Link

TikTok Will Collect Biometric Data From US Users

Andrew Orr ·

TikTok updated its privacy policy on Wednesday, adding a new section about collecting biometric data from users. This data includes “faceprints and voiceprints.”

The statement itself is vague, as it doesn’t specify whether it’s considering federal law, states laws, or both. It also doesn’t explain, as the other part did, why TikTok needs this data. It doesn’t define the terms “faceprints” or “voiceprints.” Nor does it explain how it would go about seeking the “required permissions” from users, or if it would look to either state or federal laws to guide that process of gaining consent.

TMO Deals

Blinkist Premium 2-Year Subscription: $99.99

Bryan Chaffin ·

We have a deal on a 2-year subscription to Blinkist Premium. Blinkist is the app that brings you the key ideas from top nonfiction books and podcasts, all in 15-minute audio and text explainers. Read or listen to the key ideas from over 4,500 bestselling titles across 27 categories, including personal development, entrepreneurship, and psychology. A 2-year subscription to Blinkist Premium is $99.99 through our deal.

Link

Twitter Launches First-Ever Subscription Service - and it Let's You Edit Tweets

Charlotte Henry ·

Twitter announced that it is rolling Twitter Blue, its first-ever subscription service, in a blog post on Thursday. The new service is coming to Australia and Canada first, costing CAD$3.49 or AUD$4.49 per month respectively. It includes various features, including ‘Undo Tweet’, which gives you a brief window in which to preview and edit a tweet before it goes live.

For those wondering, no, a free Twitter is not going away, and never will. This subscription offering is simply meant to add enhanced and complementary features to the already existing Twitter experience for those who want it… Starting today, we will be rolling out our first iteration of Twitter Blue in Australia and Canada. Our hope with this initial phase is to gain a deeper understanding of what will make your Twitter experience more customized, more expressive, and generally speaking more 🔥.

Link

How to Get Around macOS Security Using App Installers

Andrew Orr ·

Tenable Research found security issues related to macOS app installers, and they can be used to bypass default Mac security protections. So far, Apple hasn’t fixed it (emphasis mine).

Frustrated by the prevalence of these issues, we decided to write them up and make separate reports to both Apple and Microsoft. We wrote to Apple to recommend implementing a fix similar to what they did for CVE-2020–9817 and explained the additional LPE mechanism discovered.

We wrote to Microsoft to recommend a fix for the flaw in their installer. Both companies have rejected these submissions and suggestions.

Link

What Having Apple TV on the Nvidia Shield Tells us About Apple's Services Business

Charlotte Henry ·

Earlier this week, Nvidia announced that SHIELD users can purchase or rent movies and shows and access Apple TV+ through the Apple TV app on the device. At iMore, Oliver Haslam neatly outlines how this underlines a significant shift that has been going on in Apple’s services business.

Apple’s services business isn’t what it once was. It’s no longer a way to keep people tethered to Apple and is instead just another way for Apple to make money. If people insist on using Android phones, they might as well give Apple $10 each month to listen to its music. People really don’t want to buy an Apple TV 4K? No problem, Apple will take their $4.99 per month and let them watch on their crappy smart TV instead. The idea of an Apple TV app running on the Nvidia Shield – of all things! – would have been insane just a few short years ago. Call me an old romantic, but who knows – maybe it gives us all hope that one day, on an indefinite timescale, we’ll see iMessage break free of Apple’s chains as well.

Link

Might Apple buy a Hollywood Studio? Analysts Think it Should

Charlotte Henry ·

The lack of content on Apple TV+ compared to its rivals is a regular source of discussion and criticism against the service. According to The Hollywood Reporter, some analysts want it to fill this gap by following Amazon in purchasing a major Hollywood studio.

CEO Tim Cook has described streamer Apple TV+’s ambition “to be one of the most desired platforms for storytellers,” singling out comedy series Ted Lasso, drama The Morning Show and the miniseries Defending Jacob as its titles with “significant buzz.” But the streamer is seen by some Wall Street analysts as lacking multiple, regular breakout hits, which has led some to argue for a studio acquisition. Morgan Stanley research released in April found only 8 percent of U.S. respondents said they use Apple TV+, a figure that lags far below Netflix (58 percent), Amazon Prime (45 percent) and Disney+ (31 percent).

