Tag: Apple

Categories
Links Writing

Delight and Apple’s Face ID

Om Malik:

The reason Face ID works is because of some key silicon innovations — yes, there is that TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator and a seven megapixel camera. Face ID projects more than 30,000 invisible IR dots. The resulting IR image and dot pattern is then used to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. What decodes the data captured by this camera (for lack of a better descriptor) are neural capabilities of its A11 Bionic chip. I saw this first hand and was blown away by the effectiveness of Face ID.

The FaceID is a perfect illustration of Apple’s not so secret “secret sauce” — a perfect symbiosis of silicon, physical hardware, software, and designing for delight. Their abilities to turn complex technologies into a magical moment is predicated on this harmonious marriage of needs.

I appreciate that a lot of people in the security and technologist community are dubious of Face ID. There are reasonable concerns about whether the technology will enable law enforcement or other third-parties to unlock a person’s phone by flashing it phone in front of their face, and whether or not it will even work.

But all of those questions fail to get what Apple doing with Face ID. Don’t believe me? Then go find entirely normal users who walk into a Best Buy and buy a laptop without doing any real research, and subsequently discovering their Windows laptop supports logging in with the infrared camera. They are amazed by the technology and tend to be pretty forgiving it doesn’t always work perfectly.

If Apple can ensure that Face ID works reliably then they’re going to have an amazing halo product because, remember, those who are amazed by Face ID likely won’t own one of the new top-of-the-line iPhones. So, instead, Face ID will function as an aspirational feature that few people will have but that many will want, and likely lead to regular users purchasing the first ‘normal’ iPhone that has this cool feature.

Categories
Writing

Feature Parity in Apple Notes

I have a love and occasional hate relationship with Apple Notes. And a mostly hate and kind fond memory relationship with my longstanding notes application, Evernote. So for the past few months I’ve slowly and tediously shifting a few thousand notes from one service to another.

This is the story of why, the joys and miseries of the decision, and what I hope Apple changes in future versions of its note taking application.

Evernote’s Trust and Pricing Deficit

Evernote has some serous problems to my eye. I like some of its features, such as the ability to search .PDFs and adding tags to different notes. But these features aren’t enough to overcome the baseline problem that I no longer trust Evernote with my content. There are two core reasons underscoring this lack of trust: the company’s questionable stance on users’ privacy and the company’s willingness to increase prices without providing a corresponding improvement in their services.

In case you missed it, Evernote announced a plan to have specific employees read the content their users added to their notes. The employee would be reading users’ notes to improve on the machine learning algorithms that Evernote was rolling out. Those algorithms, themselves, meant to improve the services provided to users.

So the company was only going to infringe on its users’ privacy for the best of reasons.

The company backed off from its decision pretty quickly in the wake of a media backlash. Nevertheless, the initial decision left a bad taste in my mouth. How could I trust a company that had so cavalierly indicated a willingness to intrude upon their users’ private content? Some people use Evernote for personal journaling, others to manage their businesses, some to store medical information, and yet others for their research and professional writing. On what possible grounds could anyone at a company based on storing people’s thoughts and dreams think it would be appropriate to have employees read potentially sensitive notes? I was already somewhat uneasy with the company but seriously started exploring ways out of their service following this particular privacy SANFU.

The second problem I had with the company was its decision to raise prices for professional users without providing a real benefit to end users. I get that companies sometimes have to adjust their pricing but as a long-standing user it seemed like I was being penalized after trusting the company in its infancy. It just seemed wrong to penalize very early adopters such as myself who’d championed the application from an early point in the company’s existence. There should have been a grace period, at the very least, if not an actual grandfathering of long term users’ prices.

So in the advent of these issues, combined with a decreasing enjoyment of the user interface and user experience more generally, I decided that I wanted out.

Enter Apple Notes

I’ve used Apple Notes off and on for a lot of years. And until the updates that came in iOS 9 I’ve generally stayed away. The service has just been deeply underwhelming in terms of its organization of different notes, to say nothing of the annoyances I had with sharing notes with other people.

The worst of those annoyances have been dealt with in a few ways:

  1. I can organize folders and use macOS to nest different folders in one another, which is essential for me to keep my notes in some semblance of order.
  2. I can search through notes with relative ease on all my Apple devices, though I admit this is an area where improvements would be delightful.
  3. I have more faith in Apple to push back against efforts to access my notes through a legal process, and to protect the privacy of my notes’ contents using best security practices.

Furthermore, I’m already paying for iCloud storage. As a result, shifting my Evernote documents to Apple Notes will likely leave me with a little more money in my bank account each year.

The actual writing experience in Apple Notes is a bit threadbare. That’s ok on the whole – the ability to add headings and titles, along with some baseline formatting is almost enough – and share sheets have made it a lot more pleasant to send a note to a colleague or collaborator.

Aside: The Miseries of Note Migration

There are some automated ways to pull data out of Evernote and into other note taking applications, including Apple Notes. But I’m not using them for two separate reasons.

