Andrew Orr

The recent Facebook hack means that we probably shouldn’t rely on single sign-on services like Facebook and Google anymore.

If they had taken more care with their implementation of Facebook’s Single Sign-On feature—which lets you use your Facebook account to access other sites and services, rather than creating a unique password for every site—the impact could have largely been limited to Facebook. Instead, hackers could potentially have accessed everything from people’s private messages on Tinder to their passport information on Expedia, all without leaving a trace.

The Internet Archive has built the Internet Arcade, and it lets you play over a thousand free classic arcade games online.

The majority of these newly-available games date to the 1990s and early 2000s, as arcade machines both became significantly more complicated and graphically rich, while also suffering from the ever-present and home-based video game consoles that would come to dominate gaming to the present day. Even fervent gamers might have missed some of these arcade machines when they were in the physical world, due to lower distribution numbers and shorter times on the floor.

California Governor Jerry Brown has signed an Internet of Things law covering cybersecurity. California is the first state with a law like this.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

If only it affected all IoT devices, instead of ones created two years into the future.

Shiru Cafe’s customers are all college students (as a requirement) and instead of cash students pay with personal data.

To get the free coffee, university students must give away their names, phone numbers, email addresses and majors, or in Brown’s lingo, concentrations. Students also provide dates of birth and professional interests, entering all of the information in an online form. By doing so, the students also open themselves up to receiving information from corporate sponsors…

I know it sounds horrifying, but think of it this way. First, it’s voluntary. If you don’t want to give them your information, you can go to another shop and pay with cash (free market capitalism right there). Second, students will realize how valuable their data is, and maybe rethink giving it away for free in the future to the likes of Google and Facebook. It’s fine if you do, but understanding the tradeoff is important.

U.K. regulatory approval for Apple Watch ECG feature could take years. Ben Lovejoy reached out to the Medicines and Healthcare products Regulatory Agency.

You may need to carry out a clinical investigation as part of the process to obtain a CE marking for your medical device. You must inform MHRA if you are planning to do this at least 60 days before starting your investigation [providing] some basic details about the investigational device, the intended population, the type of study, and estimated application date.

What I call the “Facebook phone number ad thing” has been in the news a lot. Facebook confirmed it uses your two-factor authentication phone number for advertising purposes. But let’s cut through the clickbait headlines.

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information.

Facebook is not handing out your phone number to advertisers. What is happening is if an advertiser already has a phone number, they can go to Facebook and say: “Please show an ad to the profile with this phone number.” The only difference now is that Facebook uses your two-factor authentication number for this, even if you haven’t put your phone number in your profile elsewhere. Still sh*tty though.

Republicans don’t want the government to interfere with things…until they use the government to interfere with things. Rural America is notorious for its lack of broadband, and Ajit Pai couldn’t care less.

The Federal Communications Commission today finalized an order that will prevent city and town governments from charging wireless carriers about $2 billion dollars’ worth of fees related to deployment of wireless equipment such as small cells.

The $2 billion savings is less than 1 percent of the estimated $275 billion that carriers will have to spend to deploy 5G small cells throughout the US. That level of savings won’t spur extra deployment “because the hard economics of rural deployment do not change with this decision,” Rosenworcel said.

As if apps collecting your personal data wasn’t bad enough, apparently websites in Safari can access your iPhone sensor data.

That mobile browsers offer developers access to sensors isn’t necessarily problematic on its own. It’s what helps those services automatically adjust their layout, for example, when you switch your phone’s orientation. And the World Wide Web Consortium standards body has codified how web applications can access sensor data. But the researchers…found that the standards allow for unfettered access to certain sensors. And sites are using it.