Privacy is a growing concern in today’s world. Follow along with all our coverage related to privacy, security, what Apple and other companies are doing to keep your information safe, and what steps you can take to keep your information private.
Shopping list and recipe app AnyList has explained in a lengthy blog post no fewer than ten problems with Sign in with Apple.
It says there are five problems for users, and five for developers, and consequently the app will not be supporting the login method …
The Indiana Supreme court has ruled that a suspect cannot be forced to unlock her iPhone using her passcode, rejecting a legal argument known as ‘foregone conclusion.’
While the argument used against her does have legal precedent, the use of it to compel disclosure of a passcode does seem absurd …
A group of Republican senators are making yet another attempt to ban end-to-end encryption in messaging services, which would make illegal Apple’s Messages and FaceTime services, as well as a wide range of other message apps like WhatsApp, Signal and Telegram.
No surprise, either, that they are again demonstrating that they don’t understand how end-to-end encryption works …
Update: The app is now available to all. The company also announced two additional new features for home users, and two others for work users, described at the end of the piece.
A Dropbox password manager has been quietly added to the App Store, but it is currently listed as ‘by invite.’ This means that you can download it, but can’t yet activate it. An Android version is also available on the Play store, subject to the same restriction …
New York attorney general Letitia James has asked Apple and Google to vet contact tracing apps submitted to their app stores to distinguish official from unofficial ones, and to ensure that they protect user privacy.
Apple has already taken one step in this direction, but New York wants the company to go further …
Anonymizing photos and videos can be a time-consuming task sometimes including multiple steps, especially if you want to strip metadata. Developers Playground.AI decided to tackle that problem and came up with a valuable new iPhone app called Anonymous Camera that handles all of the processing on device in real-time. Playground.AI is also donating all of its proceeds from the app to Black Visions Collective and Unicorn Riot for the first month.
The FBI broke the law when it switched on a suspect’s phone to look at his lock screen without a warrant, ruled a judge.
It said that gathering evidence from a lock screen constitutes a search, and doing this without a warrant violates the 4th Amendment, which prohibits unreasonable search and seizure …
Apple and Google created a coronavirus contact tracing API to help governments create their own apps – but an initial report suggests that take-up hasn’t been high. Just 22 countries and a handful of US states have so far requested access, and a subsequent iOS and Android update to allow contact tracing to work without an app appears to be some months away.
Some countries have created contact tracing apps that involve huge infringements of privacy. The one used in South Korea, for example, collects surname, sex, year of birth, residential district, profession, travel history, and more. China’s app is linked to a unique government ID, identifying specific individuals.
Many countries still haven’t managed to release a contact tracing app at all …
Analysis of the source code for the UK contact tracing app has revealed no fewer than seven security flaws.
One of these is that the random code assigned to users is only changed once a day, making it much easier to de-anonymize individuals …
A previously undisclosed Grayshift tool allows law enforcement agencies to capture an iPhone passcode when the owner uses it to unlock their phone. This is done by surreptitiously installing malware on the device before handing it back to the suspect.
We knew Grayshift’s GrayKey box could brute-force iPhone passcodes, but we’re learning for the first time about this additional capability, which has seemingly been available for at least a year …
The Siri grading whistleblower who revealed that private conversations were overheard by contractors working on improving Apple’s intelligent assistant has today revealed his identity.
He has done so in a letter to the European Union, calling for Apple to face the consequences of its privacy failure …
It looks like the most recent contention between the FBI and Apple over device encryption has come to an end as the agency has unlocked the two iPhones belonging to the Pensacola shooter with “no thanks to Apple.” Going further, AG William Barr has again called for the government to force Apple and others to create backdoors into their devices.
Update: We’ve got an official response from Apple on the matter that highlights all the ways it helped the FBI and that it’s precisely because it takes security and privacy so seriously that it doesn’t believe in creating a backdoor:
The terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida was a devastating and heinous act. Apple responded to the FBI’s first requests for information just hours after the attack on December 6, 2019 and continued to support law enforcement during their investigation. We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola and New York over the months since.
On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.
It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.
Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.
A massive data breach dubbed db8151dd has exposed the records of 22M people – including addresses, phone numbers, and social media links. But the source of the data is a mystery …
The US Senate yesterday voted – by a single vote – to allow government agencies like the FBI and CIA to access your browsing history without a warrant.
This means they would not need to show probable cause for believing you have committed a crime before requiring your ISP to hand over its records on your web browsing and search histories …
I’m a huge privacy advocate who’s written a lot about the topic because it’s a massively important issue.
It’s important for two reasons: First, because the kind of technology we have available to us today poses privacy risks never before imagined. China, for example, has demonstrated the ability of its massive network of facial-recognition cameras to track one individual among millions as they travel from one side of a city to the other.
Second, because once you allow something to happen, it is very, very hard to roll it back. Crises are particularly dangerous in this respect, because it’s easier to justify extreme measures at extreme times – like the coronavirus – but once a government goes down a particular road, it’s vanishingly rare that they abandon the approach once the crisis has passed…
A new blog post today reveals that Zoom bought Keybase, a 25-person startup specializing in encrypted message and file-sharing. It is the first acquisition in Zoom’s history …
Free Zoom accounts will get three more security features on May 9 as the company continues its efforts to boost privacy protections and fight abuse like Zoom-bombing …
Americans are divided on whether they would be willing to use coronavirus contact tracing apps powered by the joint Apple/Google API. A Washington Post/University of Maryland poll found an exact 50/50 split between those who would use it and those who wouldn’t.
That’s already less than ideal, but there were three further worrying aspects …
Update: Zoom 5.0.0 is finally landing today, after initially being promised for April 22. It hasn’t yet shown up in all app stores, but should do so shortly.
Zoom security and privacy has been boosted with the addition of no fewer than nine new features in the latest update, Zoom 5.0 …
Students taking examinations during the coronavirus lockdown say they are being subjected to remote proctoring via their webcams, and it’s creeping them out …
The joint Google/Apple contact tracing API for coronavirus has ‘a stunning blindspot’ claims one company working on a rival approach designed for adoption by businesses for their own employees, as a second company says there is good reason for companies to use a location-based approach.
Not everyone has a smartphone, says Microshare, which is instead proposing the use of Bluetooth badges, keyrings, and wristbands …
The German government has announced a change in policy over the weekend, and now favors the Apple/Google contact tracing approach for the coronavirus over the rival one proposed by the European Union.
Apple, meantime, is pushing an alternative term designed to emphasize the benefits over the methodology …
A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. The security group ZecOps (via Motherboard) says that one of the two vulnerabilities is a zero-click exploit (no user interaction needed) that can be performed remotely.
An iOS 12 exploit has reportedly reemerged, being used by a group of hackers in China known as the “Evil Eye.” The latest Insomnia exploit gives attackers root access to iPhones running iOS 12.3 to 12.3.2.