First, I want to be able to re-curate all the stuff that’s collected in Evernote over then past years. So that means that I want to put my own eyes on old notes to determine what should and shouldn’t make the cut. I’ve shed about a thousand notes thus far and I’m pretty sure that even are going to vanish into the digital ether.

Second, the way I organized notes in Evernote changed over the years that I was using it. I did a lot of learning while using the application which mean that I changed my tagging and notebook structures a few times. That meant there was a pretty bad mess I’d built up and I wanted that cleaned up.

I should acknowledge that Evernote also put a lot of really badly formatted notes in my various notebooks and I’m spending more time than is really appropriate to fix up those notes. Specifically, I used the company’s web clipping tool on a regular basis and the way it clipped pages was often sub-par (to be generous). In some cases it meant that HTML was laced through notes. In others, the clipped pages were filled with ads and other badly formatted junk; this was the result of website publishers having to incorporate ads and ruin the user experience.

I should be blunt: I was working around the deficiencies of Evernote’s clipping service. Apple Notes has its own problems and deficiencies and, between the two, Evernote is actually better at clipping than Apple.

Limitations of Apple Notes

There’s still room for improvements with Apple Notes.

iOS is definitely an area that is still developing, and I periodically come across things that haven’t been implemented for some reason. One of the teething struggles associated with iOS’s Notes s linked with share sheets: why can I share a note with someone, but not a folder containing multiple notes? My use case is this: I often collect resources for ongoing projects in folders and it’d be great to be able to share all of those items, at once, as opposed to on an individual basis.

In a related vein, I’d be delightful to be able to:

  • Add hyperlinks to text in the Notes applications for iOS;
  • Create sub-folders in the iOS application (I can do it in macOS so why not in iOS?);
  • In macOS, automatically create a note when I drag a file — such as a .pdf, .doc, or other file — into the application.

I also really, really wish that Notes on iOS and macOS supported smart folders and tags. macOS already supports that kinds of functionality in Finder and (to an extent) iTunes and Photos! Adding these kinds of functions into the Notes application would mean I could more easily use the same note in multiple folders. The use case? I often keep reviews of articles and documents in Apple Notes and subsequently want to organize them into additional folders for specific papers that I’m writing or blog posts I’m drafting. As it stands now I need to make total copies of notes and re-create them in folders for the given paper or blog. That’s nuts: I shouldn’t be doubling or tripling notes.

But maybe it’s just too hard to do all that. So if I had to ask for a smaller thing it’d be this: please, please, please just let me pin important notes to the top of different folders in notes.

Finally, it’d be amazing if there was some integration of Markdown functionality. I don’t imagine that’s going to happen anytime soon, but it’d be nice.1 A better web clipping service would also be helpful: Evernote did a not good but generally serviceable if not good job of that and Notes just sucks in comparison.

NOTE: This was originally posted on Medium.

  1. 1: Yes, services like Bear might actually provide a better experience. And its support for Markdown makes it super tempting. But I’d rather pay for fewer services as part of some 2017 ‘financial cleaning’. ↩︎
Categories
Links

How a Grad Student Found Spyware That Could Control Anybody’s iPhone from Anywhere in the World

This is probably the best journalistic account of how current and past members of the Citizen Lab, in tandem with Lookout (a security company), identified the most significant vulnerability to ever target Apple devices.

Categories
Links

Hackers and Law Enforcement Could Hijack Wi-Fi Connections to Track Cellphones

From The Intercept:

But if the operator is O’Hanlon and not Verizon — that identity is compromised. “The IMSI is revealed during this interchange, during the early stages of the conversation. It’s not encrypted,” he says.

This type of activity is called passive monitoring, because it doesn’t require a specific active attack or malware. It only works in some cases, however.

O’Hanlon also developed a couple active attacks that would get the job done, one involving masquerading as the operator’s endpoint where the Wi-Fi call is being directed, and another using a man-in-the-middle attack to intercept it.

Apple is the only company that has taken steps to mitigate the privacy and security risk, he says — they added additional security protocols when he brought up the issue over the summer. It was addressed in iOS 10, though there are still ways to get around the protections. But the problem is less with the companies and more with the way the connections were set up in the first place.

Yet another time that Apple has dedicated engineering resources to better protect their customers whereas their major competitor has declined to do so. And this wasn’t even an Apple or Google problem, per se, but a protocol level issue.

Categories
Links Writing

Apple Logs Your iMessage Contacts — and May Share Them With Police

The Intercept:

Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.

This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that “we do not store data related to customers’ location,” identify a customer’s location. Apple is compelled to turn over such information via court orders for systems known as “pen registers” or “trap and trace devices,” orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are “likely” to obtain information whose “use is relevant to an ongoing criminal investigation.” Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

That Apple has to run a lookup to see whether to send a message securely using Messages or insecurely using SMS isn’t surprising. And the 30 day retention period is likely to help iron out bugs associated with operating a global messaging system: when things go wonky (and they do…) engineers need some kind of data to troubleshoot what’s going on.

