One feature of iOS and iPadOS 13 was built-in support for fonts (Settings > General > Fonts). But as Michael Potuck notes, I’ve seen very few font apps in the App Store. But now there’s a new one called Fontcase, and it’s open source, too.
Installing custom fonts is super easy with Fontcase, once you have what you want in iCloud Drive or Dropbox, you just import the fonts in Fontcase, download and install a configuration profile, and they’ll be available across iOS/iPadOS.
ShiftCam is launching its ProLens range of iPhone 11 lenses to the U.K. These lenses deliver what the company says is “DSLR” quality to smartphone lenses. There’s a 60mm Telephoto Lens, £84.99; 18mm Wide Angle Lens, £84.99; 10x 25mm Traditional Macro Lens, £84.99; 75mm Long Range Macro Advance Lens, £104.99; Full Frame Fisheye Advance Lens, £104.99; 12mm Ultra-Wide-Angle Aspherical Lens, £134.99; ProLens Deluxe Kit, £399.99.
Apple shared post to its developer page to give advice on how to file great bug reports. It’s also good advice for people who like to beta test Apple software, so bookmark the page once iOS 14 and macOS 10.16 Redwood have been announced (I’m taking this opportunity to make my macOS name prediction).
You should always file feedback for any bugs you find while developing on Apple’s platforms; after all, we can’t fix problems that we don’t know about. But how can you be sure that the information you provide is helpful for triaging the issue, rather than a bug-solving dead end? Here are some of our top tips for making sure your bug report is clear, actionable, and — most importantly — fixable.
A report today from Motherboard details how Facebook and the FBI used a zero-day exploit for privacy OS Tails to catch a child predator. The reason I’m specifically linking to it is because of this paragraph:
Facebook told Motherboard that it does not specialize in developing hacking exploits and did not want to set the expectation with law enforcement that this is something it would do regularly. Facebook says that it identified the approach that would be used but did not develop the specific exploit, and only pursued the hacking option after exhausting all other options.
That is a slippery slope argument that will be used by politicians, like how Apple does what it can to help the FBI get into terrorists’ iPhones. “But you helped them before, why not again?” More fuel on the EARN IT fire.
Cloudflare has introduced 1.1.1.1 DNS for families that adds an extra layer of protection to keep kids safe online. There are now two extra variants of the DNS service. 1.1.1.2 can block malware, and 1.1.1.3 can block both malware and adult content.
Introducing 1.1.1.1 for Families — the easiest way to add a layer of protection to your home network and protect it from malware and adult content. 1.1.1.1 for Families leverages Cloudflare’s global network to ensure that it is fast and secure around the world. And it includes the same strong privacy guarantees that we committed to when we launched 1.1.1.1 two years ago. And, just like 1.1.1.1, we’re providing it for free and it’s for any home anywhere in the world.
Good to see Cloudflare offer more options for people. They aren’t the only company doing this either; I’ve rounded up four other private DNS services to use.
In partnership with Connected Nation Michigan, the State of Michigan released a free online map of free Wi-Fi hotspots for citizens who don’t have easy access to broadband (although the tool is there to use even if you do have your own internet).
“This pandemic has shown a real need to tackle the barriers of access, adoption, and affordability to fully enable the opportunities that the internet makes possible,” Lt. Gov. Garlin Gilchrist said. “If we are going to close the Internet gap, we need to make sure we’re doing everything we can in the interim to expand access to existing broadband options for communities where it’s not readily available or affordable.”
It’s nice to see such a great tool from my state.
IBM has released a toolkit for iOS and macOS to help developers to easily add homomorphic encryption into their programs.
While the technology holds great potential, it does require a significant shift in the security paradigm. Typically, inside the business logic of an application, data remains decrypted, Bergamaschi explained. But with the implementation of FHE, that’s no longer the case — meaning some functions and operations will change.
In other words, “There will be a need to rewrite parts of the business logic,” Bergamaschi said. “But the security that you gain with that, where the data is encrypted all the time, is very high.”
If you haven’t added homomorphic encryption to your technology watch list, be sure to do so. As I wrote in the past, this type of encryption lets a company perform computations on data while still keeping that data encrypted.
Faced with pressure, the UK government has released its contracts with Amazon, Google, Microsoft, Faculty, Palantir, and others.