Link

Will Apple Ever Give More Than 5GB iCloud Storage For Free?

Charlotte Henry ·

Steve Jobs unveiled iCloud in June 2011 and, a decade on, the amount of free storage offered has still not increased beyond 5GB. 9to5Mac has published a good history lesson of the service, including speculation on how the paid tiers could change to help both Apple and users.

There is an argument to be made that Apple’s services revenue would actually benefit from giving away slightly more upfront to reel people in and entice customers into paid plans. 5 GB isn’t enough to even try out iCloud Photos in any meaningful capacity. If instead the free tier was matching Google’s at 15 GB, it would enable Apple users to get a reasonable amount of photos backing up to iCloud, experience some of the benefits of cloud sync, and then be more likely persuaded into committing to a paid plan. To pull this off, you’d have to adjust the paid tiers accordingly. Maybe a lineup of 15 GB free, 100 GB for $0.99/month, 300 GB for $2.99/month and 2 TB for $9.99/month could be compelling. An even cheekier approach could be to only increase the storage offered as part of Apple One, making the higher-value subscriptions more attractive for consumers migrating from the free plan.

Link

Firefox 89 Gets Design Overhaul and ‘Total Cookie Protection’ Feature

Andrew Orr ·

Mozilla has released Firefox version 89 on Tuesday, bringing a new design for desktop users and a privacy feature called Total Cookie Protection added to private browsing.

We’ve enhanced the privacy of the Firefox Browser’s Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companies from using cookies to track your browsing across sites. This feature was originally launched in Firefox’s ETP Strict mode.

More information on Total Cookie Protection can be found on Mozilla’s blog.

Link

You Have One Week to Opt Out of Amazon’s ‘Sidewalk’ Network Service

Andrew Orr ·

Amazon Sidewalk is the company’s network mesh service that shares your internet bandwidth with Amazon devices. You must opt out by June 8 if you don’t want this because the setting is turned on by default.

The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.

By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system.

Link

Postal Workers Targeted With Phishing Campaign

Andrew Orr ·

Postal workers returning to the office after COVID-19 restrictions may find themselves targeted by a new phishing campaign.

The email-based campaign, observed by Cofense, is targeting employees with emails purporting to come from their CIO welcoming them back into offices.

The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.

Link

Meat Supplier JBS Hit With Cyber Attack, Data Not Affected

Andrew Orr ·

JBS SA shut down its computer networks for its operations in Australia and North America due to a cyberattack.

Backup servers were not affected, and the company is actively working to restore systems as soon as possible, according to a statement from JBS USA Monday. The processor said it’s not aware of any customer, supplier or employee data being compromised or misused.

TMO Deals

TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones: $71.97

Bryan Chaffin ·

We have a deal on a pair of TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones. This updated version of the original Z2s comes with a new all-black design, Bluetooth 5.0, and TREBLAB’s Sound2.0 technology with aptX and T-Quiet active noise-cancellation. They’re $78.99 but they’re discounted to $71.97 for our Memorial Day sale.

Link

‘Have I Been Pwned’ Open Sourced, Partners With FBI

Andrew Orr ·

The popular service Have I Been Pwned has made its code open source, and it’s also partnering with the FBI. The agency will send compromised passwords discovered during investigations.

Why is the FBI getting involved? Because Bryan A. Vorndran, the FBI’s Assistant Director, Cyber Division, said, “We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime.”

Link

iOS 14.6 Tells Apple Watch Series 3 Users to Restore Device Prior to Updating watchOS

Charlotte Henry ·

iOS 14.6 is prompting some users to restore their Apple Watch before trying to install the latest version of watchOS 7. The problem is related to the GPS version of the Series 3 as it has just 8GB of internal storage, 9to5 Mac reported.

With the latest versions of iOS and watchOS, Apple seems to have given up trying to force users to delete apps and media manually, which almost never solves the problem. As shown by a 9to5Mac reader on Twitter… iOS 14.6 simply asks the user to unpair and restore the Apple Watch Series 3 in order to install watchOS updates… Previously, the message only recommended that the user should delete some content before trying to install the update again.

