Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

How the EARN IT Act is an Attack on Encryption

Andrew Orr ·

Introduced by Senators Lindsey Graham and Richard Blumenthal, the EARN It act would force companies to “earn” protection from Section 230 to fight online child exploitation.

Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability or remove encryption protections altogether.

My linked teaser from yesterday was separate from the EARN It act, but now it shows that companies are being coerced on two fronts.

Link

Utah is Now a Surveillance State Thanks to This Company

Andrew Orr ·

A surveillance company called Banjo has partnered with Utah state authorities to enable a dystopian panopticon.

The lofty goal of Banjo’s system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone’s privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.

Link

A.G. William Barr Wants Tech Companies to Fight Child Sexual Abuse

Andrew Orr ·

Attorney General William Barr wants tech companies like Apple to fight online child sexual abuse even more with “voluntary standards.”

These voluntary principles are built on existing industry efforts to combat these crimes.  Some leading companies have dedicated significant resources to develop and deploy tools in the fight to protect children online and to detect, disrupt and identify offenders.  Although significant progress has been made, there is much more to be done to strengthen existing efforts and enhance collective action.

First, as I discovered last year Apple started to scan online iCloud content for child sexual abuse material (CSAM). Many other companies do the same. Second, although encryption wasn’t explicitly mentioned, this is undoubtedly (in my opinion) a new development in the war on encryption. Child predators are one of the scary boogeymen used by the government to erode our privacy even further. I of course do support Apple scanning for this content, but it’s not a black and white issue.

Link

Twitter Tests Tweets That Disappear After 24 Hours

Andrew Orr ·

Twitter is testing a new feature called “fleets” which are tweets that disappear after 24 hours.

According to Twitter, an initial survey of users showed they would be more comfortable “sharing everyday thoughts” if they disappear after 24 hours.

Like tweets, Twitter fleets are based primarily on text, but you also can include videos, GIFs or photos in them. Users’ fleets will appear at the top of their home page and visible to their followers. Other users can reply to a fleet via private direct message or with an emoji.

It sounds like a good idea on the surface, but given that Twitter is a dumpster fire, you can imagine hateful tweets, political lies, etc. all disappearing from the public record. Of course, people can just screenshot them.

Link

Someone Hacked J.Crew Last Spring and we Only Find Out Today

Andrew Orr ·

According to a notice [PDF] from J.Crew, someone hacked the company last year. For some reason we’re only finding out about it today, a year later.

“The information that would have been accessible in your jcrew.com account includes the last four digits of credit card numbers you have stored in your account, the expiration dates, card types, and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders,” J.Crew’s data breach notification explains.

You know, sometimes when I write about this stuff, like Facebook doing every bad thing under the sun with our data, I stop and think: “Am I just a cynical a**hole?” Then, when yet another idiot company has a data breach, I realize, no I’m just reporting reality. These companies deserve to be named and shamed.

Link

Book Publishers Artificially Limit eBook Lending in Libraries

Andrew Orr ·

Major book publishers impose limits on how libraries handle ebooks, with short-term licenses and contracts.

Because only one reader can check out an ebook at a time, and because the cost of licensing an ebook is prohibitively high for libraries to invest in hundreds of copies for every new title, library-goers have become accustomed to long waits to check out ebooks, particularly bestsellers. For publishers, that’s the point. If you have to wait weeks to check out a new ebook, you might just cruise on over to Amazon and pay $14.99 to have it delivered immediately to your Kindle or the Kindle app on your phone.

Expensive college textbooks and dumb eBook rules are two good examples of how ripe for disruption this space is. It’s also shortsighted. The point of digital media is to make it so easy to access that people don’t feel the need to pirate anymore. But practices like this is partly what drives people to pirate.

Link

Atari’s Missile Command Heads to iOS This Spring

Andrew Orr ·

2020 is the 40th anniversary of Missile Command and Atari is bringing it to iOS sometime this spring.

Missile Command: Recharged maintains the same perspective of the original game, in which missile silos battle incoming rockets to protect civilian structures. Recharged uses a neon-colored visual design, a la classic arcade game re-imaginings like Pac Man Championship Edition and Space Invaders Extreme. Gameplay has been remixed, with power-ups, an upgrade system, and an augmented reality mode that projects gameplay onto a “virtual arcade cabinet.”

Link

YouTube Doesn’t Recommend as Many Conspiracy Videos Anymore

Andrew Orr ·

YouTube is working to cut the number of conspiracy video it recommends to users, but that number is slowly increasing again.

Researchers trained an algorithm to judge the likelihood that a video on the site contained conspiracy theories by looking at the description, transcript, and comments. They examined eight million recommendations over 15 months. They found that shortly after YouTube announced it would recommend less conspiracy content in January 2019, the numbers did indeed gradually drop—by about 70% at the lowest point in May 2019. However, the number of conspiracy videos YouTube’s algorithm recommends has steadily risen again since then. These recommendations are now only 40% less common than when YouTube started its crackdown.

Link

Programmers Create Every Possible Melody to Stop Lawsuits

Andrew Orr ·

Two programmers have created every possible melody in MIDI to help creators stifled by lawsuits.

Two programmer-musicians wrote every possible MIDI melody in existence to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued.

Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they’re accused of copying—even if it was something they listened to once—they can be accused of “subconsciously” infringing on the original content.

Sounds like a clever attempt to hack the system. I’m not sure if that will actually hold up in court but it’s creative.

Link

How to Create a Honeypot URL With URL Canary

Andrew Orr ·

A service I recently discovered is URL Canary. It creates a honeypot URL that you can then put in a location such as your cloud storage. It alerts you if that URL has been accessed.

URL Canary will catch automated robots and crawlers, as well as manual human attackers. The only time it won’t catch an attacker is if they don’t see the canary, or they don’t find it sufficiently-compelling and opt not to visit it. Since you have control of the URL and the domain name, you can make your canaries as compelling as possible for your specific use case.

There’s a similar service I know of called CanaryTokens.