The contracts show that companies involved in the NHS datastore project, including Faculty and Palantir, were originally granted intellectual property rights (including the creation of databases), and were allowed to train their models and profit off their unprecedented access to NHS data.
The REAL reason why they wanted to avoid Apple and Google’s privacy solution.
Apple is making “Just Mercy” available to stream free for customers. Based on a true story, it stars Michael B. Jordan and Jamie Foxx.
The Warner Bros. film is based on a true-story of a young lawyer who decides to use his Harvard law degree in Alabama to fight against racial inequality in the context of those wrongly convicted of crimes (free streaming for “Just Mercy” may just be in the US).
A good film recommendation for the weekend.
Children in the U.S., UK, and Spain are now spending nearly as much time watching TikTok videos as they are watching clips on YouTube. That’s according to new data from Qustodio, reported on by Techcrunch.
Kids ages 4 to 15 now spend an average of 85 minutes per day watching YouTube videos, compared with 80 minutes per day spent on TikTok. The latter app also drove growth in kids’ social app use by 100% in 2019 and 200% in 2020, the report found. The data in the annual report by digital safety app maker Qustodio was provided by 60,000 families with children ages 4 to 14 in the U.S., U.K., and Spain, so it’s data isn’t representative of global trends. The research encompasses children’s online habits from February 2019 to April 2020, takes into account the COVID-19 crisis, and specifically focused on four main categories of mobile applications: online video, social media, video games, and education.
Private messenger app Signal added a feature that lets it automatically blur faces in your images.
Thousands of people are protesting against police brutality and to support the Black Lives Matters cause. If you are a part of the protests, you might post photos of the demonstration around you on social media or send them to your friends — and that’s not entirely safe, because it could help identify people there and put them in danger.
A great feature. I’ve been trying to create a shortcut that can obfuscate faces.
Google is facing a $5 billion lawsuit amid claims its technology invades the privacy of users even when they are using incognito mode. The class proposed by the complaint could potential involve “millions” of Google users, Reuters reported.
According to the complaint filed in the federal court in San Jose, California, Google gathers data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads. This helps Google learn about users’ friends, hobbies, favorite foods, shopping habits, and even the “most intimate and potentially embarrassing things” they search for online, the complaint said. Google “cannot continue to engage in the covert and unauthorized data collection from virtually every American with a computer or phone,” the complaint said. Jose Castaneda, a Google spokesman, said the Mountain View, California-based company will defend itself vigorously against the claims.
CES 2021 is to be a physical event in Las Vegas, along with some digital elements, the Consumer Technology Association (CTA) announced on Wednesday. However, as The Verge points out, it’s not clear it will be ok to hold large scale events at that point, nor that people will actually want to go.
The stakes are high for CES. It’s one of the largest conventions held each year in Las Vegas, responsible for bringing a huge number of visitors to the city, with around 175,000 attendees last year. The Las Vegas Convention Center, the primary venue where the event is held, is scheduled to complete a $980 million expansion just in time for next year’s show. And while consumers may know CES as the event where new TVs, cars, and other gadgets are announced, it also remains an important venue for meetings between retailers, manufacturers, and all the companies in between. The CTA is promising new health policies for the show. The group intends to “regularly clean and sanitize spaces” and offer “sanitization stations.” It also plans to widen aisles and seats to increase distancing, limit “touch points” by using tech like mobile payments, and provide on-site health services. The CTA says it’ll look into doing temperature scans and that it plans to issue “best practices,” like wearing a mask — though it doesn’t say if they’ll be required.
Here’s a humorous little story from Andy Hertzfeld, a member of Apple’s original Macintosh team. Bill Atkinson did some clever programming to draw circles and ovals quickly on a Mac. But Steve Jobs had something else in mind.
Bill fired up his demo and it quickly filled the Lisa screen with randomly-sized ovals, faster than you thought was possible. But something was bothering Steve Jobs. “Well, circles and ovals are good, but how about drawing rectangles with rounded corners? Can we do that now, too?”
Researchers were able to use beer rating app Untappd to track the location history of military and CIA personnel.
Examples of users that can be tracked this way include a U.S. drone pilot, along with a list of both domestic and overseas military bases he has visited, a naval officer, who checked in at the beach next to Guantanamo’s bay detention center as well as several times at the Pentagon, and a senior intelligence officer with over seven thousand check-ins, domestic and abroad. Senior officials at the U.S. Department of Defense and the U.S. Air Force are included as well.