Link

How Ad Agencies Are Helping Clients Navigate iOS 14.5 and App Tracking Transparency

Charlotte Henry ·

iOS 14.5, including App Tracking Transparency, arrived almost a month ago. The Drum spoke to key figures in the advertising industry to get their take and see how they are helping their clients navigate the changes. (A recent episode of Media+ also explored this topic.)

Tim Maleeny, president and chief strategy officer, Havas: A fair exchange for first-party data in return for a better user experience, access to valuable content or discounts is a much more honest relationship with your customers than harvesting their data without their knowledge. There are many ways to track ecosystem data to approximate a target audience’s online habits, but taking the more meaningful approach of an open exchange – in other words, placing a value on customers’ data – is where this is all headed.

TMO Deals

SurfShark VPN 2-Year Subscription: $42.74

Bryan Chaffin ·

We have a deal on a 2-year subscription to SurfShark VPN for Memorial Day. This service features unlimited data, military-grade AES-256-GCM encryption, and IKEv2 and OpenVPN protocols. The company also has a no logging policy. Two years with SurfShark is $42.74 through our Memorial Day sale.

 

https://www.youtube.com/watch?v=g_93KzDGmCI

Link

DHS Releases Cybersecurity Rules for Pipeline Operators

Andrew Orr ·

Today, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive for critical pipeline companies.

The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.

It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

Link

Facebook Can Get Location Data From Your Photos

Andrew Orr ·

iOS users can limit their location exposure to apps that ask for it, but your location is leaking in another area: Your photo metadata.

I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.

It’s important to note that Facebook and other companies have had this ability for years. This is not, as the Forbes article implies, a response to iOS 14.5 App Tracking Transparency. The app I use to view and edit metadata is Metapho.

Link

WebKit Flaw Crashes Safari, Could Lead to Further Exploits

Andrew Orr ·

A WebKit flaw on iOS and macOS can cause Safari to crash and could lead to further malicious attacks.

The vulnerability stems from what security researchers call a type confusion bug in the WebKit implementation of AudioWorklet, an interface that allows developers to control, manipulate, render, and output audio and decrease latency. Exploiting the vulnerability gives an attacker the basic building blocks to remotely execute malicious code on affected devices.

TMO Deals

Work from Home Kit with Telescopic Phone Stand, Smart Lens, Light Set: $99.99

Bryan Chaffin ·

We have a deal on the Work from Home Kit, which includes a telescopic phone stand, the Smart Lens, and a light set. The wide-angle lens clicks onto your phone or laptop, providing a 160º angle to capture more than your face. The smart light gives you studio-quality lighting to look great and keep your colleagues focused on what you have to say. The Work from Home Kit is $99.99 through our deal.

Link

Apple Shares Entrepreneur Camp Participants' Inspiring Stories

Charlotte Henry ·

Apple runs an Entrepreneur Camp in which participants are supported to develop and create new products. It shared the story of some of those involved in the program (pictured above).

Hopscotch founder Samantha John wanted to create an app that ignited the imaginations of young girl coders. Hopscotch is a code-learning app that enables kids to learn to think creatively and learn the fundamentals of code by building their own games, art, and stories. Kids and teens can publish their creations to Hopscotch’s fully moderated community where they can can play and learn together. John first learned the power of code through her coursework in college, but she noticed that a lot of her male friends had learned coding much earlier. “I wanted to make something for little me!” says John. “All my male coder friends had learned when they were kids, and it had not been something on my radar. I wanted to change that for the next generation.”

Link

App That Forced Users to Leave Positive Review Removed From App Store

Charlotte Henry ·

Apple has removed from the App Store an app that forced users to leave a good review before they could use it, iMore reported. It was, though, possible to leave bad reviews in other ways, such as on the web.

Kosta Eleftheriou highlighted the strange behavior of the app in a tweet. The video appears to show a review prompt that can’t be bypassed, and one that won’t accept anything lower than a three-star review before only letting users hit ‘submit’. The app does have plenty of bad reviews, but these are all about being forced to leave good ones. It is unclear how a developer would be able to bork the App Store review prompt so comprehensively like this, but Eleftheriou claims the developer has more than 15M downloads and “$MILLIONS” in revenue, of which Apple receives a commission.