Importantly, Apple is not logging communications. Nor is it recording if you communicate with someone who is assigned a particular phone number. All that is retained is the lookup itself. So if you ever type in a wrong number that lookup is recorded, regardless of whether you communicate with whomever holds the number.

More troubling is the fact that Apple does not disclose this information when an individual formally requests copies of all their personal information that Apple retains about them. These lookups arguably constitute personal information, and information like IP addresses etc certainly constitute this information under Canadian law.

Apple, along with other tech companies, ought to release their lawful access guides so that users know and understand what information is accessible to authorities and under what terms. It isn’t enough to just disclose how often such requests are received and complied with: customers should be able to evaluate the terms under which Apple asserts it will, or will not, disclose that information in the first place.

Categories
Links

This is where your smartphone battery begins

This is a brilliant (if saddening) long-form investigation into how the cobalt in contemporary electronics is mined in the Congo and the impacts such mining has on the local residents. It’s worth the (long) read.

Categories
Links

iMessage apps offer more layers of encryption, but do you need one?

Macworld:

Adding encryption you control inside an iMessage transmission can provide more assurances that your messages remain unreadable to others, but there a whole lot of provisos you need to consider before accepting this as a higher level of security.

It’s nice to see reviewers of applications present the concerns, first, before what might be nice about new ‘security’ apps. Namely that crypto is hard to do, not all crypto is the same, and there are basic questions concerning the reliability of the companies providing the security assurance.

More broadly, that applications can route double-encrypted messages through Apple Messages will not necessarily enhance security but, instead, mean that comunications are only as secure as the application applying the second layer of security. Apple is a great big target that everyone wants to penetrate and so Apple hires terrific technical and legal staff to keep government and others at bay. Can we expect that app developers selling encryption apps for a dollar or two will possess an equivalent commitment and competency?

Categories
Links

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender – The Citizen Lab

The place I work at did some stuff.

But the major takeaway for most people should probably be this:

IF YOU ARE ON AN iOS DEVICE, UPDATE YOUR PHONE OR iPAD RIGHT NOW

  1. Open Settings >> General >> Software Update
  2. Tap Download and Install. If a message asks to temporarily remove apps because iOS needs more space for the update, tap Continue or Cancel.

The vulnerabilities we identified in iOS are incredibly severe. Please update your device immediately.

Categories
Links Writing

New York DA Wants Apple, Google to Roll Back Encryption

New York DA Wants Apple, Google to Roll Back Encryption:

[Manhattan District Attorney Cyrus Vance Jr.] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers alike.

Instead, Vance said, he only wanted the encryption standards rolled back to the point where the companies themselves can decrypt devices, but police cannot. This situation existed until September 2014, when Apple pushed out iOS 8, which Apple itself cannot decrypt.

“Tim Cook was absolutely right when he told his shareholders that the iPhone changed the world,” Vance said. “It’s changed my world. It’s letting criminals conduct their business with the knowledge we can’t listen to them.”

Vance cited a recording of a telephone call made from New York City’s Riker’s Island jail to an outside line. In the call, a defendant in a sex-crimes case tells a friend about the miraculous powers of the new smartphone operating systems.

“Apple and Google came out with these softwares that can no longer by encrypted by the police,” the defendant allegedly said, mixing up encryption with decryption. “If our phones [are] running on iOS 8 software, they can’t open my phone. That might be another gift from God.”

Correct me if I’m wrong but if you’re able to quote the conversation they had about the encryption of the device, then isn’t it the case that law enforcement can, in fact, listen in to at least some of these supposedly sophisticated criminals? Regardless of their adoption of consumer-grade (i.e. incredibly common) tools and security protocols?

But more to the point: it has never been the case that government agencies have been able to compel, or access, all of the information they might find useful in the course of their investigations. That’s normal. Government agencies enjoyed incredible access to persons’ information for the course of a decade or so, as technology companies matured into firms that took the security and privacy of their customers seriously. Asking for the industry to return to a less-mature state is bad for everyone.

Finally: while domestic agencies might be worried about the situations where they cannot access the data at rest on the device, you can be sure that governmental staff who are abroad are very happy that they can use their devices with the knowledge that even foreign state actors will be challenged in accessing the data at rest which is stored on their smartphones. American (and Canadian) law enforcement agencies are understandably pushing for greater access to information but, by the same token, their success would mean that their compatriots in China, Brazil, France, Israel, and other friendly and unfriendly states would be able to lawfully gain entry to foreign agents’ devices. I’m pretty sure that diplomatic staff and military personel abroad are pleased that such an attack vector has been narrowed by Apple’s actions.

Categories
Aside Humour

10.10 = 0.2″ More Screen?

It seems that, in installing and running OS X 10.10 Mavericks, I gained .2″ to my Macbook Air’s screen size 😛