Link

What’s On My Homescreen, December 2017 Edition

Screenshot of my iPhone 7 homescreen from December 2017
Screenshot of my iPhone 7 homescreen from December 2017

My homescreen is mostly divided between stuff that I want immediate access to on a very regular basis and one or two ‘testing’ applications (in terms of position on the homescreen and/or whether I like them as applications). Without further ado:

Photography (Folder): I play with a lot of different photo apps, though I tend to alternate between Darkroom and Snapseed a fair bit and rarely use Polar anymore. Slow Shutter is something I’m playing around with off and on, and ProCam was free.

Reminders: I don’t like the application but since I basically just use it for groceries I’m not willing to spend money for a ‘better’ app.

Notes: Much of my life exists in Notes.  I wish there was better support for markdown and would love tagging support. And it’d be great if Apple would fix the freezing bug that was introduced in iOS 11! But on the whole Notes plays well across all my Apple devices and the interface just gets out of the way.

Messages: Not my default means of communicating with people, in part because I try to avoid sending SMS messages as best I’m able for security reasons, but it’s a necessary evil in my life.

Phone: I take and make a lot of calls.

WhatsApp: My preferred method of communicating because it’s a cross-platform app (don’t need to know if someone is on an iPhone, Android, Blackberry, or whatever else) and encrypts voice-, video-, and text-based messages end-to-end. Still, it leaks some metadata and so, in some instances I use…

Signal: The best of consumer-available secure messaging app. Unlike WhatsApp, Signal keeps the bare minimum amount of information required to process communications.

Podcasts: I listen to silly numbers of Podcasts. I had problems with the application in iOS 9 but they seem to have been fixed in iOS 10/11. Importantly, the application syncs well across all the Apple devices that I own.

Hello Weather: I wish I could download and use Dark Sky but it’s not available in the Canadian App Store. Hello Weather pulls data from the same repository as Dark Sky so it’s as accurate, if not as pretty.

Day One: I’ve kept digital journals in one format or another for well over 15 or 16 years. I’ve been using Day One for a few years and love the interface.

Ulysses: I keep coming back to Ulysses even though I don’t derive any joy from using it. It’s certainly functional and lets me publish to my WordPress websites and I enjoy how it does markdown. But the interface is the definition of ‘meh’ for me.

Reeder: Too much of my time is spent in Reeder. I follow a lot of wonky websites and blogs, plus fashion, tech, culture, and more. So much to read and so little time!

Paprika: A relatively new application in my life, I’m seeing whether the application fits  into my life. Previously I was using the Notes app to keep track of recipes but that didn’t scale very well. My hope is that Paprika really does take over part of my life and make shopping that much more pleasant.

iBooks: For pleasure reading I only purchase digital copies through iBooks. I realize it’s a walled garden but I’ve long since made my peace with that.

Activity: I’ve tracked my baseline activity information for almost ten year and this app collects daily information from my Apple Watch. I use a separate application — Healthview — to study longer-term trends in my personal fitness and health.

Halide: The newest application in my life! Though I usually shoot with my mirrorless camera, sometimes it’s not convenient and so I whip out my iPhone. Halide gives me more control over what I’m shooting and I really appreciate the ability to turn on focus peaking.

Safari: Because I, too, browse the Internet.

Mail: It’s not the best of clients but it’s as bad as most. And the really good ones would force me to move my mail through additional third-parties, and I’m not willing to engage in that kind of activity.

Tweetbot: I use Twitter a lot and a large portion of my professional network is located there. But the official Twitter application is just horrible in my view, whereas Tweetbot gets out of my way and lets me just enjoy the content steaming by.

Music: I usually have music playing in the background if I’m not listening to a podcast.

Link

Delight and Apple’s Face ID

Om Malik:

The reason Face ID works is because of some key silicon innovations — yes, there is that TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator and a seven megapixel camera. Face ID projects more than 30,000 invisible IR dots. The resulting IR image and dot pattern is then used to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. What decodes the data captured by this camera (for lack of a better descriptor) are neural capabilities of its A11 Bionic chip. I saw this first hand and was blown away by the effectiveness of Face ID.

The FaceID is a perfect illustration of Apple’s not so secret “secret sauce” — a perfect symbiosis of silicon, physical hardware, software, and designing for delight. Their abilities to turn complex technologies into a magical moment is predicated on this harmonious marriage of needs.

I appreciate that a lot of people in the security and technologist community are dubious of Face ID. There are reasonable concerns about whether the technology will enable law enforcement or other third-parties to unlock a person’s phone by flashing it phone in front of their face, and whether or not it will even work.

But all of those questions fail to get what Apple doing with Face ID. Don’t believe me? Then go find entirely normal users who walk into a Best Buy and buy a laptop without doing any real research, and subsequently discovering their Windows laptop supports logging in with the infrared camera. They are amazed by the technology and tend to be pretty forgiving it doesn’t always work perfectly.

