s also worth considering that making the web address less important, as this feature does, benefits Google as a company. Google’s goal with Accelerated Mobile Pages (AMP) and similar technologies is to keep users on Google-hosted content as much as possible, and Chrome for Android already modifies the address bar on AMP pages to hide that the pages are hosted by Google.

In other words, Google doesn’t want people to be able to tell the difference between Google and the internet.

Link

WWDC 2020: How Developers Plan to 'Attend' Apple's Event

Charlotte Henry ·

While the fact that WWDC 2020 is going to be virtual even means developers and other attendees will save on hotels and flights, they will miss out on some of the benefits in-person attendance means. A number of them told CNBC how they intend to make the most out of next week.

Adrian Eves, an iOS developer based in Alabama, said he plans to take all of WWDC week off work so he can follow along with the videos and announcements. He’s created a Slack group called WWDC Lobby to discuss the announcements in real-time with other fans, including Apple employees. “Since everything’s remote, we need a way to adapt ourselves to this experience. I’ve been to different conferences, and the best thing is, besides the subject matter, the networking,” Eves said… For independent developers and companies that send several people, the savings could be substantial. “WWDC moving online is terrific for smaller developers, particularly those based abroad. Even for us, WWDC being online will save us upwards of $100,000 on event sponsorships, travel, and accommodation, since most of our team is based in Europe,” said Oleksandr Kosovan, CEO of MacPaw, a software developer focused on Apple products.

Link

Facebook Considers Adding Face ID to Messenger Chats

Andrew Orr ·

Facebook’s latest experiment involves adding Face ID / Touch ID protection to Messenger chats.

When enabled, users will need to authenticate their identity using Face ID, Touch ID, or their passcode before they can view their inbox, even if their phone is already unlocked. […] The company is currently testing the new security feature among a small percentage of Messenger’s iOS users, though it could eventually be available more widely, including on Android.

I’d love to seen an option to lock any app with Face ID / Touch ID.