Not even the CIA is safe against the data industrial complex.
Mac security researcher Jaron Bradley says he believes hackers are still using an open source macOS backdoor called “Tiny SHell.”
Tinyshell is an open source tool that operates like a shady version of SSH. It’s been a while since I’ve encountered a new sample, but I fully believe attackers are still out there using it. If you watched the Macdoored talk then you’ve seen what attackers are doing “post mortem” with this tool. However, no technical details have been discussed about the malware itself.
Discovered on April 16, 2020, Amtrak suffered a data breach that affects its Amtrak Guest Rewards accounts.
The attack vector involved was compromised usernames and passwords, which may suggest the use of credentials previously leaked or stolen, or the use of brute-force methods.
Amtrak says that some personal information was viewable, although the company has not specifically said what data may have been compromised. However, Amtrak was keen to emphasize that Social Security numbers, credit card information, and other financial data was not involved in the data leak.
A company called Hybri is creating virtual AI companions that live in augmented and virtual reality. But a feature that may prove to be controversial is letting users scan a photo of a real person to superimpose on the avatars.
But the creepiest feature of Hybri is its Photoscan, which allows you to add a real person’s face to the avatar. That means your unrequited love or celebrity crush could soon become your virtual partner — whether they want to or not.
It sounds like a cool idea to me, but it probably won’t pass the App Store review team.
Motherboard has a short guide to protecting your privacy in case you join a protest. Rule number one: Get a burner phone, don’t use your personal phone.
Naturally, law enforcement will likely be heavily surveilling these protests and others with all sorts of tech and spying gear. And it’s not just the cops: when much of a protest is broadcast via tweets or live-steaming, those watching may also want to digitally target protesters, perhaps by identifying them publicly.
The Raspberry Pi 4 was released last year in 2GB and 4GB models. Today an 8GB model is being released for US$75.
The BCM2711 chip that we use on Raspberry Pi 4 can address up to 16GB of LPDDR4 SDRAM, so the real barrier to our offering a larger-memory variant was the lack of an 8GB LPDDR4 package. These didn’t exist (at least in a form that we could address) in 2019, but happily our partners at Micron stepped up earlier this year with a suitable part.
Partnering with the Cybercrime Support Network, Google has a new tool called Scam Spotter. It gives you a quiz to help you spot online scams. It simplifies advice from experts into three golden rules:
Roberto Escobar, brother of Pablo Escobar, is suing Apple for US$2.6 billion. He claims someone hacked his iPhone and found his email through FaceTime. As a way to fight the company he’s also launching a limited edition iPhone 11 Pro 256GB, gold plated, for US$499.
According to the lawsuit, obtained by TMZ, Pablo’s brother bought an iPhone X back in April 2018, and he claims the security promise fell horribly flat. One year after buying the X, Roberto claims he got a life-threatening letter from someone named Diego, who said he found Roberto’s address through FaceTime.
In the suit, Roberto says he conducted his own investigation after receiving the letter, and found his iPhone had been compromised due to a FaceTime vulnerability.
Go to Settings > FaceTime. You can choose which address and phone number you let people contact you with, if you have multiple numbers and emails associated with your Apple ID. This won’t stop people from obtaining your address elsewhere.
Apple updated its apps for education—Schoolwork and Classroom—with new features and a new design for Schoolwork. Version 3.2 for Classroom:
Automatically access classes set up through Apple School Manager by signing into your device with a Managed Apple ID; Use AirPlay to project class details to Apple TV when inviting students to join a teacher-created class; Easily adjust the size of students’ screens by pinching to zoom in or out.
A report from Motherboard today finds that a leaked version of iOS 14 has been circulating around the hacking and security community since at least February. Sources claim someone bought a development iPhone 11 running iOS 14 from a Chinese vendor in December 2019.
“That sucks,” said a current Apple employee, who didn’t have knowledge of the leak. Another current Apple employee told Motherboard that they spoke to other employees referencing the leaks. Both employees asked to remain anonymous as they were not allowed to talk to the press. A source in the cybersecurity industry said, his team has this leaked version of iOS 14, and they are studying it.
Like Will Strafach, I too feel bad for whomever Apple rains fire upon.