If Apple can ensure that Face ID works reliably then they’re going to have an amazing halo product because, remember, those who are amazed by Face ID likely won’t own one of the new top-of-the-line iPhones. So, instead, Face ID will function as an aspirational feature that few people will have but that many will want, and likely lead to regular users purchasing the first ‘normal’ iPhone that has this cool feature.

Link

Feds Walk Into A Building. Demand Everyone’s Fingerprints To Open Phones

Forbes:

Legal experts were shocked at the government’s request. “They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,” said Marina Medvin of Medvin Law. “Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law – because of the fact that they already have a warrant. They want to leverage this warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse of power if it were permitted.”

Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation (EFF), added: “It’s not enough for a government to just say we have a warrant to search this house and therefore this person should unlock their phone. The government needs to say specifically what information they expect to find on the phone, how that relates to criminal activity and I would argue they need to set up a way to access only the information that is relevant to the investigation.

It’s insane that the US government is getting chained warrants that authorize expansive searches without clarifying what is being sought or the specific rationales for such searches. Such actions represent an absolute violation of due process.

But, at the same time, the government’s actions (again) indicate the relative weaknesses of the ‘going dark’ arguments. While iPhones and other devices are secured to prevent all actors from illegitimately accessing them, fingerprint-enabled devices can let government agencies bypass security protections with relative ease. This doesn’t mean that fingerprint scanners are bad – most people’s threat models aren’t police, but criminals, snoopy friends and family, etc – but instead that authorities can routinely bypass, rather than need to break, cryptographically-secured communications.

Link

Turning security flaws into cyberweapons endangers Canadians, experts warn

Turning security flaws into cyberweapons endangers Canadians, experts warn:

“The Snowden docs demonstrate that CSE is active in identifying vulnerabilities,” Christopher Parsons, a post-doctoral fellow at Citizen Lab, told CBC.

“The fact that CSE identifies vulnerabilities and is not reporting them means users are not receiving patches in order to secure their networks.”

Parsons said this “creates a really dangerous scenario.”

“Canadians need to have a discussion about this. Do we want to live in a world in which we’re protecting our own citizens? Or should the priority of Canadian government organizations [like CSE] be first and foremost hacking foreign systems?”

Canadian politicians, judges, journalists and business leaders use smartphones vulnerable to the flaws now fixed by Apple — and to flaws still unknown. The country’s infrastructure is increasingly networked and vulnerable to sabotage by a foreign intelligence agency.

In such a world, Parsons wondered, does national security mean using security flaws against potential enemies? Or disclosing and fixing them?

“We haven’t had that debate in this country,” he said.

It’s increasingly looking like we are going to have the debate concerning whether the Canadian government should be stockpiling vulnerabiltiies or actively working to close identified vulnerabilties. Let’s hope that the debate tilts in favour of protecting the citizenry instead of leaving it vulnerable to domestic and foreign attackers.

New York DA Wants Apple, Google to Roll Back Encryption

New York DA Wants Apple, Google to Roll Back Encryption:

[Manhattan District Attorney Cyrus Vance Jr.] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers alike.

Instead, Vance said, he only wanted the encryption standards rolled back to the point where the companies themselves can decrypt devices, but police cannot. This situation existed until September 2014, when Apple pushed out iOS 8, which Apple itself cannot decrypt.

“Tim Cook was absolutely right when he told his shareholders that the iPhone changed the world,” Vance said. “It’s changed my world. It’s letting criminals conduct their business with the knowledge we can’t listen to them.”

Vance cited a recording of a telephone call made from New York City’s Riker’s Island jail to an outside line. In the call, a defendant in a sex-crimes case tells a friend about the miraculous powers of the new smartphone operating systems.

“Apple and Google came out with these softwares that can no longer by encrypted by the police,” the defendant allegedly said, mixing up encryption with decryption. “If our phones [are] running on iOS 8 software, they can’t open my phone. That might be another gift from God.”

Correct me if I’m wrong but if you’re able to quote the conversation they had about the encryption of the device, then isn’t it the case that law enforcement can, in fact, listen in to at least some of these supposedly sophisticated criminals? Regardless of their adoption of consumer-grade (i.e. incredibly common) tools and security protocols?

But more to the point: it has never been the case that government agencies have been able to compel, or access, all of the information they might find useful in the course of their investigations. That’s normal. Government agencies enjoyed incredible access to persons’ information for the course of a decade or so, as technology companies matured into firms that took the security and privacy of their customers seriously. Asking for the industry to return to a less-mature state is bad for everyone.

Finally: while domestic agencies might be worried about the situations where they cannot access the data at rest on the device, you can be sure that governmental staff who are abroad are very happy that they can use their devices with the knowledge that even foreign state actors will be challenged in accessing the data at rest which is stored on their smartphones. American (and Canadian) law enforcement agencies are understandably pushing for greater access to information but, by the same token, their success would mean that their compatriots in China, Brazil, France, Israel, and other friendly and unfriendly states would be able to lawfully gain entry to foreign agents’ devices. I’m pretty sure that diplomatic staff and military personel abroad are pleased that such an attack vector has been narrowed by Apple’s actions.